espressif/esp-protocols
1
0
Fork 1
mirror of https://github.com/espressif/esp-protocols.git synced 2025-07-14 11:06:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

websocket: support mutual tls for websocket

Browse Source 
Closes https://github.com/espressif/esp-idf/issues/6059


* Original commit: espressif/esp-idf@5ab774f9d8
This commit is contained in:
yuanjm
2021-01-04 10:15:15 +08:00
committed by gabsuren
parent 36167db336
commit d1dd6ece38
2 changed files with 33 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
components/esp_websocket_client/esp_websocket_client.c
View File

@ -320,8 +320,31 @@ esp_websocket_client_handle_t esp_websocket_client_init(const esp_websocket_clie
ESP_WS_CLIENT_MEM_CHECK(TAG, ssl, goto _websocket_init_fail); ESP_WS_CLIENT_MEM_CHECK(TAG, ssl, goto _websocket_init_fail);
esp_transport_set_default_port(ssl, WEBSOCKET_SSL_DEFAULT_PORT); esp_transport_set_default_port(ssl, WEBSOCKET_SSL_DEFAULT_PORT);
if (config->cert_pem) { if (config->use_global_ca_store == true) {
esp_transport_ssl_set_cert_data(ssl, config->cert_pem, strlen(config->cert_pem)); esp_transport_ssl_enable_global_ca_store(ssl);
} else if (config->cert_pem) {
if (!config->cert_len) {
esp_transport_ssl_set_cert_data(ssl, config->cert_pem, strlen(config->cert_pem));
} else {
esp_transport_ssl_set_cert_data_der(ssl, config->cert_pem, config->cert_len);
}
}
if (config->client_cert) {
if (!config->client_cert_len) {
esp_transport_ssl_set_client_cert_data(ssl, config->client_cert, strlen(config->client_cert));
} else {
esp_transport_ssl_set_client_cert_data_der(ssl, config->client_cert, config->client_cert_len);
}
}
if (config->client_key) {
if (!config->client_key_len) {
esp_transport_ssl_set_client_key_data(ssl, config->client_key, strlen(config->client_key));
} else {
esp_transport_ssl_set_client_key_data_der(ssl, config->client_key, config->client_key_len);
}
}
if (config->skip_cert_common_name_check) {
esp_transport_ssl_skip_common_name_check(ssl);
} }
esp_transport_list_add(client->transport_list, ssl, "_ssl"); // need to save to transport list, for cleanup esp_transport_list_add(client->transport_list, ssl, "_ssl"); // need to save to transport list, for cleanup

10
components/esp_websocket_client/include/esp_websocket_client.h
View File

@ -81,14 +81,20 @@ typedef struct {
int task_prio; /*!< Websocket task priority */ int task_prio; /*!< Websocket task priority */
int task_stack; /*!< Websocket task stack */ int task_stack; /*!< Websocket task stack */
int buffer_size; /*!< Websocket buffer size */ int buffer_size; /*!< Websocket buffer size */
const char *cert_pem; /*!< SSL Certification, PEM format as string, if the client requires to verify server */ const char *cert_pem; /*!< Pointer to certificate data in PEM or DER format for server verify (with SSL), default is NULL, not required to verify the server. PEM-format must have a terminating NULL-character. DER-format requires the length to be passed in cert_len. */
size_t cert_len; /*!< Length of the buffer pointed to by cert_pem. May be 0 for null-terminated pem */
const char *client_cert; /*!< Pointer to certificate data in PEM or DER format for SSL mutual authentication, default is NULL, not required if mutual authentication is not needed. If it is not NULL, also `client_key` has to be provided. PEM-format must have a terminating NULL-character. DER-format requires the length to be passed in client_cert_len. */
size_t client_cert_len; /*!< Length of the buffer pointed to by client_cert. May be 0 for null-terminated pem */
const char *client_key; /*!< Pointer to private key data in PEM or DER format for SSL mutual authentication, default is NULL, not required if mutual authentication is not needed. If it is not NULL, also `client_cert` has to be provided. PEM-format must have a terminating NULL-character. DER-format requires the length to be passed in client_key_len */
size_t client_key_len; /*!< Length of the buffer pointed to by client_key_pem. May be 0 for null-terminated pem */
esp_websocket_transport_t transport; /*!< Websocket transport type, see `esp_websocket_transport_t */ esp_websocket_transport_t transport; /*!< Websocket transport type, see `esp_websocket_transport_t */
char *subprotocol; /*!< Websocket subprotocol */ char *subprotocol; /*!< Websocket subprotocol */
char *user_agent; /*!< Websocket user-agent */ char *user_agent; /*!< Websocket user-agent */
char *headers; /*!< Websocket additional headers */ char *headers; /*!< Websocket additional headers */
int pingpong_timeout_sec; /*!< Period before connection is aborted due to no PONGs received */ int pingpong_timeout_sec; /*!< Period before connection is aborted due to no PONGs received */
bool disable_pingpong_discon; /*!< Disable auto-disconnect due to no PONG received within pingpong_timeout_sec */ bool disable_pingpong_discon; /*!< Disable auto-disconnect due to no PONG received within pingpong_timeout_sec */
bool use_global_ca_store; /*!< Use a global ca_store for all the connections in which this bool is set. */
bool skip_cert_common_name_check;/*!< Skip any validation of server certificate CN field */
} esp_websocket_client_config_t; } esp_websocket_client_config_t;
/** /**