alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

openssl: Add deprecation warning to ssl.h

Browse Source 
OpenSSL component will be discontinued in ESP-IDF v5.x. The only official TLS API will be esp-tls
Add docs warning about deprecation in v5.x

Removed all examples demonstrating usage of openssl in IDF
This commit is contained in:
David Cermak 2021-09-21 13:51:11 +02:00
parent e35a87f723
commit cfc001870c
31 changed files with 25 additions and 1015 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
components/asio/port/include/esp_asio_config.h
View File

@ -18,6 +18,11 @@
# define ASIO_NO_TYPEID
# endif // CONFIG_COMPILER_RTTI
//
// Supress OpenSSL deprecation warning, when building ASIO
//
#define ESP_OPENSSL_SUPPRESS_LEGACY_WARNING
//
// LWIP compatibility inet and address macros/functions
//

21
components/openssl/include/openssl/ssl.h
View File

@ -1,16 +1,13 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
/*
* SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Allow for this warning suppression only in IDF_CI_BUILD
#if !defined(ESP_OPENSSL_SUPPRESS_LEGACY_WARNING) || !defined(IDF_CI_BUILD)
#warning "OpenSSL component will be removed from ESP-IDF in v5.0, please use esp_tls instead"
#endif
#ifndef _SSL_H_
#define _SSL_H_

20
components/openssl/library/ssl_x509.c
View File

@ -1,22 +1,14 @@
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include "ssl_x509.h"
#include "ssl_methods.h"
#include "ssl_dbg.h"
#include "ssl_port.h"
#include "ssl.h"
#include "bio.h"
/**
* @brief show X509 certification information

2
components/openssl/test/test_openssl.c
View File

@ -12,7 +12,7 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include "test_utils.h"
#define ESP_OPENSSL_SUPPRESS_LEGACY_WARNING
#include "openssl/ssl.h"
#include "unity.h"

2
docs/en/api-reference/protocols/openssl_apis.rst
View File

@ -1,6 +1,8 @@
OpenSSL-APIs
------------
.. note:: The OpenSSL-API will be discontinued in ESP-IDF from v5.0. Please use ESP-TLS <esp_tls> instead.
The code of this API (located in :component:`openssl` directory), does not contain OpenSSL itself but is intended as a wrapper for applications using the OpenSSL API.
It uses mbedTLS to do the actual work, so anyone compiling openssl code needs the mbedtls library and header file.

18
examples/protocols/openssl_client/CMakeLists.txt
View File

@ -1,18 +0,0 @@
# The following lines of boilerplate have to be in your project's CMakeLists
# in this exact order for cmake to work correctly
cmake_minimum_required(VERSION 3.5)
# (Not part of the boilerplate)
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
project(openssl_client)
if(CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN)
# This ca.crt is used when connecting to local(python executed) server
target_add_binary_data(openssl_client.elf "server_certs/ca.crt" TEXT)
else()
# This ca.crt is used when connecting to www.baidu.com
target_add_binary_data(openssl_client.elf "main/baidu_ca.crt" TEXT)
endif()

10
examples/protocols/openssl_client/Makefile
View File

@ -1,10 +0,0 @@
#
# This is a project Makefile. It is assumed the directory this Makefile resides in is a
# project subdirectory.
#
PROJECT_NAME := openssl_client
EXTRA_COMPONENT_DIRS = $(IDF_PATH)/examples/common_components/protocol_examples_common
include $(IDF_PATH)/make/project.mk

67
examples/protocols/openssl_client/README.md
View File

@ -1,67 +0,0 @@
# OpenSSL Client Example
(See the README.md file in the upper level 'examples' directory for more information about examples.)
This example shows how to set up esp openssl client and communicate over ssl transport layer.
## How to use example
### Python scripts
Script example_test.py could be used as a client part to the ESP-OPENSSL server demo,
```
python example_test.py
```
Note that this script is used in automated tests, as well, so the IDF test framework packages need to be imported;
please add `$IDF_PATH/tools/ci/python_packages` to `PYTHONPATH`.
### Hardware Required
This example can be executed on any ESP32 board, the only required interface is WiFi and connection to internet.
### Configure the project
* Open the project configuration menu (`idf.py menuconfig`)
* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../../README.md) for more details.
* Configure the openssl client endpoint URI under "Example Configuration", if "OPENSSL_CLIENT_URI_FROM_STDIN" is selected then the example application will connect to the URI it reads from stdin (used for testing)
* When using Make build system, set `Default serial port` under `Serial flasher config`.
* When using OPENSSL_CLIENT_URI_FROM_STRING configure target domain and port number under "Example Configuration"
* Please note that verification mode is VERIFY_PEER by default, that's why during connection to public host('www.baidu.com') it's needed to use
appropriate certificates('baidu_ca.crt'), or it is needed to change verify mode to VERIFY_NONE.
### Build and Flash
Build the project and flash it to the board, then run monitor tool to view serial output:
```
idf.py -p PORT flash monitor
```
(To exit the serial monitor, type ``Ctrl-]``.)
See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects.
## Example Output
```
I (2601) esp_netif_handlers: example_connect: sta ip: 192.168.1.191, mask: 255.255.255.0, gw: 192.168.1.1
I (2601) example_connect: Got IPv4 event: Interface "example_connect: sta" address: 192.168.1.191
I (3601) example_connect: Got IPv6 event: Interface "example_connect: sta" address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL
I (3601) example_connect: Connected to example_connect: sta
I (3611) example_connect: - IPv4 address: 192.168.1.191
I (3611) example_connect: - IPv6 address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL
I (3631) openssl_example: Test started
I (3631) openssl_example: Trying connect to www.baidu.com port 443 ...
I (3641) openssl_example: DNS lookup succeeded. IP=103.235.46.39
I (4101) openssl_example: OK
I (4101) openssl_example: Create SSL obj
I (4101) openssl_example: OK
I (4101) openssl_example: SSL verify mode = 0 connected to www.baidu.com port 443 ...
I (8091) openssl_example: OK
I (8091) openssl_example: SSL Connection Succeed
```

126
examples/protocols/openssl_client/example_test.py
View File

@ -1,126 +0,0 @@
from __future__ import print_function, unicode_literals
import os
import re
import socket
import ssl
from threading import Event, Thread
import ttfw_idf
SERVER_CERTS_DIR = 'server_certs/'
def _path(f):
return os.path.join(os.path.dirname(os.path.realpath(__file__)),f)
def get_my_ip():
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
try:
# doesn't even have to be reachable
s.connect(('10.255.255.255', 1))
IP = s.getsockname()[0]
except socket.error:
IP = '127.0.0.1'
finally:
s.close()
return IP
# Simple TLS server
class TlsServer:
def __init__(self, port, negotiated_protocol=ssl.PROTOCOL_TLSv1):
self.port = port
self.socket = socket.socket()
self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
self.socket.settimeout(20.0)
self.shutdown = Event()
self.negotiated_protocol = negotiated_protocol
self.conn = None
self.ssl_error = None
self.server_thread = None
def __enter__(self):
try:
self.socket.bind(('', self.port))
except socket.error as e:
print('Bind failed:{}'.format(e))
raise
self.socket.listen(1)
self.server_thread = Thread(target=self.run_server)
self.server_thread.start()
return self
def __exit__(self, exc_type, exc_value, traceback):
self.shutdown.set()
self.server_thread.join()
self.socket.close()
if (self.conn is not None):
self.conn.close()
def run_server(self):
ctx = ssl.SSLContext(self.negotiated_protocol)
ctx.load_cert_chain(certfile=_path(SERVER_CERTS_DIR + 'ca.crt'), keyfile=_path(SERVER_CERTS_DIR + 'ca.key'))
self.socket = ctx.wrap_socket(self.socket, server_side=True)
try:
print('Listening socket')
self.conn, address = self.socket.accept() # accept new connection
self.socket.settimeout(20.0)
print(' - connection from: {}'.format(address))
except ssl.SSLError as e:
self.conn = None
self.ssl_error = str(e)
print(' - SSLError: {}'.format(str(e)))
def test_echo(dut):
dut.expect('SSL Connection Succeed')
print('SSL Connection Succeed')
@ttfw_idf.idf_example_test(env_tag='Example_WIFI')
def test_example_protocol_openssl_client(env, extra_data):
"""
steps:
1. join AP
2. connect to uri "xxxx.xxxx.xxxx.xxxx:port"
3. send and receive data
"""
dut1 = env.get_dut('openssl_client', 'examples/protocols/openssl_client', dut_class=ttfw_idf.ESP32DUT)
# check and log bin size
binary_file = os.path.join(dut1.app.binary_path, 'openssl_client.bin')
binary_size = os.path.getsize(binary_file)
ttfw_idf.log_performance('openssl_client_bin_size', '{}KB'.format(binary_size // 1024))
try:
if 'CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN' in dut1.app.get_sdkconfig():
uri_from_stdin = True
else:
uri = dut1.app.get_sdkconfig()['CONFIG_EXAMPLE_OPENSSL_CLIENT_TARGET_DOMAIN'].strip('"')
uri_from_stdin = False
except Exception:
print('ENV_TEST_FAILURE: Cannot find target domain in sdkconfig')
raise
# start test
dut1.start_app()
dut1.expect(re.compile(r' IPv4 address: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'), timeout=30)
ip = get_my_ip()
if uri_from_stdin:
server_port = 2222
with TlsServer(server_port, negotiated_protocol=ssl.PROTOCOL_TLSv1_1):
print('Starting test')
dut1.write('{} {}'.format(ip, server_port))
dut1.expect(re.compile('SSL Connection Succeed'), timeout=10)
else:
print('DUT connecting to {}'.format(uri))
test_echo(dut1)
if __name__ == '__main__':
test_example_protocol_openssl_client()

2
examples/protocols/openssl_client/main/CMakeLists.txt
View File

@ -1,2 +0,0 @@
idf_component_register(SRCS "openssl_client_example_main.c"
INCLUDE_DIRS ".")

28
examples/protocols/openssl_client/main/Kconfig.projbuild
View File

@ -1,28 +0,0 @@
menu "Example Configuration"
choice EXAMPLE_OPENSSL_CLIENT_URI_SOURCE
prompt "SSL Client URI source"
default EXAMPLE_OPENSSL_CLIENT_URI_FROM_STRING
help
Selects the source of the URI used in the example.
config EXAMPLE_OPENSSL_CLIENT_URI_FROM_STRING
bool "From string"
config EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN
bool "From stdin"
endchoice
config EXAMPLE_OPENSSL_CLIENT_TARGET_DOMAIN
string "Target Domain"
default "www.baidu.com"
help
Target domain for the example to connect to.
config EXAMPLE_OPENSSL_CLIENT_TARGET_PORT
string "Target port number"
default "443"
help
Target port number for the example to connect to.
endmenu

26
examples/protocols/openssl_client/main/baidu_ca.crt
View File

@ -1,26 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw
MDBaFw0yNDAyMjAxMDAwMDBaMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW
YWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDHDmw/I5N/zHClnSDDDlM/fsBOwphJykfVI+8DNIV0yKMCLkZc
C33JiJ1Pi/D4nGyMVTXbv/Kz6vvjVudKRtkTIso21ZvBqOOWQ5PyDLzm+ebomchj
SHh/VzZpGhkdWtHUfcKc1H/hgBKueuqI6lfYygoKOhJJomIZeg0k9zfrtHOSewUj
mxK1zusp36QUArkBpdSmnENkiN74fv7j9R7l/tyjqORmMdlMJekYuYlZCa7pnRxt
Nw9KHjUgKOKv1CGLAcRFrW4rY6uSa2EKTSDtc7p8zv4WtdufgPDWi2zZCHlKT3hl
2pK8vjX5s8T5J4BO/5ZS5gIg4Qdz6V0rvbLxAgMBAAGjggElMIIBITAOBgNVHQ8B
Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUlt5h8b0cFilT
HMDMfTuDAEDmGnwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0
dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCow
KKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYB
BQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNv
bS9yb290cjEwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZI
hvcNAQELBQADggEBAEYq7l69rgFgNzERhnF0tkZJyBAW/i9iIxerH4f4gu3K3w4s
32R1juUYcqeMOovJrKV3UPfvnqTgoI8UV6MqX+x+bRDmuo2wCId2Dkyy2VG7EQLy
XN0cvfNVlg/UBsD84iOKJHDTu/B5GqdhcIOKrwbFINihY9Bsrk8y1658GEV1BSl3
30JAZGSGvip2CTFvHST0mdCF/vIhCPnG9vHQWe3WVjwIKANnuvD58ZAWR65n5ryA
SOlCdjSXVWkkDoPWoC209fN5ikkodBpBocLTJIg1MGCUF7ThBCIxPTsvFwayuJ2G
K1pp74P1S8SqtCr4fKGxhZSM9AyHDPSsQPhZSZg=
-----END CERTIFICATE-----

10
examples/protocols/openssl_client/main/component.mk
View File

@ -1,10 +0,0 @@
#
# Main Makefile. This is basically the same as a component makefile.
#
ifdef CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN
COMPONENT_EMBED_TXTFILES := ${PROJECT_PATH}/server_certs/ca.crt
else
COMPONENT_EMBED_TXTFILES := ${PROJECT_PATH}/main/baidu_ca.crt
endif
COMPONENT_EMBED_TXTFILES += ${PROJECT_PATH}/server_certs/ca.key

31
examples/protocols/openssl_client/main/openssl_client_example.h
View File

@ -1,31 +0,0 @@
/* OpenSSL client Example
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#ifndef _OPENSSL_EXAMPLE_H_
#define _OPENSSL_EXAMPLE_H_
/* The examples use domain of "www.baidu.com" and port number of 433 that
you can set via the project configuration menu.
If you'd rather not, just change the below entries to strings with
the config you want - ie #define OPENSSL_EXAMPLE_TARGET_NAME "www.baidu.com"
and ie #define OPENSSL_EXAMPLE_TARGET_TCP_PORT 433
*/
#define EXAMPLE_OPENSSL_TARGET_DOMAIN CONFIG_EXAMPLE_OPENSSL_CLIENT_TARGET_DOMAIN
#define EXAMPLE_OPENSSL_TARGET_PORT CONFIG_EXAMPLE_OPENSSL_CLIENT_TARGET_PORT
#define EXAMPLE_OPENSSL_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n"
#define EXAMPLE_OPENSSL_TASK_NAME "openssl_example"
#define EXAMPLE_OPENSSL_TASK_STACK_WORDS 10240
#define EXAMPLE_OPENSSL_TASK_PRIORITY 8
#define EXAMPLE_OPENSSL_RECV_BUF_LEN 1024
#endif

170
examples/protocols/openssl_client/main/openssl_client_example_main.c
View File

@ -1,170 +0,0 @@
/* OpenSSL Client Example
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#include "openssl_client_example.h"
#include "openssl/ssl.h"
#include "lwip/netdb.h"
#include "lwip/sockets.h"
#include "nvs_flash.h"
#include "esp_event.h"
#include "esp_log.h"
#include "protocol_examples_common.h"
static const char *TAG = "openssl_example";
static int open_connection(const char *host, char *port)
{
const struct addrinfo hints = {
.ai_family = AF_INET,
.ai_socktype = SOCK_STREAM,
};
struct addrinfo * res;
struct in_addr *addr;
int sd;
int err = getaddrinfo(host, port, &hints, &res);
if (err < 0) {
ESP_LOGE(TAG, "getaddrinfo() failed for IPV4 destination address. error: %d", err);
return -1;
}
if (res == 0) {
ESP_LOGE(TAG, "getaddrinfo() did not return any addresses");
return -1;
}
addr = &((struct sockaddr_in *)res->ai_addr)->sin_addr;
ESP_LOGI(TAG, "DNS lookup succeeded. IP=%s", inet_ntoa(*addr));
sd = socket(res->ai_family, res->ai_socktype, 0);
if(sd < 0) {
ESP_LOGE(TAG, "Failed to allocate socket.");
freeaddrinfo(res);
return -1;
}
if (connect(sd, res->ai_addr, res->ai_addrlen) != 0) {
ESP_LOGE(TAG, "Socket connect failed");
return -1;
}
return sd;
}
static SSL_CTX* init_contex(void)
{
#if CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN
extern const unsigned char cacert_pem_start[] asm("_binary_ca_crt_start");
extern const unsigned char cacert_pem_end[] asm("_binary_ca_crt_end");
#else
extern const unsigned char cacert_pem_start[] asm("_binary_baidu_ca_crt_start");
extern const unsigned char cacert_pem_end[] asm("_binary_baidu_ca_crt_end");
#endif
const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start;
const SSL_METHOD *mtd = TLSv1_1_client_method();
SSL_CTX *ctx = SSL_CTX_new(mtd); /* Create new context */
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
X509 *x = d2i_X509(NULL, cacert_pem_start, cacert_pem_bytes);
if(!x) {
ESP_LOGI(TAG,"Loading certs failed \n");
}
SSL_CTX_add_client_CA(ctx, x);
return ctx;
}
static void start_example(const char *host, char *port)
{
SSL_CTX *ctx = NULL;
SSL *ssl = NULL;
int sockfd;
int ret;
ctx = init_contex();
if (!ctx) {
ESP_LOGE(TAG, "Failed");
goto failed1;
}
ESP_LOGI(TAG, "Trying connect to %s port %s ...", host, port);
sockfd = open_connection(host, port);
if(sockfd < 0) {
ESP_LOGE(TAG,"Failed");
goto failed1;
}
ESP_LOGI(TAG, "OK");
ESP_LOGI(TAG, "Create SSL obj");
ssl = SSL_new(ctx);
if (!ssl) {
ESP_LOGE(TAG,"Failed");
goto failed2;
}
ESP_LOGI(TAG, "OK");
SSL_set_fd(ssl, sockfd);
ret = SSL_connect(ssl);
if (ret <= 0) {
ESP_LOGE(TAG,"SSL Connection Failed");
goto failed3;
}
ESP_LOGI(TAG,"SSL Connection Succeed");
failed3:
SSL_free(ssl);
ssl = NULL;
failed2:
close(sockfd);
sockfd = -1;
failed1:
SSL_CTX_free(ctx);
ctx = NULL;
}
#if CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN
static void get_string(char *line, size_t size)
{
int count = 0;
while (count < size) {
int c = fgetc(stdin);
if (c == '\n') {
line[count] = '\0';
break;
} else if (c > 0 && c < 127) {
line[count] = c;
++count;
}
vTaskDelay(10 / portTICK_PERIOD_MS);
}
}
#endif /* CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN */
void app_main(void)
{
char host[128] = EXAMPLE_OPENSSL_TARGET_DOMAIN;
char port[32] = EXAMPLE_OPENSSL_TARGET_PORT;
ESP_LOGI(TAG, "[APP] Startup..");
ESP_LOGI(TAG, "[APP] Free memory: %d bytes", esp_get_free_heap_size());
ESP_LOGI(TAG, "[APP] IDF version: %s", esp_get_idf_version());
ESP_ERROR_CHECK(nvs_flash_init());
ESP_ERROR_CHECK(esp_netif_init());
ESP_ERROR_CHECK(esp_event_loop_create_default());
/* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
* Read "Establishing Wi-Fi or Ethernet Connection" section in
* examples/protocols/README.md for more information about this function.
*/
ESP_ERROR_CHECK(example_connect());
#if CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN
char line[256] = "";
get_string(line, sizeof(line));
sscanf(line, "%s %s", host, port);
#endif /* CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN */
start_example(host, port);
}

2
examples/protocols/openssl_client/sdkconfig.ci
View File

@ -1,2 +0,0 @@
CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN=y
CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STRING=n

20
examples/protocols/openssl_client/server_certs/ca.crt
View File

@ -1,20 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDTTCCAjWgAwIBAgIUe0ZW+zwJ0KauAHVreTmv8xqC9QgwDQYJKoZIhvcNAQEL
BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM
CUVzcHJlc3NpZjAeFw0yMDA5MjMwNzU1NTRaFw00ODAyMDkwNzU1NTRaMDYxCzAJ
BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz
aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52tv077MpX817BVUP
yjmz/Nk1Tj7Za4pHlpVlbRRSlEz5h/62s7arB6dq9K2kC7fTIkw6MN/Qp4zPZ1Ug
0abzZesb71w3NLhw9ModiakDkvdRoDORXbxeJuxHbJyui/8N9UNJfb3IOPX/nSP+
coDWrkk0GrJbLwU1aLf7zr00iY2yx+lAEd75ElXhKrheUJJ/dpKYl4ZcGSm55WkQ
tJi5dHfZCx1dDXnt49q5hbGa7lsOwdIdE7xM4NtqWo61LJ2Z/scbha48RMvEAnAl
IfG9VcfjfOY1Y3LZemXS1NhuGRRgT3hc/xJFyTja4zg71XK1Z5VJO/QShFuDWnkx
oXrdAgMBAAGjUzBRMB0GA1UdDgQWBBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAfBgNV
HSMEGDAWgBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQBqu44Bdq2JWAx3gDrIz42Vvocq4kRkNEg2C00b7OEU
Hi/zm2JTOyoHQfLZWc1Y6dzcPTbA/+7JFgnlgyzfH4YCi8YosEjRB+cBqEwDeeGY
XS0vKxEG69vDb/neqsKsWawKU7P8TVar7qg/41eqoC84o/d23eBFJ0Tr/3EWO5hr
8ct2mSLkewCJIzxqQIsORynxjd7K9N2Dxb7Lg7kremM+nADfrbArSh443t+G9YEY
fDatlIgFXietPyg6i27Aob5Ogs5gmbdY2swEoYfnrN++DpLyLoPB9Y1t/691CkNF
AzCQft+CFyZfNXbjHBE7q3s660/UkC20OyHFyFt9C0q2
-----END CERTIFICATE-----

27
examples/protocols/openssl_client/server_certs/ca.key
View File

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAudrb9O+zKV/NewVVD8o5s/zZNU4+2WuKR5aVZW0UUpRM+Yf+
trO2qwenavStpAu30yJMOjDf0KeMz2dVINGm82XrG+9cNzS4cPTKHYmpA5L3UaAz
kV28XibsR2ycrov/DfVDSX29yDj1/50j/nKA1q5JNBqyWy8FNWi3+869NImNssfp
QBHe+RJV4Sq4XlCSf3aSmJeGXBkpueVpELSYuXR32QsdXQ157ePauYWxmu5bDsHS
HRO8TODbalqOtSydmf7HG4WuPETLxAJwJSHxvVXH43zmNWNy2Xpl0tTYbhkUYE94
XP8SRck42uM4O9VytWeVSTv0EoRbg1p5MaF63QIDAQABAoIBAQC480UkcEz4hW/0
VpAZkILvzFVTKLR+pPgM2Zt+PZiVvSMExwMBScIkXQ+L7kXGFCswntcAqZZxC+ui
khAzAq+DVA8t03sPLRXGwrNHxbA98EjSH/xxUribcVx8j2c0g/ijKUl2nvz3fUfA
wd4J3mS8PuB2S4LmHtquFbHRkiDTX8RPtq+1ZGpl2+u2DlKIyPrkr8UZyZPVVjHd
ACyG4rJdFy/XVS3cGSQ0Nkp/Ml706oSOUklRPzQEumZt6UkdgRYt9VlLL65CzIrF
qW34v0olgD5pVM4hIKIV8GgqGCqKhfsj8Mv6kQ2iO4/Wu32iwwezGpqO5pOUVJLB
t/22iNxBAoGBAOmHHUN9Vl5wnZ88/TG1zU4aom/PHNiPCym1Zr4MekdMtCOFo+i/
8hB+X8ZfR8VfQpzF2TdvCde0f/nQCT7ixCFmx5ZgD6QqDU2oHqV1N+/6k3IFGG8X
BFcKMOyRU866E7RknMQfXmKc0V9BFnwo1hFfNlaQNUsiT6BX9TXvDzBVAoGBAMu9
Vpnv95FbFAb3+5gLABfFu9jUDSIanE+YJgtm5akDxF5paYZNTUcTe0KwT/h/nqyU
EyHeb32IbKUOzEmN1RlvfIec2QmZJk0u6TfLRLmORsBxM5z5dn+mvJwsYHaam0iI
pdpbnObCH+dIgGrn6zPPgaLr/NQ/GJMbVpGTVAhpAoGAc9p9MRtAOvABspsuPXgl
F2dtSKzmcaVdc160TvqfuzmZcLn/HBwFuhsH5sEkOQ3OXTpmTfL/Xg0FJGkJ/THA
/ZUg1UBo4heeq/UI5yrlCmA0v+85NPulQo0iwmpCup9j4S28/CtXxvJniKsgvY4A
zXN/4KgAWHr4J+MbGpuz3FUCgYB6ACr3iyaoN+3KLnzOEug/U/ykXnZu0ZiAYQ+H
DFrB1qukDWNPNMLtqNDKomGA4IrXtOOwCE6i0SqdvDrAYNoWnRfo7RdaFAdHeKvW
6TWCF5xuaFsLyKYY0nNm4XvyCaqqyIjoNKvD0sLf8B5V5gKFx+BM+xsuzYmdrWUt
Txem4QKBgQDGTEuEy8lX3AO7+iSwjgOC0mooLOR6MoH3iH81GUj+IuiwngIDRtHj
gIh0mNu6vgQkfBkaP27tyr00PBi3SIGAJOLaTKimjEOk0plTw1ewt4apMlhdcT/f
eVEUD7zpX3v1a8mN34wCRUEilpfMvEpIxW3GnDRzxVaXerydLiApJQ==
-----END RSA PRIVATE KEY-----

13
examples/protocols/openssl_server/CMakeLists.txt
View File

@ -1,13 +0,0 @@
# The following lines of boilerplate have to be in your project's CMakeLists
# in this exact order for cmake to work correctly
cmake_minimum_required(VERSION 3.5)
# (Not part of the boilerplate)
# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
project(openssl_server)
target_add_binary_data(openssl_server.elf "server_certs/ca.crt" TEXT)
target_add_binary_data(openssl_server.elf "server_certs/ca.key" TEXT)

10
examples/protocols/openssl_server/Makefile
View File

@ -1,10 +0,0 @@
#
# This is a project Makefile. It is assumed the directory this Makefile resides in is a
# project subdirectory.
#
PROJECT_NAME := openssl_server
EXTRA_COMPONENT_DIRS = $(IDF_PATH)/examples/common_components/protocol_examples_common
include $(IDF_PATH)/make/project.mk

65
examples/protocols/openssl_server/README.md
View File

@ -1,65 +0,0 @@
# OpenSSL Server Example
(See the README.md file in the upper level 'examples' directory for more information about examples.)
This example connects to the ESP-OPENSSL server demo using ssl transport and and sends some messages.
## How to use example
### Python scripts
Script example_test.py could be used as a client part to the ESP-OPENSSL server demo,
```
python example_test.py
```
Note that this script is used in automated tests, as well, so the IDF test framework packages need to be imported;
please add `$IDF_PATH/tools/ci/python_packages` to `PYTHONPATH`.
### Hardware Required
This example can be executed on any ESP32 board, the only required interface is WiFi and connection to internet.
### Configure the project
* Open the project configuration menu (`idf.py menuconfig`)
* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../../README.md) for more details.
* When using Make build system, set `Default serial port` under `Serial flasher config`.
### Build and Flash
Build the project and flash it to the board, then run monitor tool to view serial output:
```
idf.py -p PORT flash monitor
```
(To exit the serial monitor, type ``Ctrl-]``.)
See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects.
## Example Output
```
I (2609) example_connect: Got IPv6 event: Interface "example_connect: sta" address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL
I (3609) esp_netif_handlers: example_connect: sta ip: 192.168.1.191, mask: 255.255.255.0, gw: 192.168.1.1
I (3609) example_connect: Got IPv4 event: Interface "example_connect: sta" address: 192.168.1.191
I (3619) example_connect: Connected to example_connect: sta
I (3619) example_connect: - IPv4 address: 192.168.1.191
I (3629) example_connect: - IPv6 address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL
I (3639) OPENSSL_EXAMPLE: SSL server context create ......
I (3649) OPENSSL_EXAMPLE: OK
I (3649) OPENSSL_EXAMPLE: SSL server context set own certification......
I (3659) OPENSSL_EXAMPLE: OK
I (3659) OPENSSL_EXAMPLE: SSL server context set private key......
I (3669) OPENSSL_EXAMPLE: OK
I (3669) OPENSSL_EXAMPLE: SSL server create socket ......
I (3679) OPENSSL_EXAMPLE: OK
I (3679) OPENSSL_EXAMPLE: SSL server socket bind ......
I (3689) OPENSSL_EXAMPLE: OK
I (3689) OPENSSL_EXAMPLE: SSL server socket listen on 443 port
I (3699) OPENSSL_EXAMPLE: OK
I (3699) OPENSSL_EXAMPLE: SSL server create ......
I (3709) OPENSSL_EXAMPLE: OK
I (3709) OPENSSL_EXAMPLE: SSL server socket accept client ......
```

47
examples/protocols/openssl_server/example_test.py
View File

@ -1,47 +0,0 @@
from __future__ import print_function, unicode_literals
import os
import re
import socket
import ssl
import ttfw_idf
def _path(f):
return os.path.join(os.path.dirname(os.path.realpath(__file__)),f)
@ttfw_idf.idf_example_test(env_tag='Example_WIFI')
def test_example_protocol_openssl_server(env, extra_data):
"""
steps:
1. join AP
2. connect to uri "xxxx.xxxx.xxxx.xxxx:port"
3. send data
"""
dut1 = env.get_dut('openssl_server', 'examples/protocols/openssl_server', dut_class=ttfw_idf.ESP32DUT)
# check and log bin size
binary_file = os.path.join(dut1.app.binary_path, 'openssl_server.bin')
bin_size = os.path.getsize(binary_file)
ttfw_idf.log_performance('openssl_server_bin_size', '{}KB'.format(bin_size // 1024))
# start test
dut1.start_app()
ip = dut1.expect(re.compile(r' IPv4 address: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'), timeout=30)[0]
port = dut1.expect(re.compile(r' SSL server socket listen on ([0-9]+)'), timeout=30)[0]
# create socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(10)
addr = (ip, int(port))
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
# wrap socket
wrappedSocket = ssl.wrap_socket(sock, ca_certs=_path('server_certs/ca.crt'), cert_reqs=ssl.CERT_REQUIRED)
# connect and send data
wrappedSocket.connect(addr)
wrappedSocket.send('Some Data'.encode())
# close socket connection
wrappedSocket.close()
if __name__ == '__main__':
test_example_protocol_openssl_server()

3
examples/protocols/openssl_server/main/CMakeLists.txt
View File

@ -1,3 +0,0 @@
# Embed the certificate & key data directly in the built binary
idf_component_register(SRCS "openssl_server_example_main.c"
INCLUDE_DIRS ".")

10
examples/protocols/openssl_server/main/Kconfig.projbuild
View File

@ -1,10 +0,0 @@
menu "Example Configuration"
config EXAMPLE_OPENSSL_SERVER_PORT
int "Target port number"
range 0 65535
default 443
help
Target port number for the example to connect to.
endmenu

6
examples/protocols/openssl_server/main/component.mk
View File

@ -1,6 +0,0 @@
#
# Main Makefile. This is basically the same as a component makefile.
#
COMPONENT_EMBED_TXTFILES := ${PROJECT_PATH}/server_certs/ca.crt
COMPONENT_EMBED_TXTFILES += ${PROJECT_PATH}/server_certs/ca.key

23
examples/protocols/openssl_server/main/openssl_server_example.h
View File

@ -1,23 +0,0 @@
/* OpenSSL server Example
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#ifndef _OPENSSL_SERVER_H_
#define _OPENSSL_SERVER_H_
#include "sdkconfig.h"
#define OPENSSL_EXAMPLE_TASK_NAME "openssl_example"
#define OPENSSL_EXAMPLE_TASK_STACK_WORDS 10240
#define OPENSSL_EXAMPLE_TASK_PRIORITY 8
#define OPENSSL_EXAMPLE_RECV_BUF_LEN 1024
#define OPENSSL_EXAMPLE_LOCAL_TCP_PORT CONFIG_EXAMPLE_OPENSSL_SERVER_PORT
#endif

225
examples/protocols/openssl_server/main/openssl_server_example_main.c
View File

@ -1,225 +0,0 @@
/* OpenSSL Server Example
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#include "openssl_server_example.h"
#include <string.h>
#include "openssl/ssl.h"
#include "freertos/FreeRTOS.h"
#include "freertos/task.h"
#include "esp_log.h"
#include "esp_wifi.h"
#include "esp_event.h"
#include "esp_netif.h"
#include "nvs_flash.h"
#include "protocol_examples_common.h"
#include "lwip/sockets.h"
#include "lwip/netdb.h"
const static char *TAG = "openssl_example";
#define OPENSSL_EXAMPLE_SERVER_ACK "HTTP/1.1 200 OK\r\n" \
"Content-Type: text/html\r\n" \
"Content-Length: 106\r\n\r\n" \
"<html>\r\n" \
"<head>\r\n" \
"<title>OpenSSL example</title></head><body>\r\n" \
"OpenSSL server example!\r\n" \
"</body>\r\n" \
"</html>\r\n" \
"\r\n"
static void openssl_example_task(void *p)
{
int ret;
SSL_CTX *ctx;
SSL *ssl;
int sockfd, new_sockfd;
socklen_t addr_len;
struct sockaddr_in sock_addr;
char recv_buf[OPENSSL_EXAMPLE_RECV_BUF_LEN];
const char send_data[] = OPENSSL_EXAMPLE_SERVER_ACK;
const int send_bytes = sizeof(send_data);
extern const unsigned char ca_crt_start[] asm("_binary_ca_crt_start");
extern const unsigned char ca_crt_end[] asm("_binary_ca_crt_end");
const unsigned int ca_crt_bytes = ca_crt_end - ca_crt_start;
extern const unsigned char ca_key_start[] asm("_binary_ca_key_start");
extern const unsigned char ca_key_end[] asm("_binary_ca_key_end");
const unsigned int ca_key_bytes = ca_key_end - ca_key_start;
ESP_LOGI(TAG, "SSL server context create ......");
/* For security reasons, it is best if you can use
TLSv1_2_server_method() here instead of TLS_server_method().
However some old browsers may not support TLS v1.2.
*/
ctx = SSL_CTX_new(TLS_server_method());
if (!ctx) {
ESP_LOGI(TAG, "failed");
goto failed1;
}
ESP_LOGI(TAG, "OK");
ESP_LOGI(TAG, "SSL server context set own certification......");
ret = SSL_CTX_use_certificate_ASN1(ctx, ca_crt_bytes, ca_crt_start);
if (!ret) {
ESP_LOGI(TAG, "failed");
goto failed2;
}
ESP_LOGI(TAG, "OK");
ESP_LOGI(TAG, "SSL server context set private key......");
ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, ca_key_start, ca_key_bytes);
if (!ret) {
ESP_LOGI(TAG, "failed");
goto failed2;
}
ESP_LOGI(TAG, "OK");
ESP_LOGI(TAG, "SSL server create socket ......");
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0) {
ESP_LOGI(TAG, "failed");
goto failed2;
}
ESP_LOGI(TAG, "OK");
ESP_LOGI(TAG, "SSL server socket bind ......");
memset(&sock_addr, 0, sizeof(sock_addr));
sock_addr.sin_family = AF_INET;
sock_addr.sin_addr.s_addr = 0;
sock_addr.sin_port = htons(OPENSSL_EXAMPLE_LOCAL_TCP_PORT);
ret = bind(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
if (ret) {
ESP_LOGI(TAG, "failed");
goto failed3;
}
ESP_LOGI(TAG, "OK");
ESP_LOGI(TAG, "SSL server socket listen on %d port", OPENSSL_EXAMPLE_LOCAL_TCP_PORT);
ret = listen(sockfd, 32);
if (ret) {
ESP_LOGI(TAG, "failed");
goto failed3;
}
ESP_LOGI(TAG, "OK");
reconnect:
ESP_LOGI(TAG, "SSL server create ......");
ssl = SSL_new(ctx);
if (!ssl) {
ESP_LOGI(TAG, "failed");
goto failed3;
}
ESP_LOGI(TAG, "OK");
ESP_LOGI(TAG, "SSL server socket accept client ......");
new_sockfd = accept(sockfd, (struct sockaddr *)&sock_addr, &addr_len);
if (new_sockfd < 0) {
ESP_LOGI(TAG, "failed" );
goto failed4;
}
ESP_LOGI(TAG, "OK");
SSL_set_fd(ssl, new_sockfd);
ESP_LOGI(TAG, "SSL server accept client ......");
ret = SSL_accept(ssl);
if (!ret) {
ESP_LOGI(TAG, "failed");
goto failed5;
}
ESP_LOGI(TAG, "OK");
ESP_LOGI(TAG, "SSL server read message ......");
do {
memset(recv_buf, 0, OPENSSL_EXAMPLE_RECV_BUF_LEN);
ret = SSL_read(ssl, recv_buf, OPENSSL_EXAMPLE_RECV_BUF_LEN - 1);
if (ret <= 0) {
break;
}
ESP_LOGI(TAG, "SSL read: %s", recv_buf);
if (strstr(recv_buf, "GET ") &&
strstr(recv_buf, " HTTP/1.1")) {
ESP_LOGI(TAG, "SSL get matched message");
ESP_LOGI(TAG, "SSL write message");
ret = SSL_write(ssl, send_data, send_bytes);
if (ret > 0) {
ESP_LOGI(TAG, "OK");
} else {
ESP_LOGI(TAG, "error");
}
break;
}
} while (1);
SSL_shutdown(ssl);
failed5:
close(new_sockfd);
new_sockfd = -1;
failed4:
SSL_free(ssl);
ssl = NULL;
goto reconnect;
failed3:
close(sockfd);
sockfd = -1;
failed2:
SSL_CTX_free(ctx);
ctx = NULL;
failed1:
vTaskDelete(NULL);
return ;
}
static void openssl_server_init(void)
{
int ret;
xTaskHandle openssl_handle;
ret = xTaskCreate(openssl_example_task,
OPENSSL_EXAMPLE_TASK_NAME,
OPENSSL_EXAMPLE_TASK_STACK_WORDS,
NULL,
OPENSSL_EXAMPLE_TASK_PRIORITY,
&openssl_handle);
if (ret != pdPASS) {
ESP_LOGI(TAG, "create task %s failed", OPENSSL_EXAMPLE_TASK_NAME);
}
}
void app_main(void)
{
ESP_LOGI(TAG, "[APP] Startup..");
ESP_LOGI(TAG, "[APP] Free memory: %d bytes", esp_get_free_heap_size());
ESP_LOGI(TAG, "[APP] IDF version: %s", esp_get_idf_version());
ESP_ERROR_CHECK(nvs_flash_init());
ESP_ERROR_CHECK(esp_netif_init());
ESP_ERROR_CHECK(esp_event_loop_create_default());
/* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
* Read "Establishing Wi-Fi or Ethernet Connection" section in
* examples/protocols/README.md for more information about this function.
*/
ESP_ERROR_CHECK(example_connect());
openssl_server_init();
}

20
examples/protocols/openssl_server/server_certs/ca.crt
View File

@ -1,20 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDTTCCAjWgAwIBAgIUe0ZW+zwJ0KauAHVreTmv8xqC9QgwDQYJKoZIhvcNAQEL
BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM
CUVzcHJlc3NpZjAeFw0yMDA5MjMwNzU1NTRaFw00ODAyMDkwNzU1NTRaMDYxCzAJ
BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz
aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52tv077MpX817BVUP
yjmz/Nk1Tj7Za4pHlpVlbRRSlEz5h/62s7arB6dq9K2kC7fTIkw6MN/Qp4zPZ1Ug
0abzZesb71w3NLhw9ModiakDkvdRoDORXbxeJuxHbJyui/8N9UNJfb3IOPX/nSP+
coDWrkk0GrJbLwU1aLf7zr00iY2yx+lAEd75ElXhKrheUJJ/dpKYl4ZcGSm55WkQ
tJi5dHfZCx1dDXnt49q5hbGa7lsOwdIdE7xM4NtqWo61LJ2Z/scbha48RMvEAnAl
IfG9VcfjfOY1Y3LZemXS1NhuGRRgT3hc/xJFyTja4zg71XK1Z5VJO/QShFuDWnkx
oXrdAgMBAAGjUzBRMB0GA1UdDgQWBBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAfBgNV
HSMEGDAWgBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAPBgNVHRMBAf8EBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQBqu44Bdq2JWAx3gDrIz42Vvocq4kRkNEg2C00b7OEU
Hi/zm2JTOyoHQfLZWc1Y6dzcPTbA/+7JFgnlgyzfH4YCi8YosEjRB+cBqEwDeeGY
XS0vKxEG69vDb/neqsKsWawKU7P8TVar7qg/41eqoC84o/d23eBFJ0Tr/3EWO5hr
8ct2mSLkewCJIzxqQIsORynxjd7K9N2Dxb7Lg7kremM+nADfrbArSh443t+G9YEY
fDatlIgFXietPyg6i27Aob5Ogs5gmbdY2swEoYfnrN++DpLyLoPB9Y1t/691CkNF
AzCQft+CFyZfNXbjHBE7q3s660/UkC20OyHFyFt9C0q2
-----END CERTIFICATE-----

27
examples/protocols/openssl_server/server_certs/ca.key
View File

@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAudrb9O+zKV/NewVVD8o5s/zZNU4+2WuKR5aVZW0UUpRM+Yf+
trO2qwenavStpAu30yJMOjDf0KeMz2dVINGm82XrG+9cNzS4cPTKHYmpA5L3UaAz
kV28XibsR2ycrov/DfVDSX29yDj1/50j/nKA1q5JNBqyWy8FNWi3+869NImNssfp
QBHe+RJV4Sq4XlCSf3aSmJeGXBkpueVpELSYuXR32QsdXQ157ePauYWxmu5bDsHS
HRO8TODbalqOtSydmf7HG4WuPETLxAJwJSHxvVXH43zmNWNy2Xpl0tTYbhkUYE94
XP8SRck42uM4O9VytWeVSTv0EoRbg1p5MaF63QIDAQABAoIBAQC480UkcEz4hW/0
VpAZkILvzFVTKLR+pPgM2Zt+PZiVvSMExwMBScIkXQ+L7kXGFCswntcAqZZxC+ui
khAzAq+DVA8t03sPLRXGwrNHxbA98EjSH/xxUribcVx8j2c0g/ijKUl2nvz3fUfA
wd4J3mS8PuB2S4LmHtquFbHRkiDTX8RPtq+1ZGpl2+u2DlKIyPrkr8UZyZPVVjHd
ACyG4rJdFy/XVS3cGSQ0Nkp/Ml706oSOUklRPzQEumZt6UkdgRYt9VlLL65CzIrF
qW34v0olgD5pVM4hIKIV8GgqGCqKhfsj8Mv6kQ2iO4/Wu32iwwezGpqO5pOUVJLB
t/22iNxBAoGBAOmHHUN9Vl5wnZ88/TG1zU4aom/PHNiPCym1Zr4MekdMtCOFo+i/
8hB+X8ZfR8VfQpzF2TdvCde0f/nQCT7ixCFmx5ZgD6QqDU2oHqV1N+/6k3IFGG8X
BFcKMOyRU866E7RknMQfXmKc0V9BFnwo1hFfNlaQNUsiT6BX9TXvDzBVAoGBAMu9
Vpnv95FbFAb3+5gLABfFu9jUDSIanE+YJgtm5akDxF5paYZNTUcTe0KwT/h/nqyU
EyHeb32IbKUOzEmN1RlvfIec2QmZJk0u6TfLRLmORsBxM5z5dn+mvJwsYHaam0iI
pdpbnObCH+dIgGrn6zPPgaLr/NQ/GJMbVpGTVAhpAoGAc9p9MRtAOvABspsuPXgl
F2dtSKzmcaVdc160TvqfuzmZcLn/HBwFuhsH5sEkOQ3OXTpmTfL/Xg0FJGkJ/THA
/ZUg1UBo4heeq/UI5yrlCmA0v+85NPulQo0iwmpCup9j4S28/CtXxvJniKsgvY4A
zXN/4KgAWHr4J+MbGpuz3FUCgYB6ACr3iyaoN+3KLnzOEug/U/ykXnZu0ZiAYQ+H
DFrB1qukDWNPNMLtqNDKomGA4IrXtOOwCE6i0SqdvDrAYNoWnRfo7RdaFAdHeKvW
6TWCF5xuaFsLyKYY0nNm4XvyCaqqyIjoNKvD0sLf8B5V5gKFx+BM+xsuzYmdrWUt
Txem4QKBgQDGTEuEy8lX3AO7+iSwjgOC0mooLOR6MoH3iH81GUj+IuiwngIDRtHj
gIh0mNu6vgQkfBkaP27tyr00PBi3SIGAJOLaTKimjEOk0plTw1ewt4apMlhdcT/f
eVEUD7zpX3v1a8mN34wCRUEilpfMvEpIxW3GnDRzxVaXerydLiApJQ==
-----END RSA PRIVATE KEY-----

2
tools/ci/check_copyright_ignore.txt
View File

@ -2119,7 +2119,6 @@ components/openssl/include/internal/tls1.h
components/openssl/include/internal/x509_vfy.h
components/openssl/include/openssl/bio.h
components/openssl/include/openssl/err.h
components/openssl/include/openssl/ssl.h
components/openssl/include/platform/ssl_opt.h
components/openssl/include/platform/ssl_pm.h
components/openssl/include/platform/ssl_port.h
@ -2130,7 +2129,6 @@ components/openssl/library/ssl_lib.c
components/openssl/library/ssl_methods.c
components/openssl/library/ssl_pkey.c
components/openssl/library/ssl_stack.c
components/openssl/library/ssl_x509.c
components/openssl/platform/ssl_pm.c
components/openssl/platform/ssl_port.c
components/openssl/test/test_openssl.c

2
tools/test_apps/protocols/openssl/main/connect_test.c
View File

@ -1,3 +1,5 @@
#define ESP_OPENSSL_SUPPRESS_LEGACY_WARNING
#include <sys/socket.h>
#include <unistd.h>
#include <netdb.h>