Merge branch 'feature/openssl' into 'master'

examples/10_openssl_server: fixup SSL server with method of specific version 1. add method of any version supporting at OpenSSL and add API in header file 2. change OpenSSL server context method to be method of any version Fixes http://esp32.com/viewtopic.php?f=14&t=696. See merge request !369
adrianM27 · Jan 10, 2017 · fb70126 · fb70126
2 parents f89de9c + 8c7dfef
commit fb70126
Show file tree

Hide file tree

Showing 6 changed files with 41 additions and 10 deletions.
diff --git a/components/openssl/include/openssl/ssl.h b/components/openssl/include/openssl/ssl.h
@@ -214,6 +214,14 @@ const SSL_METHOD* TLSv1_1_client_method(void);
  */
 const SSL_METHOD* TLSv1_2_client_method(void);
 
+/**
+ * @brief create the target SSL context server method
+ *
+ * @param none
+ *
+ * @return the TLS any version SSL context client method
+ */
+const SSL_METHOD* TLS_client_method(void);
 
 /**
  * @brief create the target SSL context server method
@@ -260,6 +268,16 @@ const SSL_METHOD* TLSv1_server_method(void);
  */
 const SSL_METHOD* SSLv3_server_method(void);
 
+/**
+ * @brief create the target SSL context server method
+ *
+ * @param none
+ *
+ * @return the TLS any version SSL context server method
+ */
+const SSL_METHOD* TLS_server_method(void);
+
+
 /**
  * @brief set the SSL context ALPN select callback function
  *

diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c
@@ -125,6 +125,9 @@ int ssl_pm_new(SSL *ssl)
 
         mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, version);
         mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, version);
+    } else {
+        mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3);
+        mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0);
     }
 
     mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg);

diff --git a/examples/10_openssl_server/README.md b/examples/10_openssl_server/README.md
@@ -5,7 +5,7 @@ The Example contains of OpenSSL server demo.
 First you should configure the project by "make menuconfig":
   Example Configuration -> 
     1. WIFI SSID: WIFI network to which your PC is also connected to. 
-    1. WIFI Password: WIFI password
+    2. WIFI Password: WIFI password
 
 IF you want to test the OpenSSL server demo: 
   1. compile the code and load the firmware 

diff --git a/examples/10_openssl_server/main/Kconfig.projbuild b/examples/10_openssl_server/main/Kconfig.projbuild
@@ -12,4 +12,4 @@ config WIFI_PASSWORD
     help
         WiFi password (WPA or WPA2) for the example to use.
 
-endmenu
+endmenu
diff --git a/examples/10_openssl_server/main/openssl_server.c b/examples/10_openssl_server/main/openssl_server.c
@@ -43,7 +43,8 @@ const static char *TAG = "Openssl_demo";
                                 "<title>OpenSSL demo</title></head><body>\r\n" \
                                 "OpenSSL server demo!\r\n" \
                                 "</body>\r\n" \
-                                "</html>\r\n"
+                                "</html>\r\n" \
+                                "\r\n"
 
 static void openssl_demo_thread(void *p)
 {
@@ -70,7 +71,7 @@ static void openssl_demo_thread(void *p)
     const unsigned int prvtkey_pem_bytes = prvtkey_pem_end - prvtkey_pem_start;   
 
     ESP_LOGI(TAG, "SSL server context create ......");
-    ctx = SSL_CTX_new(SSLv3_server_method());
+    ctx = SSL_CTX_new(TLS_server_method());
     if (!ctx) {
         ESP_LOGI(TAG, "failed");
         goto failed1;
@@ -155,14 +156,21 @@ static void openssl_demo_thread(void *p)
         if (ret <= 0) {
             break;
         }
-        if (strstr(recv_buf, "GET / HTTP/1.1")) {
-            SSL_write(ssl, send_data, send_bytes);
+        ESP_LOGI(TAG, "SSL read: %s", recv_buf);
+        if (strstr(recv_buf, "GET ") &&
+            strstr(recv_buf, " HTTP/1.1")) {
+            ESP_LOGI(TAG, "SSL get matched message")
+            ESP_LOGI(TAG, "SSL write message")
+            ret = SSL_write(ssl, send_data, send_bytes);
+            if (ret > 0) {
+                ESP_LOGI(TAG, "OK")
+            } else {
+                ESP_LOGI(TAG, "error")
+            }
             break;
         }
     } while (1);
 
-    ESP_LOGI(TAG, "result %d", ret);
-
     SSL_shutdown(ssl);
 failed5:
     close(new_socket);

diff --git a/examples/10_openssl_server/main/openssl_server.h b/examples/10_openssl_server/main/openssl_server.h
@@ -7,8 +7,10 @@
    CONDITIONS OF ANY KIND, either express or implied.
 */
 
-#ifndef _OPENSSL_DEMO_H_
-#define _OPENSSL_DEMO_H_
+#ifndef _OPENSSL_SERVER_H_
+#define _OPENSSL_SERVER_H_
+
+#include "sdkconfig.h"
 
 /* The examples use simple WiFi configuration that you can set via
    'make menuconfig'.
-Original file line number
+Diff line change
@@ Expand Up / @@ -12,4 +12,4 @@ config WIFI_PASSWORD @@
         help
             WiFi password (WPA or WPA2) for the example to use.
-    endmenu
+    endmenu