added auth
This commit is contained in:
parent
4ec9fecee5
commit
a787a18d21
|
@ -1,26 +1,3 @@
|
||||||
/* HTTPS GET Example using plain mbedTLS sockets
|
|
||||||
*
|
|
||||||
* Contacts the howsmyssl.com API via TLS v1.2 and reads a JSON
|
|
||||||
* response.
|
|
||||||
*
|
|
||||||
* Adapted from the ssl_client1 example in mbedtls.
|
|
||||||
*
|
|
||||||
* Original Copyright (C) 2006-2016, ARM Limited, All Rights Reserved, Apache 2.0 License.
|
|
||||||
* Additions Copyright (C) Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD, Apache 2.0 License.
|
|
||||||
*
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include "freertos/FreeRTOS.h"
|
#include "freertos/FreeRTOS.h"
|
||||||
|
@ -58,9 +35,10 @@
|
||||||
static const char *TAG = "example";
|
static const char *TAG = "example";
|
||||||
|
|
||||||
static const char *REQUEST = "GET " WEB_URL " HTTP/1.1\r\n"
|
static const char *REQUEST = "GET " WEB_URL " HTTP/1.1\r\n"
|
||||||
"Host: "WEB_SERVER"\r\n"
|
"Host: "WEB_SERVER"\r\n"
|
||||||
"User-Agent: esp-idf/1.0 esp32\r\n"
|
"User-Agent: esp-idf/1.0 esp32\r\n"
|
||||||
"\r\n";
|
"Authorization: Basic b3RhOnB3\r\n" //base64("username:password")
|
||||||
|
"\r\n";
|
||||||
|
|
||||||
|
|
||||||
static void https_get_task(void *pvParameters)
|
static void https_get_task(void *pvParameters)
|
||||||
|
@ -101,7 +79,7 @@ static void https_get_task(void *pvParameters)
|
||||||
|
|
||||||
ESP_LOGI(TAG, "Setting hostname for TLS session...");
|
ESP_LOGI(TAG, "Setting hostname for TLS session...");
|
||||||
|
|
||||||
/* Hostname set here should match CN in server certificate */
|
/* Hostname set here should match CN in server certificate */
|
||||||
if((ret = mbedtls_ssl_set_hostname(&ssl, WEB_SERVER)) != 0)
|
if((ret = mbedtls_ssl_set_hostname(&ssl, WEB_SERVER)) != 0)
|
||||||
{
|
{
|
||||||
ESP_LOGE(TAG, "mbedtls_ssl_set_hostname returned -0x%x", -ret);
|
ESP_LOGE(TAG, "mbedtls_ssl_set_hostname returned -0x%x", -ret);
|
||||||
|
@ -119,17 +97,9 @@ static void https_get_task(void *pvParameters)
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* MBEDTLS_SSL_VERIFY_OPTIONAL is bad for security, in this example it will print
|
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
|
||||||
a warning if CA verification fails but it will continue to connect.
|
|
||||||
|
|
||||||
You should consider using MBEDTLS_SSL_VERIFY_REQUIRED in your own code.
|
|
||||||
*/
|
|
||||||
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
|
|
||||||
mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
|
mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
|
||||||
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
|
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
|
||||||
#ifdef CONFIG_MBEDTLS_DEBUG
|
|
||||||
mbedtls_esp_enable_debug_log(&conf, CONFIG_MBEDTLS_DEBUG_LEVEL);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0)
|
if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0)
|
||||||
{
|
{
|
||||||
|
@ -137,127 +107,136 @@ static void https_get_task(void *pvParameters)
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
mbedtls_net_init(&server_fd);
|
mbedtls_net_init(&server_fd);
|
||||||
|
|
||||||
ESP_LOGI(TAG, "Connecting to %s:%s...", WEB_SERVER, WEB_PORT);
|
ESP_LOGI(TAG, "Connecting to %s:%s...", WEB_SERVER, WEB_PORT);
|
||||||
|
|
||||||
if ((ret = mbedtls_net_connect(&server_fd, WEB_SERVER,
|
if ((ret = mbedtls_net_connect(&server_fd, WEB_SERVER,
|
||||||
WEB_PORT, MBEDTLS_NET_PROTO_TCP)) != 0)
|
WEB_PORT, MBEDTLS_NET_PROTO_TCP)) != 0)
|
||||||
|
{
|
||||||
|
ESP_LOGE(TAG, "mbedtls_net_connect returned -%x", -ret);
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
ESP_LOGI(TAG, "Connected.");
|
||||||
|
|
||||||
|
mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
|
||||||
|
|
||||||
|
ESP_LOGI(TAG, "Performing the SSL/TLS handshake...");
|
||||||
|
|
||||||
|
while ((ret = mbedtls_ssl_handshake(&ssl)) != 0)
|
||||||
|
{
|
||||||
|
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE)
|
||||||
{
|
{
|
||||||
ESP_LOGE(TAG, "mbedtls_net_connect returned -%x", -ret);
|
ESP_LOGE(TAG, "mbedtls_ssl_handshake returned -0x%x", -ret);
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
ESP_LOGI(TAG, "Connected.");
|
ESP_LOGI(TAG, "Verifying peer X.509 certificate...");
|
||||||
|
|
||||||
mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
|
if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0)
|
||||||
|
{
|
||||||
|
/* In real life, we probably want to close connection if ret != 0 */
|
||||||
|
ESP_LOGW(TAG, "Failed to verify peer certificate!");
|
||||||
|
bzero(buf, sizeof(buf));
|
||||||
|
mbedtls_x509_crt_verify_info(buf, sizeof(buf), " ! ", flags);
|
||||||
|
ESP_LOGW(TAG, "verification info: %s", buf);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
ESP_LOGI(TAG, "Certificate verified.");
|
||||||
|
}
|
||||||
|
|
||||||
ESP_LOGI(TAG, "Performing the SSL/TLS handshake...");
|
ESP_LOGI(TAG, "Cipher suite is %s", mbedtls_ssl_get_ciphersuite(&ssl));
|
||||||
|
|
||||||
while ((ret = mbedtls_ssl_handshake(&ssl)) != 0)
|
ESP_LOGI(TAG, "Writing HTTP request...");
|
||||||
{
|
|
||||||
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE)
|
size_t written_bytes = 0;
|
||||||
{
|
while(written_bytes < strlen(REQUEST)) {
|
||||||
ESP_LOGE(TAG, "mbedtls_ssl_handshake returned -0x%x", -ret);
|
ret = mbedtls_ssl_write(&ssl,
|
||||||
goto exit;
|
(const unsigned char *)REQUEST + written_bytes,
|
||||||
}
|
strlen(REQUEST) - written_bytes);
|
||||||
|
if (ret >= 0) {
|
||||||
|
ESP_LOGI(TAG, "%d bytes written", ret);
|
||||||
|
written_bytes += ret;
|
||||||
|
} else if (ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_WANT_READ) {
|
||||||
|
ESP_LOGE(TAG, "mbedtls_ssl_write returned -0x%x", -ret);
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
ESP_LOGI(TAG, "Reading HTTP response...");
|
||||||
|
|
||||||
|
//do
|
||||||
|
/// {
|
||||||
|
len = sizeof(buf) - 1;
|
||||||
|
bzero(buf, sizeof(buf));
|
||||||
|
ret = mbedtls_ssl_read(&ssl, (unsigned char *)buf, len);
|
||||||
|
|
||||||
|
if(ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE)
|
||||||
|
// continue;
|
||||||
|
|
||||||
|
if(ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
|
||||||
|
ret = 0;
|
||||||
|
// break;
|
||||||
}
|
}
|
||||||
|
|
||||||
ESP_LOGI(TAG, "Verifying peer X.509 certificate...");
|
if(ret < 0)
|
||||||
|
{
|
||||||
|
ESP_LOGE(TAG, "mbedtls_ssl_read returned -0x%x", -ret);
|
||||||
|
// break;
|
||||||
|
}
|
||||||
|
|
||||||
if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0)
|
if(ret == 0)
|
||||||
{
|
{
|
||||||
/* In real life, we probably want to close connection if ret != 0 */
|
ESP_LOGI(TAG, "connection closed");
|
||||||
ESP_LOGW(TAG, "Failed to verify peer certificate!");
|
// break;
|
||||||
bzero(buf, sizeof(buf));
|
}
|
||||||
mbedtls_x509_crt_verify_info(buf, sizeof(buf), " ! ", flags);
|
|
||||||
ESP_LOGW(TAG, "verification info: %s", buf);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
ESP_LOGI(TAG, "Certificate verified.");
|
|
||||||
}
|
|
||||||
|
|
||||||
ESP_LOGI(TAG, "Cipher suite is %s", mbedtls_ssl_get_ciphersuite(&ssl));
|
len = ret;
|
||||||
|
|
||||||
ESP_LOGI(TAG, "Writing HTTP request...");
|
ESP_LOGI(TAG, "%d bytes read", len);
|
||||||
|
|
||||||
size_t written_bytes = 0;
|
/* Print response directly to stdout as it is read */
|
||||||
do {
|
for(int i = 0; i < len; i++) {
|
||||||
ret = mbedtls_ssl_write(&ssl,
|
putchar(buf[i]);
|
||||||
(const unsigned char *)REQUEST + written_bytes,
|
//printf("0x%x ", buf[i]);
|
||||||
strlen(REQUEST) - written_bytes);
|
}
|
||||||
if (ret >= 0) {
|
printf("\n");
|
||||||
ESP_LOGI(TAG, "%d bytes written", ret);
|
|
||||||
written_bytes += ret;
|
|
||||||
} else if (ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_WANT_READ) {
|
|
||||||
ESP_LOGE(TAG, "mbedtls_ssl_write returned -0x%x", -ret);
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
} while(written_bytes < strlen(REQUEST));
|
|
||||||
|
|
||||||
ESP_LOGI(TAG, "Reading HTTP response...");
|
// } while(1);
|
||||||
|
|
||||||
//do
|
ret = mbedtls_ssl_close_notify(&ssl);
|
||||||
/// {
|
|
||||||
len = sizeof(buf) - 1;
|
|
||||||
bzero(buf, sizeof(buf));
|
|
||||||
ret = mbedtls_ssl_read(&ssl, (unsigned char *)buf, len);
|
|
||||||
|
|
||||||
if(ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE)
|
if(ret != 0)
|
||||||
// continue;
|
{
|
||||||
|
ESP_LOGE(TAG, "mbedtls_ssl_close_notify returned 0x%x", ret);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
if(ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
|
exit:
|
||||||
ret = 0;
|
mbedtls_ssl_session_reset(&ssl);
|
||||||
// break;
|
mbedtls_net_free(&server_fd);
|
||||||
}
|
|
||||||
|
|
||||||
if(ret < 0)
|
if(ret != 0)
|
||||||
{
|
{
|
||||||
ESP_LOGE(TAG, "mbedtls_ssl_read returned -0x%x", -ret);
|
mbedtls_strerror(ret, buf, 100);
|
||||||
// break;
|
ESP_LOGE(TAG, "Last error was: -0x%x - %s", -ret, buf);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(ret == 0)
|
putchar('\n'); // JSON output doesn't have a newline at end
|
||||||
{
|
|
||||||
ESP_LOGI(TAG, "connection closed");
|
|
||||||
// break;
|
|
||||||
}
|
|
||||||
|
|
||||||
ESP_LOGE(TAG, "mbedtls_ssl_read returned -0x%x", ret);
|
static int request_count;
|
||||||
|
ESP_LOGI(TAG, "Completed %d requests", ++request_count);
|
||||||
len = ret;
|
|
||||||
ESP_LOGD(TAG, "%d bytes read", len);
|
|
||||||
/* Print response directly to stdout as it is read */
|
|
||||||
for(int i = 0; i < len; i++) {
|
|
||||||
putchar(buf[i]);
|
|
||||||
}
|
|
||||||
// } while(1);
|
|
||||||
|
|
||||||
mbedtls_ssl_close_notify(&ssl);
|
|
||||||
|
|
||||||
exit:
|
ESP_LOGI(TAG, "going into endless loop!");
|
||||||
mbedtls_ssl_session_reset(&ssl);
|
|
||||||
mbedtls_net_free(&server_fd);
|
|
||||||
|
|
||||||
if(ret != 0)
|
|
||||||
{
|
|
||||||
mbedtls_strerror(ret, buf, 100);
|
|
||||||
ESP_LOGE(TAG, "Last error was: -0x%x - %s", -ret, buf);
|
|
||||||
}
|
|
||||||
|
|
||||||
putchar('\n'); // JSON output doesn't have a newline at end
|
while(1) {
|
||||||
|
|
||||||
static int request_count;
|
}
|
||||||
ESP_LOGI(TAG, "Completed %d requests", ++request_count);
|
|
||||||
|
|
||||||
|
|
||||||
ESP_LOGI(TAG, "going into endless loop!");
|
|
||||||
|
|
||||||
|
|
||||||
while(1){
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void app_main(void)
|
void app_main(void)
|
||||||
|
|
Loading…
Reference in New Issue