Merge branch 'test/esp_ssl_example' into 'master'

examples: Add esp-ssl example tests server/client

Closes IDF-1156

See merge request espressif/esp-idf!12366

examples/protocols/openssl_client/CMakeLists.txt

@@ -8,3 +8,11 @@ set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_exam
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 project(openssl_client)
+
+if(CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN)
+    # This ca.crt is used when connecting to local(python executed) server
+    target_add_binary_data(openssl_client.elf "server_certs/ca.crt" TEXT)
+else()
+    # This ca.crt is used when connecting to www.baidu.com
+    target_add_binary_data(openssl_client.elf "main/baidu_ca.crt" TEXT)
+endif()

examples/protocols/openssl_client/README.md

@@ -1,17 +1,67 @@
-# Openssl Example
+# OpenSSL Client Example
 
-The Example contains of OpenSSL client demo.
+(See the README.md file in the upper level 'examples' directory for more information about examples.)
 
-Open the project configuration menu (`idf.py menuconfig`):
+This example shows how to set up esp openssl client and communicate over ssl transport layer.
 
-* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../README.md) for more details.
+## How to use example
+
+### Python scripts
+
+Script example_test.py could be used as a client part to the ESP-OPENSSL server demo,
+
+```
+python example_test.py
+```
+Note that this script is used in automated tests, as well, so the IDF test framework packages need to be imported;
+please add `$IDF_PATH/tools/ci/python_packages` to `PYTHONPATH`.
+
+### Hardware Required
+
+This example can be executed on any ESP32 board, the only required interface is WiFi and connection to internet.
+
+### Configure the project
+
+* Open the project configuration menu (`idf.py menuconfig`)
+* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../../README.md) for more details.
+* Configure the openssl client endpoint URI under "Example Configuration", if "OPENSSL_CLIENT_URI_FROM_STDIN" is selected then the example application will connect to the URI it reads from stdin (used for testing)
 
 * When using Make build system, set `Default serial port` under `Serial flasher config`.
 
-* Configure target domain and port number under "Example Configuration"
+* When using OPENSSL_CLIENT_URI_FROM_STRING configure target domain and port number under "Example Configuration"
 
-If you want to test the OpenSSL client demo:
+* Please note that verification mode is VERIFY_PEER by default, that's why during connection to public host('www.baidu.com') it's needed to use 
-  1. compile the code and load the firmware
+  appropriate certificates('baidu_ca.crt'), or it is needed to change verify mode to VERIFY_NONE.
-  2. open the UART TTY, then you can see it print the context of target domain
 
-See the README.md file in the upper level 'examples' directory for more information about examples.
+### Build and Flash
+
+Build the project and flash it to the board, then run monitor tool to view serial output:
+
+```
+idf.py -p PORT flash monitor
+```
+
+(To exit the serial monitor, type ``Ctrl-]``.)
+
+See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects.
+
+## Example Output
+
+```
+I (2601) esp_netif_handlers: example_connect: sta ip: 192.168.1.191, mask: 255.255.255.0, gw: 192.168.1.1
+I (2601) example_connect: Got IPv4 event: Interface "example_connect: sta" address: 192.168.1.191
+I (3601) example_connect: Got IPv6 event: Interface "example_connect: sta" address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL
+I (3601) example_connect: Connected to example_connect: sta
+I (3611) example_connect: - IPv4 address: 192.168.1.191
+I (3611) example_connect: - IPv6 address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL
+I (3631) openssl_example: Test started
+I (3631) openssl_example: Trying connect to www.baidu.com port 443 ...
+I (3641) openssl_example: DNS lookup succeeded. IP=103.235.46.39
+I (4101) openssl_example: OK
+I (4101) openssl_example: Create SSL obj
+I (4101) openssl_example: OK
+I (4101) openssl_example: SSL verify mode = 0 connected to www.baidu.com port 443 ...
+I (8091) openssl_example: OK
+I (8091) openssl_example: SSL Connection Succeed
+
+```

examples/protocols/openssl_client/example_test.py

@@ -0,0 +1,126 @@
+from __future__ import print_function, unicode_literals
+
+import os
+import re
+import socket
+import ssl
+from threading import Event, Thread
+
+import ttfw_idf
+
+SERVER_CERTS_DIR = 'server_certs/'
+
+
+def _path(f):
+    return os.path.join(os.path.dirname(os.path.realpath(__file__)),f)
+
+
+def get_my_ip():
+    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+    try:
+        # doesn't even have to be reachable
+        s.connect(('10.255.255.255', 1))
+        IP = s.getsockname()[0]
+    except socket.error:
+        IP = '127.0.0.1'
+    finally:
+        s.close()
+    return IP
+
+
+# Simple TLS server
+class TlsServer:
+
+    def __init__(self, port, negotiated_protocol=ssl.PROTOCOL_TLSv1):
+        self.port = port
+        self.socket = socket.socket()
+        self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+        self.socket.settimeout(20.0)
+        self.shutdown = Event()
+        self.negotiated_protocol = negotiated_protocol
+        self.conn = None
+        self.ssl_error = None
+        self.server_thread = None
+
+    def __enter__(self):
+        try:
+            self.socket.bind(('', self.port))
+        except socket.error as e:
+            print('Bind failed:{}'.format(e))
+            raise
+
+        self.socket.listen(1)
+        self.server_thread = Thread(target=self.run_server)
+        self.server_thread.start()
+
+        return self
+
+    def __exit__(self, exc_type, exc_value, traceback):
+        self.shutdown.set()
+        self.server_thread.join()
+        self.socket.close()
+        if (self.conn is not None):
+            self.conn.close()
+
+    def run_server(self):
+        ctx = ssl.SSLContext(self.negotiated_protocol)
+        ctx.load_cert_chain(certfile=_path(SERVER_CERTS_DIR + 'ca.crt'), keyfile=_path(SERVER_CERTS_DIR + 'ca.key'))
+        self.socket = ctx.wrap_socket(self.socket, server_side=True)
+        try:
+            print('Listening socket')
+            self.conn, address = self.socket.accept()  # accept new connection
+            self.socket.settimeout(20.0)
+            print(' - connection from: {}'.format(address))
+        except ssl.SSLError as e:
+            self.conn = None
+            self.ssl_error = str(e)
+            print(' - SSLError: {}'.format(str(e)))
+
+
+def test_echo(dut):
+    dut.expect('SSL Connection Succeed')
+    print('SSL Connection Succeed')
+
+
+@ttfw_idf.idf_example_test(env_tag='Example_WIFI')
+def test_example_protocol_openssl_client(env, extra_data):
+    """
+     steps:
+       1. join AP
+       2. connect to uri "xxxx.xxxx.xxxx.xxxx:port"
+       3. send and receive data
+    """
+    dut1 = env.get_dut('openssl_client', 'examples/protocols/openssl_client', dut_class=ttfw_idf.ESP32DUT)
+    # check and log bin size
+    binary_file = os.path.join(dut1.app.binary_path, 'openssl_client.bin')
+    binary_size = os.path.getsize(binary_file)
+    ttfw_idf.log_performance('openssl_client_bin_size', '{}KB'.format(binary_size // 1024))
+
+    try:
+        if 'CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN' in dut1.app.get_sdkconfig():
+            uri_from_stdin = True
+        else:
+            uri = dut1.app.get_sdkconfig()['CONFIG_EXAMPLE_OPENSSL_CLIENT_TARGET_DOMAIN'].strip('"')
+            uri_from_stdin = False
+    except Exception:
+        print('ENV_TEST_FAILURE: Cannot find target domain in sdkconfig')
+        raise
+
+    # start test
+    dut1.start_app()
+    dut1.expect(re.compile(r' IPv4 address: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'), timeout=30)
+    ip = get_my_ip()
+
+    if uri_from_stdin:
+        server_port = 2222
+        with TlsServer(server_port, negotiated_protocol=ssl.PROTOCOL_TLSv1_1):
+            print('Starting test')
+            dut1.write('{} {}'.format(ip, server_port))
+            dut1.expect(re.compile('SSL Connection Succeed'), timeout=10)
+    else:
+        print('DUT connecting to {}'.format(uri))
+        test_echo(dut1)
+
+
+if __name__ == '__main__':
+    test_example_protocol_openssl_client()

examples/protocols/openssl_client/main/Kconfig.projbuild

@@ -1,15 +1,27 @@
 menu "Example Configuration"
 
-    config TARGET_DOMAIN
+    choice EXAMPLE_OPENSSL_CLIENT_URI_SOURCE
+        prompt "SSL Client URI source"
+        default EXAMPLE_OPENSSL_CLIENT_URI_FROM_STRING
+        help
+            Selects the source of the URI used in the example.
+
+        config EXAMPLE_OPENSSL_CLIENT_URI_FROM_STRING
+            bool "From string"
+
+        config EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN
+            bool "From stdin"
+    endchoice
+
+    config EXAMPLE_OPENSSL_CLIENT_TARGET_DOMAIN
         string "Target Domain"
         default "www.baidu.com"
         help
             Target domain for the example to connect to.
 
-    config TARGET_PORT_NUMBER
+    config EXAMPLE_OPENSSL_CLIENT_TARGET_PORT
-        int "Target port number"
+        string "Target port number"
-        range 0 65535
+        default "443"
-        default 443
         help
             Target port number for the example to connect to.
 

examples/protocols/openssl_client/main/baidu_ca.crt

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw
+MDBaFw0yNDAyMjAxMDAwMDBaMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW
+YWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDHDmw/I5N/zHClnSDDDlM/fsBOwphJykfVI+8DNIV0yKMCLkZc
+C33JiJ1Pi/D4nGyMVTXbv/Kz6vvjVudKRtkTIso21ZvBqOOWQ5PyDLzm+ebomchj
+SHh/VzZpGhkdWtHUfcKc1H/hgBKueuqI6lfYygoKOhJJomIZeg0k9zfrtHOSewUj
+mxK1zusp36QUArkBpdSmnENkiN74fv7j9R7l/tyjqORmMdlMJekYuYlZCa7pnRxt
+Nw9KHjUgKOKv1CGLAcRFrW4rY6uSa2EKTSDtc7p8zv4WtdufgPDWi2zZCHlKT3hl
+2pK8vjX5s8T5J4BO/5ZS5gIg4Qdz6V0rvbLxAgMBAAGjggElMIIBITAOBgNVHQ8B
+Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUlt5h8b0cFilT
+HMDMfTuDAEDmGnwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0
+dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCow
+KKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYB
+BQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNv
+bS9yb290cjEwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZI
+hvcNAQELBQADggEBAEYq7l69rgFgNzERhnF0tkZJyBAW/i9iIxerH4f4gu3K3w4s
+32R1juUYcqeMOovJrKV3UPfvnqTgoI8UV6MqX+x+bRDmuo2wCId2Dkyy2VG7EQLy
+XN0cvfNVlg/UBsD84iOKJHDTu/B5GqdhcIOKrwbFINihY9Bsrk8y1658GEV1BSl3
+30JAZGSGvip2CTFvHST0mdCF/vIhCPnG9vHQWe3WVjwIKANnuvD58ZAWR65n5ryA
+SOlCdjSXVWkkDoPWoC209fN5ikkodBpBocLTJIg1MGCUF7ThBCIxPTsvFwayuJ2G
+K1pp74P1S8SqtCr4fKGxhZSM9AyHDPSsQPhZSZg=
+-----END CERTIFICATE-----

examples/protocols/openssl_client/main/component.mk

@@ -1,3 +1,10 @@
 #
 # Main Makefile. This is basically the same as a component makefile.
 #
+
+ifdef CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN
+COMPONENT_EMBED_TXTFILES := ${PROJECT_PATH}/server_certs/ca.crt
+else
+COMPONENT_EMBED_TXTFILES := ${PROJECT_PATH}/main/baidu_ca.crt
+endif
+COMPONENT_EMBED_TXTFILES += ${PROJECT_PATH}/server_certs/ca.key

examples/protocols/openssl_client/main/openssl_client_example.h

@@ -17,17 +17,15 @@
    the config you want - ie #define OPENSSL_EXAMPLE_TARGET_NAME "www.baidu.com"
    and ie #define OPENSSL_EXAMPLE_TARGET_TCP_PORT 433
 */
-#define OPENSSL_EXAMPLE_TARGET_NAME        CONFIG_TARGET_DOMAIN
+#define EXAMPLE_OPENSSL_TARGET_DOMAIN CONFIG_EXAMPLE_OPENSSL_CLIENT_TARGET_DOMAIN
-#define OPENSSL_EXAMPLE_TARGET_TCP_PORT    CONFIG_TARGET_PORT_NUMBER
+#define EXAMPLE_OPENSSL_TARGET_PORT    CONFIG_EXAMPLE_OPENSSL_CLIENT_TARGET_PORT
 
-#define OPENSSL_EXAMPLE_REQUEST            "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n"
+#define EXAMPLE_OPENSSL_REQUEST            "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n"
 
-#define OPENSSL_EXAMPLE_TASK_NAME        "openssl_example"
+#define EXAMPLE_OPENSSL_TASK_NAME        "openssl_example"
-#define OPENSSL_EXAMPLE_TASK_STACK_WORDS 10240
+#define EXAMPLE_OPENSSL_TASK_STACK_WORDS 10240
-#define OPENSSL_EXAMPLE_TASK_PRIORITY    8
+#define EXAMPLE_OPENSSL_TASK_PRIORITY    8
 
-#define OPENSSL_EXAMPLE_RECV_BUF_LEN       1024
+#define EXAMPLE_OPENSSL_RECV_BUF_LEN       1024
-
-#define OPENSSL_EXAMPLE_LOCAL_TCP_PORT     443
 
 #endif

examples/protocols/openssl_client/main/openssl_client_example_main.c

@@ -1,4 +1,4 @@
-/* OpenSSL client Example
+/* OpenSSL Client Example
 
    This example code is in the Public Domain (or CC0 licensed, at your option.)
 
@@ -6,172 +6,151 @@
    software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
    CONDITIONS OF ANY KIND, either express or implied.
 */
-
 #include "openssl_client_example.h"
 
-#include <string.h>
-
 #include "openssl/ssl.h"
 
-#include "freertos/FreeRTOS.h"
+#include "lwip/netdb.h"
-#include "freertos/task.h"
+#include "lwip/sockets.h"
 
-#include "esp_log.h"
-#include "esp_wifi.h"
-#include "esp_event.h"
 #include "nvs_flash.h"
-#include "esp_netif.h"
+#include "esp_event.h"
+#include "esp_log.h"
+
 #include "protocol_examples_common.h"
 
-#include "lwip/sockets.h"
-#include "lwip/netdb.h"
 
-const static char *TAG = "openssl_example";
+static const char *TAG = "openssl_example";
 
-static void openssl_example_task(void *p)
+static int open_connection(const char *host, char *port)
 {
-    int ret;
+    const struct addrinfo hints = {
-    SSL_CTX *ctx;
+        .ai_family = AF_INET,
-    SSL *ssl;
+        .ai_socktype = SOCK_STREAM,
+    };
+    struct addrinfo * res;
+    struct in_addr *addr;
+    int sd;
+    int err = getaddrinfo(host, port, &hints, &res);
+    if (err < 0) {
+        ESP_LOGE(TAG, "getaddrinfo() failed for IPV4 destination address. error: %d", err);
+        return -1;
+    }
+    if (res == 0) {
+        ESP_LOGE(TAG, "getaddrinfo() did not return any addresses");
+        return -1;
+    }
+    addr = &((struct sockaddr_in *)res->ai_addr)->sin_addr;
+    ESP_LOGI(TAG, "DNS lookup succeeded. IP=%s", inet_ntoa(*addr));
+    sd = socket(res->ai_family, res->ai_socktype, 0);
+    if(sd < 0) {
+        ESP_LOGE(TAG, "Failed to allocate socket.");
+        freeaddrinfo(res);
+        return -1;
+    }
+    if (connect(sd, res->ai_addr, res->ai_addrlen) != 0) {
+        ESP_LOGE(TAG, "Socket connect failed");
+        return -1;
+    }
+    return sd;
+}
+
+static SSL_CTX* init_contex(void)
+{
+
+#if CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN
+    extern const unsigned char cacert_pem_start[] asm("_binary_ca_crt_start");
+    extern const unsigned char cacert_pem_end[]   asm("_binary_ca_crt_end");
+#else
+    extern const unsigned char cacert_pem_start[] asm("_binary_baidu_ca_crt_start");
+    extern const unsigned char cacert_pem_end[]   asm("_binary_baidu_ca_crt_end");
+#endif
+    const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start;
+
+    const SSL_METHOD *mtd = TLSv1_1_client_method();
+    SSL_CTX *ctx = SSL_CTX_new(mtd);   /* Create new context */
+    SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
+
+    X509 *x = d2i_X509(NULL, cacert_pem_start, cacert_pem_bytes);
+    if(!x) {
+        ESP_LOGI(TAG,"Loading certs failed \n");
+    }
+    SSL_CTX_add_client_CA(ctx, x);
+
+    return ctx;
+}
+
+static void start_example(const char *host, char *port)
+{
+    SSL_CTX *ctx = NULL;
+    SSL *ssl = NULL;
     int sockfd;
-    struct sockaddr_in sock_addr;
+    int ret;
-    struct hostent *hp;
-    struct ip4_addr *ip4_addr;
 
-    int recv_bytes = 0;
+    ctx = init_contex();
-    char recv_buf[OPENSSL_EXAMPLE_RECV_BUF_LEN];
-
-    const char send_data[] = OPENSSL_EXAMPLE_REQUEST;
-    const int send_bytes = sizeof(send_data);
-
-    ESP_LOGI(TAG, "OpenSSL demo thread start OK");
-
-    ESP_LOGI(TAG, "get target IP address");
-    hp = gethostbyname(OPENSSL_EXAMPLE_TARGET_NAME);
-    if (!hp) {
-        ESP_LOGI(TAG, "failed");
-        goto failed1;
-    }
-    ESP_LOGI(TAG, "OK");
-
-    ip4_addr = (struct ip4_addr *)hp->h_addr;
-    ESP_LOGI(TAG, IPSTR, IP2STR(ip4_addr));
-
-    ESP_LOGI(TAG, "create SSL context ......");
-    ctx = SSL_CTX_new(TLSv1_1_client_method());
     if (!ctx) {
-        ESP_LOGI(TAG, "failed");
+        ESP_LOGE(TAG, "Failed");
+        goto failed1;
+    }
+    ESP_LOGI(TAG, "Trying connect to %s port %s ...", host, port);
+    sockfd = open_connection(host, port);
+    if(sockfd < 0) {
+        ESP_LOGE(TAG,"Failed");
         goto failed1;
     }
     ESP_LOGI(TAG, "OK");
-
+    ESP_LOGI(TAG, "Create SSL obj");
-    ESP_LOGI(TAG, "create socket ......");
+    ssl = SSL_new(ctx);
-    sockfd = socket(AF_INET, SOCK_STREAM, 0);
+    if (!ssl) {
-    if (sockfd < 0) {
+        ESP_LOGE(TAG,"Failed");
-        ESP_LOGI(TAG, "failed");
         goto failed2;
     }
     ESP_LOGI(TAG, "OK");
-
-    ESP_LOGI(TAG, "bind socket ......");
-    memset(&sock_addr, 0, sizeof(sock_addr));
-    sock_addr.sin_family = AF_INET;
-    sock_addr.sin_addr.s_addr = 0;
-    sock_addr.sin_port = htons(OPENSSL_EXAMPLE_LOCAL_TCP_PORT);
-    ret = bind(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
-    if (ret) {
-        ESP_LOGI(TAG, "failed");
-        goto failed3;
-    }
-    ESP_LOGI(TAG, "OK");
-
-    ESP_LOGI(TAG, "socket connect to remote %s ......", OPENSSL_EXAMPLE_TARGET_NAME);
-    memset(&sock_addr, 0, sizeof(sock_addr));
-    sock_addr.sin_family = AF_INET;
-    sock_addr.sin_addr.s_addr = ip4_addr->addr;
-    sock_addr.sin_port = htons(OPENSSL_EXAMPLE_TARGET_TCP_PORT);
-    ret = connect(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
-    if (ret) {
-        ESP_LOGI(TAG, "failed");
-        goto failed3;
-    }
-    ESP_LOGI(TAG, "OK");
-
-    ESP_LOGI(TAG, "create SSL ......");
-    ssl = SSL_new(ctx);
-    if (!ssl) {
-        ESP_LOGI(TAG, "failed");
-        goto failed3;
-    }
-    ESP_LOGI(TAG, "OK");
-
     SSL_set_fd(ssl, sockfd);
-
-    ESP_LOGI(TAG, "SSL connected to %s port %d ......",
-        OPENSSL_EXAMPLE_TARGET_NAME, OPENSSL_EXAMPLE_TARGET_TCP_PORT);
     ret = SSL_connect(ssl);
-    if (!ret) {
-        ESP_LOGI(TAG, "failed " );
-        goto failed4;
-    }
-    ESP_LOGI(TAG, "OK");
-
-    ESP_LOGI(TAG, "send https request to %s port %d ......",
-        OPENSSL_EXAMPLE_TARGET_NAME, OPENSSL_EXAMPLE_TARGET_TCP_PORT);
-    ret = SSL_write(ssl, send_data, send_bytes);
     if (ret <= 0) {
-        ESP_LOGI(TAG, "failed");
+        ESP_LOGE(TAG,"SSL Connection Failed");
-        goto failed5;
+        goto failed3;
     }
-    ESP_LOGI(TAG, "OK");
+    ESP_LOGI(TAG,"SSL Connection Succeed");
-
+failed3:
-    do {
-        ret = SSL_read(ssl, recv_buf, OPENSSL_EXAMPLE_RECV_BUF_LEN - 1);
-        if (ret <= 0) {
-            break;
-        }
-        recv_buf[ret] = '\0';
-        recv_bytes += ret;
-        ESP_LOGI(TAG, "%s", recv_buf);
-    } while (1);
-
-    ESP_LOGI(TAG, "totally read %d bytes data from %s ......", recv_bytes, OPENSSL_EXAMPLE_TARGET_NAME);
-
-failed5:
-    SSL_shutdown(ssl);
-failed4:
     SSL_free(ssl);
     ssl = NULL;
-failed3:
+failed2:
     close(sockfd);
     sockfd = -1;
-failed2:
+failed1:
     SSL_CTX_free(ctx);
     ctx = NULL;
-failed1:
-    vTaskDelete(NULL);
-    return ;
 }
 
-static void openssl_example_client_init(void)
+#if CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN
+static void get_string(char *line, size_t size)
 {
-    int ret;
+    int count = 0;
-    xTaskHandle openssl_handle;
+    while (count < size) {
-
+        int c = fgetc(stdin);
-    ret = xTaskCreate(openssl_example_task,
+        if (c == '\n') {
-                      OPENSSL_EXAMPLE_TASK_NAME,
+            line[count] = '\0';
-                      OPENSSL_EXAMPLE_TASK_STACK_WORDS,
+            break;
-                      NULL,
+        } else if (c > 0 && c < 127) {
-                      OPENSSL_EXAMPLE_TASK_PRIORITY,
+            line[count] = c;
-                      &openssl_handle);
+            ++count;
-
+        }
-    if (ret != pdPASS)  {
+        vTaskDelay(10 / portTICK_PERIOD_MS);
-        ESP_LOGI(TAG, "create thread %s failed", OPENSSL_EXAMPLE_TASK_NAME);
     }
 }
+#endif /* CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN */
 
 void app_main(void)
 {
+    char host[128] = EXAMPLE_OPENSSL_TARGET_DOMAIN;
+    char port[32] = EXAMPLE_OPENSSL_TARGET_PORT;
+
+    ESP_LOGI(TAG, "[APP] Startup..");
+    ESP_LOGI(TAG, "[APP] Free memory: %d bytes", esp_get_free_heap_size());
+    ESP_LOGI(TAG, "[APP] IDF version: %s", esp_get_idf_version());
+
     ESP_ERROR_CHECK(nvs_flash_init());
     ESP_ERROR_CHECK(esp_netif_init());
     ESP_ERROR_CHECK(esp_event_loop_create_default());
@@ -182,5 +161,10 @@ void app_main(void)
      */
     ESP_ERROR_CHECK(example_connect());
 
-    openssl_example_client_init();
+#if CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN
+    char line[256] = "";
+    get_string(line, sizeof(line));
+    sscanf(line, "%s %s", host, port);
+#endif /* CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN */
+    start_example(host, port);
 }

examples/protocols/openssl_client/sdkconfig.ci

@@ -0,0 +1,2 @@
+CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN=y
+CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STRING=n

examples/protocols/openssl_client/server_certs/ca.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTTCCAjWgAwIBAgIUe0ZW+zwJ0KauAHVreTmv8xqC9QgwDQYJKoZIhvcNAQEL
+BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM
+CUVzcHJlc3NpZjAeFw0yMDA5MjMwNzU1NTRaFw00ODAyMDkwNzU1NTRaMDYxCzAJ
+BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz
+aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52tv077MpX817BVUP
+yjmz/Nk1Tj7Za4pHlpVlbRRSlEz5h/62s7arB6dq9K2kC7fTIkw6MN/Qp4zPZ1Ug
+0abzZesb71w3NLhw9ModiakDkvdRoDORXbxeJuxHbJyui/8N9UNJfb3IOPX/nSP+
+coDWrkk0GrJbLwU1aLf7zr00iY2yx+lAEd75ElXhKrheUJJ/dpKYl4ZcGSm55WkQ
+tJi5dHfZCx1dDXnt49q5hbGa7lsOwdIdE7xM4NtqWo61LJ2Z/scbha48RMvEAnAl
+IfG9VcfjfOY1Y3LZemXS1NhuGRRgT3hc/xJFyTja4zg71XK1Z5VJO/QShFuDWnkx
+oXrdAgMBAAGjUzBRMB0GA1UdDgQWBBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAfBgNV
+HSMEGDAWgBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4IBAQBqu44Bdq2JWAx3gDrIz42Vvocq4kRkNEg2C00b7OEU
+Hi/zm2JTOyoHQfLZWc1Y6dzcPTbA/+7JFgnlgyzfH4YCi8YosEjRB+cBqEwDeeGY
+XS0vKxEG69vDb/neqsKsWawKU7P8TVar7qg/41eqoC84o/d23eBFJ0Tr/3EWO5hr
+8ct2mSLkewCJIzxqQIsORynxjd7K9N2Dxb7Lg7kremM+nADfrbArSh443t+G9YEY
+fDatlIgFXietPyg6i27Aob5Ogs5gmbdY2swEoYfnrN++DpLyLoPB9Y1t/691CkNF
+AzCQft+CFyZfNXbjHBE7q3s660/UkC20OyHFyFt9C0q2
+-----END CERTIFICATE-----

examples/protocols/openssl_client/server_certs/ca.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAudrb9O+zKV/NewVVD8o5s/zZNU4+2WuKR5aVZW0UUpRM+Yf+
+trO2qwenavStpAu30yJMOjDf0KeMz2dVINGm82XrG+9cNzS4cPTKHYmpA5L3UaAz
+kV28XibsR2ycrov/DfVDSX29yDj1/50j/nKA1q5JNBqyWy8FNWi3+869NImNssfp
+QBHe+RJV4Sq4XlCSf3aSmJeGXBkpueVpELSYuXR32QsdXQ157ePauYWxmu5bDsHS
+HRO8TODbalqOtSydmf7HG4WuPETLxAJwJSHxvVXH43zmNWNy2Xpl0tTYbhkUYE94
+XP8SRck42uM4O9VytWeVSTv0EoRbg1p5MaF63QIDAQABAoIBAQC480UkcEz4hW/0
+VpAZkILvzFVTKLR+pPgM2Zt+PZiVvSMExwMBScIkXQ+L7kXGFCswntcAqZZxC+ui
+khAzAq+DVA8t03sPLRXGwrNHxbA98EjSH/xxUribcVx8j2c0g/ijKUl2nvz3fUfA
+wd4J3mS8PuB2S4LmHtquFbHRkiDTX8RPtq+1ZGpl2+u2DlKIyPrkr8UZyZPVVjHd
+ACyG4rJdFy/XVS3cGSQ0Nkp/Ml706oSOUklRPzQEumZt6UkdgRYt9VlLL65CzIrF
+qW34v0olgD5pVM4hIKIV8GgqGCqKhfsj8Mv6kQ2iO4/Wu32iwwezGpqO5pOUVJLB
+t/22iNxBAoGBAOmHHUN9Vl5wnZ88/TG1zU4aom/PHNiPCym1Zr4MekdMtCOFo+i/
+8hB+X8ZfR8VfQpzF2TdvCde0f/nQCT7ixCFmx5ZgD6QqDU2oHqV1N+/6k3IFGG8X
+BFcKMOyRU866E7RknMQfXmKc0V9BFnwo1hFfNlaQNUsiT6BX9TXvDzBVAoGBAMu9
+Vpnv95FbFAb3+5gLABfFu9jUDSIanE+YJgtm5akDxF5paYZNTUcTe0KwT/h/nqyU
+EyHeb32IbKUOzEmN1RlvfIec2QmZJk0u6TfLRLmORsBxM5z5dn+mvJwsYHaam0iI
+pdpbnObCH+dIgGrn6zPPgaLr/NQ/GJMbVpGTVAhpAoGAc9p9MRtAOvABspsuPXgl
+F2dtSKzmcaVdc160TvqfuzmZcLn/HBwFuhsH5sEkOQ3OXTpmTfL/Xg0FJGkJ/THA
+/ZUg1UBo4heeq/UI5yrlCmA0v+85NPulQo0iwmpCup9j4S28/CtXxvJniKsgvY4A
+zXN/4KgAWHr4J+MbGpuz3FUCgYB6ACr3iyaoN+3KLnzOEug/U/ykXnZu0ZiAYQ+H
+DFrB1qukDWNPNMLtqNDKomGA4IrXtOOwCE6i0SqdvDrAYNoWnRfo7RdaFAdHeKvW
+6TWCF5xuaFsLyKYY0nNm4XvyCaqqyIjoNKvD0sLf8B5V5gKFx+BM+xsuzYmdrWUt
+Txem4QKBgQDGTEuEy8lX3AO7+iSwjgOC0mooLOR6MoH3iH81GUj+IuiwngIDRtHj
+gIh0mNu6vgQkfBkaP27tyr00PBi3SIGAJOLaTKimjEOk0plTw1ewt4apMlhdcT/f
+eVEUD7zpX3v1a8mN34wCRUEilpfMvEpIxW3GnDRzxVaXerydLiApJQ==
+-----END RSA PRIVATE KEY-----

examples/protocols/openssl_server/CMakeLists.txt

@@ -8,3 +8,6 @@ set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_exam
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 project(openssl_server)
+
+target_add_binary_data(openssl_server.elf "server_certs/ca.crt" TEXT)
+target_add_binary_data(openssl_server.elf "server_certs/ca.key" TEXT)

examples/protocols/openssl_server/README.md

@@ -1,22 +1,65 @@
-# Openssl Example
+# OpenSSL Server Example
 
-The Example contains of OpenSSL server demo.
+(See the README.md file in the upper level 'examples' directory for more information about examples.)
 
-Open the project configuration menu (`idf.py menuconfig`):
+This example connects to the ESP-OPENSSL server demo using ssl transport and and sends some messages.
 
-* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../README.md) for more details.
+## How to use example
 
+### Python scripts
+
+Script example_test.py could be used as a client part to the ESP-OPENSSL server demo,
+
+```
+python example_test.py
+```
+Note that this script is used in automated tests, as well, so the IDF test framework packages need to be imported;
+please add `$IDF_PATH/tools/ci/python_packages` to `PYTHONPATH`.
+
+### Hardware Required
+
+This example can be executed on any ESP32 board, the only required interface is WiFi and connection to internet.
+
+### Configure the project
+
+* Open the project configuration menu (`idf.py menuconfig`)
+* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../../README.md) for more details.
 * When using Make build system, set `Default serial port` under `Serial flasher config`.
-    
-IF you want to test the OpenSSL server demo: 
-  1. compile the code and load the firmware 
-  2. input the context of "https://192.168.17.128" into your web browser, the IP of your module may not be 192.168.17.128, you should input your module's IP
-  3. You may see that it shows the website is not able to be trusted, but you should select that "go on to visit it"
-  4. You should wait for a moment until your see the "OpenSSL server demo!" in your web browser
-  
-Note:
-  The private key and certification at the example are not trusted by web browser, because they are not created by CA official, just by ourselves.
-  You can alse create your own private key and ceritification by "openssl at ubuntu or others". 
-  We have the document of "ESP8266_SDKSSL_User_Manual_EN_v1.4.pdf" at "https://www.espressif.com/en/support/download/documents". By it you can gernerate the private key and certification with the fomate of ".pem"
 
-See the README.md file in the upper level 'examples' directory for more information about examples.
+### Build and Flash
+
+Build the project and flash it to the board, then run monitor tool to view serial output:
+
+```
+idf.py -p PORT flash monitor
+```
+
+(To exit the serial monitor, type ``Ctrl-]``.)
+
+See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects.
+
+## Example Output
+
+```
+I (2609) example_connect: Got IPv6 event: Interface "example_connect: sta" address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL
+I (3609) esp_netif_handlers: example_connect: sta ip: 192.168.1.191, mask: 255.255.255.0, gw: 192.168.1.1
+I (3609) example_connect: Got IPv4 event: Interface "example_connect: sta" address: 192.168.1.191
+I (3619) example_connect: Connected to example_connect: sta
+I (3619) example_connect: - IPv4 address: 192.168.1.191
+I (3629) example_connect: - IPv6 address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL
+I (3639) OPENSSL_EXAMPLE: SSL server context create ......
+I (3649) OPENSSL_EXAMPLE: OK
+I (3649) OPENSSL_EXAMPLE: SSL server context set own certification......
+I (3659) OPENSSL_EXAMPLE: OK
+I (3659) OPENSSL_EXAMPLE: SSL server context set private key......
+I (3669) OPENSSL_EXAMPLE: OK
+I (3669) OPENSSL_EXAMPLE: SSL server create socket ......
+I (3679) OPENSSL_EXAMPLE: OK
+I (3679) OPENSSL_EXAMPLE: SSL server socket bind ......
+I (3689) OPENSSL_EXAMPLE: OK
+I (3689) OPENSSL_EXAMPLE: SSL server socket listen on 443 port
+I (3699) OPENSSL_EXAMPLE: OK
+I (3699) OPENSSL_EXAMPLE: SSL server create ......
+I (3709) OPENSSL_EXAMPLE: OK
+I (3709) OPENSSL_EXAMPLE: SSL server socket accept client ......
+```

examples/protocols/openssl_server/example_test.py

@@ -0,0 +1,47 @@
+from __future__ import print_function, unicode_literals
+
+import os
+import re
+import socket
+import ssl
+
+import ttfw_idf
+
+
+def _path(f):
+    return os.path.join(os.path.dirname(os.path.realpath(__file__)),f)
+
+
+@ttfw_idf.idf_example_test(env_tag='Example_WIFI')
+def test_example_protocol_openssl_server(env, extra_data):
+    """
+     steps:
+       1. join AP
+       2. connect to uri "xxxx.xxxx.xxxx.xxxx:port"
+       3. send data
+    """
+    dut1 = env.get_dut('openssl_server', 'examples/protocols/openssl_server', dut_class=ttfw_idf.ESP32DUT)
+    # check and log bin size
+    binary_file = os.path.join(dut1.app.binary_path, 'openssl_server.bin')
+    bin_size = os.path.getsize(binary_file)
+    ttfw_idf.log_performance('openssl_server_bin_size', '{}KB'.format(bin_size // 1024))
+    # start test
+    dut1.start_app()
+    ip = dut1.expect(re.compile(r' IPv4 address: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'), timeout=30)[0]
+    port = dut1.expect(re.compile(r' SSL server socket listen on ([0-9]+)'), timeout=30)[0]
+    # create socket
+    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+    sock.settimeout(10)
+    addr = (ip, int(port))
+    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
+    # wrap socket
+    wrappedSocket = ssl.wrap_socket(sock, ca_certs=_path('server_certs/ca.crt'), cert_reqs=ssl.CERT_REQUIRED)
+    # connect and send data
+    wrappedSocket.connect(addr)
+    wrappedSocket.send('Some Data'.encode())
+    # close socket connection
+    wrappedSocket.close()
+
+
+if __name__ == '__main__':
+    test_example_protocol_openssl_server()

examples/protocols/openssl_server/main/CMakeLists.txt

@@ -1,4 +1,3 @@
 # Embed the certificate & key data directly in the built binary
 idf_component_register(SRCS "openssl_server_example_main.c"
-                    INCLUDE_DIRS "."
+                    INCLUDE_DIRS  ".")
-                    EMBED_TXTFILES cacert.pem prvtkey.pem)

examples/protocols/openssl_server/main/Kconfig.projbuild

@@ -0,0 +1,10 @@
+menu "Example Configuration"
+
+    config EXAMPLE_OPENSSL_SERVER_PORT
+        int "Target port number"
+        range 0 65535
+        default 443
+        help
+            Target port number for the example to connect to.
+
+endmenu

examples/protocols/openssl_server/main/cacert.pem

@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDezCCAmOgAwIBAgIJAPMMNobNczaUMA0GCSqGSIb3DQEBBAUAMHQxEzARBgNV
-BAMTCk15IFRlc3QgQ0ExCzAJBgNVBAgTAkhaMQswCQYDVQQGEwJDTjEcMBoGCSqG
-SIb3DQEJARYNdGVzdEBjZXJ0LmNvbTElMCMGA1UEChMcUm9vdCBDZXJ0aWZpY2F0
-aW9uIEF1dGhvcml0eTAeFw0xNjExMTUwNTA0MThaFw0xOTExMTUwNTA0MThaMHQx
-EzARBgNVBAMTCk15IFRlc3QgQ0ExCzAJBgNVBAgTAkhaMQswCQYDVQQGEwJDTjEc
-MBoGCSqGSIb3DQEJARYNdGVzdEBjZXJ0LmNvbTElMCMGA1UEChMcUm9vdCBDZXJ0
-aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBALDjSPDlomepHCzbw4MUrquQAU0xTV4/Npb27k9I5TRVTjIoOs/5hNI2LPFW
-e4CREx09ZrT8K3NFOBoSy7bhPAsjGaFxCYYWc9tiX1m5gq3ToVRSmbZ65fE3kvnI
-8E/d5VyzA0OMmWbfaolBSTMoWgqRynEaT+z1Eh2yDTzVFy9eov1DdQFUqGDqbH5b
-QYvTY5Fyem7UcKWAe2yS0j3H4dVtVBKNY7qV3Px08yGAs5fQFgUwhyB5+qwhvkeL
-JdgapGaSTwLgoQKWHbe/lA3NiBIB9hznFUGKo3hmniAvYZbrQcn3tc0l/J4I39v2
-Pm29FAyjWvQyBkGktz2q4elOZYkCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkq
-hkiG9w0BAQQFAAOCAQEAJCJ+97oae/FcOLbPpjCpUQnWqYydgSChgalkZNvr4fVp
-TnuNg471l0Y2oTJLoWn2YcbPSFVOEeKkU47mpjMzucHHp0zGaW9SdzhZalWwmbgK
-q2ijecIbuFHFNedYTk/03K7eaAcjVhD8e0oOJImeLOL6DAFivA1LUnSgXsdGPDtD
-zhISsCPTu+cL1j0yP6HBvLeAyb8kaCWJ05RtiVLRANNHQn/keHajJYpMwnEEbJdG
-cqN3whfJoGVbZ6isEf2RQJ0pYRnP7uGLW3wGkLWxfdto8uER8HVDx7fZpevLIqGd
-1OoSEi3cIJXWBAjx0TLzzhtb6aeIxBJWQqHThtkKdg==
------END CERTIFICATE-----

examples/protocols/openssl_server/main/component.mk

@@ -2,5 +2,5 @@
 # Main Makefile. This is basically the same as a component makefile.
 #
 
-COMPONENT_EMBED_TXTFILES := cacert.pem
+COMPONENT_EMBED_TXTFILES := ${PROJECT_PATH}/server_certs/ca.crt
-COMPONENT_EMBED_TXTFILES += prvtkey.pem
+COMPONENT_EMBED_TXTFILES += ${PROJECT_PATH}/server_certs/ca.key

examples/protocols/openssl_server/main/openssl_server_example.h

@@ -18,6 +18,6 @@
 
 #define OPENSSL_EXAMPLE_RECV_BUF_LEN       1024
 
-#define OPENSSL_EXAMPLE_LOCAL_TCP_PORT     443
+#define OPENSSL_EXAMPLE_LOCAL_TCP_PORT     CONFIG_EXAMPLE_OPENSSL_SERVER_PORT
 
 #endif

examples/protocols/openssl_server/main/openssl_server_example_main.c

@@ -1,4 +1,4 @@
-/* OpenSSL server Example
+/* OpenSSL Server Example
 
    This example code is in the Public Domain (or CC0 licensed, at your option.)
 
@@ -27,7 +27,7 @@
 #include "lwip/netdb.h"
 
 
-const static char *TAG = "Openssl_example";
+const static char *TAG = "openssl_example";
 
 #define OPENSSL_EXAMPLE_SERVER_ACK "HTTP/1.1 200 OK\r\n" \
                                 "Content-Type: text/html\r\n" \
@@ -56,13 +56,13 @@ static void openssl_example_task(void *p)
     const char send_data[] = OPENSSL_EXAMPLE_SERVER_ACK;
     const int send_bytes = sizeof(send_data);
 
-    extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start");
+    extern const unsigned char ca_crt_start[] asm("_binary_ca_crt_start");
-    extern const unsigned char cacert_pem_end[]   asm("_binary_cacert_pem_end");
+    extern const unsigned char ca_crt_end[]   asm("_binary_ca_crt_end");
-    const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start;
+    const unsigned int ca_crt_bytes = ca_crt_end - ca_crt_start;
 
-    extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start");
+    extern const unsigned char ca_key_start[] asm("_binary_ca_key_start");
-    extern const unsigned char prvtkey_pem_end[]   asm("_binary_prvtkey_pem_end");
+    extern const unsigned char ca_key_end[]   asm("_binary_ca_key_end");
-    const unsigned int prvtkey_pem_bytes = prvtkey_pem_end - prvtkey_pem_start;
+    const unsigned int ca_key_bytes = ca_key_end - ca_key_start;
 
     ESP_LOGI(TAG, "SSL server context create ......");
     /* For security reasons, it is best if you can use
@@ -77,7 +77,7 @@ static void openssl_example_task(void *p)
     ESP_LOGI(TAG, "OK");
 
     ESP_LOGI(TAG, "SSL server context set own certification......");
-    ret = SSL_CTX_use_certificate_ASN1(ctx, cacert_pem_bytes, cacert_pem_start);
+    ret = SSL_CTX_use_certificate_ASN1(ctx, ca_crt_bytes, ca_crt_start);
     if (!ret) {
         ESP_LOGI(TAG, "failed");
         goto failed2;
@@ -85,7 +85,7 @@ static void openssl_example_task(void *p)
     ESP_LOGI(TAG, "OK");
 
     ESP_LOGI(TAG, "SSL server context set private key......");
-    ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, prvtkey_pem_start, prvtkey_pem_bytes);
+    ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, ca_key_start, ca_key_bytes);
     if (!ret) {
         ESP_LOGI(TAG, "failed");
         goto failed2;
@@ -112,7 +112,7 @@ static void openssl_example_task(void *p)
     }
     ESP_LOGI(TAG, "OK");
 
-    ESP_LOGI(TAG, "SSL server socket listen ......");
+    ESP_LOGI(TAG, "SSL server socket listen on %d port", OPENSSL_EXAMPLE_LOCAL_TCP_PORT);
     ret = listen(sockfd, 32);
     if (ret) {
         ESP_LOGI(TAG, "failed");
@@ -207,6 +207,10 @@ static void openssl_server_init(void)
 
 void app_main(void)
 {
+    ESP_LOGI(TAG, "[APP] Startup..");
+    ESP_LOGI(TAG, "[APP] Free memory: %d bytes", esp_get_free_heap_size());
+    ESP_LOGI(TAG, "[APP] IDF version: %s", esp_get_idf_version());
+
     ESP_ERROR_CHECK(nvs_flash_init());
     ESP_ERROR_CHECK(esp_netif_init());
     ESP_ERROR_CHECK(esp_event_loop_create_default());

examples/protocols/openssl_server/main/prvtkey.pem

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAsONI8OWiZ6kcLNvDgxSuq5ABTTFNXj82lvbuT0jlNFVOMig6
-z/mE0jYs8VZ7gJETHT1mtPwrc0U4GhLLtuE8CyMZoXEJhhZz22JfWbmCrdOhVFKZ
-tnrl8TeS+cjwT93lXLMDQ4yZZt9qiUFJMyhaCpHKcRpP7PUSHbINPNUXL16i/UN1
-AVSoYOpsfltBi9NjkXJ6btRwpYB7bJLSPcfh1W1UEo1jupXc/HTzIYCzl9AWBTCH
-IHn6rCG+R4sl2BqkZpJPAuChApYdt7+UDc2IEgH2HOcVQYqjeGaeIC9hlutByfe1
-zSX8ngjf2/Y+bb0UDKNa9DIGQaS3Parh6U5liQIDAQABAoIBAB9K9jp3xXVlO3DM
-KBhmbkg3n6NSV4eW00d9w8cO9E1/0eeZql3knJS7tNO1IwApqiIAHM1j1yP7WONz
-88oUqpSlzwD6iF7KVhC3pHqxEOdDi0Tpn/viXg+Ab2X1IF5guRTfLnKiyviiCazi
-edqtBtDb3d6Icx9Oc7gBKcpbQFDGt++wSOb5L+xhRm9B5B4l/6byikiPeKqIK5tC
-SoP9Zr1mvpNoGm1P4LvEunFJcRBqVI010VNwfO9P98oVyzJu9/FZZrQxXoY9JdXF
-OM6nbl+hMDM3TkEOda9NvBhImozEAvuc97CaaXyR3XivxMqNqNIb4+syUPa2PCS3
-ZztI5qECgYEA1gbVG6ifpvpbBkDPi3Im8fM3F7FLLrQc48FdFjdMvDhHD9lVKucD
-Uaa8PF9dbbvlu2cwMyfBOKSuWaXxRxRsiqiPmTunS1MvPzQcSrGwUrL2AogGucn6
-+NrLQf5P4H5IpkDQ9ih3zwjO6xKFK1WeYnYpHM8qUBtl6q0YFyVBPu0CgYEA05Pn
-StWA4D7VSbNnVi6lvFyEOUsTrK3v419598TFiq4eXLq6aV8/CQYzKsSzoG+aOZhX
-Li+0uyT5cNzUcXYhTsW1hA/pNhMfxMrYiB1x14zlLp2WRGg4vd/+SxX6d9Yd3acX
-7QzPKgdDicXs9QN8ozJOICKvNbUI53AJdATVEY0CgYEAwvpGeoQLrdq1weSZLrg3
-soOX1QW3MDz1dKdbXjnStkWut0mOxR7fbysuoPFf8/ARQcCnsHKvHCMqkpESVWbN
-2yPkbfxiU8Tcbf/TJljqAOz4ISY6ula/RKZONTixHBrvpEW4GAiV3Q5xMsYUe33s
-ZFaw7YXtTj0ng7tdDvjpj6ECgYEApHdUU9ejVq2BHslWiqe4LbO9FMxHfvO2hgix
-xugupp6y+2Irhb2EQn+PRq+g8hXOzPaezkhHNTKItDL08T3iplkJwJ6dqmszRsZn
-i2dYFzZu8M2PAZ4CfZahFbz/9id7D9HTx3EtmH4NAgvZJpyPRkzUbiaIDDettDpj
-Hsyi1AECgYAPLvjBzQj4kPF8Zo9pQEUcz4pmupRVfv3aRfjnahDK4qZHEePDRj+J
-W7pzayrs1dyN9QLB8pTc424z7f8MB3llCICN+ohs8CR/eW0NEobE9ldDOeoCr1Vh
-NhNSbrN1iZ8U4oLkRTMaDKkVngGffvjGi/q0tOU7hJdZOqNlk2Iahg==
------END RSA PRIVATE KEY-----

examples/protocols/openssl_server/server_certs/ca.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTTCCAjWgAwIBAgIUe0ZW+zwJ0KauAHVreTmv8xqC9QgwDQYJKoZIhvcNAQEL
+BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM
+CUVzcHJlc3NpZjAeFw0yMDA5MjMwNzU1NTRaFw00ODAyMDkwNzU1NTRaMDYxCzAJ
+BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz
+aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52tv077MpX817BVUP
+yjmz/Nk1Tj7Za4pHlpVlbRRSlEz5h/62s7arB6dq9K2kC7fTIkw6MN/Qp4zPZ1Ug
+0abzZesb71w3NLhw9ModiakDkvdRoDORXbxeJuxHbJyui/8N9UNJfb3IOPX/nSP+
+coDWrkk0GrJbLwU1aLf7zr00iY2yx+lAEd75ElXhKrheUJJ/dpKYl4ZcGSm55WkQ
+tJi5dHfZCx1dDXnt49q5hbGa7lsOwdIdE7xM4NtqWo61LJ2Z/scbha48RMvEAnAl
+IfG9VcfjfOY1Y3LZemXS1NhuGRRgT3hc/xJFyTja4zg71XK1Z5VJO/QShFuDWnkx
+oXrdAgMBAAGjUzBRMB0GA1UdDgQWBBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAfBgNV
+HSMEGDAWgBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4IBAQBqu44Bdq2JWAx3gDrIz42Vvocq4kRkNEg2C00b7OEU
+Hi/zm2JTOyoHQfLZWc1Y6dzcPTbA/+7JFgnlgyzfH4YCi8YosEjRB+cBqEwDeeGY
+XS0vKxEG69vDb/neqsKsWawKU7P8TVar7qg/41eqoC84o/d23eBFJ0Tr/3EWO5hr
+8ct2mSLkewCJIzxqQIsORynxjd7K9N2Dxb7Lg7kremM+nADfrbArSh443t+G9YEY
+fDatlIgFXietPyg6i27Aob5Ogs5gmbdY2swEoYfnrN++DpLyLoPB9Y1t/691CkNF
+AzCQft+CFyZfNXbjHBE7q3s660/UkC20OyHFyFt9C0q2
+-----END CERTIFICATE-----

examples/protocols/openssl_server/server_certs/ca.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAudrb9O+zKV/NewVVD8o5s/zZNU4+2WuKR5aVZW0UUpRM+Yf+
+trO2qwenavStpAu30yJMOjDf0KeMz2dVINGm82XrG+9cNzS4cPTKHYmpA5L3UaAz
+kV28XibsR2ycrov/DfVDSX29yDj1/50j/nKA1q5JNBqyWy8FNWi3+869NImNssfp
+QBHe+RJV4Sq4XlCSf3aSmJeGXBkpueVpELSYuXR32QsdXQ157ePauYWxmu5bDsHS
+HRO8TODbalqOtSydmf7HG4WuPETLxAJwJSHxvVXH43zmNWNy2Xpl0tTYbhkUYE94
+XP8SRck42uM4O9VytWeVSTv0EoRbg1p5MaF63QIDAQABAoIBAQC480UkcEz4hW/0
+VpAZkILvzFVTKLR+pPgM2Zt+PZiVvSMExwMBScIkXQ+L7kXGFCswntcAqZZxC+ui
+khAzAq+DVA8t03sPLRXGwrNHxbA98EjSH/xxUribcVx8j2c0g/ijKUl2nvz3fUfA
+wd4J3mS8PuB2S4LmHtquFbHRkiDTX8RPtq+1ZGpl2+u2DlKIyPrkr8UZyZPVVjHd
+ACyG4rJdFy/XVS3cGSQ0Nkp/Ml706oSOUklRPzQEumZt6UkdgRYt9VlLL65CzIrF
+qW34v0olgD5pVM4hIKIV8GgqGCqKhfsj8Mv6kQ2iO4/Wu32iwwezGpqO5pOUVJLB
+t/22iNxBAoGBAOmHHUN9Vl5wnZ88/TG1zU4aom/PHNiPCym1Zr4MekdMtCOFo+i/
+8hB+X8ZfR8VfQpzF2TdvCde0f/nQCT7ixCFmx5ZgD6QqDU2oHqV1N+/6k3IFGG8X
+BFcKMOyRU866E7RknMQfXmKc0V9BFnwo1hFfNlaQNUsiT6BX9TXvDzBVAoGBAMu9
+Vpnv95FbFAb3+5gLABfFu9jUDSIanE+YJgtm5akDxF5paYZNTUcTe0KwT/h/nqyU
+EyHeb32IbKUOzEmN1RlvfIec2QmZJk0u6TfLRLmORsBxM5z5dn+mvJwsYHaam0iI
+pdpbnObCH+dIgGrn6zPPgaLr/NQ/GJMbVpGTVAhpAoGAc9p9MRtAOvABspsuPXgl
+F2dtSKzmcaVdc160TvqfuzmZcLn/HBwFuhsH5sEkOQ3OXTpmTfL/Xg0FJGkJ/THA
+/ZUg1UBo4heeq/UI5yrlCmA0v+85NPulQo0iwmpCup9j4S28/CtXxvJniKsgvY4A
+zXN/4KgAWHr4J+MbGpuz3FUCgYB6ACr3iyaoN+3KLnzOEug/U/ykXnZu0ZiAYQ+H
+DFrB1qukDWNPNMLtqNDKomGA4IrXtOOwCE6i0SqdvDrAYNoWnRfo7RdaFAdHeKvW
+6TWCF5xuaFsLyKYY0nNm4XvyCaqqyIjoNKvD0sLf8B5V5gKFx+BM+xsuzYmdrWUt
+Txem4QKBgQDGTEuEy8lX3AO7+iSwjgOC0mooLOR6MoH3iH81GUj+IuiwngIDRtHj
+gIh0mNu6vgQkfBkaP27tyr00PBi3SIGAJOLaTKimjEOk0plTw1ewt4apMlhdcT/f
+eVEUD7zpX3v1a8mN34wCRUEilpfMvEpIxW3GnDRzxVaXerydLiApJQ==
+-----END RSA PRIVATE KEY-----

tools/ci/mypy_ignore_list.txt

@@ -97,6 +97,8 @@ examples/protocols/mqtt/ssl_ds/configure_ds.py
 examples/protocols/mqtt/tcp/mqtt_tcp_example_test.py
 examples/protocols/mqtt/ws/mqtt_ws_example_test.py
 examples/protocols/mqtt/wss/mqtt_wss_example_test.py
+examples/protocols/openssl_client/example_test.py
+examples/protocols/openssl_server/example_test.py
 examples/protocols/pppos_client/example_test.py
 examples/protocols/sntp/example_test.py
 examples/protocols/sockets/tcp_client/example_test.py