From 8c7dfef3173f03e7fd498ad3584cc76854e99010 Mon Sep 17 00:00:00 2001 From: Dong Heng Date: Wed, 21 Dec 2016 12:04:26 +0800 Subject: [PATCH] examples/10_openssl_server: fixup SSL server with method of specific version 1. add method of any version supporting at OpenSSL and add API in header file 2. change OpenSSL server context method to be method of any version Fixes http://esp32.com/viewtopic.php?f=14&t=696. --- components/openssl/include/openssl/ssl.h | 18 +++++++++++++++++ components/openssl/platform/ssl_pm.c | 3 +++ examples/10_openssl_server/README.md | 2 +- .../10_openssl_server/main/Kconfig.projbuild | 2 +- .../10_openssl_server/main/openssl_server.c | 20 +++++++++++++------ .../10_openssl_server/main/openssl_server.h | 6 ++++-- 6 files changed, 41 insertions(+), 10 deletions(-) mode change 100644 => 100755 components/openssl/include/openssl/ssl.h mode change 100644 => 100755 components/openssl/platform/ssl_pm.c mode change 100644 => 100755 examples/10_openssl_server/README.md mode change 100644 => 100755 examples/10_openssl_server/main/Kconfig.projbuild mode change 100644 => 100755 examples/10_openssl_server/main/openssl_server.c mode change 100644 => 100755 examples/10_openssl_server/main/openssl_server.h diff --git a/components/openssl/include/openssl/ssl.h b/components/openssl/include/openssl/ssl.h old mode 100644 new mode 100755 index 7f8eb88302fc..39d4bf737c2c --- a/components/openssl/include/openssl/ssl.h +++ b/components/openssl/include/openssl/ssl.h @@ -214,6 +214,14 @@ const SSL_METHOD* TLSv1_1_client_method(void); */ const SSL_METHOD* TLSv1_2_client_method(void); +/** + * @brief create the target SSL context server method + * + * @param none + * + * @return the TLS any version SSL context client method + */ +const SSL_METHOD* TLS_client_method(void); /** * @brief create the target SSL context server method @@ -260,6 +268,16 @@ const SSL_METHOD* TLSv1_server_method(void); */ const SSL_METHOD* SSLv3_server_method(void); +/** + * @brief create the target SSL context server method + * + * @param none + * + * @return the TLS any version SSL context server method + */ +const SSL_METHOD* TLS_server_method(void); + + /** * @brief set the SSL context ALPN select callback function * diff --git a/components/openssl/platform/ssl_pm.c b/components/openssl/platform/ssl_pm.c old mode 100644 new mode 100755 index 522721ad7c86..15015107f0bf --- a/components/openssl/platform/ssl_pm.c +++ b/components/openssl/platform/ssl_pm.c @@ -125,6 +125,9 @@ int ssl_pm_new(SSL *ssl) mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, version); mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, version); + } else { + mbedtls_ssl_conf_max_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3); + mbedtls_ssl_conf_min_version(&ssl_pm->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_0); } mbedtls_ssl_conf_rng(&ssl_pm->conf, mbedtls_ctr_drbg_random, &ssl_pm->ctr_drbg); diff --git a/examples/10_openssl_server/README.md b/examples/10_openssl_server/README.md old mode 100644 new mode 100755 index 333cb3d6a629..984a83c308e3 --- a/examples/10_openssl_server/README.md +++ b/examples/10_openssl_server/README.md @@ -5,7 +5,7 @@ The Example contains of OpenSSL server demo. First you should configure the project by "make menuconfig": Example Configuration -> 1. WIFI SSID: WIFI network to which your PC is also connected to. - 1. WIFI Password: WIFI password + 2. WIFI Password: WIFI password IF you want to test the OpenSSL server demo: 1. compile the code and load the firmware diff --git a/examples/10_openssl_server/main/Kconfig.projbuild b/examples/10_openssl_server/main/Kconfig.projbuild old mode 100644 new mode 100755 index 7a9cb97a0e0e..176d8fb33439 --- a/examples/10_openssl_server/main/Kconfig.projbuild +++ b/examples/10_openssl_server/main/Kconfig.projbuild @@ -12,4 +12,4 @@ config WIFI_PASSWORD help WiFi password (WPA or WPA2) for the example to use. -endmenu \ No newline at end of file +endmenu diff --git a/examples/10_openssl_server/main/openssl_server.c b/examples/10_openssl_server/main/openssl_server.c old mode 100644 new mode 100755 index 756c1407f559..1eea2110cee7 --- a/examples/10_openssl_server/main/openssl_server.c +++ b/examples/10_openssl_server/main/openssl_server.c @@ -43,7 +43,8 @@ const static char *TAG = "Openssl_demo"; "OpenSSL demo\r\n" \ "OpenSSL server demo!\r\n" \ "\r\n" \ - "\r\n" + "\r\n" \ + "\r\n" static void openssl_demo_thread(void *p) { @@ -70,7 +71,7 @@ static void openssl_demo_thread(void *p) const unsigned int prvtkey_pem_bytes = prvtkey_pem_end - prvtkey_pem_start; ESP_LOGI(TAG, "SSL server context create ......"); - ctx = SSL_CTX_new(SSLv3_server_method()); + ctx = SSL_CTX_new(TLS_server_method()); if (!ctx) { ESP_LOGI(TAG, "failed"); goto failed1; @@ -155,14 +156,21 @@ static void openssl_demo_thread(void *p) if (ret <= 0) { break; } - if (strstr(recv_buf, "GET / HTTP/1.1")) { - SSL_write(ssl, send_data, send_bytes); + ESP_LOGI(TAG, "SSL read: %s", recv_buf); + if (strstr(recv_buf, "GET ") && + strstr(recv_buf, " HTTP/1.1")) { + ESP_LOGI(TAG, "SSL get matched message") + ESP_LOGI(TAG, "SSL write message") + ret = SSL_write(ssl, send_data, send_bytes); + if (ret > 0) { + ESP_LOGI(TAG, "OK") + } else { + ESP_LOGI(TAG, "error") + } break; } } while (1); - ESP_LOGI(TAG, "result %d", ret); - SSL_shutdown(ssl); failed5: close(new_socket); diff --git a/examples/10_openssl_server/main/openssl_server.h b/examples/10_openssl_server/main/openssl_server.h old mode 100644 new mode 100755 index 5f49de35f29b..51708535f520 --- a/examples/10_openssl_server/main/openssl_server.h +++ b/examples/10_openssl_server/main/openssl_server.h @@ -7,8 +7,10 @@ CONDITIONS OF ANY KIND, either express or implied. */ -#ifndef _OPENSSL_DEMO_H_ -#define _OPENSSL_DEMO_H_ +#ifndef _OPENSSL_SERVER_H_ +#define _OPENSSL_SERVER_H_ + +#include "sdkconfig.h" /* The examples use simple WiFi configuration that you can set via 'make menuconfig'.