2016-11-17 21:07:34 -05:00
|
|
|
/* OpenSSL server Example
|
|
|
|
|
|
|
|
This example code is in the Public Domain (or CC0 licensed, at your option.)
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, this
|
|
|
|
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
|
|
|
|
CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
*/
|
2016-11-15 22:11:01 -05:00
|
|
|
|
2017-03-22 00:36:11 -04:00
|
|
|
#include "openssl_server_example.h"
|
2016-11-15 22:11:01 -05:00
|
|
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
#include "openssl/ssl.h"
|
|
|
|
|
|
|
|
#include "freertos/FreeRTOS.h"
|
|
|
|
#include "freertos/task.h"
|
|
|
|
|
|
|
|
#include "esp_log.h"
|
|
|
|
#include "esp_wifi.h"
|
2018-11-20 11:41:45 -05:00
|
|
|
#include "esp_event.h"
|
2019-08-31 10:19:21 -04:00
|
|
|
#include "esp_netif.h"
|
2016-11-15 22:11:01 -05:00
|
|
|
#include "nvs_flash.h"
|
2018-11-20 11:41:45 -05:00
|
|
|
#include "protocol_examples_common.h"
|
2016-11-15 22:11:01 -05:00
|
|
|
|
|
|
|
#include "lwip/sockets.h"
|
|
|
|
#include "lwip/netdb.h"
|
|
|
|
|
|
|
|
|
2017-03-22 00:36:11 -04:00
|
|
|
const static char *TAG = "Openssl_example";
|
2016-11-15 22:11:01 -05:00
|
|
|
|
2017-03-22 00:36:11 -04:00
|
|
|
#define OPENSSL_EXAMPLE_SERVER_ACK "HTTP/1.1 200 OK\r\n" \
|
2016-11-15 22:11:01 -05:00
|
|
|
"Content-Type: text/html\r\n" \
|
2018-10-09 09:01:35 -04:00
|
|
|
"Content-Length: 106\r\n\r\n" \
|
2016-11-15 22:11:01 -05:00
|
|
|
"<html>\r\n" \
|
|
|
|
"<head>\r\n" \
|
2017-03-22 00:36:11 -04:00
|
|
|
"<title>OpenSSL example</title></head><body>\r\n" \
|
|
|
|
"OpenSSL server example!\r\n" \
|
2016-11-15 22:11:01 -05:00
|
|
|
"</body>\r\n" \
|
2016-12-20 23:04:26 -05:00
|
|
|
"</html>\r\n" \
|
|
|
|
"\r\n"
|
2016-11-15 22:11:01 -05:00
|
|
|
|
2017-03-22 00:36:11 -04:00
|
|
|
static void openssl_example_task(void *p)
|
2016-11-15 22:11:01 -05:00
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
SSL_CTX *ctx;
|
|
|
|
SSL *ssl;
|
|
|
|
|
2017-11-28 05:23:39 -05:00
|
|
|
int sockfd, new_sockfd;
|
2016-11-15 22:11:01 -05:00
|
|
|
socklen_t addr_len;
|
|
|
|
struct sockaddr_in sock_addr;
|
|
|
|
|
2017-03-22 00:36:11 -04:00
|
|
|
char recv_buf[OPENSSL_EXAMPLE_RECV_BUF_LEN];
|
2016-11-15 22:11:01 -05:00
|
|
|
|
2017-03-22 00:36:11 -04:00
|
|
|
const char send_data[] = OPENSSL_EXAMPLE_SERVER_ACK;
|
2016-11-15 22:11:01 -05:00
|
|
|
const int send_bytes = sizeof(send_data);
|
|
|
|
|
|
|
|
extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start");
|
|
|
|
extern const unsigned char cacert_pem_end[] asm("_binary_cacert_pem_end");
|
|
|
|
const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start;
|
|
|
|
|
|
|
|
extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start");
|
|
|
|
extern const unsigned char prvtkey_pem_end[] asm("_binary_prvtkey_pem_end");
|
2020-11-10 02:40:01 -05:00
|
|
|
const unsigned int prvtkey_pem_bytes = prvtkey_pem_end - prvtkey_pem_start;
|
2016-11-15 22:11:01 -05:00
|
|
|
|
|
|
|
ESP_LOGI(TAG, "SSL server context create ......");
|
2017-02-15 01:18:01 -05:00
|
|
|
/* For security reasons, it is best if you can use
|
|
|
|
TLSv1_2_server_method() here instead of TLS_server_method().
|
|
|
|
However some old browsers may not support TLS v1.2.
|
|
|
|
*/
|
|
|
|
ctx = SSL_CTX_new(TLS_server_method());
|
2016-11-15 22:11:01 -05:00
|
|
|
if (!ctx) {
|
|
|
|
ESP_LOGI(TAG, "failed");
|
|
|
|
goto failed1;
|
|
|
|
}
|
|
|
|
ESP_LOGI(TAG, "OK");
|
|
|
|
|
|
|
|
ESP_LOGI(TAG, "SSL server context set own certification......");
|
|
|
|
ret = SSL_CTX_use_certificate_ASN1(ctx, cacert_pem_bytes, cacert_pem_start);
|
|
|
|
if (!ret) {
|
|
|
|
ESP_LOGI(TAG, "failed");
|
|
|
|
goto failed2;
|
|
|
|
}
|
|
|
|
ESP_LOGI(TAG, "OK");
|
|
|
|
|
|
|
|
ESP_LOGI(TAG, "SSL server context set private key......");
|
|
|
|
ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, prvtkey_pem_start, prvtkey_pem_bytes);
|
|
|
|
if (!ret) {
|
|
|
|
ESP_LOGI(TAG, "failed");
|
|
|
|
goto failed2;
|
|
|
|
}
|
|
|
|
ESP_LOGI(TAG, "OK");
|
|
|
|
|
|
|
|
ESP_LOGI(TAG, "SSL server create socket ......");
|
2017-11-28 05:23:39 -05:00
|
|
|
sockfd = socket(AF_INET, SOCK_STREAM, 0);
|
|
|
|
if (sockfd < 0) {
|
2016-11-15 22:11:01 -05:00
|
|
|
ESP_LOGI(TAG, "failed");
|
|
|
|
goto failed2;
|
|
|
|
}
|
|
|
|
ESP_LOGI(TAG, "OK");
|
|
|
|
|
|
|
|
ESP_LOGI(TAG, "SSL server socket bind ......");
|
|
|
|
memset(&sock_addr, 0, sizeof(sock_addr));
|
|
|
|
sock_addr.sin_family = AF_INET;
|
|
|
|
sock_addr.sin_addr.s_addr = 0;
|
2017-03-22 00:36:11 -04:00
|
|
|
sock_addr.sin_port = htons(OPENSSL_EXAMPLE_LOCAL_TCP_PORT);
|
2017-11-28 05:23:39 -05:00
|
|
|
ret = bind(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
|
2016-11-15 22:11:01 -05:00
|
|
|
if (ret) {
|
|
|
|
ESP_LOGI(TAG, "failed");
|
|
|
|
goto failed3;
|
|
|
|
}
|
|
|
|
ESP_LOGI(TAG, "OK");
|
|
|
|
|
|
|
|
ESP_LOGI(TAG, "SSL server socket listen ......");
|
2017-11-28 05:23:39 -05:00
|
|
|
ret = listen(sockfd, 32);
|
2016-11-15 22:11:01 -05:00
|
|
|
if (ret) {
|
|
|
|
ESP_LOGI(TAG, "failed");
|
|
|
|
goto failed3;
|
|
|
|
}
|
|
|
|
ESP_LOGI(TAG, "OK");
|
|
|
|
|
|
|
|
reconnect:
|
|
|
|
ESP_LOGI(TAG, "SSL server create ......");
|
|
|
|
ssl = SSL_new(ctx);
|
|
|
|
if (!ssl) {
|
|
|
|
ESP_LOGI(TAG, "failed");
|
|
|
|
goto failed3;
|
|
|
|
}
|
|
|
|
ESP_LOGI(TAG, "OK");
|
|
|
|
|
|
|
|
ESP_LOGI(TAG, "SSL server socket accept client ......");
|
2017-11-28 05:23:39 -05:00
|
|
|
new_sockfd = accept(sockfd, (struct sockaddr *)&sock_addr, &addr_len);
|
|
|
|
if (new_sockfd < 0) {
|
2016-11-15 22:11:01 -05:00
|
|
|
ESP_LOGI(TAG, "failed" );
|
|
|
|
goto failed4;
|
|
|
|
}
|
|
|
|
ESP_LOGI(TAG, "OK");
|
|
|
|
|
2017-11-28 05:23:39 -05:00
|
|
|
SSL_set_fd(ssl, new_sockfd);
|
2016-11-15 22:11:01 -05:00
|
|
|
|
|
|
|
ESP_LOGI(TAG, "SSL server accept client ......");
|
|
|
|
ret = SSL_accept(ssl);
|
|
|
|
if (!ret) {
|
|
|
|
ESP_LOGI(TAG, "failed");
|
|
|
|
goto failed5;
|
|
|
|
}
|
|
|
|
ESP_LOGI(TAG, "OK");
|
|
|
|
|
|
|
|
ESP_LOGI(TAG, "SSL server read message ......");
|
|
|
|
do {
|
2017-03-22 00:36:11 -04:00
|
|
|
memset(recv_buf, 0, OPENSSL_EXAMPLE_RECV_BUF_LEN);
|
|
|
|
ret = SSL_read(ssl, recv_buf, OPENSSL_EXAMPLE_RECV_BUF_LEN - 1);
|
2016-11-15 22:11:01 -05:00
|
|
|
if (ret <= 0) {
|
|
|
|
break;
|
|
|
|
}
|
2016-12-20 23:04:26 -05:00
|
|
|
ESP_LOGI(TAG, "SSL read: %s", recv_buf);
|
|
|
|
if (strstr(recv_buf, "GET ") &&
|
|
|
|
strstr(recv_buf, " HTTP/1.1")) {
|
2018-04-19 23:41:11 -04:00
|
|
|
ESP_LOGI(TAG, "SSL get matched message");
|
|
|
|
ESP_LOGI(TAG, "SSL write message");
|
2016-12-20 23:04:26 -05:00
|
|
|
ret = SSL_write(ssl, send_data, send_bytes);
|
|
|
|
if (ret > 0) {
|
2018-04-19 23:41:11 -04:00
|
|
|
ESP_LOGI(TAG, "OK");
|
2016-12-20 23:04:26 -05:00
|
|
|
} else {
|
2018-04-19 23:41:11 -04:00
|
|
|
ESP_LOGI(TAG, "error");
|
2016-12-20 23:04:26 -05:00
|
|
|
}
|
2016-11-15 22:11:01 -05:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
} while (1);
|
2020-11-10 02:40:01 -05:00
|
|
|
|
2016-11-15 22:11:01 -05:00
|
|
|
SSL_shutdown(ssl);
|
|
|
|
failed5:
|
2017-11-28 05:23:39 -05:00
|
|
|
close(new_sockfd);
|
|
|
|
new_sockfd = -1;
|
2016-11-15 22:11:01 -05:00
|
|
|
failed4:
|
|
|
|
SSL_free(ssl);
|
|
|
|
ssl = NULL;
|
|
|
|
goto reconnect;
|
|
|
|
failed3:
|
2017-11-28 05:23:39 -05:00
|
|
|
close(sockfd);
|
|
|
|
sockfd = -1;
|
2016-11-15 22:11:01 -05:00
|
|
|
failed2:
|
|
|
|
SSL_CTX_free(ctx);
|
|
|
|
ctx = NULL;
|
|
|
|
failed1:
|
|
|
|
vTaskDelete(NULL);
|
|
|
|
return ;
|
2020-11-10 02:40:01 -05:00
|
|
|
}
|
2016-11-15 22:11:01 -05:00
|
|
|
|
2017-08-22 14:52:44 -04:00
|
|
|
static void openssl_server_init(void)
|
2016-11-15 22:11:01 -05:00
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
xTaskHandle openssl_handle;
|
|
|
|
|
2017-03-22 00:36:11 -04:00
|
|
|
ret = xTaskCreate(openssl_example_task,
|
|
|
|
OPENSSL_EXAMPLE_TASK_NAME,
|
|
|
|
OPENSSL_EXAMPLE_TASK_STACK_WORDS,
|
2016-11-15 22:11:01 -05:00
|
|
|
NULL,
|
2017-08-22 16:27:57 -04:00
|
|
|
OPENSSL_EXAMPLE_TASK_PRIORITY,
|
2020-11-10 02:40:01 -05:00
|
|
|
&openssl_handle);
|
2016-11-15 22:11:01 -05:00
|
|
|
|
|
|
|
if (ret != pdPASS) {
|
2017-03-22 00:36:11 -04:00
|
|
|
ESP_LOGI(TAG, "create task %s failed", OPENSSL_EXAMPLE_TASK_NAME);
|
2016-11-15 22:11:01 -05:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-11-20 11:41:45 -05:00
|
|
|
void app_main(void)
|
2016-11-15 22:11:01 -05:00
|
|
|
{
|
2018-11-20 11:41:45 -05:00
|
|
|
ESP_ERROR_CHECK(nvs_flash_init());
|
2019-11-29 04:54:02 -05:00
|
|
|
ESP_ERROR_CHECK(esp_netif_init());
|
2018-11-20 11:41:45 -05:00
|
|
|
ESP_ERROR_CHECK(esp_event_loop_create_default());
|
2016-11-15 22:11:01 -05:00
|
|
|
|
2018-11-20 11:41:45 -05:00
|
|
|
/* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
|
|
|
|
* Read "Establishing Wi-Fi or Ethernet Connection" section in
|
|
|
|
* examples/protocols/README.md for more information about this function.
|
|
|
|
*/
|
|
|
|
ESP_ERROR_CHECK(example_connect());
|
|
|
|
|
|
|
|
openssl_server_init();
|
2016-11-15 22:11:01 -05:00
|
|
|
}
|