esp-tls api support in https_request

2018-02-12 23:41:31 +05:30 · 2018-02-12 23:41:31 +05:30 · 8cd3c47956
commit 8cd3c47956
parent 8a1dcc0765
1 changed files with 28 additions and 132 deletions
--- a/examples/protocols/https_request/main/https_request_example_main.c
+++ b/examples/protocols/https_request/main/https_request_example_main.c
@ -47,6 +47,8 @@
 #include "mbedtls/error.h"
 #include "mbedtls/certs.h"
 #include "esp-tls.h"
 /* The examples use simple WiFi configuration that you can set via
   'make menuconfig'.
@ -133,78 +135,7 @@ static void initialise_wifi(void)
 static void https_get_task(void *pvParameters)
 {
    char buf[512];
-    int ret, flags, len;
+    int ret, len;
    mbedtls_entropy_context entropy;
    mbedtls_ctr_drbg_context ctr_drbg;
    mbedtls_ssl_context ssl;
    mbedtls_x509_crt cacert;
    mbedtls_ssl_config conf;
    mbedtls_net_context server_fd;
    mbedtls_ssl_init(&ssl);
    mbedtls_x509_crt_init(&cacert);
    mbedtls_ctr_drbg_init(&ctr_drbg);
    ESP_LOGI(TAG, "Seeding the random number generator");
    mbedtls_ssl_config_init(&conf);
    mbedtls_entropy_init(&entropy);
    if((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
                                    NULL, 0)) != 0)
    {
        ESP_LOGE(TAG, "mbedtls_ctr_drbg_seed returned %d", ret);
        abort();
    }
    ESP_LOGI(TAG, "Loading the CA root certificate...");
    ret = mbedtls_x509_crt_parse(&cacert, server_root_cert_pem_start,
                                 server_root_cert_pem_end-server_root_cert_pem_start);
    if(ret < 0)
    {
        ESP_LOGE(TAG, "mbedtls_x509_crt_parse returned -0x%x\n\n", -ret);
        abort();
    }
    ESP_LOGI(TAG, "Setting hostname for TLS session...");
     /* Hostname set here should match CN in server certificate */
    if((ret = mbedtls_ssl_set_hostname(&ssl, WEB_SERVER)) != 0)
    {
        ESP_LOGE(TAG, "mbedtls_ssl_set_hostname returned -0x%x", -ret);
        abort();
    }
    ESP_LOGI(TAG, "Setting up the SSL/TLS structure...");
    if((ret = mbedtls_ssl_config_defaults(&conf,
                                          MBEDTLS_SSL_IS_CLIENT,
                                          MBEDTLS_SSL_TRANSPORT_STREAM,
                                          MBEDTLS_SSL_PRESET_DEFAULT)) != 0)
    {
        ESP_LOGE(TAG, "mbedtls_ssl_config_defaults returned %d", ret);
        goto exit;
    }
    /* MBEDTLS_SSL_VERIFY_OPTIONAL is bad for security, in this example it will print
       a warning if CA verification fails but it will continue to connect.
       You should consider using MBEDTLS_SSL_VERIFY_REQUIRED in your own code.
    */
    mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
    mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
    mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
 #ifdef CONFIG_MBEDTLS_DEBUG
    mbedtls_esp_enable_debug_log(&conf, 4);
 #endif
    if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0)
    {
        ESP_LOGE(TAG, "mbedtls_ssl_setup returned -0x%x\n\n", -ret);
        goto exit;
    }
    while(1) {
        /* Wait for the callback to set the CONNECTED_BIT in the
@ -213,61 +144,30 @@ static void https_get_task(void *pvParameters)
        xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT,
                            false, true, portMAX_DELAY);
        ESP_LOGI(TAG, "Connected to AP");
        struct esp_tls_cfg cfg = {
            .cacert_pem_buf  = server_root_cert_pem_start,
            .cacert_pem_bytes = server_root_cert_pem_end - server_root_cert_pem_start,
        };
-        mbedtls_net_init(&server_fd);
+        struct esp_tls *tls = esp_tls_conn_http_new(WEB_URL, &cfg);
-        ESP_LOGI(TAG, "Connecting to %s:%s...", WEB_SERVER, WEB_PORT);
+        if(tls != NULL) {
-
+            ESP_LOGI(TAG, "Connection established...");
-        if ((ret = mbedtls_net_connect(&server_fd, WEB_SERVER,
+        } else {
-                                      WEB_PORT, MBEDTLS_NET_PROTO_TCP)) != 0)
+            ESP_LOGE(TAG, "Connection failed...");
-        {
+            abort();
            ESP_LOGE(TAG, "mbedtls_net_connect returned -%x", -ret);
            goto exit;
        }
        ESP_LOGI(TAG, "Connected.");
        mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
        ESP_LOGI(TAG, "Performing the SSL/TLS handshake...");
        while ((ret = mbedtls_ssl_handshake(&ssl)) != 0)
        {
            if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE)
            {
                ESP_LOGE(TAG, "mbedtls_ssl_handshake returned -0x%x", -ret);
                goto exit;
            }
        }
        ESP_LOGI(TAG, "Verifying peer X.509 certificate...");
        if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0)
        {
            /* In real life, we probably want to close connection if ret != 0 */
            ESP_LOGW(TAG, "Failed to verify peer certificate!");
            bzero(buf, sizeof(buf));
            mbedtls_x509_crt_verify_info(buf, sizeof(buf), "  ! ", flags);
            ESP_LOGW(TAG, "verification info: %s", buf);
        }
        else {
            ESP_LOGI(TAG, "Certificate verified.");
        }
        ESP_LOGI(TAG, "Cipher suite is %s", mbedtls_ssl_get_ciphersuite(&ssl));
        ESP_LOGI(TAG, "Writing HTTP request...");
        size_t written_bytes = 0;
        do {
-            ret = mbedtls_ssl_write(&ssl,
+            ret = esp_tls_conn_write(tls, 
-                                    (const unsigned char *)REQUEST + written_bytes,
+                                     (const char *)REQUEST + written_bytes, 
                                     strlen(REQUEST) - written_bytes);
            if (ret >= 0) {
                ESP_LOGI(TAG, "%d bytes written", ret);
                written_bytes += ret;
-            } else if (ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_WANT_READ) {
+            } else if (-ret != SSL_ERROR_WANT_WRITE  && -ret != SSL_ERROR_WANT_READ) {
-                ESP_LOGE(TAG, "mbedtls_ssl_write returned -0x%x", -ret);
+                ESP_LOGE(TAG, "esp_tls_conn_write  returned -0x%x", ret);
                goto exit;
            }
        } while(written_bytes < strlen(REQUEST));
@ -278,9 +178,9 @@ static void https_get_task(void *pvParameters)
        {
            len = sizeof(buf) - 1;
            bzero(buf, sizeof(buf));
-            ret = mbedtls_ssl_read(&ssl, (unsigned char *)buf, len);
+            ret = esp_tls_conn_read(tls, (char *)buf, len);
-            if(ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE)
+            if(-ret == SSL_ERROR_WANT_WRITE || -ret == SSL_ERROR_WANT_READ)
                continue;
            if(ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
@ -290,7 +190,7 @@ static void https_get_task(void *pvParameters)
            if(ret < 0)
            {
-                ESP_LOGE(TAG, "mbedtls_ssl_read returned -0x%x", -ret);
+                ESP_LOGE(TAG, "esp_tls_conn_read  returned -0x%x", ret);
                break;
            }
@ -308,18 +208,14 @@ static void https_get_task(void *pvParameters)
            }
        } while(1);
        mbedtls_ssl_close_notify(&ssl);
    exit:
        mbedtls_ssl_session_reset(&ssl);
        mbedtls_net_free(&server_fd);
       if(ret != 0)
        {
            mbedtls_strerror(ret, buf, 100);
            ESP_LOGE(TAG, "Last error was: -0x%x - %s", -ret, buf);
        }
        esp_tls_conn_delete(tls);    
        putchar('\n'); // JSON output doesn't have a newline at end
        static int request_count;