4813ab2d28
nvs_flash_init may return an error code in some cases, and applications should check this error code (or at least assert on it being ESP_OK, to make potential issues more immediately obvious). This change modifies all the examples which use NVS to check the error code. Most examples get a simple ESP_ERROR_CHECK assert, while NVS examples, OTA example, and NVS unit tests get a more verbose check which may be used in real applications.
261 lines
7.4 KiB
C
Executable file
261 lines
7.4 KiB
C
Executable file
/* OpenSSL server Example
|
|
|
|
This example code is in the Public Domain (or CC0 licensed, at your option.)
|
|
|
|
Unless required by applicable law or agreed to in writing, this
|
|
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
|
|
CONDITIONS OF ANY KIND, either express or implied.
|
|
*/
|
|
|
|
#include "openssl_server.h"
|
|
|
|
#include <string.h>
|
|
|
|
#include "openssl/ssl.h"
|
|
|
|
#include "freertos/FreeRTOS.h"
|
|
#include "freertos/task.h"
|
|
#include "freertos/event_groups.h"
|
|
|
|
#include "esp_log.h"
|
|
#include "esp_wifi.h"
|
|
#include "esp_event_loop.h"
|
|
|
|
#include "nvs_flash.h"
|
|
|
|
#include "lwip/sockets.h"
|
|
#include "lwip/netdb.h"
|
|
|
|
static EventGroupHandle_t wifi_event_group;
|
|
|
|
/* The event group allows multiple bits for each event,
|
|
but we only care about one event - are we connected
|
|
to the AP with an IP? */
|
|
const static int CONNECTED_BIT = BIT0;
|
|
|
|
const static char *TAG = "Openssl_demo";
|
|
|
|
#define OPENSSL_DEMO_SERVER_ACK "HTTP/1.1 200 OK\r\n" \
|
|
"Content-Type: text/html\r\n" \
|
|
"Content-Length: 98\r\n\r\n" \
|
|
"<html>\r\n" \
|
|
"<head>\r\n" \
|
|
"<title>OpenSSL demo</title></head><body>\r\n" \
|
|
"OpenSSL server demo!\r\n" \
|
|
"</body>\r\n" \
|
|
"</html>\r\n" \
|
|
"\r\n"
|
|
|
|
static void openssl_demo_thread(void *p)
|
|
{
|
|
int ret;
|
|
|
|
SSL_CTX *ctx;
|
|
SSL *ssl;
|
|
|
|
int socket, new_socket;
|
|
socklen_t addr_len;
|
|
struct sockaddr_in sock_addr;
|
|
|
|
char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN];
|
|
|
|
const char send_data[] = OPENSSL_DEMO_SERVER_ACK;
|
|
const int send_bytes = sizeof(send_data);
|
|
|
|
extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start");
|
|
extern const unsigned char cacert_pem_end[] asm("_binary_cacert_pem_end");
|
|
const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start;
|
|
|
|
extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start");
|
|
extern const unsigned char prvtkey_pem_end[] asm("_binary_prvtkey_pem_end");
|
|
const unsigned int prvtkey_pem_bytes = prvtkey_pem_end - prvtkey_pem_start;
|
|
|
|
ESP_LOGI(TAG, "SSL server context create ......");
|
|
/* For security reasons, it is best if you can use
|
|
TLSv1_2_server_method() here instead of TLS_server_method().
|
|
However some old browsers may not support TLS v1.2.
|
|
*/
|
|
ctx = SSL_CTX_new(TLS_server_method());
|
|
if (!ctx) {
|
|
ESP_LOGI(TAG, "failed");
|
|
goto failed1;
|
|
}
|
|
ESP_LOGI(TAG, "OK");
|
|
|
|
ESP_LOGI(TAG, "SSL server context set own certification......");
|
|
ret = SSL_CTX_use_certificate_ASN1(ctx, cacert_pem_bytes, cacert_pem_start);
|
|
if (!ret) {
|
|
ESP_LOGI(TAG, "failed");
|
|
goto failed2;
|
|
}
|
|
ESP_LOGI(TAG, "OK");
|
|
|
|
ESP_LOGI(TAG, "SSL server context set private key......");
|
|
ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, prvtkey_pem_start, prvtkey_pem_bytes);
|
|
if (!ret) {
|
|
ESP_LOGI(TAG, "failed");
|
|
goto failed2;
|
|
}
|
|
ESP_LOGI(TAG, "OK");
|
|
|
|
ESP_LOGI(TAG, "SSL server create socket ......");
|
|
socket = socket(AF_INET, SOCK_STREAM, 0);
|
|
if (socket < 0) {
|
|
ESP_LOGI(TAG, "failed");
|
|
goto failed2;
|
|
}
|
|
ESP_LOGI(TAG, "OK");
|
|
|
|
ESP_LOGI(TAG, "SSL server socket bind ......");
|
|
memset(&sock_addr, 0, sizeof(sock_addr));
|
|
sock_addr.sin_family = AF_INET;
|
|
sock_addr.sin_addr.s_addr = 0;
|
|
sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT);
|
|
ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
|
|
if (ret) {
|
|
ESP_LOGI(TAG, "failed");
|
|
goto failed3;
|
|
}
|
|
ESP_LOGI(TAG, "OK");
|
|
|
|
ESP_LOGI(TAG, "SSL server socket listen ......");
|
|
ret = listen(socket, 32);
|
|
if (ret) {
|
|
ESP_LOGI(TAG, "failed");
|
|
goto failed3;
|
|
}
|
|
ESP_LOGI(TAG, "OK");
|
|
|
|
reconnect:
|
|
ESP_LOGI(TAG, "SSL server create ......");
|
|
ssl = SSL_new(ctx);
|
|
if (!ssl) {
|
|
ESP_LOGI(TAG, "failed");
|
|
goto failed3;
|
|
}
|
|
ESP_LOGI(TAG, "OK");
|
|
|
|
ESP_LOGI(TAG, "SSL server socket accept client ......");
|
|
new_socket = accept(socket, (struct sockaddr *)&sock_addr, &addr_len);
|
|
if (new_socket < 0) {
|
|
ESP_LOGI(TAG, "failed" );
|
|
goto failed4;
|
|
}
|
|
ESP_LOGI(TAG, "OK");
|
|
|
|
SSL_set_fd(ssl, new_socket);
|
|
|
|
ESP_LOGI(TAG, "SSL server accept client ......");
|
|
ret = SSL_accept(ssl);
|
|
if (!ret) {
|
|
ESP_LOGI(TAG, "failed");
|
|
goto failed5;
|
|
}
|
|
ESP_LOGI(TAG, "OK");
|
|
|
|
ESP_LOGI(TAG, "SSL server read message ......");
|
|
do {
|
|
memset(recv_buf, 0, OPENSSL_DEMO_RECV_BUF_LEN);
|
|
ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1);
|
|
if (ret <= 0) {
|
|
break;
|
|
}
|
|
ESP_LOGI(TAG, "SSL read: %s", recv_buf);
|
|
if (strstr(recv_buf, "GET ") &&
|
|
strstr(recv_buf, " HTTP/1.1")) {
|
|
ESP_LOGI(TAG, "SSL get matched message")
|
|
ESP_LOGI(TAG, "SSL write message")
|
|
ret = SSL_write(ssl, send_data, send_bytes);
|
|
if (ret > 0) {
|
|
ESP_LOGI(TAG, "OK")
|
|
} else {
|
|
ESP_LOGI(TAG, "error")
|
|
}
|
|
break;
|
|
}
|
|
} while (1);
|
|
|
|
SSL_shutdown(ssl);
|
|
failed5:
|
|
close(new_socket);
|
|
new_socket = -1;
|
|
failed4:
|
|
SSL_free(ssl);
|
|
ssl = NULL;
|
|
goto reconnect;
|
|
failed3:
|
|
close(socket);
|
|
socket = -1;
|
|
failed2:
|
|
SSL_CTX_free(ctx);
|
|
ctx = NULL;
|
|
failed1:
|
|
vTaskDelete(NULL);
|
|
return ;
|
|
}
|
|
|
|
static void openssl_client_init(void)
|
|
{
|
|
int ret;
|
|
xTaskHandle openssl_handle;
|
|
|
|
ret = xTaskCreate(openssl_demo_thread,
|
|
OPENSSL_DEMO_THREAD_NAME,
|
|
OPENSSL_DEMO_THREAD_STACK_WORDS,
|
|
NULL,
|
|
OPENSSL_DEMO_THREAD_PRORIOTY,
|
|
&openssl_handle);
|
|
|
|
if (ret != pdPASS) {
|
|
ESP_LOGI(TAG, "create thread %s failed", OPENSSL_DEMO_THREAD_NAME);
|
|
}
|
|
}
|
|
|
|
static esp_err_t wifi_event_handler(void *ctx, system_event_t *event)
|
|
{
|
|
switch(event->event_id) {
|
|
case SYSTEM_EVENT_STA_START:
|
|
esp_wifi_connect();
|
|
break;
|
|
case SYSTEM_EVENT_STA_GOT_IP:
|
|
xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
|
|
openssl_client_init();
|
|
break;
|
|
case SYSTEM_EVENT_STA_DISCONNECTED:
|
|
/* This is a workaround as ESP32 WiFi libs don't currently
|
|
auto-reassociate. */
|
|
esp_wifi_connect();
|
|
xEventGroupClearBits(wifi_event_group, CONNECTED_BIT);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
return ESP_OK;
|
|
}
|
|
|
|
static void wifi_conn_init(void)
|
|
{
|
|
tcpip_adapter_init();
|
|
wifi_event_group = xEventGroupCreate();
|
|
ESP_ERROR_CHECK( esp_event_loop_init(wifi_event_handler, NULL) );
|
|
wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
|
|
ESP_ERROR_CHECK( esp_wifi_init(&cfg) );
|
|
ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) );
|
|
wifi_config_t wifi_config = {
|
|
.sta = {
|
|
.ssid = EXAMPLE_WIFI_SSID,
|
|
.password = EXAMPLE_WIFI_PASS,
|
|
},
|
|
};
|
|
ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) );
|
|
ESP_ERROR_CHECK( esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) );
|
|
ESP_LOGI(TAG, "start the WIFI SSID:[%s] password:[%s]\n", EXAMPLE_WIFI_SSID, EXAMPLE_WIFI_PASS);
|
|
ESP_ERROR_CHECK( esp_wifi_start() );
|
|
}
|
|
|
|
void app_main(void)
|
|
{
|
|
ESP_ERROR_CHECK( nvs_flash_init() );
|
|
wifi_conn_init();
|
|
}
|