Fixes#6811 which found an issue where connecting to scripts.google.com
would *occasionally* cause a crash. On inspection, it was found that up
to 5828 bytes of stack were used once in a while, so expand the stack to
5900 bytes to cover this case plus a little extra.
* Put longer string literals into PROGMEM
* Use Flash Strings for Debug output
This is hopefully very infrequently used, so it shouldn't
be in main memory.
* Fix WiFiClientSecure::available blocking
Added a check of WiFiClient::availableForWrite to prevent blocking writes when the _run_until blocking flag is false
* change availForWrite from int to size_t
* add timeout to _run_until loop
fixes#6464
* use polledTimeout with _timeout millis
* Move all scripts and documentation to Python3
Python 2 EOL is Jan 1, 2020. Migrate scripts to run under Python 3.
Under Windows, we're already running Python 3.7, by dumb luck. The
oddness is that the Windows standalone executable for Python 3 is called
"python" whereas under UNIX-like OSes it's called "python3" with
"python" always referring to the Python 2 executable. The ZIP needs to
be updated to include a Python3.exe (copy of Python.exe) so that we can
use the same command lines under Linux and Windows, and to preserve my
sanity.
Fixes#6376
* Add new Windows ZIP with python3.exe file
* Sort options in boards.txt generation for repeatability
The order of the board opts dict changes depending on the Python version
and machine, so sort the options before printing them to get a stable
ordering.
* Re-add Python2 compatibility tweaks
Most scripts can run as Python 2 or Python 3 with minimal changes, so
re-add (and fix, as necessary) compatibility tweaks to the scripts.
* Per @earlephilhower suggestion
* Hints from @earlephilhower
* Namespace BearSSL in core "feels" wrong - using catch-all esp8266 instead.
* After review remarks by @earlephilhower
This PR stops the 1ms-delay loop also when a tcp error occurs (previously this was done only when tcp had just connected or a write/send had succeeded).
The tcp error can be any, in this case with pubsubclient it is "connection refused" after the mqtt server disappeared and pubsubclient tries to reconnect.
A typo was present in several ifdefs which would allow a server to negotiate
an EC connection even when in basic SSL mode. When this happened, a crash
would occur (since there were no EC or advanced AES modes installed).
Fix the typo, fixes#6397
Cleans up all warnings seen w/GCC 9.1 to allow it to track the main
branch more easily until 3.x.
Does not include Ticker.h "fix" of pragmas around a function cast we're
doing that GCC9 doesn't like, that will be addressed separately and
maybe only in the 3.0 branch.
Does not include GDB hook fix, either, because the pragmas required
to disable the GCC9.1 warnings don't exist in 4.8 at all.
* Add a dump of received FP and CERT when in debug mode
To simplify BearSSL debugging, print the received FP (when it doesn't
match the expected) and the binary certificate (always), when in debug
mode.
* Add documentation section on FP mismatch in rare instances.
Apply most compatible changes needed to get the core compiling under GCC
7.2 to the main gcc 4.8 tree to ease porting for 3.0.0.
Update pgmspace.h with corrected and optimized unaligned pgm_read
macros. Now pgm_read_dword in the unaligned case gives proper results
even if optimization is enabled and is also written in assembly and only
1 instruction longer than the pgm_read_byte macro (which also has been
optimized to reduce 1 instruction). These changes should marginally
shrink code and speed up flash reads accordingly.
The toolchain should/will be rebuilt at a later time with this
optimization to ensure it's used in the libc.a/etc. files.
* TCP connect and send delay fix
Implement early exit as connection established or data already sent.
(Previous implementation was exiting only on timeout expired)
* Convert ESP8266WebServer* into templatized model
Supercedes #4912
Refactor the three versions of ESP8266WebServer and *WebServerSecure to a
single templated class. Use "using" to enable old, non-templated names to b
used (so no user changes required to compile or run).
Fixes#4908 and clean up the code base a lot.
Basic tests run (the ones in the example code).
No code changes are required in userland except for setting the SSL
certificates which now use a cleaner "getServer()" accessor and lets the
app use the native BearSSL calls on the WiFiClientSecure object.
@devyte should be proud, it removes virtuals and even has template specialization...
* Fix HTTPUpdate templates and examples
* Fix HTTPUpdateServer library build
Need to remove dot-a linkage since there are no .cpp files in the
directory anymore due to templates.
* Provide backward-compat names for updt template
Allow existing code to use the same well known names for
HTTPUpdateSecure.
* Remove ClientType from all templates, auto-infer
Remove the ClientType template parameter from all objects. Simplifies
the code and makes it more foolproof.
Add a "using" in each server to define the type of connection returned
by all servers, which is then used in the above templates automatically.
* Can safely include FS.h now that SD/SPIFFS unified
* Move the templates/objects to their own namespaces
* Fix merge issues with untemplated methods
* Address review comments
* Fix mock test, remove warnings inside test dir
Make the simple mock test CI job pass and clean up
any spurious warnings in the test directory.
There still are warnings in the libraries and core, but they
should be addressed in a separate PR.
When in basic SSL mode, don't include ciphers for EC for the server by
replacinf the BearSSL "support everything" init call with our own
version which obeys the requested BASIC_SSL.
Saves ~46KB on TLS servers, about the same as basic SSL saves for
clients.
__This is a breaking change, but the header and example did warn
everyone that this API was in flux due to the incompatible SD and SPIFFS
File implementations.__
BearSSL CertStores now simply need a filesystem and the names of the
data (generated on-chip) and archive (uploaded by user) files on it.
No more need to roll your own virtual CertStoreFile class.
Update the library, examples, and device test.
* Use bounded waiting instead of infinite one to avoid deadlock
* Reduce timeout to fail much sooner if server is not acking our data
* Return timeout to 15 seconds on every disconnect
* Add comment to introduced delay to make it super clear
* Drop X509 context after successful server verification to save heap space
After completing handshake in BSSL, server is already verified and X509 context is no longer needed. Depending on verification method it save more or less heap space.
* Bugfix: Report not connected if there is no ready data and TLS connection is broken
Added the change for reporting not connected if TLS session is broken and there is no more buffered decrypted data. TLS can be broken if message authentication (MAC) cannot be verified. BearSSL enters BR_SSL_CLOSED state when processing invalid encrypted application data fragment. In such situation the current implementation get stuck forever unless user has own timeout mechanism build on top of WiFiClientSecureBearSSL. This change introduce fail fast via connected() returning false. Further it imply return -1 from read methods indicating broken channel upon which user should perform reconnect if needed.
Fixes#6005
fix switching to static address with lwip2
For some reason, ip address is not propagated in a visible way for lwip2
when switching to static address (wifi.config()) *after* wifi.begin().
This patch calls lwip-v1.4's netif_set_addr() with the new ip address to set
all things up, just like it is done and right when wifi.begin() is called
after wifi.config().
Also tested when IPv6 is enabled.
fix documentation: It is more natural to set an IP address before starting WiFi
(.. and not after dhcp has started)
fixes#5839fixes#6024
do interleave informations on addresses within reception pbuf chain:
before: (data-pbuf) -> (data-pbuf) -> (data-pbuf) -> ... in the receiving order
now: (address+port-info-pbuf -> data-pbuf) -> (address_port-info-pbuf -> data-pbuf) -> ...
address/port informations are updated along with data exposed to user
Fixes#5996
* Add extensions to probe message for EC, others
probeMFLN was failing on some connection attempts to servers which only
supported EC based ciphers because it did not include the proper TLS
handshake extensions to list what kinds of ECs it supported.
Add those to the probeMFLN ClientHello message to make probes pass.
* Add client.getMFLNStatus method, returns MFLN state
After a connection it is useful to check whether MFLN negotiation
succeeded. getMFLNStatus returns a bool (valid only after
client.connect() succeeds, of course) indicating whether the requested
buffer sizes were negotiated successfully.
* New menu option to minimize BSSL ROM with only RSA
Adds a menu option and define to limit BearSSL to older RSA connection
options. This saves ~45K program memory and can speed up connections
since EC, while more secure, is significantly slower on the chip.
The supported ciphers are identical to the ones that axTLS supported.
Fixes#6005
* Add default SSLFLAGS(blank) to platform.txt
* Fix unused variable warning
* Add clarifying comment to menu items
* Minor bug fixes in Maximum Fragment Length Negotation example, mainly giving background processes some time in fetch()
* Minor layout changes to pass travis tests
* Use PolledTimeout for timeout
* polledTimeout: add option to use CPU count instead of millis()
* use more "using" alias
* more c++/clear code, using typename (thanks @devyte)
* rename class name to include unit, introduce timeMax() and check it with assert()
* remove useless defines
* improve api readability, add micro-second unit
* update example
* mock: emulate getCycleCount, add/fix polledTimeout CI test
* + nano-seconds, assert -> message, comments, host test
* allow 0 for timeout (enables immediate timeout, fix division by 0)
* typo, set member instead of local variable
* unify error message
* slight change on checkExpired() allows "never expired"
also removed printed message, add YieldAndDelay, simplify calculations
* remove traces of debug.h/cpp in this PR
* include missing <limits> header
* back to original expired test, introduce boolean _neverExpires, fix reset(), getTimeout() is invalid
* fix expiredOneShot with _timeout==0 check
* reenable getTimeout()
* expose checkExpired with unit conversion
* fix timing comments, move critical code to iram
* add member ::neverExpires and use it where relevant
* improve clarity
* remove exposed checkExpired(), adapt LEAmDNS with equivalent
* add API ::resetToNeverExpires(), use it in LEAmDNS
* remove offending constness from ::flagged() LEAmDNS (due do API fix in PolledTimeout)
* simplify "Fast" base classes
* minor variable rename
* Fix examples
* compliance with good c++ manners
* minor changes for consistency
* add missing const
* expired() and bool() moved to iram
* constexpr compensation computing
* add/update comments
* move neverExpires and alwaysExpired
