Daniel Bahrdt
7e886ca9ed
Implement server session ticket support with mbedtls
...
Closes https://github.com/espressif/esp-idf/pull/7048
Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2021-09-15 22:19:04 +05:30
Aditya Patwardhan
c6c2ea975f
Fix esp_mbedtls_write API
...
Fix esp_wolfssl_write API
Closes https://github.com/espressif/esp-idf/issues/7461
2021-09-15 21:40:54 +05:30
Sachin Billore
667017d517
ESP32S3 support for ESP-MQTT SSL Mutual Authentication with Digital Signature
...
Closes IDF-3859
2021-09-06 11:17:30 +05:30
Shu Chen
6fce2930d0
esp32h2: enable more components to support esp32h2
...
Involved components:
* app_trace
* esp-tls
* esp_adc_cal
* esp_pm
* esp_serial_slave_link
* esp_timer
* freertos
* idf_test
* log
* mbedtls
* newlib
* perfmon
* spi_flash
* spiffs
* ulp
* unity
* vfs
2021-07-01 19:53:11 +08:00
Aditya Patwardhan
0e01a22264
esp_tls_wolfssl: Improved error messages
2021-06-28 14:51:41 +05:30
Aditya Patwardhan
4af1176d15
esp_tls_mbedtls: Improved the error messages.
...
The error message string for error codes is printedwhen log level is set to debug
2021-06-28 14:51:41 +05:30
Jan Brudny
967e057906
esp-tls, esp_http_client and esp_http_server: update copyright notice
2021-05-31 20:06:09 +08:00
David Cermak
f68d7d7023
esp_tls: Renamed public API to indicate the Plain TCP connection
...
Also added parameter checks if used from as a public API
and updated the `is_plein_tcp` description that it's possible to connect
directly using plain tcp transport with the new API.
2021-05-25 10:55:50 +02:00
David Cermak
f249ddd9ae
esp_transport: Use tcp_connect from esp_tls for plain TCP
...
so we don't have to allocate esp_tls structure (~2KB) to save heap when using plain TCP connection
Closes https://github.com/espressif/esp-idf/issues/6940
2021-05-25 07:04:02 +02:00
Jiri Schiebel
c01e259a98
esp_tls: esp_tls_connect: Reduce input params to err_handle
...
Pass only the error_handle instead of instead of the full config structure
2021-05-25 07:04:02 +02:00
Aditya Patwardhan
1abdfee3b7
secure_element: Update esp-cryptoauthlib submodule latest version.
...
*This updates the cryptoauthlib version in the esp-cryptoauthlib to cryptoauthlib-v3.3.1
2021-05-24 07:28:20 +00:00
Axel Lin
52442be9e1
esp-tls: Fix setsockopt for TCP_KEEPIDLE
...
Current code applies keep_alive_enable setting to TCP_KEEPIDLE, fix it.
Fixes: 2d25252746
("esp-tls: Rework tcp_connect() to use more subroutines")
Signed-off-by: Axel Lin <axel.lin@gmail.com>
2021-04-06 15:37:16 +08:00
yuanjm
f68e55edb3
esp-tls: Separate timeout_ms conditional judgement from keep alive
2021-03-10 02:19:29 +00:00
yuanjm
c62cbd1254
transport: Support bind socket to specified interface in transport and esp-tls
2021-03-10 02:19:29 +00:00
Aditya Patwardhan
bf513b6f31
Fix esp_tls: Prevent freeing of global ca store after each connection
...
when dynamic ssl buffers are enabled
2021-02-25 00:26:13 +00:00
yuanjm
da58235a0e
components: Use CONFIG_LWIP_IPV6 to strip IPv6 function in components
2021-02-23 18:26:03 +08:00
David Cermak
eb772e152c
esp_tls: Fix unresolved lwip symbol when complex dependency tree
2021-02-16 09:01:35 +01:00
David Cermak
5cfa545d08
esp-tls: Added _esp_tls_net_init to init fd for both mbedtls/wolfssl
2021-02-16 09:01:35 +01:00
David Cermak
4375f888fa
esp-tls: Fix wolfssl error codes for WANT_READ/WANT_WRITE
...
wolfSSL error codes are mostly positive numbers, but esp-tls potentially
non-block API (read/write) returns ssize_t, i.e. bytes read/written if
>0, errorcode otherwise. To comply with this API we have to conditionate
the wolfssl return codes to negative numbers, preferably the same codes
as mbedTLS codes.
2021-02-16 09:01:35 +01:00
David Cermak
2d25252746
esp-tls: Rework tcp_connect() to use more subroutines
...
Refactored the esp_tcp_connect() functionality to break it down to
* dns-resolution + socket creation
* set configured socket options
* set/reset non-block mode
* the actual connection in non-blocking mode
2021-02-16 09:01:35 +01:00
David Cermak
6b318fe583
esp_tls: Updated connection method to use non-blocking connect
...
For better control over connection timeouts
To be in line with former tcp_transport, as esp-tls is not used for
plain tcp transports
2021-02-16 09:00:43 +01:00
David Cermak
2c28ffffee
tcp_transport/esp_tls: Use common TCP transport to reduce code duplication
...
For high level review of the changes.
2021-02-16 09:00:43 +01:00
David Cermak
391d7bf271
tcp_transport: Add TCP transport connection errors
...
Transport's error_handle is used to capture different types of errors
including esp_err_t from esp-tls and socket/system errors.
This change adds the following error codes for TCP transport:
* connection closed by a FIN flag (clean closure from server)
* DNS resolution problem
* connection timeout
These errors are already defined in esp-tls component and since this
component will be used in the future for both TCP and SSL transport, we
currently report these issues in transport::error_handle::esp_tls_last_error
of standard esp error type (esp_err_t)
Closes https://github.com/espressif/esp-mqtt/issues/182
2021-02-16 09:00:43 +01:00
Aditya Patwardhan
0175c68400
esp_tls: Fix misplaced paranthesis in esp_tls_mbedtls.c
...
Fixes one part of - https://github.com/espressif/esp-idf/issues/6440
2021-02-10 02:07:58 +00:00
Mahavir Jain
f5e51e7c1b
Merge branch 'feature/esp32c3_ds_mbedtls_integration' into 'master'
...
esp32c3/Digital Signature: mbedtls integration through ESP-TLS
Closes IDF-2267
See merge request espressif/esp-idf!12033
2021-01-22 17:06:46 +08:00
yuanjm
044c3e3e74
Modify esp-tls and tcp_transport to support keep alive for tcp and ssl connection
...
Closes IDFGH-4543
2021-01-22 06:56:28 +00:00
Aditya Patwardhan
79c23a1886
esp32c3/Digital Signature: mbedtls integration through ESP-TLS
2021-01-22 11:54:16 +05:30
Aditya Patwardhan
cc3843263a
esp-tls: Added unit tests
2021-01-21 01:17:23 +00:00
Aditya Patwardhan
43a1b53aad
esp_tls_wolfssl: Move order of crt_bundle check to match that in
...
esp_tls_mbedtls
2021-01-21 01:17:23 +00:00
Aditya Patwardhan
1a09e16af2
esp_tls: Fix memory leak when esp-tls server session is deleted
2021-01-21 01:17:23 +00:00
Aditya Patwardhan
cddb8c29e6
esp-tls: Fix mem leak when global_ca_store is freed
2021-01-21 01:17:23 +00:00
Aditya Patwardhan
0841d2bc75
esp_tls: Add warning if the CA chain provided contains one/more invalid
...
cert
2021-01-11 03:20:35 +00:00
Aditya Patwardhan
ca964dfbcc
esp-tls: Changed default behaviour for esp-tls client ( for security
...
purpose)
By default esp-tls client will now return error if no server verify option
is provided, earlier it used to skip the verification by
default.
Added config option to skip server verification by default (for testing
purpose)
Updated required docs
2021-01-05 07:33:32 +00:00
Aditya Patwardhan
39b446f9fe
esp_tls_wolfssl : Add domain name check
2020-12-23 18:10:36 +05:30
Aditya Patwardhan
95d9533294
esp-tls : (Fix) update tls->sockfd value after socket is freed internally
...
Closes https://github.com/espressif/esp-idf/issues/6163
2020-12-02 03:47:15 +00:00
Angus Gratton
935e4b4d62
Merge branch 'feature/riscv_arch' into 'master'
...
Add RISC-V support
Closes IDF-2359
See merge request espressif/esp-idf!11140
2020-11-13 07:50:31 +08:00
Angus Gratton
420aef1ffe
Updates for riscv support
...
* Target components pull in xtensa component directly
* Use CPU HAL where applicable
* Remove unnecessary xtensa headers
* Compilation changes necessary to support non-xtensa gcc types (ie int32_t/uint32_t is no
longer signed/unsigned int).
Changes come from internal branch commit a6723fc
2020-11-13 07:49:11 +11:00
David Cermak
ce519ee783
tcp_transport: Extend transport error storage for socket error
...
Everytime we report error and log errno, we also capture the actual
errno to an internal storage so that user application can retrieve
its value.
2020-11-12 12:46:22 +00:00
Aditya Patwardhan
8d65cee0a9
esp32/esp-tls: Make crypto abstraction layer inside esp-tls
...
Which allows several components to use cryptographic functions from
esp-tls which is the current abstraction layer.
2020-10-23 05:16:06 +00:00
Aditya Patwardhan
47f7c6a991
esp32s2/esp_ds: Digital Signature software support
...
1)Added support for alt rsa sign implementation with DS peripheral (
through ESP-TLS - mbedTLS SSL/TLS stack)
2020-09-22 18:31:31 +05:30
Mahavir Jain
52469c8505
esp-tls: enable TLS renegotiation using explicit API call
...
mbedTLS stack does not keep TLS renegotiation enabled even if
relevant config option is turned on, it needs explicit API call
`mbedtls_ssl_conf_renegotiation` to do so.
This issue was observed in case of Azure IoT, where keys needs to
be refreshed periodically to keep TLS connection intact.
2020-07-03 05:52:22 +00:00
Aditya Patwardhan
ea635c2bba
esp_tls_wolfssl: fix incorrect error message after handshake fails
2020-06-18 10:10:40 +05:30
Aditya Patwardhan
423e600d46
secure_element: atecc608_ecdsa example
...
* Replaced crypotoauthlib with esp-cryptoauthlib
* Added menuconfig option for esp-tls about using HSM
* Added error codes for HSM in esp-tls,
* Added support to select different type of ATECC608A chips
* Added README, updated docs
* tcp_transport: Added option to enable secure_element for ssl
Closes https://github.com/espressif/esp-idf/issues/4432
2020-05-21 13:08:30 +05:30
Mahavir Jain
7a2ea9b7f7
esp-tls: add support for using hardware security module
2020-05-20 22:52:37 +05:30
David Cermak
6182e6f303
tcp_transport: close to return error only for socket error or invalid args
...
Closes https://github.com/espressif/esp-idf/issues/4872
2020-05-05 15:53:09 +02:00
Vikram Dattu
60dc4285f4
Fixed esp_tls_conn_write
documentation.
...
Return value `0` in actual is case of partial write and not error as per `mbedtls_ssl_write`
Modified documentation of `esp_tls_conn_write` accordingly.
Even `esp_wolfssl_write` API considers just negative returns as errors.
Signed-off-by: Vikram Dattu <vikram.dattu@espressif.com>
2020-04-01 11:04:09 +00:00
Aditya Patwardhan
d712453114
esp_tls_wolfssl: Added mutex to allow only one TLS conn using PSK at a time
2020-03-26 17:30:05 +05:30
Aditya Patwardhan
46643ab40f
esp_tls_wolfssl: Add support for PSK using wolfSSL,
...
enable SNI and ALPN
2020-03-26 16:02:57 +05:30
Aditya Patwardhan
874e987a3b
esp_tls: change argument pointer type to (void *) for esp_crt_bundle_attach
2020-03-11 15:54:05 +05:30
Marius Vikhammer
947e3e94ed
Add ESP certificate bundle feature
...
Adds the ESP certificate bundle feature that enables users to bundle a
root certificate bundle together with their application.
Default bundle includes all Mozilla root certificates
Closes IDF-296
2020-03-04 10:51:43 +08:00
Aditya Patwardhan
c6ad650796
esp_tls_wolfssl: Add support for DER formatted certificates
2020-02-27 15:20:22 +05:30
Aditya Patwardhan
0a25922043
esp_tls_wolfssl: 1) Fix SNI for wolfSSL
...
2) Fix error captures
3) Add error flags specific wolfSSL
4) make respective changes to esp_err_to_name.c
2020-02-27 15:20:22 +05:30
Aditya Patwardhan
d35862b662
esp-tls: Add support for https_server using wolfSSL
2020-02-27 15:20:22 +05:30
Angus Gratton
3f532c8895
Merge branch 'bugfix/esp_tls_blocking_timeout' into 'master'
...
esp-tls: add timeout for blocking connection
See merge request espressif/esp-idf!7316
2020-01-20 09:35:23 +08:00
David Cermak
98cf3142fa
esp_tls: fail connection if esp_tls_conn_new() timeouts
2020-01-16 07:32:19 +00:00
David Cermak
aa3b1da384
esp_tls: added connection timeout to esp_tls_conn_new_sync()
2020-01-16 07:32:19 +00:00
Aditya Patwardhan
c7418042b4
esp32/esp-tls: provide API to retrieve sockfd value from esp_tls_t
2020-01-16 12:27:44 +05:30
David Cermak
b69ac4448e
tcp_transport: added API for client-key password
2020-01-06 21:16:24 +00:00
Ivan Grokhotkov
87a41fabfa
esp-tls: check return value of fcntl
2019-12-11 14:53:27 +01:00
Marius Vikhammer
ed85046138
tcp_transport: added functionality for using ALPN with SSL
...
Closes IDF-1160
2019-11-13 11:33:13 +08:00
Aditya Patwardhan
988f0c8feb
ESP_TLS: Generalizing error messages for esp_tls
...
:Replace mbedtls specific error messages
2019-10-28 16:05:31 +05:30
Aditya Patwardhan
f7eaa5f946
ESP_TLS: Restructuring esp_tls
...
1)Segregating mbedtls API into seperate file and cleaned esp_tls.c
2)Added support for wolfssl for CMake and make
3)Added support for debug_wolfssl (with menuconfig option)
4)Added info on wolfssl in ESP-TLS docs
2019-10-28 16:05:22 +05:30
David Cermak
a9e63d947b
esp-tls: Added support for fragmenting outgoing data in tls_write(), for cases of out data being larger than the maximum out buffer of underlying tls-stack.
2019-10-22 08:49:42 +00:00
Aditya Patwardhan
9f86f969b2
ESP32/esp-tls: include esp_err.h in esp_tls.h
...
Closes https://github.com/espressif/esp-idf/issues/4100
2019-10-07 19:47:32 +08:00
Liu Han
3ca07b3e70
fix(transport): Fix a bug of the connection whether be active or not by timeout option when the select function return a correct value.
2019-09-12 13:55:47 +08:00
Angus Gratton
e8bdfe07ae
Merge branch 'feature/tls_psk_authentication' into 'master'
...
esp_tls: add psk verification mode
Closes IDFGH-992
See merge request espressif/esp-idf!5095
2019-08-12 12:45:34 +08:00
Renz Christian Bagaporo
4dd2b9edb1
components: fix incorrect include dir args
2019-08-09 08:40:17 +08:00
David Cermak
f3d6a34e7d
esp_tls: enable psk verification mode, added mqtt example using psk authentication
2019-08-07 14:27:40 +10:00
Angus Gratton
7ef5fa8a0a
Merge branch 'feature/transport_support_der_certs' into 'master'
...
tcp transport ssl DER-support
See merge request espressif/esp-idf!5627
2019-08-05 09:52:08 +08:00
David Cermak
25dd5e39af
esp-tls: Naming variables refering to certificates and keys in a neutral way to suggest that both PEM and DER format could be used, added comments descibing important details about using these formats
2019-08-02 09:25:16 +02:00
Henning Fleddermann
73624e8560
modify comments on esp_tls_cfg, to clarify that other formats besides PEM (such as DER) might be used as well depending on mbedtls-support
...
Signed-off-by: David Cermak <cermak@espressif.com>
2019-08-02 09:25:16 +02:00
Anton Maklakov
afbaf74007
tools: Mass fixing of empty prototypes (for -Wstrict-prototypes)
2019-08-01 16:28:56 +07:00
David Cermak
587739391c
esp-tls: extending error handle to contain error descriptors with last mbedtls failure and latest certificate verification result flags, reworked tcp_transport to use this error handle
2019-07-04 20:55:10 +02:00
David Cermak
2972f96982
esp-tls: capturing specific errors to be available in tcp_transport and then in application code
2019-07-04 20:55:10 +02:00
Jitin George
8950f94ec7
esp_tls: Add support for server side SSL/TLS connection
...
Currently, esp-tls supports creation of SSL/TLS connection on the client side.
This commit includes support for creating SSL/TLS connection on the server side.
2019-06-25 23:43:35 +00:00
Renz Christian Bagaporo
9eccd7c082
components: use new component registration api
2019-06-21 19:53:29 +08:00
Mahavir Jain
0a5dfd3717
mbedtls: add config option for setting debug level
...
Closes https://github.com/espressif/esp-idf/issues/3521
2019-06-06 18:28:19 +05:30
Jitin George
d1c6bbf42e
esp-tls: Add support to add CN from config and validate PEM buffers
2019-05-17 20:06:44 +05:30
Jitin George
77645472ae
esp_tls: fix incorrect closing of fd 0 on connection failure
...
Closes https://github.com/espressif/esp-idf/issues/3149
2019-04-15 10:59:50 +05:30
Paul Reimer
a1204f8b16
Add esp_tls_init_global_ca_store function to esp-tls, called from esp_tls_set_global_ca_store
...
Signed-off-by: Chirag Atal <chirag.atal@espressif.com>
Merges https://github.com/espressif/esp-idf/pull/2654
2019-01-14 08:25:56 +00:00
Jiang Jiang Jian
ef4a87d62e
Merge branch 'bugfix/http_literal_caseinsensitive' into 'master'
...
Compare case-insensitive URI schemes
See merge request idf/esp-idf!3558
2018-11-12 17:03:06 +08:00
Stephen Bird
0c9f7271a9
Add checks to for CONFIG_MBEDTLS_SSL_ALPN
...
Merges https://github.com/espressif/esp-idf/pull/2569
2018-11-08 15:57:13 +05:30
Ivan Grokhotkov
13046e7625
Merge branch 'bugfix/esp-tls-doc' into 'master'
...
esp-tls: Fix documentaion issue in esp_tls_conn_new_async API
See merge request idf/esp-idf!3545
2018-11-05 12:30:22 +08:00
David Cermak
0cdb33c9dd
mqtt: ssl mutual authentication example added per PR from github, corrected cmake build, updated per idf style
...
Merges https://github.com/espressif/esp-idf/pull/2490
2018-10-30 08:04:09 +01:00
Riccardo Binetti
dec70a7601
esp-tls: add support for mutual SSL authentication
...
Signed-off-by: David Cermak <cermak@espressif.com>
2018-10-30 08:04:09 +01:00
Anton Maklakov
6e6f07ba59
http: Compare case-insensitive URI schemes like as in other places
2018-10-25 21:03:44 +08:00
Jitin George
e37aba0d93
esp-tls: Fix documentaion issue in esp_tls_conn_new_async API
...
Closes https://github.com/espressif/esp-idf/issues/2576
2018-10-25 09:13:49 +00:00
Chirag Atal
b7cca3c414
Feature: Support for global CA store.
...
Added a new API esp_tls_set_global_ca_store(esp_tls_cfg_t *cfg) which creates a global_cacert which can be used by multiple connections by setting the use_global_ca_store variable to true in their respective structure of esp_tls_cfg_t. Also changed the cacert in the structure of esp_tls_t to a pointer.
2018-10-05 19:35:57 +05:30
Jitin George
0aec63c18e
examples/protocols/esp_http_client: Add example for asynchronous HTTP request
2018-09-24 05:42:28 +00:00
Jitin George
1be97fad09
esp-tls: Add support for non blocking connect
2018-09-24 05:42:28 +00:00
Renz Christian Bagaporo
d9939cedd9
cmake: make main a component again
2018-09-11 09:44:12 +08:00
Angus Gratton
a9c4ed7139
Merge branch 'master' into feature/cmake
2018-08-30 18:51:01 +08:00
Jitin George
7b56ae319d
esp-tls: Add support for network timeout
2018-08-21 09:07:07 +00:00
Angus Gratton
1cb5712463
cmake: Add component dependency support
...
Components should set the COMPONENT_REQUIRES & COMPONENT_PRIVATE_REQUIRES variables to define their
requirements.
2018-04-30 09:59:20 +10:00
Ivan Grokhotkov
50304d719e
Merge branch 'bugfix/esp_tls_error_logging' into 'master'
...
esp-tls: Expand error logging
See merge request idf/esp-idf!2284
2018-04-23 20:18:30 +08:00
redchenjs
854c5260d4
esp-tls: fix memory leak when using CA certification validation
2018-04-22 01:13:09 +08:00
Jitin George
d57495cb1c
esp-tls: Fix HTTP2 failure
...
Closes https://github.com/espressif/esp-idf/issues/1874
2018-04-20 16:59:36 +05:30
Angus Gratton
04103e96f5
esp-tls: Log errors for all "connection failed" code paths
2018-04-19 11:34:27 +10:00
Angus Gratton
507ca8196c
esp-tls: Allow esp_tls_conn_delete() to be called with a NULL pointer
2018-04-19 11:34:06 +10:00
Jitin George
0d0445103b
esp-tls: Fix connection failure when esp-tls config is empty
2018-04-13 16:58:19 +05:30
Jitin George
b09c3e9878
mbedtls integration in esp-tls
2018-04-06 17:16:27 +05:30
Jitin George
30b50cbfb3
esp-tls header file name change
2018-04-06 17:16:27 +05:30
Jitin George
e29294b49a
Resolved Issues
2018-04-06 17:16:27 +05:30
Jitin George
8a1dcc0765
CA Certificate verification
2018-04-06 17:16:27 +05:30
Kedar Sovani
8211a16207
Use esp-tls in the http2 example
2018-04-06 17:16:27 +05:30
Kedar Sovani
070884fc2e
Include error log in case of error
2018-04-06 17:13:14 +05:30
Kedar Sovani
433bd8c91c
Minor fixes
2018-04-06 17:13:14 +05:30
Kedar Sovani
1c72c8d126
Supports TLS with HTTP2 client
2018-04-06 17:13:14 +05:30
Kedar Sovani
eb051fe72f
Minor fixes
2018-04-06 17:13:14 +05:30
Anuj Deshpande
adbcaf8938
Cast to remove warnings
2018-04-06 17:13:14 +05:30
Kedar Sovani
e45024e088
Don't use 'port' number for DNS query
...
- In some cases where the HTTP URL contains the port number
(http://hostname:334 ), the DNS querier fails to resolve the hostname.
- Hence we have to populate the port number ourselves.
- This can only be done based on whether we get an IPv4 or IPv6
address.
2018-04-06 17:13:14 +05:30
Kedar Sovani
306d59d32c
Make read/write function pointers
...
as per Ivan's feedback
2018-04-06 17:13:14 +05:30
Kedar Sovani
7f35c4ff3e
esp-tls: Basic structure
...
Purpose:
1. TLS calls can be too many, and require a user to know the expected behaviour. A simple TLS socket wrapper that can be used in any higher level protocol.
2. Uses OpenSSL compatibility layer, so applications using esp-tls can be built on the host, and it should just work on ESP
2018-04-06 17:13:14 +05:30