Fixes#7671
Allows for code to do things like read certs from LittleFS or even HTTP
connections with code like:
File cert = LittleFS.open("/client-crt.pem", "r");
clientCert = new X509List(cert, cert.size());
cert.close();
* Add Print::availableForWrite method
Adds an availableForWrite() method to the Print class, matching current
ArduinoCore-API commit 398e70f188e2b861c10d9ffe5e2bfcb6a4a4f489 .
Hook availableForWrite into the SDFS filesystem (other FSes don't have
this capability built-in).
Fixes#7650
* WiFiClient::availableForWrite proto matching Print
* Fix Netdump signedness warning
* Clean up Serial availableForWrite
This is evidently a breaking change due to the type difference.
Arduino's `availableForWrite` returns an `int`, while the
(multiply-implemented, non-virtual) core `availableForWrite` returned
`size_t`.
* Add Wrong Password wifi status case
* Add wrong password case for status return
* Add wrong password case for debug
* Add Wrong password case to interactive example
* Add case for wrong password to station doc
* Add case for wrong password to resumeFromShutdown
* Add wrong password case to wifi readme
* Update ESP8266WiFiGeneric.cpp
Fixed critical issues WiFiMulti library:
- WiFi scan timeout implemented to prevent endless connect loop
- Fallback implemented on WiFi connect failure to prevent endless loop
- Fast WiFi connection at startup
- Improved debug prints
- Doxygen added
- Code maturing
- Example update
Make functions not related to ESP8266WiFiMulti class static
Revert static functions startScan and printWiFiScan()
Use PolledTimeout.h to protect while loops
Move static functions beginning of the file
Add connect timeout to example
* Update certs-from-mozilla.py
Check if ar exists, if not tell the user what to get to prevent issue #7300 also dynamically get certs instead of hardcoded row item https://github.com/esp8266/Arduino/pull/7573#issuecomment-686192353
changed comment for missing ar exception
updated path and check for openssl
The logic can be simplified by using integer logic without a functional
change. Reduces code size by 40% (78 bytes -> 46 bytes) and silences
a Warith-conversion warning.
Converting floats to doubles is very expensive on esp8266, so prefer
calculations or comparisons as float. This saves 10% (20 bytes) of the
String::parseFloat() code size and probably quite a bit of runtime
overhead.
* Clean up minor warnings from LGTM.com
LGTM (Semmie) is a tool, bought by GitHub last year, that conducts basic
linting tasks on code and HTML.
Clean up the warnings identified in the latest report:
https://lgtm.com/projects/g/esp8266/Arduino/?mode=list
No functionality should change, however this may fix some issues with
the perl utilities not exiting properly on a Ctrl-C from the command
line.
* Back out HTML changes and rerun boards.txt.py
Run valgrind on host mock example runs to catch more bugs in CI. These
tests would have caught the problem in #7464 before users did.
Add a list of some randomly picked examples to run, and add an option to
run the loop exactly once in the host mock routine, so the test will
actually exit under valgrind.
In the HTTPS example we were using a fingerprint which changes almost
daily as the github.com certificates are regenerated. Replace this with
a trust anchor based on the ultimate root CA that github.com uses to
sign their certificates. Assuming they don't change CAs, this
certificate should be good until 2030+
Fixes#7489
* CVE-2020-12638 workaround for WPA downgrade attack
When connected to an encrypted (WEP/WPA) router, a rogue packet can
cause the ESP8266 WiFi stack to drop to an unecrypted rogue network of
the same SSID.
Handle this by dropping the WiFi connection immediately and reconnecting
to the stored WPA/WEP network requested by the application, whenever the
AUTHMODE changes to OPEN from a secured mode.
https://lbsfilm.at/blog/wpa2-authenticationmode-downgrade-in-espressif-microprocessors
for more details.
PR #7464 removed the reset of client authentication settings when server
authentication settings were changed, however it never did initialize
the client authentication information to nullptr in the constructor.
This can result in crashes during connections when client certs are not
applied.
Fix by resetting the client authenticaion variables on object
construction.
WiFiClientSecure.setInsecure() was clearing the secret key (but not the
_chain public client cert) incorrectly. The other server authentication
modes also had the same effect.
The only way for it to work would be if the app first set the server
authentication method and then the client keys. There's no good reason
for this.
Adjust the connection to only clear the server id methods and leave the
client ID untouched.
Fixes#7455
* remove lwip-v1.4 specific code
* ditto
* ditto
* fix ip4_addr definition
* CI: change debug builds to use IPv6, remove regular IPv6 builds
* ditto
* split pio CI in four (because they last twice the time of the other builds)
* remove option from pio
* remove lwIP-1.4 from doc
* restore pio CI splitting
* fix CI debug6 script
* ditto
The BearSSL SigningVerifier was moved to the 2nd stack because some uses
required much more stack than available on the normal stack.
Add a reference to the second stack on object creation (which will
allocate it, if there is no BSSL stack already allocated), and delete
that reference on exit.
Fixes#7288
* Deprecate SPIFFS, move examples to LittleFS
SPIFFS has been a great filesystem, but it has significant problems in
many cases (and it's also pretty slow). Development seems to have
slowed/stopped on the upstream version, and we're not able to provide
support or fix the known issues with it as-is.
Deprecate SPIFFS variable.
Update all examples to use LittleFS instead of SPIFFS.
Also, minor cleanup on very old examples which has obsolete delays
waiting for the Serial port to come up, or which were stuck at 9600 baud
because of their ancient AVR heritage.
Fixes#7095
* Remove leftover debug code
* Clean up comments in some examples
* Update documentation on SPIFFS deprecation
* Fix host tests to avoid deprecation warnings
* Fix cut-n-paste error
* Restore SpeedTest.ino, adjust to allow custom FSes
Co-authored-by: Develo <deveyes@gmail.com>
Add minor NULL and double-free checks to source, identified using GCC10
pre-release static `-fanalyzer` on the coude. These are harmless to
other versions.
Also add explicit include of stdint to Schedule.h, because libstdc++20
will not automatically include it. Safe and no-op on earlier versions.
Fixes exception 28 in IPAddress(const ipv4_addr* fw_addr); with null ip_addr
pointer passed in by WiFiCient.cpp localIP(). I assumed that localIP()
was called shortly after _pcb became null.
lwIP's tcp/udp_connect() and tcp/udp_bind() functions automatically
set the zone if it is required but missing, but udp_connect() is not
used so this doesn't happen.
Explicitly set the zone to the default network interface if it is
required for the type of address being used. Otherwise there is no
zone set and packets to a link local destination don't go anywhere.
* Make DNS resolution order selectable during runtime or compile time (only in dual stack mode).
* Extend IPv6 example to show usage of new hostByName function with selectable resolving order
* Fix function definition of fqdn_rt in IPv6.ino.
* Fix function call.
* Fix missing bracket...
* Only run if built with dual stack support
* Make DNS resolution order selectable during runtime or compile time (only in dual stack mode).
* Extend IPv6 example to show usage of new hostByName function with selectable resolving order
* Fix function definition of fqdn_rt in IPv6 example.
* Implement enum class for resolve type
* Fix example IPv6.ino
* Fix typedef in ESP8266WiFiGeneric.h function call
* Change enum class definition to not depend on lwip/dns.h
* Move err_t err definition outside switch. Fix typecast.
* Always define DNSResolveType as pio test otherwise failes even if the enum class isn't used.
Co-authored-by: altelch <heiko.krupp@rhrk.uni-kl.de>
Co-authored-by: david gauchard <gauchard@laas.fr>
* wifi: ARP gratuitous API for wifi station mode
* fix with lwip1
* update comment
* update API to allow changing interval on the fly
* update API
* remove debug lines
* mock lwIP's etharp_request()
* unsigned interval
* use scheduled ticker
* ticker: +attach_ms_scheduled_accurate
ticker: +comment
gratuitous: use attach_ms_scheduled_accurate
* move to experimental namespace
* fix for lwIP-v1.4
* attempt to make pio happy
* use directly ETSTimer instead of Ticker
* Use 2nd stack for update signature verification
Fixes#7145
When doing a signed update, the signature calculation can use a lot of
stack, so move it silently to the BearSSL second stack.
Also fix a memory leak of signature-bytes found by @JiriBilek
* Reset state on any error condition in Updater::end
* Fix/enable UDP packet reassembly
UdpContext didn't care about pbuf chaining when receiving datagrams, leading
to fragments delivered to the application as individual packets.
* Provide pbuf_get_contiguous for backwards compatibility with LwIP 1.4
Implementation copied verbatim from LwIP 2.1.2
* Cosmetic changes to meet coding style
Co-authored-by: david gauchard <gauchard@laas.fr>
Co-authored-by: Develo <deveyes@gmail.com>
* upstream lwIP is now downloaded by a makefile, not subsubmoduled
* lwip2: upstream lwIP not sub-sub-modules anymore
lwip2: Allow IPv4 and IPv6 DNS and SNTP server configured via DHCP to co-exist (patch against upstream)
* lwip2: enable tcp-listen-with-backlog feature
* lwip2 submodule update:
- enable more efficient chksum algorithm thanks to Richard Allen
- enable tcp listener with backlog
* more comments, fix backlog management, fix API
* move default value definition in .cpp
because one must not believe it can be redefined before including WiFiServer.h
* improved backlog handling, it is no more a breaking change
