forked from espressif/arduino-esp32
* Add certificate bundle capability to WiFiClientSecure Enable usage of the ESP32 IDF's certificate bundle for WiFiClientSecure connections. Adds the ability to load a bundle or root certificates and use them for authenticating SSL servers. Based on work from Onno-Dirkzwager, Duckle29, kubo6472, meltdown03, kinafu and others. See also: - https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/protocols/esp_crt_bundle.html - https://github.com/espressif/arduino-esp32/issues/3646 - libraries/WiFiClientSecure/README.md * Fix build issues * Clean up old bundle index when NULL bundle is attached
41 lines
1.6 KiB
C
41 lines
1.6 KiB
C
/* Provide SSL/TLS functions to ESP32 with Arduino IDE
|
|
* by Evandro Copercini - 2017 - Apache 2.0 License
|
|
*/
|
|
|
|
#ifndef ARD_SSL_H
|
|
#define ARD_SSL_H
|
|
#include "mbedtls/platform.h"
|
|
#include "mbedtls/net.h"
|
|
#include "mbedtls/debug.h"
|
|
#include "mbedtls/ssl.h"
|
|
#include "mbedtls/entropy.h"
|
|
#include "mbedtls/ctr_drbg.h"
|
|
#include "mbedtls/error.h"
|
|
|
|
typedef struct sslclient_context {
|
|
int socket;
|
|
mbedtls_ssl_context ssl_ctx;
|
|
mbedtls_ssl_config ssl_conf;
|
|
|
|
mbedtls_ctr_drbg_context drbg_ctx;
|
|
mbedtls_entropy_context entropy_ctx;
|
|
|
|
mbedtls_x509_crt ca_cert;
|
|
mbedtls_x509_crt client_cert;
|
|
mbedtls_pk_context client_key;
|
|
|
|
unsigned long handshake_timeout;
|
|
} sslclient_context;
|
|
|
|
|
|
void ssl_init(sslclient_context *ssl_client);
|
|
int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t port, int timeout, const char *rootCABuff, bool useRootCABundle, const char *cli_cert, const char *cli_key, const char *pskIdent, const char *psKey, bool insecure, const char **alpn_protos);
|
|
void stop_ssl_socket(sslclient_context *ssl_client, const char *rootCABuff, const char *cli_cert, const char *cli_key);
|
|
int data_to_read(sslclient_context *ssl_client);
|
|
int send_ssl_data(sslclient_context *ssl_client, const uint8_t *data, size_t len);
|
|
int get_ssl_receive(sslclient_context *ssl_client, uint8_t *data, int length);
|
|
bool verify_ssl_fingerprint(sslclient_context *ssl_client, const char* fp, const char* domain_name);
|
|
bool verify_ssl_dn(sslclient_context *ssl_client, const char* domain_name);
|
|
bool get_peer_fingerprint(sslclient_context *ssl_client, uint8_t sha256[32]);
|
|
#endif
|