From 56879510a5c1b5ff52eb8f95bc1de4ecd96246e6 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 15 Nov 2023 07:20:59 +0530 Subject: [PATCH] fix(esp_https_server): Fix a breaking change HTTPD_SSL_CONFIG_DEFAULT used to be a MACRO and hence used to return a const pointer. With a recent change it started not returning a const variable. This change reverts the function to its MACRO form. Updated the https_server example to use static declration --- components/esp-tls/esp_tls.h | 4 ++ .../include/esp_https_server.h | 70 +++++++++++++++---- .../esp_https_server/src/https_server.c | 54 -------------- 3 files changed, 61 insertions(+), 67 deletions(-) diff --git a/components/esp-tls/esp_tls.h b/components/esp-tls/esp_tls.h index 32eccacb5d..951cd7e152 100644 --- a/components/esp-tls/esp_tls.h +++ b/components/esp-tls/esp_tls.h @@ -238,6 +238,10 @@ typedef struct esp_tls_server_session_ticket_ctx { * or a specific MBEDTLS_ERR_XXX code, which will cause the handhsake to abort */ typedef mbedtls_ssl_hs_cb_t esp_tls_handshake_callback; +#else +// When CONFIG_ESP_TLS_SERVER_CERT_SELECT_HOOK is not defined, +// the following typedef is only kept for compatibility reasons, not to be used. +typedef void* esp_tls_handshake_callback; #endif /** diff --git a/components/esp_https_server/include/esp_https_server.h b/components/esp_https_server/include/esp_https_server.h index 0a598f602e..b304b6aedd 100644 --- a/components/esp_https_server/include/esp_https_server.h +++ b/components/esp_https_server/include/esp_https_server.h @@ -103,31 +103,75 @@ struct httpd_ssl_config { /** User callback for esp_https_server */ esp_https_server_user_cb *user_cb; - void *ssl_userdata; /*!< user data to add to the ssl context */ -#if CONFIG_ESP_TLS_SERVER_CERT_SELECT_HOOK - esp_tls_handshake_callback cert_select_cb; /*!< Certificate selection callback to use */ -#endif + /** User data to add to the ssl context */ + void *ssl_userdata; - const char** alpn_protos; /*!< Application protocols the server supports in order of prefernece. Used for negotiating during the TLS handshake, first one the client supports is selected. The data structure must live as long as the https server itself! */ + /** Certificate selection callback to use. + * The callback is only applicable when CONFIG_ESP_TLS_SERVER_CERT_SELECT_HOOK is enabled in menuconfig */ + esp_tls_handshake_callback cert_select_cb; + + /** Application protocols the server supports in order of prefernece. + * Used for negotiating during the TLS handshake, first one the client supports is selected. + * The data structure must live as long as the https server itself */ + const char** alpn_protos; }; typedef struct httpd_ssl_config httpd_ssl_config_t; -/* Macro kept for compatibility reasons */ -#define HTTPD_SSL_CONFIG_DEFAULT httpd_ssl_config_default /** - * Returns the httpd config struct with default initialisation - * - * @return - * httpd_ssl_config_t HTTPD ssl config struct - * with default initialisation + * Default config struct init * Notes: * - port is set when starting the server, according to 'transport_mode' * - one socket uses ~ 40kB RAM with SSL, we reduce the default socket count to 4 * - SSL sockets are usually long-lived, closing LRU prevents pool exhaustion DOS * - Stack size may need adjustments depending on the user application */ -httpd_ssl_config_t httpd_ssl_config_default(void); +#define HTTPD_SSL_CONFIG_DEFAULT() { \ + .httpd = { \ + .task_priority = tskIDLE_PRIORITY+5, \ + .stack_size = 10240, \ + .core_id = tskNO_AFFINITY, \ + .server_port = 0, \ + .ctrl_port = ESP_HTTPD_DEF_CTRL_PORT+1, \ + .max_open_sockets = 4, \ + .max_uri_handlers = 8, \ + .max_resp_headers = 8, \ + .backlog_conn = 5, \ + .lru_purge_enable = true, \ + .recv_wait_timeout = 5, \ + .send_wait_timeout = 5, \ + .global_user_ctx = NULL, \ + .global_user_ctx_free_fn = NULL, \ + .global_transport_ctx = NULL, \ + .global_transport_ctx_free_fn = NULL, \ + .enable_so_linger = false, \ + .linger_timeout = 0, \ + .keep_alive_enable = false, \ + .keep_alive_idle = 0, \ + .keep_alive_interval = 0, \ + .keep_alive_count = 0, \ + .open_fn = NULL, \ + .close_fn = NULL, \ + .uri_match_fn = NULL \ + }, \ + .servercert = NULL, \ + .servercert_len = 0, \ + .cacert_pem = NULL, \ + .cacert_len = 0, \ + .prvtkey_pem = NULL, \ + .prvtkey_len = 0, \ + .use_ecdsa_peripheral = false, \ + .ecdsa_key_efuse_blk = 0, \ + .transport_mode = HTTPD_SSL_TRANSPORT_SECURE, \ + .port_secure = 443, \ + .port_insecure = 80, \ + .session_tickets = false, \ + .use_secure_element = false, \ + .user_cb = NULL, \ + .ssl_userdata = NULL, \ + .cert_select_cb = NULL, \ + .alpn_protos = NULL, \ +} /** * Create a SSL capable HTTP server (secure mode may be disabled in config) diff --git a/components/esp_https_server/src/https_server.c b/components/esp_https_server/src/https_server.c index 42a29c3b74..c224b7c0e1 100644 --- a/components/esp_https_server/src/https_server.c +++ b/components/esp_https_server/src/https_server.c @@ -48,60 +48,6 @@ static void httpd_ssl_close(void *ctx) ESP_LOGD(TAG, "Secure socket closed"); } -httpd_ssl_config_t httpd_ssl_config_default(void) -{ - httpd_ssl_config_t config = { - .httpd = { - .task_priority = tskIDLE_PRIORITY + 5, - .stack_size = 10240, - .core_id = tskNO_AFFINITY, - .server_port = 0, - .ctrl_port = ESP_HTTPD_DEF_CTRL_PORT + 1, - .max_open_sockets = 4, - .max_uri_handlers = 8, - .max_resp_headers = 8, - .backlog_conn = 5, - .lru_purge_enable = true, - .recv_wait_timeout = 5, - .send_wait_timeout = 5, - .global_user_ctx = NULL, - .global_user_ctx_free_fn = NULL, - .global_transport_ctx = NULL, - .global_transport_ctx_free_fn = NULL, - .enable_so_linger = false, - .linger_timeout = 0, - .keep_alive_enable = false, - .keep_alive_idle = 0, - .keep_alive_interval = 0, - .keep_alive_count = 0, - .open_fn = NULL, - .close_fn = NULL, - .uri_match_fn = NULL, - }, - .servercert = NULL, - .servercert_len = 0, - .cacert_pem = NULL, - .cacert_len = 0, - .prvtkey_pem = NULL, - .prvtkey_len = 0, - .use_ecdsa_peripheral = false, - .ecdsa_key_efuse_blk = 0, - .transport_mode = HTTPD_SSL_TRANSPORT_SECURE, - .port_secure = 443, - .port_insecure = 80, - .session_tickets = false, - .use_secure_element = false, - .user_cb = NULL, - .ssl_userdata = NULL, -#if CONFIG_ESP_TLS_SERVER_CERT_SELECT_HOOK - .cert_select_cb = NULL, -#endif - .alpn_protos = NULL, - }; - - return config; -} - /** * SSL socket pending-check function *