Commit Graph

43 Commits

Author SHA1 Message Date
David Cermak
1c8171c3e8 asio: option to use wolfSSL as TLS stack for ASIO
Plus other minor update, make openssl aware of current modes (SSL_set_mode)
Update coding style in examples and tests, including copyright notices
2020-07-14 10:42:17 +00:00
David Cermak
9459c0dd43 asio: Basic SSL/TLS support in asio port for ESP platform
This port employs IDF port of OpenSSL for most common features, others
are discouraged or not supported. The port also introduces several stubs
for OpenSSL functions which ASIO needs to get compiled and linked.

Upstream ASIO supports WolfSSL as SSL/TLS stack, as well, which is
another option for SSL support in ASIO on ESP platform.
2020-07-14 10:42:17 +00:00
David Cermak
bd1e9b5ea7 openssl: basic support for errors and bio objects
Closes https://github.com/espressif/esp-idf/issues/3406
2020-07-14 10:42:17 +00:00
Chris Morgan
3e1633354a ssl_pm_reload_crt() - Fix verify_mode checking to match openssl documentation https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_verify.html
Merges https://github.com/espressif/esp-idf/pull/2162
2018-07-09 14:41:56 +08:00
Ivan Grokhotkov
cb649e452f remove executable permission from source files 2018-05-29 20:07:45 +08:00
Ivan Grokhotkov
022b4f3251 openssl: add feature check for MBEDTLS_SSL_ALPN
Fixes https://github.com/espressif/esp-idf/issues/1342
2017-12-08 13:00:11 +08:00
Andy Green
effc6c6d0d openssl wrapper: introduce X509_VERIFY_PARAM_set1_host
This lets the user code set the mbedtls hostname using the standard OpenSSL
X509_VERIFY_PARAM_set1_host() API semantics.

The API takes an X509_VERIFY_PARAM pointer.  We use the fact that is
a composed member of the SSL struct to derive the SSL pointer.

The X509_VERIFY_PARAM_set1_host() is unusual in that it can accept a
NUL terminated C string as usual, or a nonterminated pointer + length.
This implementation converts the latter to the former if given, before
using it.

This is enough for user code to get the openssl wrapper to make
mbedtls confirm the CN on the peer cert belongs to the hostname used
to reach it, by doing, eg

	X509_VERIFY_PARAM_set1_host(SSL_get0_param(myssl), myhostname, 0);

Merges https://github.com/espressif/esp-idf/pull/980
2017-11-20 16:24:06 +11:00
Kedar Sovani
b65f47c586 [openssl] Add support for SNI (sending the hostname) 2017-10-31 16:57:38 +05:30
Kedar Sovani
3420baa01b [openssl] Add support for defining ALPN protocols 2017-10-31 16:57:38 +05:30
Angus Gratton
c503a01388 mbedtls: Rename net to net_sockets (in line with 2.4.0 API change) 2017-09-07 18:02:39 +10:00
Dong Heng
25e2b07010 components/openssl : Fix compilation error when openssl debugging is enabled 2017-02-20 09:45:50 +08:00
Dong Heng
93395a3370 components/openssl: Add more debugging information at platform level 2017-01-26 10:12:58 +08:00
Dong Heng
905180667c components/openssl: refactor openssl debugging and assert function
1. add openssl option at menuconfig
2. remove SSL_ERR to reduce complexity
3. add more functions about debugging and assert

According these, our coders and customers may use and debug the OpenSSL code easily.
2017-01-17 10:15:26 +08:00
Dong Heng
8c7dfef317 examples/10_openssl_server: fixup SSL server with method of specific version
1. add method of any version supporting at OpenSSL and add API in header file
2. change OpenSSL server context method to be method of any version

Fixes http://esp32.com/viewtopic.php?f=14&t=696.
2017-01-05 15:57:25 +08:00
Ivan Grokhotkov
2393d829de remove legacy definitions from esp_types.h 2016-11-22 21:14:36 +08:00
Dong Heng
dfaac25a37 feature/openssl: add openssl server demo and remove some check function 2016-11-15 15:04:21 +08:00
Dong Heng
734c1dd954 components/openssl: sync the code form esp8266 sdk 2016-11-14 09:40:12 +08:00
Dong Heng
12e78e9590 components/openssl: add more debug stream output function 2016-11-01 15:16:14 +08:00
Dong Heng
fc6b52574a components/openssl: refactor the SSL port function and debug function 2016-11-01 13:07:10 +08:00
Dong Heng
37a68ad605 components/openssl: fix SSL X509 show message, leaking memory 2016-10-09 19:02:31 +08:00
Dong Heng
47e83ee65e components/openssl: add SSL any version function setting 2016-10-09 17:49:16 +08:00
Dong Heng
2033068a72 components/openssl: add internal openssl X509 debug function 2016-10-09 16:42:49 +08:00
Dong Heng
9e20d31f89 components/openssl: fix extra certification loading 2016-09-27 19:06:07 +08:00
Dong Heng
652ddae44f components/openssl: change low-level certification loading sequence 2016-09-27 14:28:39 +08:00
Dong Heng
3882937427 components/openssl: add debug message and change verifying mode 2016-09-27 10:06:24 +08:00
Dong Heng
cf4aaf6397 components/openssl: optimize the SSL certification and private key function
1. add inheritance function
2. remove low-level platform unload cert & pkey function
3. optimize the cert load and free function
2016-09-26 11:14:19 +08:00
Dong Heng
e1c4a4bfa3 components/openssl: add cert and pkey extra object point
the point is pointed to its father's object and should not free
just set NULL if not use
2016-09-23 18:47:09 +08:00
Dong Heng
d2bc170b86 components/openssl: add SSL session function
1. add SSL session new and free function
2. add SSL session peer cert get and free operation
3. above all, change low-level cert object to be object point not object
2016-09-23 18:13:10 +08:00
dongheng
59bb9a9a01 components/openssl: [TW7411] supply doxygen type note 2016-09-23 14:50:27 +08:00
dongheng
db9becfa74 components/openssl: free peer cert X509 object when SSL_free 2016-09-23 13:38:11 +08:00
dongheng
e475d0539e components/openssl: add SSL and SSL context verify mode selection 2016-09-23 11:41:57 +08:00
dongheng
f5d9bfc7ae components/openssl: fix SSL get peer cert struct point type error
1. fix SSL get peer cert struct point type error
	2. some function use "zalloc" instead of "malloc"
2016-09-23 11:03:13 +08:00
dongheng
07c8bbca6c components/openssl: SSL low-level reload cert when user add new cert 2016-09-23 10:53:18 +08:00
dongheng
9fc054bb55 components/openssl: SSL load cert with creating new cert object
1. when 'SSL_new' SSL's cert is pointed to SSL context cert
           If SSL load new cert, it will create a new cert object
        2. change some debug informaion
2016-09-23 10:33:31 +08:00
dongheng
1bfedf9816 components/openssl: fix the SSL_free memory leak 2016-09-22 18:33:55 +08:00
dongheng
18787fd4fc components/openssl: add empty fucntion to get peer certification and fix ref overflow 2016-09-22 17:20:07 +08:00
dongheng
f796b4e58e components/openssl: SSL load verify data from itself structure when "new" 2016-09-22 16:41:51 +08:00
dongheng
fa6f03f77f components/openssl: add function to load certification or private key more than one time 2016-09-22 16:08:36 +08:00
dongheng
b3145446aa components/openssl: add function "ssl_pm_get_verify_result"
1. add function ssl_pm_get_verify_result
	2. add its platform low-level interface
2016-09-22 15:15:16 +08:00
dongheng
845ca8b34f components/openssl: delete ssl_rsa.c & .h file 2016-09-22 11:43:59 +08:00
dongheng
6bd3d62d7c components/openssl: add license header 2016-09-22 10:28:08 +08:00
dongheng
5adc661d05 components/openssl: add more interface for application 2016-09-21 09:23:29 +08:00
dongheng
44c466c0ea components/openssl: add base function version 2016-09-20 16:58:46 +08:00