Links2004/arduinoWebSockets
1
0
Fork 1
mirror of https://github.com/Links2004/arduinoWebSockets.git synced 2025-07-24 21:07:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #569 from Links2004/esp8266_bareSSL_native

Browse Source 
ESP8266 bare ssl native
This commit is contained in:
Markus
2020-10-04 15:40:43 +02:00
committed by GitHub
parent 9b873978ba ca52afeec0
commit 13a304a8c9
7 changed files with 79 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
README.md
View File

@ -1,4 +1,4 @@
WebSocket Server and Client for Arduino [![Build Status](https://travis-ci.org/Links2004/arduinoWebSockets.svg?branch=master)](https://travis-ci.org/Links2004/arduinoWebSockets) WebSocket Server and Client for Arduino [![Build Status](https://travis-ci.com/Links2004/arduinoWebSockets.svg?branch=master)](https://travis-ci.com/Links2004/arduinoWebSockets)
=========================================== ===========================================
a WebSocket Server and Client for Arduino based on RFC6455. a WebSocket Server and Client for Arduino based on RFC6455.
@ -34,7 +34,9 @@ a WebSocket Server and Client for Arduino based on RFC6455.
###### Note: ###### ###### Note: ######
version 2.0 and up is not compatible with AVR/ATmega, check ATmega branch. version 2.0.0 and up is not compatible with AVR/ATmega, check ATmega branch.
version 2.3.0 has API changes for the ESP8266 BareSSL (may brakes existing code)
Arduino for AVR not supports std namespace of c++. Arduino for AVR not supports std namespace of c++.
@ -79,10 +81,12 @@ Where `WStype_t type` is defined as:
WStype_CONNECTED, WStype_CONNECTED,
WStype_TEXT, WStype_TEXT,
WStype_BIN, WStype_BIN,
WStype_FRAGMENT_TEXT_START, WStype_FRAGMENT_TEXT_START,
WStype_FRAGMENT_BIN_START, WStype_FRAGMENT_BIN_START,
WStype_FRAGMENT, WStype_FRAGMENT,
WStype_FRAGMENT_FIN, WStype_FRAGMENT_FIN,
WStype_PING,
WStype_PONG,
} WStype_t; } WStype_t;
``` ```

2
library.json
View File

@ -13,7 +13,7 @@
"type": "git", "type": "git",
"url": "https://github.com/Links2004/arduinoWebSockets.git" "url": "https://github.com/Links2004/arduinoWebSockets.git"
}, },
"version": "2.2.1", "version": "2.3.0",
"license": "LGPL-2.1", "license": "LGPL-2.1",
"export": { "export": {
"exclude": [ "exclude": [

2
library.properties
View File

@ -1,5 +1,5 @@
name=WebSockets name=WebSockets
version=2.2.1 version=2.3.0
author=Markus Sattler author=Markus Sattler
maintainer=Markus Sattler maintainer=Markus Sattler
sentence=WebSockets for Arduino (Server + Client) sentence=WebSockets for Arduino (Server + Client)

7
src/WebSockets.h
View File

@ -128,6 +128,7 @@
#elif defined(ESP32) #elif defined(ESP32)
#include <WiFi.h> #include <WiFi.h>
#include <WiFiClientSecure.h> #include <WiFiClientSecure.h>
#define SSL_AXTLS
#elif defined(ESP31B) #elif defined(ESP31B)
#include <ESP31BWiFi.h> #include <ESP31BWiFi.h>
#else #else
@ -147,6 +148,11 @@
#ifdef ESP8266 #ifdef ESP8266
#include <ESP8266WiFi.h> #include <ESP8266WiFi.h>
#if defined(wificlientbearssl_h) && !defined(USING_AXTLS) && !defined(wificlientsecure_h)
#define SSL_BARESSL
#else
#define SSL_AXTLS
#endif
#else #else
#include <ESP31BWiFi.h> #include <ESP31BWiFi.h>
#endif #endif
@ -176,6 +182,7 @@
#include <WiFi.h> #include <WiFi.h>
#include <WiFiClientSecure.h> #include <WiFiClientSecure.h>
#define SSL_AXTLS
#define WEBSOCKETS_NETWORK_CLASS WiFiClient #define WEBSOCKETS_NETWORK_CLASS WiFiClient
#define WEBSOCKETS_NETWORK_SSL_CLASS WiFiClientSecure #define WEBSOCKETS_NETWORK_SSL_CLASS WiFiClientSecure
#define WEBSOCKETS_NETWORK_SERVER_CLASS WiFiServer #define WEBSOCKETS_NETWORK_SERVER_CLASS WiFiServer

56
src/WebSocketsClient.cpp
View File

@ -46,7 +46,7 @@ void WebSocketsClient::begin(const char * host, uint16_t port, const char * url,
_host = host; _host = host;
_port = port; _port = port;
#if defined(HAS_SSL) #if defined(HAS_SSL)
_fingerprint = ""; _fingerprint = SSL_FINGERPRINT_NULL;
_CA_cert = NULL; _CA_cert = NULL;
#endif #endif
@ -97,6 +97,7 @@ void WebSocketsClient::begin(IPAddress host, uint16_t port, const char * url, co
} }
#if defined(HAS_SSL) #if defined(HAS_SSL)
#if defined(SSL_AXTLS)
void WebSocketsClient::beginSSL(const char * host, uint16_t port, const char * url, const char * fingerprint, const char * protocol) { void WebSocketsClient::beginSSL(const char * host, uint16_t port, const char * url, const char * fingerprint, const char * protocol) {
begin(host, port, url, protocol); begin(host, port, url, protocol);
_client.isSSL = true; _client.isSSL = true;
@ -111,10 +112,31 @@ void WebSocketsClient::beginSSL(String host, uint16_t port, String url, String f
void WebSocketsClient::beginSslWithCA(const char * host, uint16_t port, const char * url, const char * CA_cert, const char * protocol) { void WebSocketsClient::beginSslWithCA(const char * host, uint16_t port, const char * url, const char * CA_cert, const char * protocol) {
begin(host, port, url, protocol); begin(host, port, url, protocol);
_client.isSSL = true; _client.isSSL = true;
_fingerprint = ""; _fingerprint = SSL_FINGERPRINT_NULL;
_CA_cert = CA_cert; _CA_cert = CA_cert;
} }
#endif #else
void WebSocketsClient::beginSSL(const char * host, uint16_t port, const char * url, const uint8_t * fingerprint, const char * protocol) {
begin(host, port, url, protocol);
_client.isSSL = true;
_fingerprint = fingerprint;
_CA_cert = NULL;
}
void WebSocketsClient::beginSslWithCA(const char * host, uint16_t port, const char * url, const char * CA_cert, const char * protocol) {
begin(host, port, url, protocol);
_client.isSSL = true;
_fingerprint = SSL_FINGERPRINT_NULL;
_CA_cert = new BearSSL::X509List(CA_cert);
}
void WebSocketsClient::beginSslWithCA(const char * host, uint16_t port, const char * url, BearSSL::X509List * CA_cert, const char * protocol) {
begin(host, port, url, protocol);
_client.isSSL = true;
_fingerprint = SSL_FINGERPRINT_NULL;
_CA_cert = CA_cert;
}
#endif // SSL_AXTLS
#endif // HAS_SSL
void WebSocketsClient::beginSocketIO(const char * host, uint16_t port, const char * url, const char * protocol) { void WebSocketsClient::beginSocketIO(const char * host, uint16_t port, const char * url, const char * protocol) {
begin(host, port, url, protocol); begin(host, port, url, protocol);
@ -130,7 +152,7 @@ void WebSocketsClient::beginSocketIOSSL(const char * host, uint16_t port, const
begin(host, port, url, protocol); begin(host, port, url, protocol);
_client.isSocketIO = true; _client.isSocketIO = true;
_client.isSSL = true; _client.isSSL = true;
_fingerprint = ""; _fingerprint = SSL_FINGERPRINT_NULL;
} }
void WebSocketsClient::beginSocketIOSSL(String host, uint16_t port, String url, String protocol) { void WebSocketsClient::beginSocketIOSSL(String host, uint16_t port, String url, String protocol) {
@ -141,8 +163,12 @@ void WebSocketsClient::beginSocketIOSSLWithCA(const char * host, uint16_t port,
begin(host, port, url, protocol); begin(host, port, url, protocol);
_client.isSocketIO = true; _client.isSocketIO = true;
_client.isSSL = true; _client.isSSL = true;
_fingerprint = ""; _fingerprint = SSL_FINGERPRINT_NULL;
_CA_cert = CA_cert; #if defined(SSL_AXTLS)
_CA_cert = CA_cert;
#else
_CA_cert = new BearSSL::X509List(CA_cert);
#endif
} }
#endif #endif
@ -175,14 +201,18 @@ void WebSocketsClient::loop(void) {
DEBUG_WEBSOCKETS("[WS-Client] setting CA certificate"); DEBUG_WEBSOCKETS("[WS-Client] setting CA certificate");
#if defined(ESP32) #if defined(ESP32)
_client.ssl->setCACert(_CA_cert); _client.ssl->setCACert(_CA_cert);
#elif defined(ESP8266) #elif defined(ESP8266) && defined(SSL_AXTLS)
_client.ssl->setCACert((const uint8_t *)_CA_cert, strlen(_CA_cert) + 1); _client.ssl->setCACert((const uint8_t *)_CA_cert, strlen(_CA_cert) + 1);
#elif defined(ESP8266) && defined(SSL_BARESSL)
_client.ssl->setTrustAnchors(_CA_cert);
#else #else
#error setCACert not implemented #error setCACert not implemented
#endif #endif
} else if(_fingerprint.length()) { #if defined(SSL_BARESSL)
#if defined(wificlientbearssl_h) && !defined(USING_AXTLS) && !defined(wificlientsecure_h) } else if(_fingerprint) {
_client.ssl->setFingerprint(_fingerprint.c_str()); _client.ssl->setFingerprint(_fingerprint);
} else {
_client.ssl->setInsecure();
#endif #endif
} }
} else { } else {
@ -774,14 +804,18 @@ void WebSocketsClient::connectedCb() {
#endif #endif
#if defined(HAS_SSL) #if defined(HAS_SSL)
#if defined(SSL_AXTLS) || defined(ESP32)
if(_client.isSSL && _fingerprint.length()) { if(_client.isSSL && _fingerprint.length()) {
if(!_client.ssl->verify(_fingerprint.c_str(), _host.c_str())) { if(!_client.ssl->verify(_fingerprint.c_str(), _host.c_str())) {
DEBUG_WEBSOCKETS("[WS-Client] certificate mismatch\n"); DEBUG_WEBSOCKETS("[WS-Client] certificate mismatch\n");
WebSockets::clientDisconnect(&_client, 1000); WebSockets::clientDisconnect(&_client, 1000);
return; return;
} }
#else
if(_client.isSSL && _fingerprint) {
#endif
} else if(_client.isSSL && !_CA_cert) { } else if(_client.isSSL && !_CA_cert) {
#if defined(wificlientbearssl_h) && !defined(USING_AXTLS) && !defined(wificlientsecure_h) #if defined(SSL_BARESSL)
_client.ssl->setInsecure(); _client.ssl->setInsecure();
#endif #endif
} }

15
src/WebSocketsClient.h
View File

@ -43,8 +43,13 @@ class WebSocketsClient : protected WebSockets {
void begin(IPAddress host, uint16_t port, const char * url = "/", const char * protocol = "arduino"); void begin(IPAddress host, uint16_t port, const char * url = "/", const char * protocol = "arduino");
#if defined(HAS_SSL) #if defined(HAS_SSL)
void beginSSL(const char * host, uint16_t port, const char * url = "/", const char * = "", const char * protocol = "arduino"); #ifdef SSL_AXTLS
void beginSSL(const char * host, uint16_t port, const char * url = "/", const char * fingerprint = "", const char * protocol = "arduino");
void beginSSL(String host, uint16_t port, String url = "/", String fingerprint = "", String protocol = "arduino"); void beginSSL(String host, uint16_t port, String url = "/", String fingerprint = "", String protocol = "arduino");
#else
void beginSSL(const char * host, uint16_t port, const char * url = "/", const uint8_t * fingerprint = NULL, const char * protocol = "arduino");
void beginSslWithCA(const char * host, uint16_t port, const char * url = "/", BearSSL::X509List * CA_cert = NULL, const char * protocol = "arduino");
#endif
void beginSslWithCA(const char * host, uint16_t port, const char * url = "/", const char * CA_cert = NULL, const char * protocol = "arduino"); void beginSslWithCA(const char * host, uint16_t port, const char * url = "/", const char * CA_cert = NULL, const char * protocol = "arduino");
#endif #endif
@ -98,8 +103,16 @@ class WebSocketsClient : protected WebSockets {
uint16_t _port; uint16_t _port;
#if defined(HAS_SSL) #if defined(HAS_SSL)
#ifdef SSL_AXTLS
String _fingerprint; String _fingerprint;
const char * _CA_cert; const char * _CA_cert;
#define SSL_FINGERPRINT_NULL ""
#else
const uint8_t * _fingerprint;
BearSSL::X509List * _CA_cert;
#define SSL_FINGERPRINT_NULL NULL
#endif
#endif #endif
WSclient_t _client; WSclient_t _client;

2
src/WebSocketsServer.cpp
View File

@ -424,7 +424,7 @@ int WebSocketsServer::connectedClients(bool ping) {
* @param num uint8_t client id * @param num uint8_t client id
*/ */
bool WebSocketsServer::clientIsConnected(uint8_t num) { bool WebSocketsServer::clientIsConnected(uint8_t num) {
if(num >= WEBSOCKETS_SERVER_CLIENT_MAX) { if(num >= WEBSOCKETS_SERVER_CLIENT_MAX) {
return false; return false;
} }
WSclient_t * client = &_clients[num]; WSclient_t * client = &_clients[num];