mirror of
https://github.com/esp8266/Arduino.git
synced 2025-06-22 08:22:04 +03:00
233d3e3b5e
BearSSLX509List, BearSSLSession, BearSSLPublicKey, and BearSSLPrivateKey
were all in the global namespace and not in the BearSSL:: one, due to an
oversight when they were originally created. Move them to the proper
namespace with the following mapping:
BearSSLX509List => BearSSL::X509List
BearSSLSession => BearSSL::Session
BearSSLPublicKey => BearSSL::PublicKey
BearSSLPrivateKey => BearSSL::PrivateKey
77 lines
2.8 KiB
C++
77 lines
2.8 KiB
C++
/*
|
|
WiFiServerBearSSL.h - Library for Arduino ESP8266
|
|
Copyright (c) 2018 Earle F. Philhower, III
|
|
|
|
This library is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU Lesser General Public
|
|
License as published by the Free Software Foundation; either
|
|
version 2.1 of the License, or (at your option) any later version.
|
|
|
|
This library is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public
|
|
License along with this library; if not, write to the Free Software
|
|
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*/
|
|
|
|
#ifndef wifiserverbearssl_h
|
|
#define wifiserverbearssl_h
|
|
|
|
#include "WiFiServer.h"
|
|
#include "WiFiClientSecureBearSSL.h"
|
|
#include "BearSSLHelpers.h"
|
|
#include <bearssl/bearssl.h>
|
|
|
|
namespace BearSSL {
|
|
|
|
class WiFiClientSecure;
|
|
|
|
class WiFiServerSecure : public WiFiServer {
|
|
public:
|
|
WiFiServerSecure(IPAddress addr, uint16_t port);
|
|
WiFiServerSecure(uint16_t port);
|
|
virtual ~WiFiServerSecure();
|
|
|
|
// Override the default buffer sizes, if you know what you're doing...
|
|
void setBufferSizes(int recv, int xmit) {
|
|
_iobuf_in_size = recv;
|
|
_iobuf_out_size = xmit;
|
|
}
|
|
|
|
// Set the server's RSA key and x509 certificate (required, pick one).
|
|
// Caller needs to preserve the chain and key throughout the life of the server.
|
|
void setRSACert(const X509List *chain, const PrivateKey *sk);
|
|
// Set the server's EC key and x509 certificate (required, pick one)
|
|
// Caller needs to preserve the chain and key throughout the life of the server.
|
|
void setECCert(const X509List *chain, unsigned cert_issuer_key_type, const PrivateKey *sk);
|
|
|
|
// Require client certificates validated against the passed in x509 trust anchor
|
|
// Caller needs to preserve the cert throughout the life of the server.
|
|
void setClientTrustAnchor(const X509List *client_CA_ta) {
|
|
_client_CA_ta = client_CA_ta;
|
|
}
|
|
|
|
// If awaiting connection available and authenticated (i.e. client cert), return it.
|
|
WiFiClientSecure available(uint8_t* status = NULL);
|
|
|
|
// Compatibility with axTLS interface
|
|
void setServerKeyAndCert(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen);
|
|
void setServerKeyAndCert_P(const uint8_t *key, int keyLen, const uint8_t *cert, int certLen);
|
|
|
|
private:
|
|
const X509List *_chain = nullptr;
|
|
unsigned _cert_issuer_key_type = 0;
|
|
const PrivateKey *_sk = nullptr;
|
|
int _iobuf_in_size = BR_SSL_BUFSIZE_INPUT;
|
|
int _iobuf_out_size = 837;
|
|
const X509List *_client_CA_ta = nullptr;
|
|
bool _deleteChainAndKey = false;
|
|
};
|
|
|
|
};
|
|
|
|
#endif
|