* Add Wrong Password wifi status case
* Add wrong password case for status return
* Add wrong password case for debug
* Add Wrong password case to interactive example
* Add case for wrong password to station doc
* Add case for wrong password to resumeFromShutdown
* Add wrong password case to wifi readme
* Update ESP8266WiFiGeneric.cpp
Fixed critical issues WiFiMulti library:
- WiFi scan timeout implemented to prevent endless connect loop
- Fallback implemented on WiFi connect failure to prevent endless loop
- Fast WiFi connection at startup
- Improved debug prints
- Doxygen added
- Code maturing
- Example update
Make functions not related to ESP8266WiFiMulti class static
Revert static functions startScan and printWiFiScan()
Use PolledTimeout.h to protect while loops
Move static functions beginning of the file
Add connect timeout to example
* Update certs-from-mozilla.py
Check if ar exists, if not tell the user what to get to prevent issue #7300 also dynamically get certs instead of hardcoded row item https://github.com/esp8266/Arduino/pull/7573#issuecomment-686192353
changed comment for missing ar exception
updated path and check for openssl
Simple example update to pass the method as a parameter to getDigestAuth(), so it is more easily used for POST.
Add setting the ransom seed to RANDOM_REG32 in setup() for better getCNonce() values.
The logic can be simplified by using integer logic without a functional
change. Reduces code size by 40% (78 bytes -> 46 bytes) and silences
a Warith-conversion warning.
Converting floats to doubles is very expensive on esp8266, so prefer
calculations or comparisons as float. This saves 10% (20 bytes) of the
String::parseFloat() code size and probably quite a bit of runtime
overhead.
* Clean up minor warnings from LGTM.com
LGTM (Semmie) is a tool, bought by GitHub last year, that conducts basic
linting tasks on code and HTML.
Clean up the warnings identified in the latest report:
https://lgtm.com/projects/g/esp8266/Arduino/?mode=list
No functionality should change, however this may fix some issues with
the perl utilities not exiting properly on a Ctrl-C from the command
line.
* Back out HTML changes and rerun boards.txt.py
Run valgrind on host mock example runs to catch more bugs in CI. These
tests would have caught the problem in #7464 before users did.
Add a list of some randomly picked examples to run, and add an option to
run the loop exactly once in the host mock routine, so the test will
actually exit under valgrind.
* webhook api
* simplify webserver debug printouts, move text to flash
* Hook examples in HelloServer example
* print executable code address in example
* simplify example per @mcspr suggestion
In the HTTPS example we were using a fingerprint which changes almost
daily as the github.com certificates are regenerated. Replace this with
a trust anchor based on the ultimate root CA that github.com uses to
sign their certificates. Assuming they don't change CAs, this
certificate should be good until 2030+
Fixes#7489
* CVE-2020-12638 workaround for WPA downgrade attack
When connected to an encrypted (WEP/WPA) router, a rogue packet can
cause the ESP8266 WiFi stack to drop to an unecrypted rogue network of
the same SSID.
Handle this by dropping the WiFi connection immediately and reconnecting
to the stored WPA/WEP network requested by the application, whenever the
AUTHMODE changes to OPEN from a secured mode.
https://lbsfilm.at/blog/wpa2-authenticationmode-downgrade-in-espressif-microprocessors
for more details.
PR #7464 removed the reset of client authentication settings when server
authentication settings were changed, however it never did initialize
the client authentication information to nullptr in the constructor.
This can result in crashes during connections when client certs are not
applied.
Fix by resetting the client authenticaion variables on object
construction.
WiFiClientSecure.setInsecure() was clearing the secret key (but not the
_chain public client cert) incorrectly. The other server authentication
modes also had the same effect.
The only way for it to work would be if the app first set the server
authentication method and then the client keys. There's no good reason
for this.
Adjust the connection to only clear the server id methods and leave the
client ID untouched.
Fixes#7455
* WebServer: Allow client to send many requests on the same connection
* WebServer: Keep the connection alive with a client by default
* WebServer: Use the request's HTTP version and Connection header to set the default keep alive value
* Fix a typo in a comment
* remove lwip-v1.4 specific code
* ditto
* ditto
* fix ip4_addr definition
* CI: change debug builds to use IPv6, remove regular IPv6 builds
* ditto
* split pio CI in four (because they last twice the time of the other builds)
* remove option from pio
* remove lwIP-1.4 from doc
* restore pio CI splitting
* fix CI debug6 script
* ditto
