mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
Merge branch 'test/esp_ssl_example' into 'master'
examples: Add esp-ssl example tests server/client Closes IDF-1156 See merge request espressif/esp-idf!12366
This commit is contained in:
commit
f14cdd8a31
@ -8,3 +8,11 @@ set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_exam
|
||||
|
||||
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
|
||||
project(openssl_client)
|
||||
|
||||
if(CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN)
|
||||
# This ca.crt is used when connecting to local(python executed) server
|
||||
target_add_binary_data(openssl_client.elf "server_certs/ca.crt" TEXT)
|
||||
else()
|
||||
# This ca.crt is used when connecting to www.baidu.com
|
||||
target_add_binary_data(openssl_client.elf "main/baidu_ca.crt" TEXT)
|
||||
endif()
|
||||
|
@ -1,17 +1,67 @@
|
||||
# Openssl Example
|
||||
# OpenSSL Client Example
|
||||
|
||||
The Example contains of OpenSSL client demo.
|
||||
(See the README.md file in the upper level 'examples' directory for more information about examples.)
|
||||
|
||||
Open the project configuration menu (`idf.py menuconfig`):
|
||||
This example shows how to set up esp openssl client and communicate over ssl transport layer.
|
||||
|
||||
* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../README.md) for more details.
|
||||
## How to use example
|
||||
|
||||
### Python scripts
|
||||
|
||||
Script example_test.py could be used as a client part to the ESP-OPENSSL server demo,
|
||||
|
||||
```
|
||||
python example_test.py
|
||||
```
|
||||
Note that this script is used in automated tests, as well, so the IDF test framework packages need to be imported;
|
||||
please add `$IDF_PATH/tools/ci/python_packages` to `PYTHONPATH`.
|
||||
|
||||
### Hardware Required
|
||||
|
||||
This example can be executed on any ESP32 board, the only required interface is WiFi and connection to internet.
|
||||
|
||||
### Configure the project
|
||||
|
||||
* Open the project configuration menu (`idf.py menuconfig`)
|
||||
* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../../README.md) for more details.
|
||||
* Configure the openssl client endpoint URI under "Example Configuration", if "OPENSSL_CLIENT_URI_FROM_STDIN" is selected then the example application will connect to the URI it reads from stdin (used for testing)
|
||||
|
||||
* When using Make build system, set `Default serial port` under `Serial flasher config`.
|
||||
|
||||
* Configure target domain and port number under "Example Configuration"
|
||||
* When using OPENSSL_CLIENT_URI_FROM_STRING configure target domain and port number under "Example Configuration"
|
||||
|
||||
If you want to test the OpenSSL client demo:
|
||||
1. compile the code and load the firmware
|
||||
2. open the UART TTY, then you can see it print the context of target domain
|
||||
* Please note that verification mode is VERIFY_PEER by default, that's why during connection to public host('www.baidu.com') it's needed to use
|
||||
appropriate certificates('baidu_ca.crt'), or it is needed to change verify mode to VERIFY_NONE.
|
||||
|
||||
See the README.md file in the upper level 'examples' directory for more information about examples.
|
||||
### Build and Flash
|
||||
|
||||
Build the project and flash it to the board, then run monitor tool to view serial output:
|
||||
|
||||
```
|
||||
idf.py -p PORT flash monitor
|
||||
```
|
||||
|
||||
(To exit the serial monitor, type ``Ctrl-]``.)
|
||||
|
||||
See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects.
|
||||
|
||||
## Example Output
|
||||
|
||||
```
|
||||
I (2601) esp_netif_handlers: example_connect: sta ip: 192.168.1.191, mask: 255.255.255.0, gw: 192.168.1.1
|
||||
I (2601) example_connect: Got IPv4 event: Interface "example_connect: sta" address: 192.168.1.191
|
||||
I (3601) example_connect: Got IPv6 event: Interface "example_connect: sta" address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL
|
||||
I (3601) example_connect: Connected to example_connect: sta
|
||||
I (3611) example_connect: - IPv4 address: 192.168.1.191
|
||||
I (3611) example_connect: - IPv6 address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL
|
||||
I (3631) openssl_example: Test started
|
||||
I (3631) openssl_example: Trying connect to www.baidu.com port 443 ...
|
||||
I (3641) openssl_example: DNS lookup succeeded. IP=103.235.46.39
|
||||
I (4101) openssl_example: OK
|
||||
I (4101) openssl_example: Create SSL obj
|
||||
I (4101) openssl_example: OK
|
||||
I (4101) openssl_example: SSL verify mode = 0 connected to www.baidu.com port 443 ...
|
||||
I (8091) openssl_example: OK
|
||||
I (8091) openssl_example: SSL Connection Succeed
|
||||
|
||||
```
|
||||
|
126
examples/protocols/openssl_client/example_test.py
Normal file
126
examples/protocols/openssl_client/example_test.py
Normal file
@ -0,0 +1,126 @@
|
||||
from __future__ import print_function, unicode_literals
|
||||
|
||||
import os
|
||||
import re
|
||||
import socket
|
||||
import ssl
|
||||
from threading import Event, Thread
|
||||
|
||||
import ttfw_idf
|
||||
|
||||
SERVER_CERTS_DIR = 'server_certs/'
|
||||
|
||||
|
||||
def _path(f):
|
||||
return os.path.join(os.path.dirname(os.path.realpath(__file__)),f)
|
||||
|
||||
|
||||
def get_my_ip():
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
||||
try:
|
||||
# doesn't even have to be reachable
|
||||
s.connect(('10.255.255.255', 1))
|
||||
IP = s.getsockname()[0]
|
||||
except socket.error:
|
||||
IP = '127.0.0.1'
|
||||
finally:
|
||||
s.close()
|
||||
return IP
|
||||
|
||||
|
||||
# Simple TLS server
|
||||
class TlsServer:
|
||||
|
||||
def __init__(self, port, negotiated_protocol=ssl.PROTOCOL_TLSv1):
|
||||
self.port = port
|
||||
self.socket = socket.socket()
|
||||
self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
|
||||
self.socket.settimeout(20.0)
|
||||
self.shutdown = Event()
|
||||
self.negotiated_protocol = negotiated_protocol
|
||||
self.conn = None
|
||||
self.ssl_error = None
|
||||
self.server_thread = None
|
||||
|
||||
def __enter__(self):
|
||||
try:
|
||||
self.socket.bind(('', self.port))
|
||||
except socket.error as e:
|
||||
print('Bind failed:{}'.format(e))
|
||||
raise
|
||||
|
||||
self.socket.listen(1)
|
||||
self.server_thread = Thread(target=self.run_server)
|
||||
self.server_thread.start()
|
||||
|
||||
return self
|
||||
|
||||
def __exit__(self, exc_type, exc_value, traceback):
|
||||
self.shutdown.set()
|
||||
self.server_thread.join()
|
||||
self.socket.close()
|
||||
if (self.conn is not None):
|
||||
self.conn.close()
|
||||
|
||||
def run_server(self):
|
||||
ctx = ssl.SSLContext(self.negotiated_protocol)
|
||||
ctx.load_cert_chain(certfile=_path(SERVER_CERTS_DIR + 'ca.crt'), keyfile=_path(SERVER_CERTS_DIR + 'ca.key'))
|
||||
self.socket = ctx.wrap_socket(self.socket, server_side=True)
|
||||
try:
|
||||
print('Listening socket')
|
||||
self.conn, address = self.socket.accept() # accept new connection
|
||||
self.socket.settimeout(20.0)
|
||||
print(' - connection from: {}'.format(address))
|
||||
except ssl.SSLError as e:
|
||||
self.conn = None
|
||||
self.ssl_error = str(e)
|
||||
print(' - SSLError: {}'.format(str(e)))
|
||||
|
||||
|
||||
def test_echo(dut):
|
||||
dut.expect('SSL Connection Succeed')
|
||||
print('SSL Connection Succeed')
|
||||
|
||||
|
||||
@ttfw_idf.idf_example_test(env_tag='Example_WIFI')
|
||||
def test_example_protocol_openssl_client(env, extra_data):
|
||||
"""
|
||||
steps:
|
||||
1. join AP
|
||||
2. connect to uri "xxxx.xxxx.xxxx.xxxx:port"
|
||||
3. send and receive data
|
||||
"""
|
||||
dut1 = env.get_dut('openssl_client', 'examples/protocols/openssl_client', dut_class=ttfw_idf.ESP32DUT)
|
||||
# check and log bin size
|
||||
binary_file = os.path.join(dut1.app.binary_path, 'openssl_client.bin')
|
||||
binary_size = os.path.getsize(binary_file)
|
||||
ttfw_idf.log_performance('openssl_client_bin_size', '{}KB'.format(binary_size // 1024))
|
||||
|
||||
try:
|
||||
if 'CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN' in dut1.app.get_sdkconfig():
|
||||
uri_from_stdin = True
|
||||
else:
|
||||
uri = dut1.app.get_sdkconfig()['CONFIG_EXAMPLE_OPENSSL_CLIENT_TARGET_DOMAIN'].strip('"')
|
||||
uri_from_stdin = False
|
||||
except Exception:
|
||||
print('ENV_TEST_FAILURE: Cannot find target domain in sdkconfig')
|
||||
raise
|
||||
|
||||
# start test
|
||||
dut1.start_app()
|
||||
dut1.expect(re.compile(r' IPv4 address: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'), timeout=30)
|
||||
ip = get_my_ip()
|
||||
|
||||
if uri_from_stdin:
|
||||
server_port = 2222
|
||||
with TlsServer(server_port, negotiated_protocol=ssl.PROTOCOL_TLSv1_1):
|
||||
print('Starting test')
|
||||
dut1.write('{} {}'.format(ip, server_port))
|
||||
dut1.expect(re.compile('SSL Connection Succeed'), timeout=10)
|
||||
else:
|
||||
print('DUT connecting to {}'.format(uri))
|
||||
test_echo(dut1)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
test_example_protocol_openssl_client()
|
@ -1,15 +1,27 @@
|
||||
menu "Example Configuration"
|
||||
|
||||
config TARGET_DOMAIN
|
||||
choice EXAMPLE_OPENSSL_CLIENT_URI_SOURCE
|
||||
prompt "SSL Client URI source"
|
||||
default EXAMPLE_OPENSSL_CLIENT_URI_FROM_STRING
|
||||
help
|
||||
Selects the source of the URI used in the example.
|
||||
|
||||
config EXAMPLE_OPENSSL_CLIENT_URI_FROM_STRING
|
||||
bool "From string"
|
||||
|
||||
config EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN
|
||||
bool "From stdin"
|
||||
endchoice
|
||||
|
||||
config EXAMPLE_OPENSSL_CLIENT_TARGET_DOMAIN
|
||||
string "Target Domain"
|
||||
default "www.baidu.com"
|
||||
help
|
||||
Target domain for the example to connect to.
|
||||
|
||||
config TARGET_PORT_NUMBER
|
||||
int "Target port number"
|
||||
range 0 65535
|
||||
default 443
|
||||
config EXAMPLE_OPENSSL_CLIENT_TARGET_PORT
|
||||
string "Target port number"
|
||||
default "443"
|
||||
help
|
||||
Target port number for the example to connect to.
|
||||
|
||||
|
26
examples/protocols/openssl_client/main/baidu_ca.crt
Normal file
26
examples/protocols/openssl_client/main/baidu_ca.crt
Normal file
@ -0,0 +1,26 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkG
|
||||
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
|
||||
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw
|
||||
MDBaFw0yNDAyMjAxMDAwMDBaMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
|
||||
YWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW
|
||||
YWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
||||
DwAwggEKAoIBAQDHDmw/I5N/zHClnSDDDlM/fsBOwphJykfVI+8DNIV0yKMCLkZc
|
||||
C33JiJ1Pi/D4nGyMVTXbv/Kz6vvjVudKRtkTIso21ZvBqOOWQ5PyDLzm+ebomchj
|
||||
SHh/VzZpGhkdWtHUfcKc1H/hgBKueuqI6lfYygoKOhJJomIZeg0k9zfrtHOSewUj
|
||||
mxK1zusp36QUArkBpdSmnENkiN74fv7j9R7l/tyjqORmMdlMJekYuYlZCa7pnRxt
|
||||
Nw9KHjUgKOKv1CGLAcRFrW4rY6uSa2EKTSDtc7p8zv4WtdufgPDWi2zZCHlKT3hl
|
||||
2pK8vjX5s8T5J4BO/5ZS5gIg4Qdz6V0rvbLxAgMBAAGjggElMIIBITAOBgNVHQ8B
|
||||
Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUlt5h8b0cFilT
|
||||
HMDMfTuDAEDmGnwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0
|
||||
dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCow
|
||||
KKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYB
|
||||
BQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNv
|
||||
bS9yb290cjEwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZI
|
||||
hvcNAQELBQADggEBAEYq7l69rgFgNzERhnF0tkZJyBAW/i9iIxerH4f4gu3K3w4s
|
||||
32R1juUYcqeMOovJrKV3UPfvnqTgoI8UV6MqX+x+bRDmuo2wCId2Dkyy2VG7EQLy
|
||||
XN0cvfNVlg/UBsD84iOKJHDTu/B5GqdhcIOKrwbFINihY9Bsrk8y1658GEV1BSl3
|
||||
30JAZGSGvip2CTFvHST0mdCF/vIhCPnG9vHQWe3WVjwIKANnuvD58ZAWR65n5ryA
|
||||
SOlCdjSXVWkkDoPWoC209fN5ikkodBpBocLTJIg1MGCUF7ThBCIxPTsvFwayuJ2G
|
||||
K1pp74P1S8SqtCr4fKGxhZSM9AyHDPSsQPhZSZg=
|
||||
-----END CERTIFICATE-----
|
@ -1,3 +1,10 @@
|
||||
#
|
||||
# Main Makefile. This is basically the same as a component makefile.
|
||||
#
|
||||
|
||||
ifdef CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN
|
||||
COMPONENT_EMBED_TXTFILES := ${PROJECT_PATH}/server_certs/ca.crt
|
||||
else
|
||||
COMPONENT_EMBED_TXTFILES := ${PROJECT_PATH}/main/baidu_ca.crt
|
||||
endif
|
||||
COMPONENT_EMBED_TXTFILES += ${PROJECT_PATH}/server_certs/ca.key
|
||||
|
@ -17,17 +17,15 @@
|
||||
the config you want - ie #define OPENSSL_EXAMPLE_TARGET_NAME "www.baidu.com"
|
||||
and ie #define OPENSSL_EXAMPLE_TARGET_TCP_PORT 433
|
||||
*/
|
||||
#define OPENSSL_EXAMPLE_TARGET_NAME CONFIG_TARGET_DOMAIN
|
||||
#define OPENSSL_EXAMPLE_TARGET_TCP_PORT CONFIG_TARGET_PORT_NUMBER
|
||||
#define EXAMPLE_OPENSSL_TARGET_DOMAIN CONFIG_EXAMPLE_OPENSSL_CLIENT_TARGET_DOMAIN
|
||||
#define EXAMPLE_OPENSSL_TARGET_PORT CONFIG_EXAMPLE_OPENSSL_CLIENT_TARGET_PORT
|
||||
|
||||
#define OPENSSL_EXAMPLE_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n"
|
||||
#define EXAMPLE_OPENSSL_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n"
|
||||
|
||||
#define OPENSSL_EXAMPLE_TASK_NAME "openssl_example"
|
||||
#define OPENSSL_EXAMPLE_TASK_STACK_WORDS 10240
|
||||
#define OPENSSL_EXAMPLE_TASK_PRIORITY 8
|
||||
#define EXAMPLE_OPENSSL_TASK_NAME "openssl_example"
|
||||
#define EXAMPLE_OPENSSL_TASK_STACK_WORDS 10240
|
||||
#define EXAMPLE_OPENSSL_TASK_PRIORITY 8
|
||||
|
||||
#define OPENSSL_EXAMPLE_RECV_BUF_LEN 1024
|
||||
|
||||
#define OPENSSL_EXAMPLE_LOCAL_TCP_PORT 443
|
||||
#define EXAMPLE_OPENSSL_RECV_BUF_LEN 1024
|
||||
|
||||
#endif
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* OpenSSL client Example
|
||||
/* OpenSSL Client Example
|
||||
|
||||
This example code is in the Public Domain (or CC0 licensed, at your option.)
|
||||
|
||||
@ -6,172 +6,151 @@
|
||||
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
|
||||
CONDITIONS OF ANY KIND, either express or implied.
|
||||
*/
|
||||
|
||||
#include "openssl_client_example.h"
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "openssl/ssl.h"
|
||||
|
||||
#include "freertos/FreeRTOS.h"
|
||||
#include "freertos/task.h"
|
||||
#include "lwip/netdb.h"
|
||||
#include "lwip/sockets.h"
|
||||
|
||||
#include "esp_log.h"
|
||||
#include "esp_wifi.h"
|
||||
#include "esp_event.h"
|
||||
#include "nvs_flash.h"
|
||||
#include "esp_netif.h"
|
||||
#include "esp_event.h"
|
||||
#include "esp_log.h"
|
||||
|
||||
#include "protocol_examples_common.h"
|
||||
|
||||
#include "lwip/sockets.h"
|
||||
#include "lwip/netdb.h"
|
||||
|
||||
const static char *TAG = "openssl_example";
|
||||
static const char *TAG = "openssl_example";
|
||||
|
||||
static void openssl_example_task(void *p)
|
||||
static int open_connection(const char *host, char *port)
|
||||
{
|
||||
int ret;
|
||||
SSL_CTX *ctx;
|
||||
SSL *ssl;
|
||||
const struct addrinfo hints = {
|
||||
.ai_family = AF_INET,
|
||||
.ai_socktype = SOCK_STREAM,
|
||||
};
|
||||
struct addrinfo * res;
|
||||
struct in_addr *addr;
|
||||
int sd;
|
||||
int err = getaddrinfo(host, port, &hints, &res);
|
||||
if (err < 0) {
|
||||
ESP_LOGE(TAG, "getaddrinfo() failed for IPV4 destination address. error: %d", err);
|
||||
return -1;
|
||||
}
|
||||
if (res == 0) {
|
||||
ESP_LOGE(TAG, "getaddrinfo() did not return any addresses");
|
||||
return -1;
|
||||
}
|
||||
addr = &((struct sockaddr_in *)res->ai_addr)->sin_addr;
|
||||
ESP_LOGI(TAG, "DNS lookup succeeded. IP=%s", inet_ntoa(*addr));
|
||||
sd = socket(res->ai_family, res->ai_socktype, 0);
|
||||
if(sd < 0) {
|
||||
ESP_LOGE(TAG, "Failed to allocate socket.");
|
||||
freeaddrinfo(res);
|
||||
return -1;
|
||||
}
|
||||
if (connect(sd, res->ai_addr, res->ai_addrlen) != 0) {
|
||||
ESP_LOGE(TAG, "Socket connect failed");
|
||||
return -1;
|
||||
}
|
||||
return sd;
|
||||
}
|
||||
|
||||
static SSL_CTX* init_contex(void)
|
||||
{
|
||||
|
||||
#if CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN
|
||||
extern const unsigned char cacert_pem_start[] asm("_binary_ca_crt_start");
|
||||
extern const unsigned char cacert_pem_end[] asm("_binary_ca_crt_end");
|
||||
#else
|
||||
extern const unsigned char cacert_pem_start[] asm("_binary_baidu_ca_crt_start");
|
||||
extern const unsigned char cacert_pem_end[] asm("_binary_baidu_ca_crt_end");
|
||||
#endif
|
||||
const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start;
|
||||
|
||||
const SSL_METHOD *mtd = TLSv1_1_client_method();
|
||||
SSL_CTX *ctx = SSL_CTX_new(mtd); /* Create new context */
|
||||
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
|
||||
|
||||
X509 *x = d2i_X509(NULL, cacert_pem_start, cacert_pem_bytes);
|
||||
if(!x) {
|
||||
ESP_LOGI(TAG,"Loading certs failed \n");
|
||||
}
|
||||
SSL_CTX_add_client_CA(ctx, x);
|
||||
|
||||
return ctx;
|
||||
}
|
||||
|
||||
static void start_example(const char *host, char *port)
|
||||
{
|
||||
SSL_CTX *ctx = NULL;
|
||||
SSL *ssl = NULL;
|
||||
int sockfd;
|
||||
struct sockaddr_in sock_addr;
|
||||
struct hostent *hp;
|
||||
struct ip4_addr *ip4_addr;
|
||||
int ret;
|
||||
|
||||
int recv_bytes = 0;
|
||||
char recv_buf[OPENSSL_EXAMPLE_RECV_BUF_LEN];
|
||||
|
||||
const char send_data[] = OPENSSL_EXAMPLE_REQUEST;
|
||||
const int send_bytes = sizeof(send_data);
|
||||
|
||||
ESP_LOGI(TAG, "OpenSSL demo thread start OK");
|
||||
|
||||
ESP_LOGI(TAG, "get target IP address");
|
||||
hp = gethostbyname(OPENSSL_EXAMPLE_TARGET_NAME);
|
||||
if (!hp) {
|
||||
ESP_LOGI(TAG, "failed");
|
||||
goto failed1;
|
||||
}
|
||||
ESP_LOGI(TAG, "OK");
|
||||
|
||||
ip4_addr = (struct ip4_addr *)hp->h_addr;
|
||||
ESP_LOGI(TAG, IPSTR, IP2STR(ip4_addr));
|
||||
|
||||
ESP_LOGI(TAG, "create SSL context ......");
|
||||
ctx = SSL_CTX_new(TLSv1_1_client_method());
|
||||
ctx = init_contex();
|
||||
if (!ctx) {
|
||||
ESP_LOGI(TAG, "failed");
|
||||
ESP_LOGE(TAG, "Failed");
|
||||
goto failed1;
|
||||
}
|
||||
ESP_LOGI(TAG, "Trying connect to %s port %s ...", host, port);
|
||||
sockfd = open_connection(host, port);
|
||||
if(sockfd < 0) {
|
||||
ESP_LOGE(TAG,"Failed");
|
||||
goto failed1;
|
||||
}
|
||||
ESP_LOGI(TAG, "OK");
|
||||
|
||||
ESP_LOGI(TAG, "create socket ......");
|
||||
sockfd = socket(AF_INET, SOCK_STREAM, 0);
|
||||
if (sockfd < 0) {
|
||||
ESP_LOGI(TAG, "failed");
|
||||
ESP_LOGI(TAG, "Create SSL obj");
|
||||
ssl = SSL_new(ctx);
|
||||
if (!ssl) {
|
||||
ESP_LOGE(TAG,"Failed");
|
||||
goto failed2;
|
||||
}
|
||||
ESP_LOGI(TAG, "OK");
|
||||
|
||||
ESP_LOGI(TAG, "bind socket ......");
|
||||
memset(&sock_addr, 0, sizeof(sock_addr));
|
||||
sock_addr.sin_family = AF_INET;
|
||||
sock_addr.sin_addr.s_addr = 0;
|
||||
sock_addr.sin_port = htons(OPENSSL_EXAMPLE_LOCAL_TCP_PORT);
|
||||
ret = bind(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
|
||||
if (ret) {
|
||||
ESP_LOGI(TAG, "failed");
|
||||
goto failed3;
|
||||
}
|
||||
ESP_LOGI(TAG, "OK");
|
||||
|
||||
ESP_LOGI(TAG, "socket connect to remote %s ......", OPENSSL_EXAMPLE_TARGET_NAME);
|
||||
memset(&sock_addr, 0, sizeof(sock_addr));
|
||||
sock_addr.sin_family = AF_INET;
|
||||
sock_addr.sin_addr.s_addr = ip4_addr->addr;
|
||||
sock_addr.sin_port = htons(OPENSSL_EXAMPLE_TARGET_TCP_PORT);
|
||||
ret = connect(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
|
||||
if (ret) {
|
||||
ESP_LOGI(TAG, "failed");
|
||||
goto failed3;
|
||||
}
|
||||
ESP_LOGI(TAG, "OK");
|
||||
|
||||
ESP_LOGI(TAG, "create SSL ......");
|
||||
ssl = SSL_new(ctx);
|
||||
if (!ssl) {
|
||||
ESP_LOGI(TAG, "failed");
|
||||
goto failed3;
|
||||
}
|
||||
ESP_LOGI(TAG, "OK");
|
||||
|
||||
SSL_set_fd(ssl, sockfd);
|
||||
|
||||
ESP_LOGI(TAG, "SSL connected to %s port %d ......",
|
||||
OPENSSL_EXAMPLE_TARGET_NAME, OPENSSL_EXAMPLE_TARGET_TCP_PORT);
|
||||
ret = SSL_connect(ssl);
|
||||
if (!ret) {
|
||||
ESP_LOGI(TAG, "failed " );
|
||||
goto failed4;
|
||||
}
|
||||
ESP_LOGI(TAG, "OK");
|
||||
|
||||
ESP_LOGI(TAG, "send https request to %s port %d ......",
|
||||
OPENSSL_EXAMPLE_TARGET_NAME, OPENSSL_EXAMPLE_TARGET_TCP_PORT);
|
||||
ret = SSL_write(ssl, send_data, send_bytes);
|
||||
if (ret <= 0) {
|
||||
ESP_LOGI(TAG, "failed");
|
||||
goto failed5;
|
||||
ESP_LOGE(TAG,"SSL Connection Failed");
|
||||
goto failed3;
|
||||
}
|
||||
ESP_LOGI(TAG, "OK");
|
||||
|
||||
do {
|
||||
ret = SSL_read(ssl, recv_buf, OPENSSL_EXAMPLE_RECV_BUF_LEN - 1);
|
||||
if (ret <= 0) {
|
||||
break;
|
||||
}
|
||||
recv_buf[ret] = '\0';
|
||||
recv_bytes += ret;
|
||||
ESP_LOGI(TAG, "%s", recv_buf);
|
||||
} while (1);
|
||||
|
||||
ESP_LOGI(TAG, "totally read %d bytes data from %s ......", recv_bytes, OPENSSL_EXAMPLE_TARGET_NAME);
|
||||
|
||||
failed5:
|
||||
SSL_shutdown(ssl);
|
||||
failed4:
|
||||
ESP_LOGI(TAG,"SSL Connection Succeed");
|
||||
failed3:
|
||||
SSL_free(ssl);
|
||||
ssl = NULL;
|
||||
failed3:
|
||||
failed2:
|
||||
close(sockfd);
|
||||
sockfd = -1;
|
||||
failed2:
|
||||
failed1:
|
||||
SSL_CTX_free(ctx);
|
||||
ctx = NULL;
|
||||
failed1:
|
||||
vTaskDelete(NULL);
|
||||
return ;
|
||||
}
|
||||
|
||||
static void openssl_example_client_init(void)
|
||||
#if CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN
|
||||
static void get_string(char *line, size_t size)
|
||||
{
|
||||
int ret;
|
||||
xTaskHandle openssl_handle;
|
||||
|
||||
ret = xTaskCreate(openssl_example_task,
|
||||
OPENSSL_EXAMPLE_TASK_NAME,
|
||||
OPENSSL_EXAMPLE_TASK_STACK_WORDS,
|
||||
NULL,
|
||||
OPENSSL_EXAMPLE_TASK_PRIORITY,
|
||||
&openssl_handle);
|
||||
|
||||
if (ret != pdPASS) {
|
||||
ESP_LOGI(TAG, "create thread %s failed", OPENSSL_EXAMPLE_TASK_NAME);
|
||||
int count = 0;
|
||||
while (count < size) {
|
||||
int c = fgetc(stdin);
|
||||
if (c == '\n') {
|
||||
line[count] = '\0';
|
||||
break;
|
||||
} else if (c > 0 && c < 127) {
|
||||
line[count] = c;
|
||||
++count;
|
||||
}
|
||||
vTaskDelay(10 / portTICK_PERIOD_MS);
|
||||
}
|
||||
}
|
||||
#endif /* CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN */
|
||||
|
||||
void app_main(void)
|
||||
{
|
||||
char host[128] = EXAMPLE_OPENSSL_TARGET_DOMAIN;
|
||||
char port[32] = EXAMPLE_OPENSSL_TARGET_PORT;
|
||||
|
||||
ESP_LOGI(TAG, "[APP] Startup..");
|
||||
ESP_LOGI(TAG, "[APP] Free memory: %d bytes", esp_get_free_heap_size());
|
||||
ESP_LOGI(TAG, "[APP] IDF version: %s", esp_get_idf_version());
|
||||
|
||||
ESP_ERROR_CHECK(nvs_flash_init());
|
||||
ESP_ERROR_CHECK(esp_netif_init());
|
||||
ESP_ERROR_CHECK(esp_event_loop_create_default());
|
||||
@ -182,5 +161,10 @@ void app_main(void)
|
||||
*/
|
||||
ESP_ERROR_CHECK(example_connect());
|
||||
|
||||
openssl_example_client_init();
|
||||
#if CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN
|
||||
char line[256] = "";
|
||||
get_string(line, sizeof(line));
|
||||
sscanf(line, "%s %s", host, port);
|
||||
#endif /* CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN */
|
||||
start_example(host, port);
|
||||
}
|
||||
|
2
examples/protocols/openssl_client/sdkconfig.ci
Normal file
2
examples/protocols/openssl_client/sdkconfig.ci
Normal file
@ -0,0 +1,2 @@
|
||||
CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN=y
|
||||
CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STRING=n
|
20
examples/protocols/openssl_client/server_certs/ca.crt
Normal file
20
examples/protocols/openssl_client/server_certs/ca.crt
Normal file
@ -0,0 +1,20 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDTTCCAjWgAwIBAgIUe0ZW+zwJ0KauAHVreTmv8xqC9QgwDQYJKoZIhvcNAQEL
|
||||
BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM
|
||||
CUVzcHJlc3NpZjAeFw0yMDA5MjMwNzU1NTRaFw00ODAyMDkwNzU1NTRaMDYxCzAJ
|
||||
BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz
|
||||
aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52tv077MpX817BVUP
|
||||
yjmz/Nk1Tj7Za4pHlpVlbRRSlEz5h/62s7arB6dq9K2kC7fTIkw6MN/Qp4zPZ1Ug
|
||||
0abzZesb71w3NLhw9ModiakDkvdRoDORXbxeJuxHbJyui/8N9UNJfb3IOPX/nSP+
|
||||
coDWrkk0GrJbLwU1aLf7zr00iY2yx+lAEd75ElXhKrheUJJ/dpKYl4ZcGSm55WkQ
|
||||
tJi5dHfZCx1dDXnt49q5hbGa7lsOwdIdE7xM4NtqWo61LJ2Z/scbha48RMvEAnAl
|
||||
IfG9VcfjfOY1Y3LZemXS1NhuGRRgT3hc/xJFyTja4zg71XK1Z5VJO/QShFuDWnkx
|
||||
oXrdAgMBAAGjUzBRMB0GA1UdDgQWBBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAfBgNV
|
||||
HSMEGDAWgBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAPBgNVHRMBAf8EBTADAQH/MA0G
|
||||
CSqGSIb3DQEBCwUAA4IBAQBqu44Bdq2JWAx3gDrIz42Vvocq4kRkNEg2C00b7OEU
|
||||
Hi/zm2JTOyoHQfLZWc1Y6dzcPTbA/+7JFgnlgyzfH4YCi8YosEjRB+cBqEwDeeGY
|
||||
XS0vKxEG69vDb/neqsKsWawKU7P8TVar7qg/41eqoC84o/d23eBFJ0Tr/3EWO5hr
|
||||
8ct2mSLkewCJIzxqQIsORynxjd7K9N2Dxb7Lg7kremM+nADfrbArSh443t+G9YEY
|
||||
fDatlIgFXietPyg6i27Aob5Ogs5gmbdY2swEoYfnrN++DpLyLoPB9Y1t/691CkNF
|
||||
AzCQft+CFyZfNXbjHBE7q3s660/UkC20OyHFyFt9C0q2
|
||||
-----END CERTIFICATE-----
|
27
examples/protocols/openssl_client/server_certs/ca.key
Normal file
27
examples/protocols/openssl_client/server_certs/ca.key
Normal file
@ -0,0 +1,27 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAudrb9O+zKV/NewVVD8o5s/zZNU4+2WuKR5aVZW0UUpRM+Yf+
|
||||
trO2qwenavStpAu30yJMOjDf0KeMz2dVINGm82XrG+9cNzS4cPTKHYmpA5L3UaAz
|
||||
kV28XibsR2ycrov/DfVDSX29yDj1/50j/nKA1q5JNBqyWy8FNWi3+869NImNssfp
|
||||
QBHe+RJV4Sq4XlCSf3aSmJeGXBkpueVpELSYuXR32QsdXQ157ePauYWxmu5bDsHS
|
||||
HRO8TODbalqOtSydmf7HG4WuPETLxAJwJSHxvVXH43zmNWNy2Xpl0tTYbhkUYE94
|
||||
XP8SRck42uM4O9VytWeVSTv0EoRbg1p5MaF63QIDAQABAoIBAQC480UkcEz4hW/0
|
||||
VpAZkILvzFVTKLR+pPgM2Zt+PZiVvSMExwMBScIkXQ+L7kXGFCswntcAqZZxC+ui
|
||||
khAzAq+DVA8t03sPLRXGwrNHxbA98EjSH/xxUribcVx8j2c0g/ijKUl2nvz3fUfA
|
||||
wd4J3mS8PuB2S4LmHtquFbHRkiDTX8RPtq+1ZGpl2+u2DlKIyPrkr8UZyZPVVjHd
|
||||
ACyG4rJdFy/XVS3cGSQ0Nkp/Ml706oSOUklRPzQEumZt6UkdgRYt9VlLL65CzIrF
|
||||
qW34v0olgD5pVM4hIKIV8GgqGCqKhfsj8Mv6kQ2iO4/Wu32iwwezGpqO5pOUVJLB
|
||||
t/22iNxBAoGBAOmHHUN9Vl5wnZ88/TG1zU4aom/PHNiPCym1Zr4MekdMtCOFo+i/
|
||||
8hB+X8ZfR8VfQpzF2TdvCde0f/nQCT7ixCFmx5ZgD6QqDU2oHqV1N+/6k3IFGG8X
|
||||
BFcKMOyRU866E7RknMQfXmKc0V9BFnwo1hFfNlaQNUsiT6BX9TXvDzBVAoGBAMu9
|
||||
Vpnv95FbFAb3+5gLABfFu9jUDSIanE+YJgtm5akDxF5paYZNTUcTe0KwT/h/nqyU
|
||||
EyHeb32IbKUOzEmN1RlvfIec2QmZJk0u6TfLRLmORsBxM5z5dn+mvJwsYHaam0iI
|
||||
pdpbnObCH+dIgGrn6zPPgaLr/NQ/GJMbVpGTVAhpAoGAc9p9MRtAOvABspsuPXgl
|
||||
F2dtSKzmcaVdc160TvqfuzmZcLn/HBwFuhsH5sEkOQ3OXTpmTfL/Xg0FJGkJ/THA
|
||||
/ZUg1UBo4heeq/UI5yrlCmA0v+85NPulQo0iwmpCup9j4S28/CtXxvJniKsgvY4A
|
||||
zXN/4KgAWHr4J+MbGpuz3FUCgYB6ACr3iyaoN+3KLnzOEug/U/ykXnZu0ZiAYQ+H
|
||||
DFrB1qukDWNPNMLtqNDKomGA4IrXtOOwCE6i0SqdvDrAYNoWnRfo7RdaFAdHeKvW
|
||||
6TWCF5xuaFsLyKYY0nNm4XvyCaqqyIjoNKvD0sLf8B5V5gKFx+BM+xsuzYmdrWUt
|
||||
Txem4QKBgQDGTEuEy8lX3AO7+iSwjgOC0mooLOR6MoH3iH81GUj+IuiwngIDRtHj
|
||||
gIh0mNu6vgQkfBkaP27tyr00PBi3SIGAJOLaTKimjEOk0plTw1ewt4apMlhdcT/f
|
||||
eVEUD7zpX3v1a8mN34wCRUEilpfMvEpIxW3GnDRzxVaXerydLiApJQ==
|
||||
-----END RSA PRIVATE KEY-----
|
@ -8,3 +8,6 @@ set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_exam
|
||||
|
||||
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
|
||||
project(openssl_server)
|
||||
|
||||
target_add_binary_data(openssl_server.elf "server_certs/ca.crt" TEXT)
|
||||
target_add_binary_data(openssl_server.elf "server_certs/ca.key" TEXT)
|
||||
|
@ -1,22 +1,65 @@
|
||||
# Openssl Example
|
||||
# OpenSSL Server Example
|
||||
|
||||
The Example contains of OpenSSL server demo.
|
||||
(See the README.md file in the upper level 'examples' directory for more information about examples.)
|
||||
|
||||
Open the project configuration menu (`idf.py menuconfig`):
|
||||
This example connects to the ESP-OPENSSL server demo using ssl transport and and sends some messages.
|
||||
|
||||
* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../README.md) for more details.
|
||||
## How to use example
|
||||
|
||||
### Python scripts
|
||||
|
||||
Script example_test.py could be used as a client part to the ESP-OPENSSL server demo,
|
||||
|
||||
```
|
||||
python example_test.py
|
||||
```
|
||||
Note that this script is used in automated tests, as well, so the IDF test framework packages need to be imported;
|
||||
please add `$IDF_PATH/tools/ci/python_packages` to `PYTHONPATH`.
|
||||
|
||||
### Hardware Required
|
||||
|
||||
This example can be executed on any ESP32 board, the only required interface is WiFi and connection to internet.
|
||||
|
||||
### Configure the project
|
||||
|
||||
* Open the project configuration menu (`idf.py menuconfig`)
|
||||
* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../../README.md) for more details.
|
||||
* When using Make build system, set `Default serial port` under `Serial flasher config`.
|
||||
|
||||
IF you want to test the OpenSSL server demo:
|
||||
1. compile the code and load the firmware
|
||||
2. input the context of "https://192.168.17.128" into your web browser, the IP of your module may not be 192.168.17.128, you should input your module's IP
|
||||
3. You may see that it shows the website is not able to be trusted, but you should select that "go on to visit it"
|
||||
4. You should wait for a moment until your see the "OpenSSL server demo!" in your web browser
|
||||
### Build and Flash
|
||||
|
||||
Note:
|
||||
The private key and certification at the example are not trusted by web browser, because they are not created by CA official, just by ourselves.
|
||||
You can alse create your own private key and ceritification by "openssl at ubuntu or others".
|
||||
We have the document of "ESP8266_SDKSSL_User_Manual_EN_v1.4.pdf" at "https://www.espressif.com/en/support/download/documents". By it you can gernerate the private key and certification with the fomate of ".pem"
|
||||
Build the project and flash it to the board, then run monitor tool to view serial output:
|
||||
|
||||
See the README.md file in the upper level 'examples' directory for more information about examples.
|
||||
```
|
||||
idf.py -p PORT flash monitor
|
||||
```
|
||||
|
||||
(To exit the serial monitor, type ``Ctrl-]``.)
|
||||
|
||||
See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects.
|
||||
|
||||
## Example Output
|
||||
|
||||
```
|
||||
I (2609) example_connect: Got IPv6 event: Interface "example_connect: sta" address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL
|
||||
I (3609) esp_netif_handlers: example_connect: sta ip: 192.168.1.191, mask: 255.255.255.0, gw: 192.168.1.1
|
||||
I (3609) example_connect: Got IPv4 event: Interface "example_connect: sta" address: 192.168.1.191
|
||||
I (3619) example_connect: Connected to example_connect: sta
|
||||
I (3619) example_connect: - IPv4 address: 192.168.1.191
|
||||
I (3629) example_connect: - IPv6 address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL
|
||||
I (3639) OPENSSL_EXAMPLE: SSL server context create ......
|
||||
I (3649) OPENSSL_EXAMPLE: OK
|
||||
I (3649) OPENSSL_EXAMPLE: SSL server context set own certification......
|
||||
I (3659) OPENSSL_EXAMPLE: OK
|
||||
I (3659) OPENSSL_EXAMPLE: SSL server context set private key......
|
||||
I (3669) OPENSSL_EXAMPLE: OK
|
||||
I (3669) OPENSSL_EXAMPLE: SSL server create socket ......
|
||||
I (3679) OPENSSL_EXAMPLE: OK
|
||||
I (3679) OPENSSL_EXAMPLE: SSL server socket bind ......
|
||||
I (3689) OPENSSL_EXAMPLE: OK
|
||||
I (3689) OPENSSL_EXAMPLE: SSL server socket listen on 443 port
|
||||
I (3699) OPENSSL_EXAMPLE: OK
|
||||
I (3699) OPENSSL_EXAMPLE: SSL server create ......
|
||||
I (3709) OPENSSL_EXAMPLE: OK
|
||||
I (3709) OPENSSL_EXAMPLE: SSL server socket accept client ......
|
||||
```
|
||||
|
47
examples/protocols/openssl_server/example_test.py
Normal file
47
examples/protocols/openssl_server/example_test.py
Normal file
@ -0,0 +1,47 @@
|
||||
from __future__ import print_function, unicode_literals
|
||||
|
||||
import os
|
||||
import re
|
||||
import socket
|
||||
import ssl
|
||||
|
||||
import ttfw_idf
|
||||
|
||||
|
||||
def _path(f):
|
||||
return os.path.join(os.path.dirname(os.path.realpath(__file__)),f)
|
||||
|
||||
|
||||
@ttfw_idf.idf_example_test(env_tag='Example_WIFI')
|
||||
def test_example_protocol_openssl_server(env, extra_data):
|
||||
"""
|
||||
steps:
|
||||
1. join AP
|
||||
2. connect to uri "xxxx.xxxx.xxxx.xxxx:port"
|
||||
3. send data
|
||||
"""
|
||||
dut1 = env.get_dut('openssl_server', 'examples/protocols/openssl_server', dut_class=ttfw_idf.ESP32DUT)
|
||||
# check and log bin size
|
||||
binary_file = os.path.join(dut1.app.binary_path, 'openssl_server.bin')
|
||||
bin_size = os.path.getsize(binary_file)
|
||||
ttfw_idf.log_performance('openssl_server_bin_size', '{}KB'.format(bin_size // 1024))
|
||||
# start test
|
||||
dut1.start_app()
|
||||
ip = dut1.expect(re.compile(r' IPv4 address: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'), timeout=30)[0]
|
||||
port = dut1.expect(re.compile(r' SSL server socket listen on ([0-9]+)'), timeout=30)[0]
|
||||
# create socket
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
sock.settimeout(10)
|
||||
addr = (ip, int(port))
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
|
||||
# wrap socket
|
||||
wrappedSocket = ssl.wrap_socket(sock, ca_certs=_path('server_certs/ca.crt'), cert_reqs=ssl.CERT_REQUIRED)
|
||||
# connect and send data
|
||||
wrappedSocket.connect(addr)
|
||||
wrappedSocket.send('Some Data'.encode())
|
||||
# close socket connection
|
||||
wrappedSocket.close()
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
test_example_protocol_openssl_server()
|
@ -1,4 +1,3 @@
|
||||
# Embed the certificate & key data directly in the built binary
|
||||
idf_component_register(SRCS "openssl_server_example_main.c"
|
||||
INCLUDE_DIRS "."
|
||||
EMBED_TXTFILES cacert.pem prvtkey.pem)
|
||||
INCLUDE_DIRS ".")
|
||||
|
10
examples/protocols/openssl_server/main/Kconfig.projbuild
Normal file
10
examples/protocols/openssl_server/main/Kconfig.projbuild
Normal file
@ -0,0 +1,10 @@
|
||||
menu "Example Configuration"
|
||||
|
||||
config EXAMPLE_OPENSSL_SERVER_PORT
|
||||
int "Target port number"
|
||||
range 0 65535
|
||||
default 443
|
||||
help
|
||||
Target port number for the example to connect to.
|
||||
|
||||
endmenu
|
@ -1,21 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDezCCAmOgAwIBAgIJAPMMNobNczaUMA0GCSqGSIb3DQEBBAUAMHQxEzARBgNV
|
||||
BAMTCk15IFRlc3QgQ0ExCzAJBgNVBAgTAkhaMQswCQYDVQQGEwJDTjEcMBoGCSqG
|
||||
SIb3DQEJARYNdGVzdEBjZXJ0LmNvbTElMCMGA1UEChMcUm9vdCBDZXJ0aWZpY2F0
|
||||
aW9uIEF1dGhvcml0eTAeFw0xNjExMTUwNTA0MThaFw0xOTExMTUwNTA0MThaMHQx
|
||||
EzARBgNVBAMTCk15IFRlc3QgQ0ExCzAJBgNVBAgTAkhaMQswCQYDVQQGEwJDTjEc
|
||||
MBoGCSqGSIb3DQEJARYNdGVzdEBjZXJ0LmNvbTElMCMGA1UEChMcUm9vdCBDZXJ0
|
||||
aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
|
||||
ggEBALDjSPDlomepHCzbw4MUrquQAU0xTV4/Npb27k9I5TRVTjIoOs/5hNI2LPFW
|
||||
e4CREx09ZrT8K3NFOBoSy7bhPAsjGaFxCYYWc9tiX1m5gq3ToVRSmbZ65fE3kvnI
|
||||
8E/d5VyzA0OMmWbfaolBSTMoWgqRynEaT+z1Eh2yDTzVFy9eov1DdQFUqGDqbH5b
|
||||
QYvTY5Fyem7UcKWAe2yS0j3H4dVtVBKNY7qV3Px08yGAs5fQFgUwhyB5+qwhvkeL
|
||||
JdgapGaSTwLgoQKWHbe/lA3NiBIB9hznFUGKo3hmniAvYZbrQcn3tc0l/J4I39v2
|
||||
Pm29FAyjWvQyBkGktz2q4elOZYkCAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zANBgkq
|
||||
hkiG9w0BAQQFAAOCAQEAJCJ+97oae/FcOLbPpjCpUQnWqYydgSChgalkZNvr4fVp
|
||||
TnuNg471l0Y2oTJLoWn2YcbPSFVOEeKkU47mpjMzucHHp0zGaW9SdzhZalWwmbgK
|
||||
q2ijecIbuFHFNedYTk/03K7eaAcjVhD8e0oOJImeLOL6DAFivA1LUnSgXsdGPDtD
|
||||
zhISsCPTu+cL1j0yP6HBvLeAyb8kaCWJ05RtiVLRANNHQn/keHajJYpMwnEEbJdG
|
||||
cqN3whfJoGVbZ6isEf2RQJ0pYRnP7uGLW3wGkLWxfdto8uER8HVDx7fZpevLIqGd
|
||||
1OoSEi3cIJXWBAjx0TLzzhtb6aeIxBJWQqHThtkKdg==
|
||||
-----END CERTIFICATE-----
|
@ -2,5 +2,5 @@
|
||||
# Main Makefile. This is basically the same as a component makefile.
|
||||
#
|
||||
|
||||
COMPONENT_EMBED_TXTFILES := cacert.pem
|
||||
COMPONENT_EMBED_TXTFILES += prvtkey.pem
|
||||
COMPONENT_EMBED_TXTFILES := ${PROJECT_PATH}/server_certs/ca.crt
|
||||
COMPONENT_EMBED_TXTFILES += ${PROJECT_PATH}/server_certs/ca.key
|
||||
|
@ -18,6 +18,6 @@
|
||||
|
||||
#define OPENSSL_EXAMPLE_RECV_BUF_LEN 1024
|
||||
|
||||
#define OPENSSL_EXAMPLE_LOCAL_TCP_PORT 443
|
||||
#define OPENSSL_EXAMPLE_LOCAL_TCP_PORT CONFIG_EXAMPLE_OPENSSL_SERVER_PORT
|
||||
|
||||
#endif
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* OpenSSL server Example
|
||||
/* OpenSSL Server Example
|
||||
|
||||
This example code is in the Public Domain (or CC0 licensed, at your option.)
|
||||
|
||||
@ -27,7 +27,7 @@
|
||||
#include "lwip/netdb.h"
|
||||
|
||||
|
||||
const static char *TAG = "Openssl_example";
|
||||
const static char *TAG = "openssl_example";
|
||||
|
||||
#define OPENSSL_EXAMPLE_SERVER_ACK "HTTP/1.1 200 OK\r\n" \
|
||||
"Content-Type: text/html\r\n" \
|
||||
@ -56,13 +56,13 @@ static void openssl_example_task(void *p)
|
||||
const char send_data[] = OPENSSL_EXAMPLE_SERVER_ACK;
|
||||
const int send_bytes = sizeof(send_data);
|
||||
|
||||
extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start");
|
||||
extern const unsigned char cacert_pem_end[] asm("_binary_cacert_pem_end");
|
||||
const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start;
|
||||
extern const unsigned char ca_crt_start[] asm("_binary_ca_crt_start");
|
||||
extern const unsigned char ca_crt_end[] asm("_binary_ca_crt_end");
|
||||
const unsigned int ca_crt_bytes = ca_crt_end - ca_crt_start;
|
||||
|
||||
extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start");
|
||||
extern const unsigned char prvtkey_pem_end[] asm("_binary_prvtkey_pem_end");
|
||||
const unsigned int prvtkey_pem_bytes = prvtkey_pem_end - prvtkey_pem_start;
|
||||
extern const unsigned char ca_key_start[] asm("_binary_ca_key_start");
|
||||
extern const unsigned char ca_key_end[] asm("_binary_ca_key_end");
|
||||
const unsigned int ca_key_bytes = ca_key_end - ca_key_start;
|
||||
|
||||
ESP_LOGI(TAG, "SSL server context create ......");
|
||||
/* For security reasons, it is best if you can use
|
||||
@ -77,7 +77,7 @@ static void openssl_example_task(void *p)
|
||||
ESP_LOGI(TAG, "OK");
|
||||
|
||||
ESP_LOGI(TAG, "SSL server context set own certification......");
|
||||
ret = SSL_CTX_use_certificate_ASN1(ctx, cacert_pem_bytes, cacert_pem_start);
|
||||
ret = SSL_CTX_use_certificate_ASN1(ctx, ca_crt_bytes, ca_crt_start);
|
||||
if (!ret) {
|
||||
ESP_LOGI(TAG, "failed");
|
||||
goto failed2;
|
||||
@ -85,7 +85,7 @@ static void openssl_example_task(void *p)
|
||||
ESP_LOGI(TAG, "OK");
|
||||
|
||||
ESP_LOGI(TAG, "SSL server context set private key......");
|
||||
ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, prvtkey_pem_start, prvtkey_pem_bytes);
|
||||
ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, ca_key_start, ca_key_bytes);
|
||||
if (!ret) {
|
||||
ESP_LOGI(TAG, "failed");
|
||||
goto failed2;
|
||||
@ -112,7 +112,7 @@ static void openssl_example_task(void *p)
|
||||
}
|
||||
ESP_LOGI(TAG, "OK");
|
||||
|
||||
ESP_LOGI(TAG, "SSL server socket listen ......");
|
||||
ESP_LOGI(TAG, "SSL server socket listen on %d port", OPENSSL_EXAMPLE_LOCAL_TCP_PORT);
|
||||
ret = listen(sockfd, 32);
|
||||
if (ret) {
|
||||
ESP_LOGI(TAG, "failed");
|
||||
@ -207,6 +207,10 @@ static void openssl_server_init(void)
|
||||
|
||||
void app_main(void)
|
||||
{
|
||||
ESP_LOGI(TAG, "[APP] Startup..");
|
||||
ESP_LOGI(TAG, "[APP] Free memory: %d bytes", esp_get_free_heap_size());
|
||||
ESP_LOGI(TAG, "[APP] IDF version: %s", esp_get_idf_version());
|
||||
|
||||
ESP_ERROR_CHECK(nvs_flash_init());
|
||||
ESP_ERROR_CHECK(esp_netif_init());
|
||||
ESP_ERROR_CHECK(esp_event_loop_create_default());
|
||||
|
@ -1,27 +0,0 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAsONI8OWiZ6kcLNvDgxSuq5ABTTFNXj82lvbuT0jlNFVOMig6
|
||||
z/mE0jYs8VZ7gJETHT1mtPwrc0U4GhLLtuE8CyMZoXEJhhZz22JfWbmCrdOhVFKZ
|
||||
tnrl8TeS+cjwT93lXLMDQ4yZZt9qiUFJMyhaCpHKcRpP7PUSHbINPNUXL16i/UN1
|
||||
AVSoYOpsfltBi9NjkXJ6btRwpYB7bJLSPcfh1W1UEo1jupXc/HTzIYCzl9AWBTCH
|
||||
IHn6rCG+R4sl2BqkZpJPAuChApYdt7+UDc2IEgH2HOcVQYqjeGaeIC9hlutByfe1
|
||||
zSX8ngjf2/Y+bb0UDKNa9DIGQaS3Parh6U5liQIDAQABAoIBAB9K9jp3xXVlO3DM
|
||||
KBhmbkg3n6NSV4eW00d9w8cO9E1/0eeZql3knJS7tNO1IwApqiIAHM1j1yP7WONz
|
||||
88oUqpSlzwD6iF7KVhC3pHqxEOdDi0Tpn/viXg+Ab2X1IF5guRTfLnKiyviiCazi
|
||||
edqtBtDb3d6Icx9Oc7gBKcpbQFDGt++wSOb5L+xhRm9B5B4l/6byikiPeKqIK5tC
|
||||
SoP9Zr1mvpNoGm1P4LvEunFJcRBqVI010VNwfO9P98oVyzJu9/FZZrQxXoY9JdXF
|
||||
OM6nbl+hMDM3TkEOda9NvBhImozEAvuc97CaaXyR3XivxMqNqNIb4+syUPa2PCS3
|
||||
ZztI5qECgYEA1gbVG6ifpvpbBkDPi3Im8fM3F7FLLrQc48FdFjdMvDhHD9lVKucD
|
||||
Uaa8PF9dbbvlu2cwMyfBOKSuWaXxRxRsiqiPmTunS1MvPzQcSrGwUrL2AogGucn6
|
||||
+NrLQf5P4H5IpkDQ9ih3zwjO6xKFK1WeYnYpHM8qUBtl6q0YFyVBPu0CgYEA05Pn
|
||||
StWA4D7VSbNnVi6lvFyEOUsTrK3v419598TFiq4eXLq6aV8/CQYzKsSzoG+aOZhX
|
||||
Li+0uyT5cNzUcXYhTsW1hA/pNhMfxMrYiB1x14zlLp2WRGg4vd/+SxX6d9Yd3acX
|
||||
7QzPKgdDicXs9QN8ozJOICKvNbUI53AJdATVEY0CgYEAwvpGeoQLrdq1weSZLrg3
|
||||
soOX1QW3MDz1dKdbXjnStkWut0mOxR7fbysuoPFf8/ARQcCnsHKvHCMqkpESVWbN
|
||||
2yPkbfxiU8Tcbf/TJljqAOz4ISY6ula/RKZONTixHBrvpEW4GAiV3Q5xMsYUe33s
|
||||
ZFaw7YXtTj0ng7tdDvjpj6ECgYEApHdUU9ejVq2BHslWiqe4LbO9FMxHfvO2hgix
|
||||
xugupp6y+2Irhb2EQn+PRq+g8hXOzPaezkhHNTKItDL08T3iplkJwJ6dqmszRsZn
|
||||
i2dYFzZu8M2PAZ4CfZahFbz/9id7D9HTx3EtmH4NAgvZJpyPRkzUbiaIDDettDpj
|
||||
Hsyi1AECgYAPLvjBzQj4kPF8Zo9pQEUcz4pmupRVfv3aRfjnahDK4qZHEePDRj+J
|
||||
W7pzayrs1dyN9QLB8pTc424z7f8MB3llCICN+ohs8CR/eW0NEobE9ldDOeoCr1Vh
|
||||
NhNSbrN1iZ8U4oLkRTMaDKkVngGffvjGi/q0tOU7hJdZOqNlk2Iahg==
|
||||
-----END RSA PRIVATE KEY-----
|
20
examples/protocols/openssl_server/server_certs/ca.crt
Normal file
20
examples/protocols/openssl_server/server_certs/ca.crt
Normal file
@ -0,0 +1,20 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDTTCCAjWgAwIBAgIUe0ZW+zwJ0KauAHVreTmv8xqC9QgwDQYJKoZIhvcNAQEL
|
||||
BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM
|
||||
CUVzcHJlc3NpZjAeFw0yMDA5MjMwNzU1NTRaFw00ODAyMDkwNzU1NTRaMDYxCzAJ
|
||||
BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz
|
||||
aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52tv077MpX817BVUP
|
||||
yjmz/Nk1Tj7Za4pHlpVlbRRSlEz5h/62s7arB6dq9K2kC7fTIkw6MN/Qp4zPZ1Ug
|
||||
0abzZesb71w3NLhw9ModiakDkvdRoDORXbxeJuxHbJyui/8N9UNJfb3IOPX/nSP+
|
||||
coDWrkk0GrJbLwU1aLf7zr00iY2yx+lAEd75ElXhKrheUJJ/dpKYl4ZcGSm55WkQ
|
||||
tJi5dHfZCx1dDXnt49q5hbGa7lsOwdIdE7xM4NtqWo61LJ2Z/scbha48RMvEAnAl
|
||||
IfG9VcfjfOY1Y3LZemXS1NhuGRRgT3hc/xJFyTja4zg71XK1Z5VJO/QShFuDWnkx
|
||||
oXrdAgMBAAGjUzBRMB0GA1UdDgQWBBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAfBgNV
|
||||
HSMEGDAWgBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAPBgNVHRMBAf8EBTADAQH/MA0G
|
||||
CSqGSIb3DQEBCwUAA4IBAQBqu44Bdq2JWAx3gDrIz42Vvocq4kRkNEg2C00b7OEU
|
||||
Hi/zm2JTOyoHQfLZWc1Y6dzcPTbA/+7JFgnlgyzfH4YCi8YosEjRB+cBqEwDeeGY
|
||||
XS0vKxEG69vDb/neqsKsWawKU7P8TVar7qg/41eqoC84o/d23eBFJ0Tr/3EWO5hr
|
||||
8ct2mSLkewCJIzxqQIsORynxjd7K9N2Dxb7Lg7kremM+nADfrbArSh443t+G9YEY
|
||||
fDatlIgFXietPyg6i27Aob5Ogs5gmbdY2swEoYfnrN++DpLyLoPB9Y1t/691CkNF
|
||||
AzCQft+CFyZfNXbjHBE7q3s660/UkC20OyHFyFt9C0q2
|
||||
-----END CERTIFICATE-----
|
27
examples/protocols/openssl_server/server_certs/ca.key
Normal file
27
examples/protocols/openssl_server/server_certs/ca.key
Normal file
@ -0,0 +1,27 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAudrb9O+zKV/NewVVD8o5s/zZNU4+2WuKR5aVZW0UUpRM+Yf+
|
||||
trO2qwenavStpAu30yJMOjDf0KeMz2dVINGm82XrG+9cNzS4cPTKHYmpA5L3UaAz
|
||||
kV28XibsR2ycrov/DfVDSX29yDj1/50j/nKA1q5JNBqyWy8FNWi3+869NImNssfp
|
||||
QBHe+RJV4Sq4XlCSf3aSmJeGXBkpueVpELSYuXR32QsdXQ157ePauYWxmu5bDsHS
|
||||
HRO8TODbalqOtSydmf7HG4WuPETLxAJwJSHxvVXH43zmNWNy2Xpl0tTYbhkUYE94
|
||||
XP8SRck42uM4O9VytWeVSTv0EoRbg1p5MaF63QIDAQABAoIBAQC480UkcEz4hW/0
|
||||
VpAZkILvzFVTKLR+pPgM2Zt+PZiVvSMExwMBScIkXQ+L7kXGFCswntcAqZZxC+ui
|
||||
khAzAq+DVA8t03sPLRXGwrNHxbA98EjSH/xxUribcVx8j2c0g/ijKUl2nvz3fUfA
|
||||
wd4J3mS8PuB2S4LmHtquFbHRkiDTX8RPtq+1ZGpl2+u2DlKIyPrkr8UZyZPVVjHd
|
||||
ACyG4rJdFy/XVS3cGSQ0Nkp/Ml706oSOUklRPzQEumZt6UkdgRYt9VlLL65CzIrF
|
||||
qW34v0olgD5pVM4hIKIV8GgqGCqKhfsj8Mv6kQ2iO4/Wu32iwwezGpqO5pOUVJLB
|
||||
t/22iNxBAoGBAOmHHUN9Vl5wnZ88/TG1zU4aom/PHNiPCym1Zr4MekdMtCOFo+i/
|
||||
8hB+X8ZfR8VfQpzF2TdvCde0f/nQCT7ixCFmx5ZgD6QqDU2oHqV1N+/6k3IFGG8X
|
||||
BFcKMOyRU866E7RknMQfXmKc0V9BFnwo1hFfNlaQNUsiT6BX9TXvDzBVAoGBAMu9
|
||||
Vpnv95FbFAb3+5gLABfFu9jUDSIanE+YJgtm5akDxF5paYZNTUcTe0KwT/h/nqyU
|
||||
EyHeb32IbKUOzEmN1RlvfIec2QmZJk0u6TfLRLmORsBxM5z5dn+mvJwsYHaam0iI
|
||||
pdpbnObCH+dIgGrn6zPPgaLr/NQ/GJMbVpGTVAhpAoGAc9p9MRtAOvABspsuPXgl
|
||||
F2dtSKzmcaVdc160TvqfuzmZcLn/HBwFuhsH5sEkOQ3OXTpmTfL/Xg0FJGkJ/THA
|
||||
/ZUg1UBo4heeq/UI5yrlCmA0v+85NPulQo0iwmpCup9j4S28/CtXxvJniKsgvY4A
|
||||
zXN/4KgAWHr4J+MbGpuz3FUCgYB6ACr3iyaoN+3KLnzOEug/U/ykXnZu0ZiAYQ+H
|
||||
DFrB1qukDWNPNMLtqNDKomGA4IrXtOOwCE6i0SqdvDrAYNoWnRfo7RdaFAdHeKvW
|
||||
6TWCF5xuaFsLyKYY0nNm4XvyCaqqyIjoNKvD0sLf8B5V5gKFx+BM+xsuzYmdrWUt
|
||||
Txem4QKBgQDGTEuEy8lX3AO7+iSwjgOC0mooLOR6MoH3iH81GUj+IuiwngIDRtHj
|
||||
gIh0mNu6vgQkfBkaP27tyr00PBi3SIGAJOLaTKimjEOk0plTw1ewt4apMlhdcT/f
|
||||
eVEUD7zpX3v1a8mN34wCRUEilpfMvEpIxW3GnDRzxVaXerydLiApJQ==
|
||||
-----END RSA PRIVATE KEY-----
|
@ -97,6 +97,8 @@ examples/protocols/mqtt/ssl_ds/configure_ds.py
|
||||
examples/protocols/mqtt/tcp/mqtt_tcp_example_test.py
|
||||
examples/protocols/mqtt/ws/mqtt_ws_example_test.py
|
||||
examples/protocols/mqtt/wss/mqtt_wss_example_test.py
|
||||
examples/protocols/openssl_client/example_test.py
|
||||
examples/protocols/openssl_server/example_test.py
|
||||
examples/protocols/pppos_client/example_test.py
|
||||
examples/protocols/sntp/example_test.py
|
||||
examples/protocols/sockets/tcp_client/example_test.py
|
||||
|
Loading…
Reference in New Issue
Block a user