espressif/esp-protocols
1
0
Fork 1
mirror of https://github.com/espressif/esp-protocols.git synced 2025-07-29 18:27:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(websocket): Make example to use certificate bundle

Browse Source 
To easy maintenance, makes the example on websocket client to use
certificate bundle by default.
This commit is contained in:
Euripedes Rocha
2024-08-13 11:05:29 +02:00
committed by David Cermak
parent 34d7c1b23b
commit aecf6f80bf
6 changed files with 8 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
components/esp_websocket_client/examples/target/main/CMakeLists.txt
View File

@ -10,12 +10,6 @@ set(EMBED_FILES "") # Initialize an empty list for files to embed
"certs/client_key.pem") "certs/client_key.pem")
#endif() #endif()
# For testing purpose we are using CA of wss://echo.websocket.events
#if(CONFIG_WS_OVER_TLS_SERVER_AUTH)
list(APPEND EMBED_FILES
"certs/ca_certificate_public_domain.pem")
#endif()
# Register the component with source files, include dirs, and any conditionally added embedded files # Register the component with source files, include dirs, and any conditionally added embedded files
idf_component_register(SRCS "${SRC_FILES}" idf_component_register(SRCS "${SRC_FILES}"
INCLUDE_DIRS "${INCLUDE_DIRS}" INCLUDE_DIRS "${INCLUDE_DIRS}"

30
components/esp_websocket_client/examples/target/main/certs/ca_certificate_public_domain.pem
View File

@ -1,30 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----

0
components/esp_websocket_client/examples/target/main/certs/server_cert.pem → components/esp_websocket_client/examples/target/main/certs/server/server_cert.pem
View File

0
components/esp_websocket_client/examples/target/main/certs/server_key.pem → components/esp_websocket_client/examples/target/main/certs/server/server_key.pem
View File

9
components/esp_websocket_client/examples/target/main/websocket_example.c
View File

@ -19,6 +19,7 @@
#include "nvs_flash.h" #include "nvs_flash.h"
#include "esp_event.h" #include "esp_event.h"
#include "protocol_examples_common.h" #include "protocol_examples_common.h"
#include "esp_crt_bundle.h"
#include "freertos/FreeRTOS.h" #include "freertos/FreeRTOS.h"
#include "freertos/task.h" #include "freertos/task.h"
@ -159,8 +160,12 @@ static void websocket_app_start(void)
websocket_cfg.client_key = key_start; websocket_cfg.client_key = key_start;
websocket_cfg.client_key_len = key_end - key_start; websocket_cfg.client_key_len = key_end - key_start;
#elif CONFIG_WS_OVER_TLS_SERVER_AUTH #elif CONFIG_WS_OVER_TLS_SERVER_AUTH
extern const char cacert_start[] asm("_binary_ca_certificate_public_domain_pem_start"); // CA cert of wss://echo.websocket.event, modify it if using another server // Using certificate bundle as default server certificate source
websocket_cfg.cert_pem = cacert_start; websocket_cfg.crt_bundle_attach = esp_crt_bundle_attach;
// If using a custom certificate it could be added to certificate bundle, added to the build similar to client certificates in this examples,
// or read from NVS.
/* extern const char cacert_start[] asm("ADDED_CERTIFICATE"); */
/* websocket_cfg.cert_pem = cacert_start; */
#endif #endif
#if CONFIG_WS_OVER_TLS_SKIP_COMMON_NAME_CHECK #if CONFIG_WS_OVER_TLS_SKIP_COMMON_NAME_CHECK

2
components/esp_websocket_client/examples/target/pytest_websocket.py
View File

@ -52,7 +52,7 @@ class Websocket(object):
def run(self): def run(self):
if self.use_tls is True: if self.use_tls is True:
ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
ssl_context.load_cert_chain(certfile='main/certs/server_cert.pem', keyfile='main/certs/server_key.pem') ssl_context.load_cert_chain(certfile='main/certs/server/server_cert.pem', keyfile='main/certs/server/server_key.pem')
if self.client_verify is True: if self.client_verify is True:
ssl_context.load_verify_locations(cafile='main/certs/ca_cert.pem') ssl_context.load_verify_locations(cafile='main/certs/ca_cert.pem')
ssl_context.verify = ssl.CERT_REQUIRED ssl_context.verify = ssl.CERT_REQUIRED