Crash_Override/OVMS3-idf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

transport_ssl: add support for mutual SSL authentication

Browse source 
Signed-off-by: David Cermak <cermak@espressif.com>
This commit is contained in:
Riccardo Binetti 2018-09-28 18:45:37 +02:00 committed by David Cermak
parent dec70a7601
commit 9ce8e1e5a1
2 changed files with 47 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
components/tcp_transport/include/esp_transport_ssl.h
View file

@ -40,6 +40,27 @@ esp_transport_handle_t esp_transport_ssl_init();
*/
void esp_transport_ssl_set_cert_data(esp_transport_handle_t t, const char *data, int len);
/**
* @brief Set SSL client certificate data for mutual authentication (as PEM format).
* Note that, this function stores the pointer to data, rather than making a copy.
* So we need to make sure to keep the data lifetime before cleanup the connection
*
* @param t ssl transport
* @param[in] data The pem data
* @param[in] len The length
*/
void esp_transport_ssl_set_client_cert_data(esp_transport_handle_t t, const char *data, int len);
/**
* @brief Set SSL client key data for mutual authentication (as PEM format).
* Note that, this function stores the pointer to data, rather than making a copy.
* So we need to make sure to keep the data lifetime before cleanup the connection
*
* @param t ssl transport
* @param[in] data The pem data
* @param[in] len The length
*/
void esp_transport_ssl_set_client_key_data(esp_transport_handle_t t, const char *data, int len);
#ifdef __cplusplus
}

26
components/tcp_transport/transport_ssl.c
View file

@ -40,6 +40,7 @@ typedef struct {
esp_tls_cfg_t cfg;
bool ssl_initialized;
bool verify_server;
bool mutual_authentication;
transport_ssl_conn_state_t conn_state;
} transport_ssl_t;
@ -52,6 +53,9 @@ static int ssl_connect_async(esp_transport_handle_t t, const char *host, int por
if (ssl->cfg.cacert_pem_buf) {
ssl->verify_server = true;
}
if (ssl->cfg.clientcert_pem_buf && ssl->cfg.clientkey_pem_buf) {
ssl->mutual_authentication = true;
}
ssl->cfg.timeout_ms = timeout_ms;
ssl->cfg.non_block = true;
ssl->ssl_initialized = true;
@ -73,6 +77,9 @@ static int ssl_connect(esp_transport_handle_t t, const char *host, int port, int
if (ssl->cfg.cacert_pem_buf) {
ssl->verify_server = true;
}
if (ssl->cfg.clientcert_pem_buf && ssl->cfg.clientkey_pem_buf) {
ssl->mutual_authentication = true;
}
ssl->cfg.timeout_ms = timeout_ms;
ssl->ssl_initialized = true;
ssl->tls = esp_tls_conn_new(host, strlen(host), port, &ssl->cfg);
@ -147,6 +154,7 @@ static int ssl_close(esp_transport_handle_t t)
esp_tls_conn_delete(ssl->tls);
ssl->ssl_initialized = false;
ssl->verify_server = false;
ssl->mutual_authentication = false;
}
return ret;
}
@ -168,6 +176,24 @@ void esp_transport_ssl_set_cert_data(esp_transport_handle_t t, const char *data,
}
}
void esp_transport_ssl_set_client_cert_data(esp_transport_handle_t t, const char *data, int len)
{
transport_ssl_t *ssl = esp_transport_get_context_data(t);
if (t && ssl) {
ssl->cfg.clientcert_pem_buf = (void *)data;
ssl->cfg.clientcert_pem_bytes = len + 1;
}
}
void esp_transport_ssl_set_client_key_data(esp_transport_handle_t t, const char *data, int len)
{
transport_ssl_t *ssl = esp_transport_get_context_data(t);
if (t && ssl) {
ssl->cfg.clientkey_pem_buf = (void *)data;
ssl->cfg.clientkey_pem_bytes = len + 1;
}
}
esp_transport_handle_t esp_transport_ssl_init()
{
esp_transport_handle_t t = esp_transport_init();