Commit Graph

38 Commits

Author SHA1 Message Date
Jitin George
f0ebf613f4 OpenSSL API addition 2018-02-20 12:32:12 +05:30
Andy Green
ae1f1e9b84 openssl wrapper: introduce X509_VERIFY_PARAM_set/clear_hostflags
This defines the OpenSSL X509_CHECK_FLAG_...s and the set/clear
accessors.  Since none of them are supported, the set / clear
accessor currently always does nothing and returns error.

This call is often part of the generic openssl user code to
set up certificate verification.  This patch allows it to
compile for ESP32 and decide at runtime what to do about
unsupported flags.

Merges https://github.com/espressif/esp-idf/pull/980
2017-11-20 16:25:57 +11:00
Andy Green
effc6c6d0d openssl wrapper: introduce X509_VERIFY_PARAM_set1_host
This lets the user code set the mbedtls hostname using the standard OpenSSL
X509_VERIFY_PARAM_set1_host() API semantics.

The API takes an X509_VERIFY_PARAM pointer.  We use the fact that is
a composed member of the SSL struct to derive the SSL pointer.

The X509_VERIFY_PARAM_set1_host() is unusual in that it can accept a
NUL terminated C string as usual, or a nonterminated pointer + length.
This implementation converts the latter to the former if given, before
using it.

This is enough for user code to get the openssl wrapper to make
mbedtls confirm the CN on the peer cert belongs to the hostname used
to reach it, by doing, eg

	X509_VERIFY_PARAM_set1_host(SSL_get0_param(myssl), myhostname, 0);

Merges https://github.com/espressif/esp-idf/pull/980
2017-11-20 16:24:06 +11:00
Andy Green
0f02a38262 openssl wrapper: introduce SSL_get0_param
This adds the standard OpenSSL api to get a pointer to the SSL struct's
X509_VERIFY_PARAM.  We need this for the OpenSSL api to set the peer
hostname introduced in the next patch.

Part of https://github.com/espressif/esp-idf/pull/980
2017-11-20 16:23:18 +11:00
Kedar Sovani
b65f47c586 [openssl] Add support for SNI (sending the hostname) 2017-10-31 16:57:38 +05:30
Kedar Sovani
3420baa01b [openssl] Add support for defining ALPN protocols 2017-10-31 16:57:38 +05:30
Dong Heng
905180667c components/openssl: refactor openssl debugging and assert function
1. add openssl option at menuconfig
2. remove SSL_ERR to reduce complexity
3. add more functions about debugging and assert

According these, our coders and customers may use and debug the OpenSSL code easily.
2017-01-17 10:15:26 +08:00
Dong Heng
8c7dfef317 examples/10_openssl_server: fixup SSL server with method of specific version
1. add method of any version supporting at OpenSSL and add API in header file
2. change OpenSSL server context method to be method of any version

Fixes http://esp32.com/viewtopic.php?f=14&t=696.
2017-01-05 15:57:25 +08:00
Dong Heng
734c1dd954 components/openssl: sync the code form esp8266 sdk 2016-11-14 09:40:12 +08:00
Dong Heng
12e78e9590 components/openssl: add more debug stream output function 2016-11-01 15:16:14 +08:00
Dong Heng
bc710e5b88 components/openssl: refacetor the SSL debug function
Add the "ssl_opt.h" file to make user able t add its platform interface
2016-11-01 14:59:50 +08:00
Dong Heng
fc6b52574a components/openssl: refactor the SSL port function and debug function 2016-11-01 13:07:10 +08:00
Dong Heng
ecefb1305a components/openssl: change header file relationship of level 2016-10-10 10:40:00 +08:00
Dong Heng
2033068a72 components/openssl: add internal openssl X509 debug function 2016-10-09 16:42:49 +08:00
Dong Heng
877adaab7a components/openssl: add some function description 2016-09-27 18:50:57 +08:00
Dong Heng
3882937427 components/openssl: add debug message and change verifying mode 2016-09-27 10:06:24 +08:00
Dong Heng
cf4aaf6397 components/openssl: optimize the SSL certification and private key function
1. add inheritance function
2. remove low-level platform unload cert & pkey function
3. optimize the cert load and free function
2016-09-26 11:14:19 +08:00
Dong Heng
d2bc170b86 components/openssl: add SSL session function
1. add SSL session new and free function
2. add SSL session peer cert get and free operation
3. above all, change low-level cert object to be object point not object
2016-09-23 18:13:10 +08:00
dongheng
83aea6c833 components/openssl: add extern C symbol 2016-09-23 15:18:14 +08:00
dongheng
5c5f7eb7fe components/openssl: add openssl stack object function 2016-09-23 14:53:19 +08:00
dongheng
f9fd5b6c72 components/openssl: add X509 verify result errno 2016-09-23 14:52:33 +08:00
dongheng
59bb9a9a01 components/openssl: [TW7411] supply doxygen type note 2016-09-23 14:50:27 +08:00
dongheng
e475d0539e components/openssl: add SSL and SSL context verify mode selection 2016-09-23 11:41:57 +08:00
dongheng
07c8bbca6c components/openssl: SSL low-level reload cert when user add new cert 2016-09-23 10:53:18 +08:00
dongheng
9fc054bb55 components/openssl: SSL load cert with creating new cert object
1. when 'SSL_new' SSL's cert is pointed to SSL context cert
           If SSL load new cert, it will create a new cert object
        2. change some debug informaion
2016-09-23 10:33:31 +08:00
dongheng
18787fd4fc components/openssl: add empty fucntion to get peer certification and fix ref overflow 2016-09-22 17:20:07 +08:00
dongheng
f796b4e58e components/openssl: SSL load verify data from itself structure when "new" 2016-09-22 16:41:51 +08:00
dongheng
2faa2376a0 components/openssl: add empty function to load verify file into SSL context
1. add empty function to load private key into SSL context
        2. add empty function to load certification into SSL context
	3. add function to load RSA private key
2016-09-22 15:39:28 +08:00
dongheng
6f07409d7c components/openssl: add function to set and get verify depth
1. add function to set and get SSL verify depth
	2. add function to set and get SSL context verify depth
	3. add X509_VERIFY_PARAM structure
2016-09-22 15:30:25 +08:00
dongheng
b3145446aa components/openssl: add function "ssl_pm_get_verify_result"
1. add function ssl_pm_get_verify_result
	2. add its platform low-level interface
2016-09-22 15:15:16 +08:00
dongheng
2cc32db52d component/openssl: add openssl stack function and clear unused variate
1. add openssl 'new' and 'free' function
	2. add clear unused variate to void warning to appear when compile
        3. add internal function 'X509_new' to take the place of 'sk_X509_NAME_new_null' function whitch is openssl stack function
2016-09-22 14:42:49 +08:00
dongheng
c504fe4856 components/openssl: 1. add stack_st structure and its advanced defination including its derived child defination
2. add SSL_add_client_CA & SSL_get_certificate
2016-09-22 12:57:39 +08:00
dongheng
845ca8b34f components/openssl: delete ssl_rsa.c & .h file 2016-09-22 11:43:59 +08:00
dongheng
6bd3d62d7c components/openssl: add license header 2016-09-22 10:28:08 +08:00
dongheng
b89168d0f1 components/openssl: add ssl_port.c & .h file 2016-09-21 17:51:12 +08:00
dongheng
5adc661d05 components/openssl: add more interface for application 2016-09-21 09:23:29 +08:00
dongheng
44c466c0ea components/openssl: add base function version 2016-09-20 16:58:46 +08:00
dongheng
db2da43fc1 components/openssl: add API header for openssl compatibility layer 2016-09-14 19:39:24 +08:00