diff --git a/components/asio/port/include/esp_asio_config.h b/components/asio/port/include/esp_asio_config.h index cba316527e..3f3a9b03ed 100644 --- a/components/asio/port/include/esp_asio_config.h +++ b/components/asio/port/include/esp_asio_config.h @@ -18,6 +18,11 @@ # define ASIO_NO_TYPEID # endif // CONFIG_COMPILER_RTTI +// +// Supress OpenSSL deprecation warning, when building ASIO +// +#define ESP_OPENSSL_SUPPRESS_LEGACY_WARNING + // // LWIP compatibility inet and address macros/functions // diff --git a/components/openssl/include/openssl/ssl.h b/components/openssl/include/openssl/ssl.h index 4a3376c0db..9a33e0d33b 100644 --- a/components/openssl/include/openssl/ssl.h +++ b/components/openssl/include/openssl/ssl.h @@ -1,16 +1,13 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at +/* + * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +// Allow for this warning suppression only in IDF_CI_BUILD +#if !defined(ESP_OPENSSL_SUPPRESS_LEGACY_WARNING) || !defined(IDF_CI_BUILD) +#warning "OpenSSL component will be removed from ESP-IDF in v5.0, please use esp_tls instead" +#endif #ifndef _SSL_H_ #define _SSL_H_ diff --git a/components/openssl/library/ssl_x509.c b/components/openssl/library/ssl_x509.c index 4d84d999c9..150f2a1978 100644 --- a/components/openssl/library/ssl_x509.c +++ b/components/openssl/library/ssl_x509.c @@ -1,22 +1,14 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #include "ssl_x509.h" #include "ssl_methods.h" #include "ssl_dbg.h" #include "ssl_port.h" -#include "ssl.h" +#include "bio.h" /** * @brief show X509 certification information diff --git a/components/openssl/test/test_openssl.c b/components/openssl/test/test_openssl.c index 663e9a2c72..e6a4d78629 100644 --- a/components/openssl/test/test_openssl.c +++ b/components/openssl/test/test_openssl.c @@ -12,7 +12,7 @@ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include "test_utils.h" +#define ESP_OPENSSL_SUPPRESS_LEGACY_WARNING #include "openssl/ssl.h" #include "unity.h" diff --git a/docs/en/api-reference/protocols/openssl_apis.rst b/docs/en/api-reference/protocols/openssl_apis.rst index cf5bb6a670..aa348b9f2c 100644 --- a/docs/en/api-reference/protocols/openssl_apis.rst +++ b/docs/en/api-reference/protocols/openssl_apis.rst @@ -1,6 +1,8 @@ OpenSSL-APIs ------------ +.. note:: The OpenSSL-API will be discontinued in ESP-IDF from v5.0. Please use ESP-TLS instead. + The code of this API (located in :component:`openssl` directory), does not contain OpenSSL itself but is intended as a wrapper for applications using the OpenSSL API. It uses mbedTLS to do the actual work, so anyone compiling openssl code needs the mbedtls library and header file. diff --git a/examples/protocols/openssl_client/CMakeLists.txt b/examples/protocols/openssl_client/CMakeLists.txt deleted file mode 100644 index 57c43fd628..0000000000 --- a/examples/protocols/openssl_client/CMakeLists.txt +++ /dev/null @@ -1,18 +0,0 @@ -# The following lines of boilerplate have to be in your project's CMakeLists -# in this exact order for cmake to work correctly -cmake_minimum_required(VERSION 3.5) - -# (Not part of the boilerplate) -# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. -set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) - -include($ENV{IDF_PATH}/tools/cmake/project.cmake) -project(openssl_client) - -if(CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN) - # This ca.crt is used when connecting to local(python executed) server - target_add_binary_data(openssl_client.elf "server_certs/ca.crt" TEXT) -else() - # This ca.crt is used when connecting to www.baidu.com - target_add_binary_data(openssl_client.elf "main/baidu_ca.crt" TEXT) -endif() diff --git a/examples/protocols/openssl_client/Makefile b/examples/protocols/openssl_client/Makefile deleted file mode 100644 index 4b7f97eac6..0000000000 --- a/examples/protocols/openssl_client/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -# -# This is a project Makefile. It is assumed the directory this Makefile resides in is a -# project subdirectory. -# - -PROJECT_NAME := openssl_client - -EXTRA_COMPONENT_DIRS = $(IDF_PATH)/examples/common_components/protocol_examples_common - -include $(IDF_PATH)/make/project.mk diff --git a/examples/protocols/openssl_client/README.md b/examples/protocols/openssl_client/README.md deleted file mode 100644 index d393da4ae7..0000000000 --- a/examples/protocols/openssl_client/README.md +++ /dev/null @@ -1,67 +0,0 @@ -# OpenSSL Client Example - -(See the README.md file in the upper level 'examples' directory for more information about examples.) - -This example shows how to set up esp openssl client and communicate over ssl transport layer. - -## How to use example - -### Python scripts - -Script example_test.py could be used as a client part to the ESP-OPENSSL server demo, - -``` -python example_test.py -``` -Note that this script is used in automated tests, as well, so the IDF test framework packages need to be imported; -please add `$IDF_PATH/tools/ci/python_packages` to `PYTHONPATH`. - -### Hardware Required - -This example can be executed on any ESP32 board, the only required interface is WiFi and connection to internet. - -### Configure the project - -* Open the project configuration menu (`idf.py menuconfig`) -* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../../README.md) for more details. -* Configure the openssl client endpoint URI under "Example Configuration", if "OPENSSL_CLIENT_URI_FROM_STDIN" is selected then the example application will connect to the URI it reads from stdin (used for testing) - -* When using Make build system, set `Default serial port` under `Serial flasher config`. - -* When using OPENSSL_CLIENT_URI_FROM_STRING configure target domain and port number under "Example Configuration" - -* Please note that verification mode is VERIFY_PEER by default, that's why during connection to public host('www.baidu.com') it's needed to use - appropriate certificates('baidu_ca.crt'), or it is needed to change verify mode to VERIFY_NONE. - -### Build and Flash - -Build the project and flash it to the board, then run monitor tool to view serial output: - -``` -idf.py -p PORT flash monitor -``` - -(To exit the serial monitor, type ``Ctrl-]``.) - -See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects. - -## Example Output - -``` -I (2601) esp_netif_handlers: example_connect: sta ip: 192.168.1.191, mask: 255.255.255.0, gw: 192.168.1.1 -I (2601) example_connect: Got IPv4 event: Interface "example_connect: sta" address: 192.168.1.191 -I (3601) example_connect: Got IPv6 event: Interface "example_connect: sta" address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL -I (3601) example_connect: Connected to example_connect: sta -I (3611) example_connect: - IPv4 address: 192.168.1.191 -I (3611) example_connect: - IPv6 address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL -I (3631) openssl_example: Test started -I (3631) openssl_example: Trying connect to www.baidu.com port 443 ... -I (3641) openssl_example: DNS lookup succeeded. IP=103.235.46.39 -I (4101) openssl_example: OK -I (4101) openssl_example: Create SSL obj -I (4101) openssl_example: OK -I (4101) openssl_example: SSL verify mode = 0 connected to www.baidu.com port 443 ... -I (8091) openssl_example: OK -I (8091) openssl_example: SSL Connection Succeed - -``` diff --git a/examples/protocols/openssl_client/example_test.py b/examples/protocols/openssl_client/example_test.py deleted file mode 100644 index 96083a0f5c..0000000000 --- a/examples/protocols/openssl_client/example_test.py +++ /dev/null @@ -1,126 +0,0 @@ -from __future__ import print_function, unicode_literals - -import os -import re -import socket -import ssl -from threading import Event, Thread - -import ttfw_idf - -SERVER_CERTS_DIR = 'server_certs/' - - -def _path(f): - return os.path.join(os.path.dirname(os.path.realpath(__file__)),f) - - -def get_my_ip(): - s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) - try: - # doesn't even have to be reachable - s.connect(('10.255.255.255', 1)) - IP = s.getsockname()[0] - except socket.error: - IP = '127.0.0.1' - finally: - s.close() - return IP - - -# Simple TLS server -class TlsServer: - - def __init__(self, port, negotiated_protocol=ssl.PROTOCOL_TLSv1): - self.port = port - self.socket = socket.socket() - self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) - self.socket.settimeout(20.0) - self.shutdown = Event() - self.negotiated_protocol = negotiated_protocol - self.conn = None - self.ssl_error = None - self.server_thread = None - - def __enter__(self): - try: - self.socket.bind(('', self.port)) - except socket.error as e: - print('Bind failed:{}'.format(e)) - raise - - self.socket.listen(1) - self.server_thread = Thread(target=self.run_server) - self.server_thread.start() - - return self - - def __exit__(self, exc_type, exc_value, traceback): - self.shutdown.set() - self.server_thread.join() - self.socket.close() - if (self.conn is not None): - self.conn.close() - - def run_server(self): - ctx = ssl.SSLContext(self.negotiated_protocol) - ctx.load_cert_chain(certfile=_path(SERVER_CERTS_DIR + 'ca.crt'), keyfile=_path(SERVER_CERTS_DIR + 'ca.key')) - self.socket = ctx.wrap_socket(self.socket, server_side=True) - try: - print('Listening socket') - self.conn, address = self.socket.accept() # accept new connection - self.socket.settimeout(20.0) - print(' - connection from: {}'.format(address)) - except ssl.SSLError as e: - self.conn = None - self.ssl_error = str(e) - print(' - SSLError: {}'.format(str(e))) - - -def test_echo(dut): - dut.expect('SSL Connection Succeed') - print('SSL Connection Succeed') - - -@ttfw_idf.idf_example_test(env_tag='Example_WIFI') -def test_example_protocol_openssl_client(env, extra_data): - """ - steps: - 1. join AP - 2. connect to uri "xxxx.xxxx.xxxx.xxxx:port" - 3. send and receive data - """ - dut1 = env.get_dut('openssl_client', 'examples/protocols/openssl_client', dut_class=ttfw_idf.ESP32DUT) - # check and log bin size - binary_file = os.path.join(dut1.app.binary_path, 'openssl_client.bin') - binary_size = os.path.getsize(binary_file) - ttfw_idf.log_performance('openssl_client_bin_size', '{}KB'.format(binary_size // 1024)) - - try: - if 'CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN' in dut1.app.get_sdkconfig(): - uri_from_stdin = True - else: - uri = dut1.app.get_sdkconfig()['CONFIG_EXAMPLE_OPENSSL_CLIENT_TARGET_DOMAIN'].strip('"') - uri_from_stdin = False - except Exception: - print('ENV_TEST_FAILURE: Cannot find target domain in sdkconfig') - raise - - # start test - dut1.start_app() - dut1.expect(re.compile(r' IPv4 address: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'), timeout=30) - ip = get_my_ip() - - if uri_from_stdin: - server_port = 2222 - with TlsServer(server_port, negotiated_protocol=ssl.PROTOCOL_TLSv1_1): - print('Starting test') - dut1.write('{} {}'.format(ip, server_port)) - dut1.expect(re.compile('SSL Connection Succeed'), timeout=10) - else: - print('DUT connecting to {}'.format(uri)) - test_echo(dut1) - - -if __name__ == '__main__': - test_example_protocol_openssl_client() diff --git a/examples/protocols/openssl_client/main/CMakeLists.txt b/examples/protocols/openssl_client/main/CMakeLists.txt deleted file mode 100644 index f5a7cd6123..0000000000 --- a/examples/protocols/openssl_client/main/CMakeLists.txt +++ /dev/null @@ -1,2 +0,0 @@ -idf_component_register(SRCS "openssl_client_example_main.c" - INCLUDE_DIRS ".") diff --git a/examples/protocols/openssl_client/main/Kconfig.projbuild b/examples/protocols/openssl_client/main/Kconfig.projbuild deleted file mode 100644 index e84daf334f..0000000000 --- a/examples/protocols/openssl_client/main/Kconfig.projbuild +++ /dev/null @@ -1,28 +0,0 @@ -menu "Example Configuration" - - choice EXAMPLE_OPENSSL_CLIENT_URI_SOURCE - prompt "SSL Client URI source" - default EXAMPLE_OPENSSL_CLIENT_URI_FROM_STRING - help - Selects the source of the URI used in the example. - - config EXAMPLE_OPENSSL_CLIENT_URI_FROM_STRING - bool "From string" - - config EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN - bool "From stdin" - endchoice - - config EXAMPLE_OPENSSL_CLIENT_TARGET_DOMAIN - string "Target Domain" - default "www.baidu.com" - help - Target domain for the example to connect to. - - config EXAMPLE_OPENSSL_CLIENT_TARGET_PORT - string "Target port number" - default "443" - help - Target port number for the example to connect to. - -endmenu diff --git a/examples/protocols/openssl_client/main/baidu_ca.crt b/examples/protocols/openssl_client/main/baidu_ca.crt deleted file mode 100644 index c846c09b0b..0000000000 --- a/examples/protocols/openssl_client/main/baidu_ca.crt +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkG -A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv -b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw -MDBaFw0yNDAyMjAxMDAwMDBaMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i -YWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW -YWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB -DwAwggEKAoIBAQDHDmw/I5N/zHClnSDDDlM/fsBOwphJykfVI+8DNIV0yKMCLkZc -C33JiJ1Pi/D4nGyMVTXbv/Kz6vvjVudKRtkTIso21ZvBqOOWQ5PyDLzm+ebomchj -SHh/VzZpGhkdWtHUfcKc1H/hgBKueuqI6lfYygoKOhJJomIZeg0k9zfrtHOSewUj -mxK1zusp36QUArkBpdSmnENkiN74fv7j9R7l/tyjqORmMdlMJekYuYlZCa7pnRxt -Nw9KHjUgKOKv1CGLAcRFrW4rY6uSa2EKTSDtc7p8zv4WtdufgPDWi2zZCHlKT3hl -2pK8vjX5s8T5J4BO/5ZS5gIg4Qdz6V0rvbLxAgMBAAGjggElMIIBITAOBgNVHQ8B -Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUlt5h8b0cFilT -HMDMfTuDAEDmGnwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0 -dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCow -KKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYB -BQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNv -bS9yb290cjEwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZI -hvcNAQELBQADggEBAEYq7l69rgFgNzERhnF0tkZJyBAW/i9iIxerH4f4gu3K3w4s -32R1juUYcqeMOovJrKV3UPfvnqTgoI8UV6MqX+x+bRDmuo2wCId2Dkyy2VG7EQLy -XN0cvfNVlg/UBsD84iOKJHDTu/B5GqdhcIOKrwbFINihY9Bsrk8y1658GEV1BSl3 -30JAZGSGvip2CTFvHST0mdCF/vIhCPnG9vHQWe3WVjwIKANnuvD58ZAWR65n5ryA -SOlCdjSXVWkkDoPWoC209fN5ikkodBpBocLTJIg1MGCUF7ThBCIxPTsvFwayuJ2G -K1pp74P1S8SqtCr4fKGxhZSM9AyHDPSsQPhZSZg= ------END CERTIFICATE----- diff --git a/examples/protocols/openssl_client/main/component.mk b/examples/protocols/openssl_client/main/component.mk deleted file mode 100644 index d2f2860520..0000000000 --- a/examples/protocols/openssl_client/main/component.mk +++ /dev/null @@ -1,10 +0,0 @@ -# -# Main Makefile. This is basically the same as a component makefile. -# - -ifdef CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN -COMPONENT_EMBED_TXTFILES := ${PROJECT_PATH}/server_certs/ca.crt -else -COMPONENT_EMBED_TXTFILES := ${PROJECT_PATH}/main/baidu_ca.crt -endif -COMPONENT_EMBED_TXTFILES += ${PROJECT_PATH}/server_certs/ca.key diff --git a/examples/protocols/openssl_client/main/openssl_client_example.h b/examples/protocols/openssl_client/main/openssl_client_example.h deleted file mode 100644 index 212fb8d81b..0000000000 --- a/examples/protocols/openssl_client/main/openssl_client_example.h +++ /dev/null @@ -1,31 +0,0 @@ -/* OpenSSL client Example - - This example code is in the Public Domain (or CC0 licensed, at your option.) - - Unless required by applicable law or agreed to in writing, this - software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR - CONDITIONS OF ANY KIND, either express or implied. -*/ - -#ifndef _OPENSSL_EXAMPLE_H_ -#define _OPENSSL_EXAMPLE_H_ - -/* The examples use domain of "www.baidu.com" and port number of 433 that - you can set via the project configuration menu. - - If you'd rather not, just change the below entries to strings with - the config you want - ie #define OPENSSL_EXAMPLE_TARGET_NAME "www.baidu.com" - and ie #define OPENSSL_EXAMPLE_TARGET_TCP_PORT 433 -*/ -#define EXAMPLE_OPENSSL_TARGET_DOMAIN CONFIG_EXAMPLE_OPENSSL_CLIENT_TARGET_DOMAIN -#define EXAMPLE_OPENSSL_TARGET_PORT CONFIG_EXAMPLE_OPENSSL_CLIENT_TARGET_PORT - -#define EXAMPLE_OPENSSL_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n" - -#define EXAMPLE_OPENSSL_TASK_NAME "openssl_example" -#define EXAMPLE_OPENSSL_TASK_STACK_WORDS 10240 -#define EXAMPLE_OPENSSL_TASK_PRIORITY 8 - -#define EXAMPLE_OPENSSL_RECV_BUF_LEN 1024 - -#endif diff --git a/examples/protocols/openssl_client/main/openssl_client_example_main.c b/examples/protocols/openssl_client/main/openssl_client_example_main.c deleted file mode 100644 index 603c1b3b84..0000000000 --- a/examples/protocols/openssl_client/main/openssl_client_example_main.c +++ /dev/null @@ -1,170 +0,0 @@ -/* OpenSSL Client Example - - This example code is in the Public Domain (or CC0 licensed, at your option.) - - Unless required by applicable law or agreed to in writing, this - software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR - CONDITIONS OF ANY KIND, either express or implied. -*/ -#include "openssl_client_example.h" - -#include "openssl/ssl.h" - -#include "lwip/netdb.h" -#include "lwip/sockets.h" - -#include "nvs_flash.h" -#include "esp_event.h" -#include "esp_log.h" - -#include "protocol_examples_common.h" - - -static const char *TAG = "openssl_example"; - -static int open_connection(const char *host, char *port) -{ - const struct addrinfo hints = { - .ai_family = AF_INET, - .ai_socktype = SOCK_STREAM, - }; - struct addrinfo * res; - struct in_addr *addr; - int sd; - int err = getaddrinfo(host, port, &hints, &res); - if (err < 0) { - ESP_LOGE(TAG, "getaddrinfo() failed for IPV4 destination address. error: %d", err); - return -1; - } - if (res == 0) { - ESP_LOGE(TAG, "getaddrinfo() did not return any addresses"); - return -1; - } - addr = &((struct sockaddr_in *)res->ai_addr)->sin_addr; - ESP_LOGI(TAG, "DNS lookup succeeded. IP=%s", inet_ntoa(*addr)); - sd = socket(res->ai_family, res->ai_socktype, 0); - if(sd < 0) { - ESP_LOGE(TAG, "Failed to allocate socket."); - freeaddrinfo(res); - return -1; - } - if (connect(sd, res->ai_addr, res->ai_addrlen) != 0) { - ESP_LOGE(TAG, "Socket connect failed"); - return -1; - } - return sd; -} - -static SSL_CTX* init_contex(void) -{ - -#if CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN - extern const unsigned char cacert_pem_start[] asm("_binary_ca_crt_start"); - extern const unsigned char cacert_pem_end[] asm("_binary_ca_crt_end"); -#else - extern const unsigned char cacert_pem_start[] asm("_binary_baidu_ca_crt_start"); - extern const unsigned char cacert_pem_end[] asm("_binary_baidu_ca_crt_end"); -#endif - const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start; - - const SSL_METHOD *mtd = TLSv1_1_client_method(); - SSL_CTX *ctx = SSL_CTX_new(mtd); /* Create new context */ - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); - - X509 *x = d2i_X509(NULL, cacert_pem_start, cacert_pem_bytes); - if(!x) { - ESP_LOGI(TAG,"Loading certs failed \n"); - } - SSL_CTX_add_client_CA(ctx, x); - - return ctx; -} - -static void start_example(const char *host, char *port) -{ - SSL_CTX *ctx = NULL; - SSL *ssl = NULL; - int sockfd; - int ret; - - ctx = init_contex(); - if (!ctx) { - ESP_LOGE(TAG, "Failed"); - goto failed1; - } - ESP_LOGI(TAG, "Trying connect to %s port %s ...", host, port); - sockfd = open_connection(host, port); - if(sockfd < 0) { - ESP_LOGE(TAG,"Failed"); - goto failed1; - } - ESP_LOGI(TAG, "OK"); - ESP_LOGI(TAG, "Create SSL obj"); - ssl = SSL_new(ctx); - if (!ssl) { - ESP_LOGE(TAG,"Failed"); - goto failed2; - } - ESP_LOGI(TAG, "OK"); - SSL_set_fd(ssl, sockfd); - ret = SSL_connect(ssl); - if (ret <= 0) { - ESP_LOGE(TAG,"SSL Connection Failed"); - goto failed3; - } - ESP_LOGI(TAG,"SSL Connection Succeed"); -failed3: - SSL_free(ssl); - ssl = NULL; -failed2: - close(sockfd); - sockfd = -1; -failed1: - SSL_CTX_free(ctx); - ctx = NULL; -} - -#if CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN -static void get_string(char *line, size_t size) -{ - int count = 0; - while (count < size) { - int c = fgetc(stdin); - if (c == '\n') { - line[count] = '\0'; - break; - } else if (c > 0 && c < 127) { - line[count] = c; - ++count; - } - vTaskDelay(10 / portTICK_PERIOD_MS); - } -} -#endif /* CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN */ - -void app_main(void) -{ - char host[128] = EXAMPLE_OPENSSL_TARGET_DOMAIN; - char port[32] = EXAMPLE_OPENSSL_TARGET_PORT; - - ESP_LOGI(TAG, "[APP] Startup.."); - ESP_LOGI(TAG, "[APP] Free memory: %d bytes", esp_get_free_heap_size()); - ESP_LOGI(TAG, "[APP] IDF version: %s", esp_get_idf_version()); - - ESP_ERROR_CHECK(nvs_flash_init()); - ESP_ERROR_CHECK(esp_netif_init()); - ESP_ERROR_CHECK(esp_event_loop_create_default()); - - /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig. - * Read "Establishing Wi-Fi or Ethernet Connection" section in - * examples/protocols/README.md for more information about this function. - */ - ESP_ERROR_CHECK(example_connect()); - -#if CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN - char line[256] = ""; - get_string(line, sizeof(line)); - sscanf(line, "%s %s", host, port); -#endif /* CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN */ - start_example(host, port); -} diff --git a/examples/protocols/openssl_client/sdkconfig.ci b/examples/protocols/openssl_client/sdkconfig.ci deleted file mode 100644 index ab023d2264..0000000000 --- a/examples/protocols/openssl_client/sdkconfig.ci +++ /dev/null @@ -1,2 +0,0 @@ -CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN=y -CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STRING=n diff --git a/examples/protocols/openssl_client/server_certs/ca.crt b/examples/protocols/openssl_client/server_certs/ca.crt deleted file mode 100644 index 541d527602..0000000000 --- a/examples/protocols/openssl_client/server_certs/ca.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDTTCCAjWgAwIBAgIUe0ZW+zwJ0KauAHVreTmv8xqC9QgwDQYJKoZIhvcNAQEL -BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM -CUVzcHJlc3NpZjAeFw0yMDA5MjMwNzU1NTRaFw00ODAyMDkwNzU1NTRaMDYxCzAJ -BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz -aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52tv077MpX817BVUP -yjmz/Nk1Tj7Za4pHlpVlbRRSlEz5h/62s7arB6dq9K2kC7fTIkw6MN/Qp4zPZ1Ug -0abzZesb71w3NLhw9ModiakDkvdRoDORXbxeJuxHbJyui/8N9UNJfb3IOPX/nSP+ -coDWrkk0GrJbLwU1aLf7zr00iY2yx+lAEd75ElXhKrheUJJ/dpKYl4ZcGSm55WkQ -tJi5dHfZCx1dDXnt49q5hbGa7lsOwdIdE7xM4NtqWo61LJ2Z/scbha48RMvEAnAl -IfG9VcfjfOY1Y3LZemXS1NhuGRRgT3hc/xJFyTja4zg71XK1Z5VJO/QShFuDWnkx -oXrdAgMBAAGjUzBRMB0GA1UdDgQWBBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAfBgNV -HSMEGDAWgBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAPBgNVHRMBAf8EBTADAQH/MA0G -CSqGSIb3DQEBCwUAA4IBAQBqu44Bdq2JWAx3gDrIz42Vvocq4kRkNEg2C00b7OEU -Hi/zm2JTOyoHQfLZWc1Y6dzcPTbA/+7JFgnlgyzfH4YCi8YosEjRB+cBqEwDeeGY -XS0vKxEG69vDb/neqsKsWawKU7P8TVar7qg/41eqoC84o/d23eBFJ0Tr/3EWO5hr -8ct2mSLkewCJIzxqQIsORynxjd7K9N2Dxb7Lg7kremM+nADfrbArSh443t+G9YEY -fDatlIgFXietPyg6i27Aob5Ogs5gmbdY2swEoYfnrN++DpLyLoPB9Y1t/691CkNF -AzCQft+CFyZfNXbjHBE7q3s660/UkC20OyHFyFt9C0q2 ------END CERTIFICATE----- diff --git a/examples/protocols/openssl_client/server_certs/ca.key b/examples/protocols/openssl_client/server_certs/ca.key deleted file mode 100644 index 99f0a0aea1..0000000000 --- a/examples/protocols/openssl_client/server_certs/ca.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAudrb9O+zKV/NewVVD8o5s/zZNU4+2WuKR5aVZW0UUpRM+Yf+ -trO2qwenavStpAu30yJMOjDf0KeMz2dVINGm82XrG+9cNzS4cPTKHYmpA5L3UaAz -kV28XibsR2ycrov/DfVDSX29yDj1/50j/nKA1q5JNBqyWy8FNWi3+869NImNssfp -QBHe+RJV4Sq4XlCSf3aSmJeGXBkpueVpELSYuXR32QsdXQ157ePauYWxmu5bDsHS -HRO8TODbalqOtSydmf7HG4WuPETLxAJwJSHxvVXH43zmNWNy2Xpl0tTYbhkUYE94 -XP8SRck42uM4O9VytWeVSTv0EoRbg1p5MaF63QIDAQABAoIBAQC480UkcEz4hW/0 -VpAZkILvzFVTKLR+pPgM2Zt+PZiVvSMExwMBScIkXQ+L7kXGFCswntcAqZZxC+ui -khAzAq+DVA8t03sPLRXGwrNHxbA98EjSH/xxUribcVx8j2c0g/ijKUl2nvz3fUfA -wd4J3mS8PuB2S4LmHtquFbHRkiDTX8RPtq+1ZGpl2+u2DlKIyPrkr8UZyZPVVjHd -ACyG4rJdFy/XVS3cGSQ0Nkp/Ml706oSOUklRPzQEumZt6UkdgRYt9VlLL65CzIrF -qW34v0olgD5pVM4hIKIV8GgqGCqKhfsj8Mv6kQ2iO4/Wu32iwwezGpqO5pOUVJLB -t/22iNxBAoGBAOmHHUN9Vl5wnZ88/TG1zU4aom/PHNiPCym1Zr4MekdMtCOFo+i/ -8hB+X8ZfR8VfQpzF2TdvCde0f/nQCT7ixCFmx5ZgD6QqDU2oHqV1N+/6k3IFGG8X -BFcKMOyRU866E7RknMQfXmKc0V9BFnwo1hFfNlaQNUsiT6BX9TXvDzBVAoGBAMu9 -Vpnv95FbFAb3+5gLABfFu9jUDSIanE+YJgtm5akDxF5paYZNTUcTe0KwT/h/nqyU -EyHeb32IbKUOzEmN1RlvfIec2QmZJk0u6TfLRLmORsBxM5z5dn+mvJwsYHaam0iI -pdpbnObCH+dIgGrn6zPPgaLr/NQ/GJMbVpGTVAhpAoGAc9p9MRtAOvABspsuPXgl -F2dtSKzmcaVdc160TvqfuzmZcLn/HBwFuhsH5sEkOQ3OXTpmTfL/Xg0FJGkJ/THA -/ZUg1UBo4heeq/UI5yrlCmA0v+85NPulQo0iwmpCup9j4S28/CtXxvJniKsgvY4A -zXN/4KgAWHr4J+MbGpuz3FUCgYB6ACr3iyaoN+3KLnzOEug/U/ykXnZu0ZiAYQ+H -DFrB1qukDWNPNMLtqNDKomGA4IrXtOOwCE6i0SqdvDrAYNoWnRfo7RdaFAdHeKvW -6TWCF5xuaFsLyKYY0nNm4XvyCaqqyIjoNKvD0sLf8B5V5gKFx+BM+xsuzYmdrWUt -Txem4QKBgQDGTEuEy8lX3AO7+iSwjgOC0mooLOR6MoH3iH81GUj+IuiwngIDRtHj -gIh0mNu6vgQkfBkaP27tyr00PBi3SIGAJOLaTKimjEOk0plTw1ewt4apMlhdcT/f -eVEUD7zpX3v1a8mN34wCRUEilpfMvEpIxW3GnDRzxVaXerydLiApJQ== ------END RSA PRIVATE KEY----- diff --git a/examples/protocols/openssl_server/CMakeLists.txt b/examples/protocols/openssl_server/CMakeLists.txt deleted file mode 100644 index 7ed911f9e8..0000000000 --- a/examples/protocols/openssl_server/CMakeLists.txt +++ /dev/null @@ -1,13 +0,0 @@ -# The following lines of boilerplate have to be in your project's CMakeLists -# in this exact order for cmake to work correctly -cmake_minimum_required(VERSION 3.5) - -# (Not part of the boilerplate) -# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection. -set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common) - -include($ENV{IDF_PATH}/tools/cmake/project.cmake) -project(openssl_server) - -target_add_binary_data(openssl_server.elf "server_certs/ca.crt" TEXT) -target_add_binary_data(openssl_server.elf "server_certs/ca.key" TEXT) diff --git a/examples/protocols/openssl_server/Makefile b/examples/protocols/openssl_server/Makefile deleted file mode 100644 index 9fa1b2a289..0000000000 --- a/examples/protocols/openssl_server/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -# -# This is a project Makefile. It is assumed the directory this Makefile resides in is a -# project subdirectory. -# - -PROJECT_NAME := openssl_server - -EXTRA_COMPONENT_DIRS = $(IDF_PATH)/examples/common_components/protocol_examples_common - -include $(IDF_PATH)/make/project.mk diff --git a/examples/protocols/openssl_server/README.md b/examples/protocols/openssl_server/README.md deleted file mode 100644 index d41aca3db7..0000000000 --- a/examples/protocols/openssl_server/README.md +++ /dev/null @@ -1,65 +0,0 @@ -# OpenSSL Server Example - -(See the README.md file in the upper level 'examples' directory for more information about examples.) - -This example connects to the ESP-OPENSSL server demo using ssl transport and and sends some messages. - -## How to use example - -### Python scripts - -Script example_test.py could be used as a client part to the ESP-OPENSSL server demo, - -``` -python example_test.py -``` -Note that this script is used in automated tests, as well, so the IDF test framework packages need to be imported; -please add `$IDF_PATH/tools/ci/python_packages` to `PYTHONPATH`. - -### Hardware Required - -This example can be executed on any ESP32 board, the only required interface is WiFi and connection to internet. - -### Configure the project - -* Open the project configuration menu (`idf.py menuconfig`) -* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../../README.md) for more details. -* When using Make build system, set `Default serial port` under `Serial flasher config`. - -### Build and Flash - -Build the project and flash it to the board, then run monitor tool to view serial output: - -``` -idf.py -p PORT flash monitor -``` - -(To exit the serial monitor, type ``Ctrl-]``.) - -See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects. - -## Example Output - -``` -I (2609) example_connect: Got IPv6 event: Interface "example_connect: sta" address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL -I (3609) esp_netif_handlers: example_connect: sta ip: 192.168.1.191, mask: 255.255.255.0, gw: 192.168.1.1 -I (3609) example_connect: Got IPv4 event: Interface "example_connect: sta" address: 192.168.1.191 -I (3619) example_connect: Connected to example_connect: sta -I (3619) example_connect: - IPv4 address: 192.168.1.191 -I (3629) example_connect: - IPv6 address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL -I (3639) OPENSSL_EXAMPLE: SSL server context create ...... -I (3649) OPENSSL_EXAMPLE: OK -I (3649) OPENSSL_EXAMPLE: SSL server context set own certification...... -I (3659) OPENSSL_EXAMPLE: OK -I (3659) OPENSSL_EXAMPLE: SSL server context set private key...... -I (3669) OPENSSL_EXAMPLE: OK -I (3669) OPENSSL_EXAMPLE: SSL server create socket ...... -I (3679) OPENSSL_EXAMPLE: OK -I (3679) OPENSSL_EXAMPLE: SSL server socket bind ...... -I (3689) OPENSSL_EXAMPLE: OK -I (3689) OPENSSL_EXAMPLE: SSL server socket listen on 443 port -I (3699) OPENSSL_EXAMPLE: OK -I (3699) OPENSSL_EXAMPLE: SSL server create ...... -I (3709) OPENSSL_EXAMPLE: OK -I (3709) OPENSSL_EXAMPLE: SSL server socket accept client ...... -``` diff --git a/examples/protocols/openssl_server/example_test.py b/examples/protocols/openssl_server/example_test.py deleted file mode 100644 index be1af74fcd..0000000000 --- a/examples/protocols/openssl_server/example_test.py +++ /dev/null @@ -1,47 +0,0 @@ -from __future__ import print_function, unicode_literals - -import os -import re -import socket -import ssl - -import ttfw_idf - - -def _path(f): - return os.path.join(os.path.dirname(os.path.realpath(__file__)),f) - - -@ttfw_idf.idf_example_test(env_tag='Example_WIFI') -def test_example_protocol_openssl_server(env, extra_data): - """ - steps: - 1. join AP - 2. connect to uri "xxxx.xxxx.xxxx.xxxx:port" - 3. send data - """ - dut1 = env.get_dut('openssl_server', 'examples/protocols/openssl_server', dut_class=ttfw_idf.ESP32DUT) - # check and log bin size - binary_file = os.path.join(dut1.app.binary_path, 'openssl_server.bin') - bin_size = os.path.getsize(binary_file) - ttfw_idf.log_performance('openssl_server_bin_size', '{}KB'.format(bin_size // 1024)) - # start test - dut1.start_app() - ip = dut1.expect(re.compile(r' IPv4 address: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'), timeout=30)[0] - port = dut1.expect(re.compile(r' SSL server socket listen on ([0-9]+)'), timeout=30)[0] - # create socket - sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - sock.settimeout(10) - addr = (ip, int(port)) - sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) - # wrap socket - wrappedSocket = ssl.wrap_socket(sock, ca_certs=_path('server_certs/ca.crt'), cert_reqs=ssl.CERT_REQUIRED) - # connect and send data - wrappedSocket.connect(addr) - wrappedSocket.send('Some Data'.encode()) - # close socket connection - wrappedSocket.close() - - -if __name__ == '__main__': - test_example_protocol_openssl_server() diff --git a/examples/protocols/openssl_server/main/CMakeLists.txt b/examples/protocols/openssl_server/main/CMakeLists.txt deleted file mode 100644 index 592d3df099..0000000000 --- a/examples/protocols/openssl_server/main/CMakeLists.txt +++ /dev/null @@ -1,3 +0,0 @@ -# Embed the certificate & key data directly in the built binary -idf_component_register(SRCS "openssl_server_example_main.c" - INCLUDE_DIRS ".") diff --git a/examples/protocols/openssl_server/main/Kconfig.projbuild b/examples/protocols/openssl_server/main/Kconfig.projbuild deleted file mode 100644 index 6b9e21c67a..0000000000 --- a/examples/protocols/openssl_server/main/Kconfig.projbuild +++ /dev/null @@ -1,10 +0,0 @@ -menu "Example Configuration" - - config EXAMPLE_OPENSSL_SERVER_PORT - int "Target port number" - range 0 65535 - default 443 - help - Target port number for the example to connect to. - -endmenu diff --git a/examples/protocols/openssl_server/main/component.mk b/examples/protocols/openssl_server/main/component.mk deleted file mode 100644 index 2f52006ae6..0000000000 --- a/examples/protocols/openssl_server/main/component.mk +++ /dev/null @@ -1,6 +0,0 @@ -# -# Main Makefile. This is basically the same as a component makefile. -# - -COMPONENT_EMBED_TXTFILES := ${PROJECT_PATH}/server_certs/ca.crt -COMPONENT_EMBED_TXTFILES += ${PROJECT_PATH}/server_certs/ca.key diff --git a/examples/protocols/openssl_server/main/openssl_server_example.h b/examples/protocols/openssl_server/main/openssl_server_example.h deleted file mode 100644 index 4cf8c7710c..0000000000 --- a/examples/protocols/openssl_server/main/openssl_server_example.h +++ /dev/null @@ -1,23 +0,0 @@ -/* OpenSSL server Example - - This example code is in the Public Domain (or CC0 licensed, at your option.) - - Unless required by applicable law or agreed to in writing, this - software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR - CONDITIONS OF ANY KIND, either express or implied. -*/ - -#ifndef _OPENSSL_SERVER_H_ -#define _OPENSSL_SERVER_H_ - -#include "sdkconfig.h" - -#define OPENSSL_EXAMPLE_TASK_NAME "openssl_example" -#define OPENSSL_EXAMPLE_TASK_STACK_WORDS 10240 -#define OPENSSL_EXAMPLE_TASK_PRIORITY 8 - -#define OPENSSL_EXAMPLE_RECV_BUF_LEN 1024 - -#define OPENSSL_EXAMPLE_LOCAL_TCP_PORT CONFIG_EXAMPLE_OPENSSL_SERVER_PORT - -#endif diff --git a/examples/protocols/openssl_server/main/openssl_server_example_main.c b/examples/protocols/openssl_server/main/openssl_server_example_main.c deleted file mode 100644 index 500a45397c..0000000000 --- a/examples/protocols/openssl_server/main/openssl_server_example_main.c +++ /dev/null @@ -1,225 +0,0 @@ -/* OpenSSL Server Example - - This example code is in the Public Domain (or CC0 licensed, at your option.) - - Unless required by applicable law or agreed to in writing, this - software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR - CONDITIONS OF ANY KIND, either express or implied. -*/ - -#include "openssl_server_example.h" - -#include - -#include "openssl/ssl.h" - -#include "freertos/FreeRTOS.h" -#include "freertos/task.h" - -#include "esp_log.h" -#include "esp_wifi.h" -#include "esp_event.h" -#include "esp_netif.h" -#include "nvs_flash.h" -#include "protocol_examples_common.h" - -#include "lwip/sockets.h" -#include "lwip/netdb.h" - - -const static char *TAG = "openssl_example"; - -#define OPENSSL_EXAMPLE_SERVER_ACK "HTTP/1.1 200 OK\r\n" \ - "Content-Type: text/html\r\n" \ - "Content-Length: 106\r\n\r\n" \ - "\r\n" \ - "\r\n" \ - "OpenSSL example\r\n" \ - "OpenSSL server example!\r\n" \ - "\r\n" \ - "\r\n" \ - "\r\n" - -static void openssl_example_task(void *p) -{ - int ret; - - SSL_CTX *ctx; - SSL *ssl; - - int sockfd, new_sockfd; - socklen_t addr_len; - struct sockaddr_in sock_addr; - - char recv_buf[OPENSSL_EXAMPLE_RECV_BUF_LEN]; - - const char send_data[] = OPENSSL_EXAMPLE_SERVER_ACK; - const int send_bytes = sizeof(send_data); - - extern const unsigned char ca_crt_start[] asm("_binary_ca_crt_start"); - extern const unsigned char ca_crt_end[] asm("_binary_ca_crt_end"); - const unsigned int ca_crt_bytes = ca_crt_end - ca_crt_start; - - extern const unsigned char ca_key_start[] asm("_binary_ca_key_start"); - extern const unsigned char ca_key_end[] asm("_binary_ca_key_end"); - const unsigned int ca_key_bytes = ca_key_end - ca_key_start; - - ESP_LOGI(TAG, "SSL server context create ......"); - /* For security reasons, it is best if you can use - TLSv1_2_server_method() here instead of TLS_server_method(). - However some old browsers may not support TLS v1.2. - */ - ctx = SSL_CTX_new(TLS_server_method()); - if (!ctx) { - ESP_LOGI(TAG, "failed"); - goto failed1; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "SSL server context set own certification......"); - ret = SSL_CTX_use_certificate_ASN1(ctx, ca_crt_bytes, ca_crt_start); - if (!ret) { - ESP_LOGI(TAG, "failed"); - goto failed2; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "SSL server context set private key......"); - ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, ca_key_start, ca_key_bytes); - if (!ret) { - ESP_LOGI(TAG, "failed"); - goto failed2; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "SSL server create socket ......"); - sockfd = socket(AF_INET, SOCK_STREAM, 0); - if (sockfd < 0) { - ESP_LOGI(TAG, "failed"); - goto failed2; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "SSL server socket bind ......"); - memset(&sock_addr, 0, sizeof(sock_addr)); - sock_addr.sin_family = AF_INET; - sock_addr.sin_addr.s_addr = 0; - sock_addr.sin_port = htons(OPENSSL_EXAMPLE_LOCAL_TCP_PORT); - ret = bind(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr)); - if (ret) { - ESP_LOGI(TAG, "failed"); - goto failed3; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "SSL server socket listen on %d port", OPENSSL_EXAMPLE_LOCAL_TCP_PORT); - ret = listen(sockfd, 32); - if (ret) { - ESP_LOGI(TAG, "failed"); - goto failed3; - } - ESP_LOGI(TAG, "OK"); - -reconnect: - ESP_LOGI(TAG, "SSL server create ......"); - ssl = SSL_new(ctx); - if (!ssl) { - ESP_LOGI(TAG, "failed"); - goto failed3; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "SSL server socket accept client ......"); - new_sockfd = accept(sockfd, (struct sockaddr *)&sock_addr, &addr_len); - if (new_sockfd < 0) { - ESP_LOGI(TAG, "failed" ); - goto failed4; - } - ESP_LOGI(TAG, "OK"); - - SSL_set_fd(ssl, new_sockfd); - - ESP_LOGI(TAG, "SSL server accept client ......"); - ret = SSL_accept(ssl); - if (!ret) { - ESP_LOGI(TAG, "failed"); - goto failed5; - } - ESP_LOGI(TAG, "OK"); - - ESP_LOGI(TAG, "SSL server read message ......"); - do { - memset(recv_buf, 0, OPENSSL_EXAMPLE_RECV_BUF_LEN); - ret = SSL_read(ssl, recv_buf, OPENSSL_EXAMPLE_RECV_BUF_LEN - 1); - if (ret <= 0) { - break; - } - ESP_LOGI(TAG, "SSL read: %s", recv_buf); - if (strstr(recv_buf, "GET ") && - strstr(recv_buf, " HTTP/1.1")) { - ESP_LOGI(TAG, "SSL get matched message"); - ESP_LOGI(TAG, "SSL write message"); - ret = SSL_write(ssl, send_data, send_bytes); - if (ret > 0) { - ESP_LOGI(TAG, "OK"); - } else { - ESP_LOGI(TAG, "error"); - } - break; - } - } while (1); - - SSL_shutdown(ssl); -failed5: - close(new_sockfd); - new_sockfd = -1; -failed4: - SSL_free(ssl); - ssl = NULL; - goto reconnect; -failed3: - close(sockfd); - sockfd = -1; -failed2: - SSL_CTX_free(ctx); - ctx = NULL; -failed1: - vTaskDelete(NULL); - return ; -} - -static void openssl_server_init(void) -{ - int ret; - xTaskHandle openssl_handle; - - ret = xTaskCreate(openssl_example_task, - OPENSSL_EXAMPLE_TASK_NAME, - OPENSSL_EXAMPLE_TASK_STACK_WORDS, - NULL, - OPENSSL_EXAMPLE_TASK_PRIORITY, - &openssl_handle); - - if (ret != pdPASS) { - ESP_LOGI(TAG, "create task %s failed", OPENSSL_EXAMPLE_TASK_NAME); - } -} - -void app_main(void) -{ - ESP_LOGI(TAG, "[APP] Startup.."); - ESP_LOGI(TAG, "[APP] Free memory: %d bytes", esp_get_free_heap_size()); - ESP_LOGI(TAG, "[APP] IDF version: %s", esp_get_idf_version()); - - ESP_ERROR_CHECK(nvs_flash_init()); - ESP_ERROR_CHECK(esp_netif_init()); - ESP_ERROR_CHECK(esp_event_loop_create_default()); - - /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig. - * Read "Establishing Wi-Fi or Ethernet Connection" section in - * examples/protocols/README.md for more information about this function. - */ - ESP_ERROR_CHECK(example_connect()); - - openssl_server_init(); -} diff --git a/examples/protocols/openssl_server/server_certs/ca.crt b/examples/protocols/openssl_server/server_certs/ca.crt deleted file mode 100644 index 541d527602..0000000000 --- a/examples/protocols/openssl_server/server_certs/ca.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDTTCCAjWgAwIBAgIUe0ZW+zwJ0KauAHVreTmv8xqC9QgwDQYJKoZIhvcNAQEL -BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM -CUVzcHJlc3NpZjAeFw0yMDA5MjMwNzU1NTRaFw00ODAyMDkwNzU1NTRaMDYxCzAJ -BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz -aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52tv077MpX817BVUP -yjmz/Nk1Tj7Za4pHlpVlbRRSlEz5h/62s7arB6dq9K2kC7fTIkw6MN/Qp4zPZ1Ug -0abzZesb71w3NLhw9ModiakDkvdRoDORXbxeJuxHbJyui/8N9UNJfb3IOPX/nSP+ -coDWrkk0GrJbLwU1aLf7zr00iY2yx+lAEd75ElXhKrheUJJ/dpKYl4ZcGSm55WkQ -tJi5dHfZCx1dDXnt49q5hbGa7lsOwdIdE7xM4NtqWo61LJ2Z/scbha48RMvEAnAl -IfG9VcfjfOY1Y3LZemXS1NhuGRRgT3hc/xJFyTja4zg71XK1Z5VJO/QShFuDWnkx -oXrdAgMBAAGjUzBRMB0GA1UdDgQWBBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAfBgNV -HSMEGDAWgBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAPBgNVHRMBAf8EBTADAQH/MA0G -CSqGSIb3DQEBCwUAA4IBAQBqu44Bdq2JWAx3gDrIz42Vvocq4kRkNEg2C00b7OEU -Hi/zm2JTOyoHQfLZWc1Y6dzcPTbA/+7JFgnlgyzfH4YCi8YosEjRB+cBqEwDeeGY -XS0vKxEG69vDb/neqsKsWawKU7P8TVar7qg/41eqoC84o/d23eBFJ0Tr/3EWO5hr -8ct2mSLkewCJIzxqQIsORynxjd7K9N2Dxb7Lg7kremM+nADfrbArSh443t+G9YEY -fDatlIgFXietPyg6i27Aob5Ogs5gmbdY2swEoYfnrN++DpLyLoPB9Y1t/691CkNF -AzCQft+CFyZfNXbjHBE7q3s660/UkC20OyHFyFt9C0q2 ------END CERTIFICATE----- diff --git a/examples/protocols/openssl_server/server_certs/ca.key b/examples/protocols/openssl_server/server_certs/ca.key deleted file mode 100644 index 99f0a0aea1..0000000000 --- a/examples/protocols/openssl_server/server_certs/ca.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAudrb9O+zKV/NewVVD8o5s/zZNU4+2WuKR5aVZW0UUpRM+Yf+ -trO2qwenavStpAu30yJMOjDf0KeMz2dVINGm82XrG+9cNzS4cPTKHYmpA5L3UaAz -kV28XibsR2ycrov/DfVDSX29yDj1/50j/nKA1q5JNBqyWy8FNWi3+869NImNssfp -QBHe+RJV4Sq4XlCSf3aSmJeGXBkpueVpELSYuXR32QsdXQ157ePauYWxmu5bDsHS -HRO8TODbalqOtSydmf7HG4WuPETLxAJwJSHxvVXH43zmNWNy2Xpl0tTYbhkUYE94 -XP8SRck42uM4O9VytWeVSTv0EoRbg1p5MaF63QIDAQABAoIBAQC480UkcEz4hW/0 -VpAZkILvzFVTKLR+pPgM2Zt+PZiVvSMExwMBScIkXQ+L7kXGFCswntcAqZZxC+ui -khAzAq+DVA8t03sPLRXGwrNHxbA98EjSH/xxUribcVx8j2c0g/ijKUl2nvz3fUfA -wd4J3mS8PuB2S4LmHtquFbHRkiDTX8RPtq+1ZGpl2+u2DlKIyPrkr8UZyZPVVjHd -ACyG4rJdFy/XVS3cGSQ0Nkp/Ml706oSOUklRPzQEumZt6UkdgRYt9VlLL65CzIrF -qW34v0olgD5pVM4hIKIV8GgqGCqKhfsj8Mv6kQ2iO4/Wu32iwwezGpqO5pOUVJLB -t/22iNxBAoGBAOmHHUN9Vl5wnZ88/TG1zU4aom/PHNiPCym1Zr4MekdMtCOFo+i/ -8hB+X8ZfR8VfQpzF2TdvCde0f/nQCT7ixCFmx5ZgD6QqDU2oHqV1N+/6k3IFGG8X -BFcKMOyRU866E7RknMQfXmKc0V9BFnwo1hFfNlaQNUsiT6BX9TXvDzBVAoGBAMu9 -Vpnv95FbFAb3+5gLABfFu9jUDSIanE+YJgtm5akDxF5paYZNTUcTe0KwT/h/nqyU -EyHeb32IbKUOzEmN1RlvfIec2QmZJk0u6TfLRLmORsBxM5z5dn+mvJwsYHaam0iI -pdpbnObCH+dIgGrn6zPPgaLr/NQ/GJMbVpGTVAhpAoGAc9p9MRtAOvABspsuPXgl -F2dtSKzmcaVdc160TvqfuzmZcLn/HBwFuhsH5sEkOQ3OXTpmTfL/Xg0FJGkJ/THA -/ZUg1UBo4heeq/UI5yrlCmA0v+85NPulQo0iwmpCup9j4S28/CtXxvJniKsgvY4A -zXN/4KgAWHr4J+MbGpuz3FUCgYB6ACr3iyaoN+3KLnzOEug/U/ykXnZu0ZiAYQ+H -DFrB1qukDWNPNMLtqNDKomGA4IrXtOOwCE6i0SqdvDrAYNoWnRfo7RdaFAdHeKvW -6TWCF5xuaFsLyKYY0nNm4XvyCaqqyIjoNKvD0sLf8B5V5gKFx+BM+xsuzYmdrWUt -Txem4QKBgQDGTEuEy8lX3AO7+iSwjgOC0mooLOR6MoH3iH81GUj+IuiwngIDRtHj -gIh0mNu6vgQkfBkaP27tyr00PBi3SIGAJOLaTKimjEOk0plTw1ewt4apMlhdcT/f -eVEUD7zpX3v1a8mN34wCRUEilpfMvEpIxW3GnDRzxVaXerydLiApJQ== ------END RSA PRIVATE KEY----- diff --git a/tools/ci/check_copyright_ignore.txt b/tools/ci/check_copyright_ignore.txt index 9f9f6e33f1..e907e8755c 100644 --- a/tools/ci/check_copyright_ignore.txt +++ b/tools/ci/check_copyright_ignore.txt @@ -2119,7 +2119,6 @@ components/openssl/include/internal/tls1.h components/openssl/include/internal/x509_vfy.h components/openssl/include/openssl/bio.h components/openssl/include/openssl/err.h -components/openssl/include/openssl/ssl.h components/openssl/include/platform/ssl_opt.h components/openssl/include/platform/ssl_pm.h components/openssl/include/platform/ssl_port.h @@ -2130,7 +2129,6 @@ components/openssl/library/ssl_lib.c components/openssl/library/ssl_methods.c components/openssl/library/ssl_pkey.c components/openssl/library/ssl_stack.c -components/openssl/library/ssl_x509.c components/openssl/platform/ssl_pm.c components/openssl/platform/ssl_port.c components/openssl/test/test_openssl.c diff --git a/tools/test_apps/protocols/openssl/main/connect_test.c b/tools/test_apps/protocols/openssl/main/connect_test.c index bf99ad4ab1..8ba6cf0be8 100644 --- a/tools/test_apps/protocols/openssl/main/connect_test.c +++ b/tools/test_apps/protocols/openssl/main/connect_test.c @@ -1,3 +1,5 @@ +#define ESP_OPENSSL_SUPPRESS_LEGACY_WARNING + #include #include #include