alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'fix/http2_request_example_secure_by_default' into 'master'

Browse Source 
Make http2_request example secure by default

Closes IDF-2668

See merge request espressif/esp-idf!13050
This commit is contained in:
Mahavir Jain 2021-04-09 13:52:22 +00:00
commit 4deadf19fc
7 changed files with 61 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
examples/protocols/http2_request/components/sh2lib/sh2lib.c
View File

@ -235,27 +235,35 @@ static int do_http2_connect(struct sh2lib_handle *hd)
return 0;
}
int sh2lib_connect(struct sh2lib_handle *hd, const char *uri)
int sh2lib_connect(struct sh2lib_config_t *cfg, struct sh2lib_handle *hd)
{
memset(hd, 0, sizeof(*hd));
if (cfg == NULL) {
ESP_LOGE(TAG, "[sh2-connect] pointer to sh2lib configurations cannot be NULL");
goto error;
}
const char *proto[] = {"h2", NULL};
esp_tls_cfg_t tls_cfg = {
.alpn_protos = proto,
.cacert_buf = cfg->cacert_buf,
.cacert_bytes = cfg->cacert_bytes,
.non_block = true,
.timeout_ms = 10 * 1000,
};
if ((hd->http2_tls = esp_tls_conn_http_new(uri, &tls_cfg)) == NULL) {
if ((hd->http2_tls = esp_tls_conn_http_new(cfg->uri, &tls_cfg)) == NULL) {
ESP_LOGE(TAG, "[sh2-connect] esp-tls connection failed");
goto error;
}
struct http_parser_url u;
http_parser_url_init(&u);
http_parser_parse_url(uri, strlen(uri), 0, &u);
hd->hostname = strndup(&uri[u.field_data[UF_HOST].off], u.field_data[UF_HOST].len);
http_parser_parse_url(cfg->uri, strlen(cfg->uri), 0, &u);
hd->hostname = strndup(&cfg->uri[u.field_data[UF_HOST].off], u.field_data[UF_HOST].len);
/* HTTP/2 Connection */
if (do_http2_connect(hd) != 0) {
ESP_LOGE(TAG, "[sh2-connect] HTTP2 Connection failed with %s", uri);
ESP_LOGE(TAG, "[sh2-connect] HTTP2 Connection failed with %s", cfg->uri);
goto error;
}

14
examples/protocols/http2_request/components/sh2lib/sh2lib.h
View File

@ -38,6 +38,15 @@ struct sh2lib_handle {
struct esp_tls *http2_tls; /*!< Pointer to the TLS session handle */
};
/**
* @brief sh2lib configuration structure
*/
struct sh2lib_config_t {
const char *uri; /*!< Pointer to the URI that should be connected to */
const unsigned char *cacert_buf; /*!< Pointer to the buffer containing CA certificate */
unsigned int cacert_bytes; /*!< Size of the CA certifiacte pointed by cacert_buf */
};
/** Flag indicating receive stream is reset */
#define DATA_RECV_RST_STREAM 1
/** Flag indicating frame is completely received */
@ -88,14 +97,13 @@ typedef int (*sh2lib_putpost_data_cb_t)(struct sh2lib_handle *handle, char *data
*
* Only 'https' URIs are supported.
*
* @param[in] cfg Pointer to the sh2lib configurations of the type 'struct sh2lib_config_t'.
* @param[out] hd Pointer to a variable of the type 'struct sh2lib_handle'.
* @param[in] uri Pointer to the URI that should be connected to.
*
* @return
* - ESP_OK if the connection was successful
* - ESP_FAIL if the connection fails
*/
int sh2lib_connect(struct sh2lib_handle *hd, const char *uri);
int sh2lib_connect(struct sh2lib_config_t *cfg, struct sh2lib_handle *hd);
/**
* @brief Free a sh2lib handle

3
examples/protocols/http2_request/main/CMakeLists.txt
View File

@ -1,2 +1,3 @@
idf_component_register(SRCS "http2_request_example_main.c"
INCLUDE_DIRS ".")
INCLUDE_DIRS "."
EMBED_TXTFILES "golang_root_cert.pem")

5
examples/protocols/http2_request/main/component.mk
View File

@ -0,0 +1,5 @@
#
# "main" pseudo-component makefile.
#
# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)
COMPONENT_EMBED_TXTFILES := golang_root_cert.pem

20
examples/protocols/http2_request/main/golang_root_cert.pem Normal file
View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

11
examples/protocols/http2_request/main/http2_request_example_main.c
View File

@ -26,6 +26,9 @@
#include "sh2lib.h"
extern const uint8_t server_root_cert_pem_start[] asm("_binary_golang_root_cert_pem_start");
extern const uint8_t server_root_cert_pem_end[] asm("_binary_golang_root_cert_pem_end");
/* The HTTP/2 server to connect to */
#define HTTP2_SERVER_URI "https://http2.golang.org"
/* A GET request that keeps streaming current time every second */
@ -101,8 +104,14 @@ static void http2_task(void *args)
/* HTTP2: one connection multiple requests. Do the TLS/TCP connection first */
printf("Connecting to server\n");
struct sh2lib_config_t cfg = {
.uri = HTTP2_SERVER_URI,
.cacert_buf = server_root_cert_pem_start,
.cacert_bytes = server_root_cert_pem_end - server_root_cert_pem_start,
};
struct sh2lib_handle hd;
if (sh2lib_connect(&hd, HTTP2_SERVER_URI) != 0) {
if (sh2lib_connect(&cfg, &hd) != 0) {
printf("Failed to connect\n");
vTaskDelete(NULL);
return;

2
examples/protocols/http2_request/sdkconfig.defaults
View File

@ -1,2 +0,0 @@
CONFIG_ESP_TLS_INSECURE=y
CONFIG_ESP_TLS_SKIP_SERVER_CERT_VERIFY=y