WiFiSecureClient fixes and improvements (#255)

* Add CA certificate in example

SHA1 fingerprint is broken now: more info: https://shattered.io

* Best error handling

When occur an error in WiFiClientSecure library just return the error message
and clean the context avoiding crash - fix for https://github.com/espressif/arduino-esp32/issues/211

Translate MbedTLS error codes in messages for best understanding

* Declarate certificates as const

mbedtls_pk_parse_key needs a const unsigned char * certificate. In old implementation the certificate was declarated as char * so first it converts to unsigned and after to const.

When we convert signed to unsigned it may result in a +1 larger output.

Fix issue https://github.com/espressif/arduino-esp32/issues/223

libraries/WiFiClientSecure/examples/WiFiClientSecure/WiFiClientSecure.ino

@@ -8,14 +8,47 @@
 
 #include <WiFiClientSecure.h>
 
-char ssid[] = "your_network_name"; //  your network SSID (name of wifi network)
-char pass[] = "your_password";    // your network password
+const char* ssid     = "your-ssid";     // your network SSID (name of wifi network)
+const char* password = "your-password"; // your network password
 
-char server[] = "www.howsmyssl.com";      // Server URL
-// You can use x.509 certificates if you want
-//unsigned char test_ca_cert[] = "";      //For the usage of verifying server
-//unsigned char test_client_key[] = "";   //For the usage of verifying client
-//unsigned char test_client_cert[] = "";  //For the usage of verifying client
+const char*  server = "www.howsmyssl.com";  // Server URL
+
+// www.howsmyssl.com CA certificate, to verify the server
+// change it to your server CA certificate
+// SHA1 fingerprint is broken now!
+
+const char* test_ca_cert = \ 
+"-----BEGIN CERTIFICATE-----\n" \	
+"MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/\n" \	
+"MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\n" \	
+"DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow\n" \	
+"SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT\n" \	
+"GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC\n" \	
+"AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF\n" \	
+"q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8\n" \	
+"SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0\n" \	
+"Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA\n" \	
+"a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj\n" \	
+"/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T\n" \	
+"AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG\n" \	
+"CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv\n" \	
+"bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k\n" \	
+"c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw\n" \	
+"VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC\n" \	
+"ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz\n" \	
+"MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu\n" \	
+"Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF\n" \	
+"AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo\n" \	
+"uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/\n" \	
+"wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu\n" \	
+"X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG\n" \	
+"PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6\n" \	
+"KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==\n" \	
+"-----END CERTIFICATE-----\n";
+
+// You can use x.509 client certificates if you want
+//const char* test_client_key = "";   //to verify the client
+//const char* test_client_cert = "";  //to verify the client
 
 
 WiFiClientSecure client;
@@ -27,7 +60,7 @@ void setup() {
 
   Serial.print("Attempting to connect to SSID: ");
   Serial.println(ssid);
-  WiFi.begin(ssid, pass);
+  WiFi.begin(ssid, password);
 
   // attempt to connect to Wifi network:
   while (WiFi.status() != WL_CONNECTED) {
@@ -38,39 +71,43 @@ void setup() {
 
   Serial.print("Connected to ");
   Serial.println(ssid);
+  
+  client.setCACert(test_ca_cert);
+  //client.setCertificate(certificateBuff); // for client verification
+  //client.setPrivateKey(privateKeyBuff);	// for client verification
 
   Serial.println("\nStarting connection to server...");
-  if (client.connect(server, 443)) { //client.connect(server, 443, test_ca_cert, test_client_cert, test_client_key)
+  if (!client.connect(server, 443))
+	  Serial.println("Connection failed!");
+  else {
     Serial.println("Connected to server!");
     // Make a HTTP request:
     client.println("GET https://www.howsmyssl.com/a/check HTTP/1.0");
     client.println("Host: www.howsmyssl.com");
     client.println("Connection: close");
     client.println();
-  }
-  else
-    Serial.println("Connection failed!");
 
 	Serial.print("Waiting for response "); //WiFiClientSecure uses a non blocking implementation
 	while (!client.available()){
 		delay(50); //
 		Serial.print(".");
 	}	 
-  // if there are incoming bytes available
-  // from the server, read them and print them:
-  while (client.available()) {
-    char c = client.read();
-    Serial.write(c);
-  }
+    // if there are incoming bytes available
+    // from the server, read them and print them:
+    while (client.available()) {
+      char c = client.read();
+      Serial.write(c);
+    }
 
-  // if the server's disconnected, stop the client:
-  if (!client.connected()) {
-    Serial.println();
-    Serial.println("disconnecting from server.");
-    client.stop();
+    // if the server's disconnected, stop the client:
+    if (!client.connected()) {
+      Serial.println();
+      Serial.println("disconnecting from server.");
+      client.stop();
+    }
   }
 }
 
 void loop() {
   // do nothing
-}
+}