diff --git a/main/https_mbedtls_example_main.c b/main/https_mbedtls_example_main.c index 8ed044e..0eaa0f1 100644 --- a/main/https_mbedtls_example_main.c +++ b/main/https_mbedtls_example_main.c @@ -1,26 +1,3 @@ -/* HTTPS GET Example using plain mbedTLS sockets - * - * Contacts the howsmyssl.com API via TLS v1.2 and reads a JSON - * response. - * - * Adapted from the ssl_client1 example in mbedtls. - * - * Original Copyright (C) 2006-2016, ARM Limited, All Rights Reserved, Apache 2.0 License. - * Additions Copyright (C) Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD, Apache 2.0 License. - * - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ #include #include #include "freertos/FreeRTOS.h" @@ -58,9 +35,10 @@ static const char *TAG = "example"; static const char *REQUEST = "GET " WEB_URL " HTTP/1.1\r\n" - "Host: "WEB_SERVER"\r\n" - "User-Agent: esp-idf/1.0 esp32\r\n" - "\r\n"; + "Host: "WEB_SERVER"\r\n" + "User-Agent: esp-idf/1.0 esp32\r\n" + "Authorization: Basic b3RhOnB3\r\n" //base64("username:password") + "\r\n"; static void https_get_task(void *pvParameters) @@ -101,7 +79,7 @@ static void https_get_task(void *pvParameters) ESP_LOGI(TAG, "Setting hostname for TLS session..."); - /* Hostname set here should match CN in server certificate */ + /* Hostname set here should match CN in server certificate */ if((ret = mbedtls_ssl_set_hostname(&ssl, WEB_SERVER)) != 0) { ESP_LOGE(TAG, "mbedtls_ssl_set_hostname returned -0x%x", -ret); @@ -119,17 +97,9 @@ static void https_get_task(void *pvParameters) goto exit; } - /* MBEDTLS_SSL_VERIFY_OPTIONAL is bad for security, in this example it will print - a warning if CA verification fails but it will continue to connect. - - You should consider using MBEDTLS_SSL_VERIFY_REQUIRED in your own code. - */ - mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL); + mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED); mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); -#ifdef CONFIG_MBEDTLS_DEBUG - mbedtls_esp_enable_debug_log(&conf, CONFIG_MBEDTLS_DEBUG_LEVEL); -#endif if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) { @@ -137,127 +107,136 @@ static void https_get_task(void *pvParameters) goto exit; } - mbedtls_net_init(&server_fd); + mbedtls_net_init(&server_fd); - ESP_LOGI(TAG, "Connecting to %s:%s...", WEB_SERVER, WEB_PORT); + ESP_LOGI(TAG, "Connecting to %s:%s...", WEB_SERVER, WEB_PORT); - if ((ret = mbedtls_net_connect(&server_fd, WEB_SERVER, - WEB_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) + if ((ret = mbedtls_net_connect(&server_fd, WEB_SERVER, + WEB_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) + { + ESP_LOGE(TAG, "mbedtls_net_connect returned -%x", -ret); + goto exit; + } + + ESP_LOGI(TAG, "Connected."); + + mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL); + + ESP_LOGI(TAG, "Performing the SSL/TLS handshake..."); + + while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) + { + if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { - ESP_LOGE(TAG, "mbedtls_net_connect returned -%x", -ret); + ESP_LOGE(TAG, "mbedtls_ssl_handshake returned -0x%x", -ret); goto exit; } + } - ESP_LOGI(TAG, "Connected."); + ESP_LOGI(TAG, "Verifying peer X.509 certificate..."); - mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL); + if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) + { + /* In real life, we probably want to close connection if ret != 0 */ + ESP_LOGW(TAG, "Failed to verify peer certificate!"); + bzero(buf, sizeof(buf)); + mbedtls_x509_crt_verify_info(buf, sizeof(buf), " ! ", flags); + ESP_LOGW(TAG, "verification info: %s", buf); + } + else { + ESP_LOGI(TAG, "Certificate verified."); + } - ESP_LOGI(TAG, "Performing the SSL/TLS handshake..."); + ESP_LOGI(TAG, "Cipher suite is %s", mbedtls_ssl_get_ciphersuite(&ssl)); - while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) - { - if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) - { - ESP_LOGE(TAG, "mbedtls_ssl_handshake returned -0x%x", -ret); - goto exit; - } + ESP_LOGI(TAG, "Writing HTTP request..."); + + size_t written_bytes = 0; + while(written_bytes < strlen(REQUEST)) { + ret = mbedtls_ssl_write(&ssl, + (const unsigned char *)REQUEST + written_bytes, + strlen(REQUEST) - written_bytes); + if (ret >= 0) { + ESP_LOGI(TAG, "%d bytes written", ret); + written_bytes += ret; + } else if (ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_WANT_READ) { + ESP_LOGE(TAG, "mbedtls_ssl_write returned -0x%x", -ret); + goto exit; + } + } + + ESP_LOGI(TAG, "Reading HTTP response..."); + + //do + /// { + len = sizeof(buf) - 1; + bzero(buf, sizeof(buf)); + ret = mbedtls_ssl_read(&ssl, (unsigned char *)buf, len); + + if(ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) + // continue; + + if(ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) { + ret = 0; + // break; } - ESP_LOGI(TAG, "Verifying peer X.509 certificate..."); + if(ret < 0) + { + ESP_LOGE(TAG, "mbedtls_ssl_read returned -0x%x", -ret); + // break; + } - if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) - { - /* In real life, we probably want to close connection if ret != 0 */ - ESP_LOGW(TAG, "Failed to verify peer certificate!"); - bzero(buf, sizeof(buf)); - mbedtls_x509_crt_verify_info(buf, sizeof(buf), " ! ", flags); - ESP_LOGW(TAG, "verification info: %s", buf); - } - else { - ESP_LOGI(TAG, "Certificate verified."); - } + if(ret == 0) + { + ESP_LOGI(TAG, "connection closed"); + // break; + } - ESP_LOGI(TAG, "Cipher suite is %s", mbedtls_ssl_get_ciphersuite(&ssl)); + len = ret; - ESP_LOGI(TAG, "Writing HTTP request..."); + ESP_LOGI(TAG, "%d bytes read", len); - size_t written_bytes = 0; - do { - ret = mbedtls_ssl_write(&ssl, - (const unsigned char *)REQUEST + written_bytes, - strlen(REQUEST) - written_bytes); - if (ret >= 0) { - ESP_LOGI(TAG, "%d bytes written", ret); - written_bytes += ret; - } else if (ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_WANT_READ) { - ESP_LOGE(TAG, "mbedtls_ssl_write returned -0x%x", -ret); - goto exit; - } - } while(written_bytes < strlen(REQUEST)); + /* Print response directly to stdout as it is read */ + for(int i = 0; i < len; i++) { + putchar(buf[i]); + //printf("0x%x ", buf[i]); + } + printf("\n"); - ESP_LOGI(TAG, "Reading HTTP response..."); + // } while(1); - //do - /// { - len = sizeof(buf) - 1; - bzero(buf, sizeof(buf)); - ret = mbedtls_ssl_read(&ssl, (unsigned char *)buf, len); + ret = mbedtls_ssl_close_notify(&ssl); - if(ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) - // continue; + if(ret != 0) + { + ESP_LOGE(TAG, "mbedtls_ssl_close_notify returned 0x%x", ret); + } + - if(ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) { - ret = 0; - // break; - } +exit: + mbedtls_ssl_session_reset(&ssl); + mbedtls_net_free(&server_fd); - if(ret < 0) - { - ESP_LOGE(TAG, "mbedtls_ssl_read returned -0x%x", -ret); - // break; - } + if(ret != 0) + { + mbedtls_strerror(ret, buf, 100); + ESP_LOGE(TAG, "Last error was: -0x%x - %s", -ret, buf); + } - if(ret == 0) - { - ESP_LOGI(TAG, "connection closed"); - // break; - } + putchar('\n'); // JSON output doesn't have a newline at end - ESP_LOGE(TAG, "mbedtls_ssl_read returned -0x%x", ret); - - len = ret; - ESP_LOGD(TAG, "%d bytes read", len); - /* Print response directly to stdout as it is read */ - for(int i = 0; i < len; i++) { - putchar(buf[i]); - } - // } while(1); + static int request_count; + ESP_LOGI(TAG, "Completed %d requests", ++request_count); - mbedtls_ssl_close_notify(&ssl); - exit: - mbedtls_ssl_session_reset(&ssl); - mbedtls_net_free(&server_fd); + ESP_LOGI(TAG, "going into endless loop!"); - if(ret != 0) - { - mbedtls_strerror(ret, buf, 100); - ESP_LOGE(TAG, "Last error was: -0x%x - %s", -ret, buf); - } - putchar('\n'); // JSON output doesn't have a newline at end + while(1) { - static int request_count; - ESP_LOGI(TAG, "Completed %d requests", ++request_count); + } - - ESP_LOGI(TAG, "going into endless loop!"); - - - while(1){ - - } - } void app_main(void)