1
0
mirror of https://github.com/esp8266/Arduino.git synced 2025-10-24 07:13:45 +03:00
Commit Graph

15 Commits

Author SHA1 Message Date
dav1901
41de43a263 Update ESP8266HTTPUpdateServer library (#5297)
* Converted C type strings to String object

* Converted C type strings to String object
2018-11-13 00:43:21 -03:00
Earle F. Philhower, III
233d3e3b5e Move BearSSLHelpers into BearSSL namespace (#5315)
BearSSLX509List, BearSSLSession, BearSSLPublicKey, and BearSSLPrivateKey
were all in the global namespace and not in the BearSSL:: one, due to an
oversight when they were originally created.  Move them to the proper
namespace with the following mapping:
    BearSSLX509List => BearSSL::X509List
    BearSSLSession => BearSSL::Session
    BearSSLPublicKey => BearSSL::PublicKey
    BearSSLPrivateKey => BearSSL::PrivateKey
2018-11-06 19:27:40 -08:00
david gauchard
85e68093e9 Automatic stack location selection (SYS or HEAP), enable per library AR-chive in arduino build system (#5018)
Automatic stack location selection (SYS or HEAP), enable per library AR-chive in arduino build system 

* enable dot_a_linkage on internal libraries
* add device tests
* boards generator: deprecate --noextra4k/--allowWPS and fix documentation
2018-08-20 14:35:52 +02:00
Balázs Kelemen
8cda9655e3 Allow to update credentials after setup performed. (#4789) 2018-06-07 13:13:45 +02:00
Earle F. Philhower, III
e3c970210f Add BearSSL client and server, support true bidir, lower memory, modern SSL (#4273)
BearSSL (https://www.bearssl.org) is a TLS(SSL) library written by
Thomas Pornin that is optimized for lower-memory embedded systems
like the ESP8266. It supports a wide variety of modern ciphers and
is unique in that it doesn't perform any memory allocations during
operation (which is the unfortunate bane of the current axTLS).

BearSSL is also absolutely focused on security and by default performs
all its security checks on x.509 certificates during the connection
phase (but if you want to be insecure and dangerous, that's possible
too).

While it does support unidirectional SSL buffers, like axTLS,
as implemented the ESP8266 wrappers only support bidirectional
buffers. These bidirectional buffers avoid deadlocks in protocols
which don't have well separated receive and transmit periods.

This patch adds several classes which allow connecting to TLS servers
using this library in almost the same way as axTLS:
BearSSL::WiFiClientSecure - WiFiClient that supports TLS
BearSSL::WiFiServerSecure - WiFiServer supporting TLS and client certs

It also introduces objects for PEM/DER encoded keys and certificates:
BearSSLX509List - x.509 Certificate (list) for general use
BearSSLPrivateKey - RSA or EC private key
BearSSLPublicKey - RSA or EC public key (i.e. from a public website)

Finally, it adds a Certificate Authority store object which lets
BearSSL access a set of trusted CA certificates on SPIFFS to allow it
to verify the identity of any remote site on the Internet, without
requiring RAM except for the single matching certificate.
CertStoreSPIFFSBearSSL - Certificate store utility

Client certificates are supported for the BearSSL::WiFiClientSecure, and
what's more the BearSSL::WiFiServerSecure can also *require* remote clients
to have a trusted certificate signed by a specific CA (or yourself with
self-signing CAs).

Maximum Fragment Length Negotiation probing and usage are supported, but
be aware that most sites on the Internet don't support it yet.  When
available, you can reduce the memory footprint of the SSL client or server
dramatically (i.e. down to 2-8KB vs. the ~22KB required for a full 16K
receive fragment and 512b send fragment).  You can also manually set a
smaller fragment size and guarantee at your protocol level all data will
fit within it.

Examples are included to show the usage of these new features.

axTLS has been moved to its own namespace, "axtls".  A default "using"
clause allows existing apps to run using axTLS without any changes.

The BearSSL::WiFi{client,server}Secure implements the axTLS
client/server API which lets many end user applications take advantage
of BearSSL with few or no changes.

The BearSSL static library used presently is stored at
https://github.com/earlephilhower/bearssl-esp8266 and can be built
using the standard ESP8266 toolchain.
2018-05-14 20:46:47 -07:00
Ivan Grokhotkov
61cd8d8385 examples: format all .ino files
This formats all the example source files using Arduino style rules.
2018-03-08 14:32:06 +08:00
Earle F. Philhower, III
bd1c7ce1dc Add SSL enabled WiFiServer, Updater, WebServer
Adds SSL server mode for WiFiServerSecure, for plain SSL connections,
ESP8266WebServerSecure, for HTTPS web serving, and SecureHTTPSUpdater for
encrypted OTA updates.

Example code is provided for all new options, as well as a BASH script for
generating their own, self-signed certificates.

Both ESP8266WebServerSecure and SecureHTTPSUpdater are important for secure
password-based authentication.  HTTP Basic Authentication, the only supported
model presently, sends the username and password in *cleartext* and therefore
should *never* be used in any un-SSL encrypted channel unless you don't mind
sharing your login and password with anyone else on the internet.  Even if the
ESP8266 is not safety critical, this cleartext broadcast could expose you should
you reuse this password elsewhere on your network or the internet.
2018-01-10 11:56:32 +08:00
E. van Harten
b81ef01ef7 Fix for redirect of HTTP Update, so that it always returns to the root / instead of /update (#3420) 2017-10-15 02:03:28 -05:00
hchahine
1bd1de0286 Removed literal '\n' in ESP8266HTTPUpdateServer response (#3421) 2017-08-07 15:46:47 +03:00
Ivan Grokhotkov
ace0622e46 ESP8266HTTPUpdateServer: fix responses after uploading
- fix response not being delivered to the browser after upload is done
  (https://github.com/esp8266/Arduino/issues/2221)

- if Update.begin fails, don’t attempt to write data

- if update is not successful, send error message from Update to the
  client

- move strings into PROGMEM
2017-05-10 09:49:47 -05:00
Adam Bogdał
b4368ba870 Update curl command 2017-01-05 11:43:26 -06:00
Me No Dev
a7ced9cabb make HTTP Update Server more secure (#2104)
* make HTTP Update Server more secure

* added option for authentication
* added option to change the url for upload

* move to overloaded setup

* remove delay in both examples

* Get better result responses

* fix strings

interesting, the meta did not refresh if the successResponse is put in
"R"
2016-06-07 10:09:05 +08:00
Jacques
b7049ed8ee Update ESP8266HTTPUpdateServer.cpp
Redirect browser back to the update page after 15 seconds.
2016-03-02 21:24:42 +00:00
Me No Dev
0063d80c74 "Fix" sketches and libs to use the new upload api 2015-11-19 23:20:03 +02:00
Miguel Angel Ajo
065e1ccb8c Extracted the WebUpdate example into a library.
This ESP8266HTTPUpdateServer can be instantiated and used
more cleanly, it's also able to take or create an ESP8266WebServer
to configure the events and /update handler.

It's been made more robust by handling upload abort, which
depends on fix provided for issue #833
2015-10-01 15:19:02 +02:00