David Cermak
9459c0dd43
asio: Basic SSL/TLS support in asio port for ESP platform
...
This port employs IDF port of OpenSSL for most common features, others
are discouraged or not supported. The port also introduces several stubs
for OpenSSL functions which ASIO needs to get compiled and linked.
Upstream ASIO supports WolfSSL as SSL/TLS stack, as well, which is
another option for SSL support in ASIO on ESP platform.
2020-07-14 10:42:17 +00:00
David Cermak
bd1e9b5ea7
openssl: basic support for errors and bio objects
...
Closes https://github.com/espressif/esp-idf/issues/3406
2020-07-14 10:42:17 +00:00
Chris Morgan
3e1633354a
ssl_pm_reload_crt() - Fix verify_mode checking to match openssl documentation https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_verify.html
...
Merges https://github.com/espressif/esp-idf/pull/2162
2018-07-09 14:41:56 +08:00
Ivan Grokhotkov
cb649e452f
remove executable permission from source files
2018-05-29 20:07:45 +08:00
Ivan Grokhotkov
022b4f3251
openssl: add feature check for MBEDTLS_SSL_ALPN
...
Fixes https://github.com/espressif/esp-idf/issues/1342
2017-12-08 13:00:11 +08:00
Andy Green
effc6c6d0d
openssl wrapper: introduce X509_VERIFY_PARAM_set1_host
...
This lets the user code set the mbedtls hostname using the standard OpenSSL
X509_VERIFY_PARAM_set1_host() API semantics.
The API takes an X509_VERIFY_PARAM pointer. We use the fact that is
a composed member of the SSL struct to derive the SSL pointer.
The X509_VERIFY_PARAM_set1_host() is unusual in that it can accept a
NUL terminated C string as usual, or a nonterminated pointer + length.
This implementation converts the latter to the former if given, before
using it.
This is enough for user code to get the openssl wrapper to make
mbedtls confirm the CN on the peer cert belongs to the hostname used
to reach it, by doing, eg
X509_VERIFY_PARAM_set1_host(SSL_get0_param(myssl), myhostname, 0);
Merges https://github.com/espressif/esp-idf/pull/980
2017-11-20 16:24:06 +11:00
Kedar Sovani
b65f47c586
[openssl] Add support for SNI (sending the hostname)
2017-10-31 16:57:38 +05:30
Kedar Sovani
3420baa01b
[openssl] Add support for defining ALPN protocols
2017-10-31 16:57:38 +05:30
Angus Gratton
c503a01388
mbedtls: Rename net to net_sockets (in line with 2.4.0 API change)
2017-09-07 18:02:39 +10:00
Dong Heng
25e2b07010
components/openssl : Fix compilation error when openssl debugging is enabled
2017-02-20 09:45:50 +08:00
Dong Heng
93395a3370
components/openssl: Add more debugging information at platform level
2017-01-26 10:12:58 +08:00
Dong Heng
905180667c
components/openssl: refactor openssl debugging and assert function
...
1. add openssl option at menuconfig
2. remove SSL_ERR to reduce complexity
3. add more functions about debugging and assert
According these, our coders and customers may use and debug the OpenSSL code easily.
2017-01-17 10:15:26 +08:00
Dong Heng
8c7dfef317
examples/10_openssl_server: fixup SSL server with method of specific version
...
1. add method of any version supporting at OpenSSL and add API in header file
2. change OpenSSL server context method to be method of any version
Fixes http://esp32.com/viewtopic.php?f=14&t=696 .
2017-01-05 15:57:25 +08:00
Ivan Grokhotkov
2393d829de
remove legacy definitions from esp_types.h
2016-11-22 21:14:36 +08:00
Dong Heng
dfaac25a37
feature/openssl: add openssl server demo and remove some check function
2016-11-15 15:04:21 +08:00
Dong Heng
734c1dd954
components/openssl: sync the code form esp8266 sdk
2016-11-14 09:40:12 +08:00
Dong Heng
12e78e9590
components/openssl: add more debug stream output function
2016-11-01 15:16:14 +08:00
Dong Heng
fc6b52574a
components/openssl: refactor the SSL port function and debug function
2016-11-01 13:07:10 +08:00
Dong Heng
37a68ad605
components/openssl: fix SSL X509 show message, leaking memory
2016-10-09 19:02:31 +08:00
Dong Heng
47e83ee65e
components/openssl: add SSL any version function setting
2016-10-09 17:49:16 +08:00
Dong Heng
2033068a72
components/openssl: add internal openssl X509 debug function
2016-10-09 16:42:49 +08:00
Dong Heng
9e20d31f89
components/openssl: fix extra certification loading
2016-09-27 19:06:07 +08:00
Dong Heng
652ddae44f
components/openssl: change low-level certification loading sequence
2016-09-27 14:28:39 +08:00
Dong Heng
3882937427
components/openssl: add debug message and change verifying mode
2016-09-27 10:06:24 +08:00
Dong Heng
cf4aaf6397
components/openssl: optimize the SSL certification and private key function
...
1. add inheritance function
2. remove low-level platform unload cert & pkey function
3. optimize the cert load and free function
2016-09-26 11:14:19 +08:00
Dong Heng
e1c4a4bfa3
components/openssl: add cert and pkey extra object point
...
the point is pointed to its father's object and should not free
just set NULL if not use
2016-09-23 18:47:09 +08:00
Dong Heng
d2bc170b86
components/openssl: add SSL session function
...
1. add SSL session new and free function
2. add SSL session peer cert get and free operation
3. above all, change low-level cert object to be object point not object
2016-09-23 18:13:10 +08:00
dongheng
59bb9a9a01
components/openssl: [TW7411] supply doxygen type note
2016-09-23 14:50:27 +08:00
dongheng
db9becfa74
components/openssl: free peer cert X509 object when SSL_free
2016-09-23 13:38:11 +08:00
dongheng
e475d0539e
components/openssl: add SSL and SSL context verify mode selection
2016-09-23 11:41:57 +08:00
dongheng
f5d9bfc7ae
components/openssl: fix SSL get peer cert struct point type error
...
1. fix SSL get peer cert struct point type error
2. some function use "zalloc" instead of "malloc"
2016-09-23 11:03:13 +08:00
dongheng
07c8bbca6c
components/openssl: SSL low-level reload cert when user add new cert
2016-09-23 10:53:18 +08:00
dongheng
9fc054bb55
components/openssl: SSL load cert with creating new cert object
...
1. when 'SSL_new' SSL's cert is pointed to SSL context cert
If SSL load new cert, it will create a new cert object
2. change some debug informaion
2016-09-23 10:33:31 +08:00
dongheng
1bfedf9816
components/openssl: fix the SSL_free memory leak
2016-09-22 18:33:55 +08:00
dongheng
18787fd4fc
components/openssl: add empty fucntion to get peer certification and fix ref overflow
2016-09-22 17:20:07 +08:00
dongheng
f796b4e58e
components/openssl: SSL load verify data from itself structure when "new"
2016-09-22 16:41:51 +08:00
dongheng
fa6f03f77f
components/openssl: add function to load certification or private key more than one time
2016-09-22 16:08:36 +08:00
dongheng
b3145446aa
components/openssl: add function "ssl_pm_get_verify_result"
...
1. add function ssl_pm_get_verify_result
2. add its platform low-level interface
2016-09-22 15:15:16 +08:00
dongheng
845ca8b34f
components/openssl: delete ssl_rsa.c & .h file
2016-09-22 11:43:59 +08:00
dongheng
6bd3d62d7c
components/openssl: add license header
2016-09-22 10:28:08 +08:00
dongheng
5adc661d05
components/openssl: add more interface for application
2016-09-21 09:23:29 +08:00
dongheng
44c466c0ea
components/openssl: add base function version
2016-09-20 16:58:46 +08:00