From fe91357d76315f6de06a78ec99c213ae8bb948c7 Mon Sep 17 00:00:00 2001 From: RobertByrnes Date: Wed, 10 Apr 2024 21:16:58 +0100 Subject: [PATCH 1/4] fix: compatibility with WifiClientSecure.h --- src/SSLClient.cpp | 4 +- src/SSLClient.h | 8 +-- src/{ssl_client.cpp => ssl__client.cpp} | 88 ++++++++++++------------- src/ssl__client.h | 71 ++++++++++++++++++++ src/ssl_client.h | 71 -------------------- test/unit_test_private_api.cpp | 12 ++-- 6 files changed, 127 insertions(+), 127 deletions(-) rename src/{ssl_client.cpp => ssl__client.cpp} (91%) create mode 100644 src/ssl__client.h delete mode 100644 src/ssl_client.h diff --git a/src/SSLClient.cpp b/src/SSLClient.cpp index 4d5d9a5..204b023 100644 --- a/src/SSLClient.cpp +++ b/src/SSLClient.cpp @@ -31,7 +31,7 @@ */ SSLClient::SSLClient() { _connected = false; - sslclient = new sslclient_context; + sslclient = new sslclient__context; ssl_init(sslclient, nullptr); sslclient->handshake_timeout = 120000; _CA_cert = NULL; @@ -52,7 +52,7 @@ SSLClient::SSLClient() { */ SSLClient::SSLClient(Client* client) { _connected = false; - sslclient = new sslclient_context; + sslclient = new sslclient__context; ssl_init(sslclient, client); sslclient->handshake_timeout = 120000; _CA_cert = NULL; diff --git a/src/SSLClient.h b/src/SSLClient.h index df1db92..be397a9 100644 --- a/src/SSLClient.h +++ b/src/SSLClient.h @@ -16,16 +16,16 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ -#ifndef SSLClient_H -#define SSLClient_H +#ifndef SSLCLIENT_H +#define SSLCLIENT_H #include "Arduino.h" #include "IPAddress.h" -#include "ssl_client.h" +#include "ssl__client.h" class SSLClient : public Client { protected: - sslclient_context *sslclient; + sslclient__context *sslclient; int _lastError = 0; int _peek = -1; diff --git a/src/ssl_client.cpp b/src/ssl__client.cpp similarity index 91% rename from src/ssl_client.cpp rename to src/ssl__client.cpp index c7c23a8..ea2ceea 100644 --- a/src/ssl_client.cpp +++ b/src/ssl__client.cpp @@ -10,7 +10,7 @@ #include "Arduino.h" #include #include -#include "ssl_client.h" +#include "ssl__client.h" //#define ARDUHAL_LOG_LEVEL 5 //#include @@ -197,15 +197,15 @@ static int client_net_send(void *ctx, const unsigned char *buf, size_t len) { } /** - * \brief Initialize the sslclient_context struct. + * \brief Initialize the sslclient__context struct. * - * \param ssl_client sslclient_context* - The ssl client context. + * \param ssl_client sslclient__context* - The ssl client context. * \param client Client* - The client. */ -void ssl_init(sslclient_context *ssl_client, Client *client) { +void ssl_init(sslclient__context *ssl_client, Client *client) { log_d("Init SSL"); // reset embedded pointers to zero - memset(ssl_client, 0, sizeof(sslclient_context)); + memset(ssl_client, 0, sizeof(sslclient__context)); ssl_client->client = client; mbedtls_ssl_init(&ssl_client->ssl_ctx); mbedtls_ssl_config_init(&ssl_client->ssl_conf); @@ -225,7 +225,7 @@ void ssl_init(sslclient_context *ssl_client, Client *client) { * \param cli_key Pointer to the client key. */ void cleanup( - sslclient_context *ssl_client, + sslclient__context *ssl_client, bool ca_cert_initialized, bool client_cert_initialized, bool client_key_initialized, @@ -278,7 +278,7 @@ void log_failed_cert(int flags) { * \return 1 on successful SSL client start, 0 otherwise. */ int start_ssl_client( - sslclient_context *ssl_client, + sslclient__context *ssl_client, const char *host, uint32_t port, int timeout, @@ -357,7 +357,7 @@ int start_ssl_client( /** * \brief Initializes a TCP connection to a remote host on the specified port. * - * \param ssl_client sslclient_context* - The SSL client context. + * \param ssl_client sslclient__context* - The SSL client context. * \param host const char* - The host to connect to. * \param port uint32_t - The port to connect to. * @@ -369,7 +369,7 @@ int start_ssl_client( * SSL client context. It checks if the Client pointer within the context is valid, attempts to * establish the TCP connection, and returns appropriate error codes if any issues are encountered. */ -int init_tcp_connection(sslclient_context *ssl_client, const char *host, uint32_t port) { +int init_tcp_connection(sslclient__context *ssl_client, const char *host, uint32_t port) { Client *pClient = ssl_client->client; if (!pClient) { log_e("Client pointer is null."); @@ -389,7 +389,7 @@ int init_tcp_connection(sslclient_context *ssl_client, const char *host, uint32_ /** * \brief Seed the random number generator for SSL/TLS operations. * - * \param ssl_client sslclient_context* - The SSL client context. + * \param ssl_client sslclient__context* - The SSL client context. * * \return int 0 if the random number generator is successfully seeded. * \return int An error code if the seeding process fails. @@ -399,7 +399,7 @@ int init_tcp_connection(sslclient_context *ssl_client, const char *host, uint32_ * The DRBG is essential for generating secure cryptographic keys and nonces during SSL/TLS * communication. If successful, the function returns 0; otherwise, it returns an error code. */ -int seed_random_number_generator(sslclient_context *ssl_client) { +int seed_random_number_generator(sslclient__context *ssl_client) { log_v("Seeding the random number generator"); mbedtls_entropy_init(&ssl_client->entropy_ctx); log_v("Entropy context initialized"); @@ -411,7 +411,7 @@ int seed_random_number_generator(sslclient_context *ssl_client) { /** * \brief Set up SSL/TLS configuration with default settings. * - * \param ssl_client sslclient_context* - The SSL client context. + * \param ssl_client sslclient__context* - The SSL client context. * * \return int 0 if SSL/TLS configuration is successfully set up with defaults. * \return int An error code if the setup process fails. @@ -421,7 +421,7 @@ int seed_random_number_generator(sslclient_context *ssl_client) { * The SSL/TLS configuration is essential for establishing secure communication over the network. * If successful, the function returns 0; otherwise, it returns an error code. */ -int set_up_tls_defaults(sslclient_context *ssl_client) { +int set_up_tls_defaults(sslclient__context *ssl_client) { log_v("Setting up the SSL/TLS defaults..."); int ret = mbedtls_ssl_config_defaults(&ssl_client->ssl_conf, MBEDTLS_SSL_IS_CLIENT, @@ -432,7 +432,7 @@ int set_up_tls_defaults(sslclient_context *ssl_client) { /** * \brief Configure SSL/TLS authentication options based on provided parameters. * - * \param ssl_client sslclient_context* - The SSL client context. + * \param ssl_client sslclient__context* - The SSL client context. * \param rootCABuff const char* - The root CA certificate buffer. * \param ca_cert_initialized bool* - Indicates whether CA certificate is initialized. * \param pskIdent const char* - The PSK identity. @@ -449,7 +449,7 @@ int set_up_tls_defaults(sslclient_context *ssl_client) { * no verification. The function may modify the value pointed to by `func_ret` to indicate errors. * If successful, the function returns 0; otherwise, it returns an error code, -1 for a null context. */ -int auth_root_ca_buff(sslclient_context *ssl_client, const char *rootCABuff, bool *ca_cert_initialized, +int auth_root_ca_buff(sslclient__context *ssl_client, const char *rootCABuff, bool *ca_cert_initialized, const char *pskIdent, const char *psKey) { if (ssl_client == nullptr) { log_e("Uninitialised context!"); @@ -536,7 +536,7 @@ int auth_root_ca_buff(sslclient_context *ssl_client, const char *rootCABuff, boo * Positive error codes indicate number of certs that failed. * Negative error codes indicate a PEM or x509 error. */ -int auth_client_cert_key(sslclient_context *ssl_client, const char *cli_cert, const char *cli_key, bool *client_cert_initialized, bool *client_key_initialized) { +int auth_client_cert_key(sslclient__context *ssl_client, const char *cli_cert, const char *cli_key, bool *client_cert_initialized, bool *client_key_initialized) { int ret = 0; // Step 4 route b - Set up required auth mode cli_cert and cli_key if (cli_cert != NULL && cli_key != NULL) { @@ -575,7 +575,7 @@ int auth_client_cert_key(sslclient_context *ssl_client, const char *cli_cert, co * with the hostname and sets up the SSL context with the necessary * configurations. * - * \param ssl_client A pointer to the sslclient_context structure + * \param ssl_client A pointer to the sslclient__context structure * representing the SSL client context. * \param host A pointer to a character string representing the hostname. * @@ -588,7 +588,7 @@ int auth_client_cert_key(sslclient_context *ssl_client, const char *cli_cert, co * * Usage: * \code - * sslclient_context ssl_client; + * sslclient__context ssl_client; * const char *host = "example.com"; * int ret = set_hostname_for_tls(&ssl_client, host); * if(ret != 0) { @@ -596,7 +596,7 @@ int auth_client_cert_key(sslclient_context *ssl_client, const char *cli_cert, co * } * \endcode */ -int set_hostname_for_tls(sslclient_context *ssl_client, const char *host) { +int set_hostname_for_tls(sslclient__context *ssl_client, const char *host) { int ret; log_v("Setting hostname for TLS session..."); @@ -621,14 +621,14 @@ int set_hostname_for_tls(sslclient_context *ssl_client, const char *host) { * This function sets up the IO callbacks for sending, receiving, and receiving with timeout * for the provided SSL client context. It also configures the read timeout for the SSL client context. * - * \param ssl_client A pointer to the sslclient_context structure representing the SSL client context. + * \param ssl_client A pointer to the sslclient__context structure representing the SSL client context. * \param timeout The timeout value in milliseconds for reading operations. * * \return int Returns 0 on success, -1 * * Usage: * \code - * sslclient_context ssl_client; + * sslclient__context ssl_client; * int timeout = 5000; // 5 seconds * int ret = set_io_callbacks_and_timeout(&ssl_client, timeout); * if (ret != 0) { @@ -636,10 +636,10 @@ int set_hostname_for_tls(sslclient_context *ssl_client, const char *host) { * } * \endcode * - * \note The function assumes that the sslclient_context structure is properly initialized and the + * \note The function assumes that the sslclient__context structure is properly initialized and the * client_net_send, client_net_recv, and client_net_recv_timeout functions are correctly implemented. */ -int set_io_callbacks_and_timeout(sslclient_context *ssl_client, int timeout) { +int set_io_callbacks_and_timeout(sslclient__context *ssl_client, int timeout) { if (ssl_client == nullptr) { log_e("Uninitialised context!"); return -1; @@ -665,7 +665,7 @@ int set_io_callbacks_and_timeout(sslclient_context *ssl_client, int timeout) { * This function initiates and manages the SSL/TLS handshake process. It also checks for * timeout conditions and handles client certificate and key if provided. * - * \param ssl_client A pointer to the sslclient_context structure representing the SSL client context. + * \param ssl_client A pointer to the sslclient__context structure representing the SSL client context. * \param func_ret A pointer to an integer where a specific error code can be stored for further analysis. * \param cli_cert A pointer to a character string representing the client's certificate. If not needed, pass NULL. * \param cli_key A pointer to a character string representing the client's private key. If not needed, pass NULL. @@ -675,7 +675,7 @@ int set_io_callbacks_and_timeout(sslclient_context *ssl_client, int timeout) { * * Usage: * \code - * sslclient_context ssl_client; + * sslclient__context ssl_client; * int func_ret = 0; * const char *cli_cert = "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----"; * const char *cli_key = "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"; @@ -685,10 +685,10 @@ int set_io_callbacks_and_timeout(sslclient_context *ssl_client, int timeout) { * } * \endcode * - * \note This function assumes that the sslclient_context structure is properly initialized and the + * \note This function assumes that the sslclient__context structure is properly initialized and the * mbedtls libraries are correctly configured. */ -int perform_ssl_handshake(sslclient_context *ssl_client, const char *cli_cert, const char *cli_key) { +int perform_ssl_handshake(sslclient__context *ssl_client, const char *cli_cert, const char *cli_key) { if (ssl_client == nullptr) { log_e("Uninitialised context!"); return -1; @@ -741,7 +741,7 @@ int perform_ssl_handshake(sslclient_context *ssl_client, const char *cli_cert, c * The verification process checks the server certificate against the provided root CA. * If client certificate and key are provided, they can be used for further verification or cleanup. * - * \param ssl_client A pointer to the sslclient_context structure representing the SSL client context. + * \param ssl_client A pointer to the sslclient__context structure representing the SSL client context. * \param ret The return value of the mbedtls_ssl_handshake function. * \param rootCABuff A pointer to a character string containing the root CA certificate. * \param cli_cert A pointer to a character string representing the client's certificate. If not needed, pass NULL. @@ -752,7 +752,7 @@ int perform_ssl_handshake(sslclient_context *ssl_client, const char *cli_cert, c * * Usage: * \code - * sslclient_context ssl_client; + * sslclient__context ssl_client; * const char *rootCABuff = "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----"; * const char *cli_cert = "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----"; * const char *cli_key = "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"; @@ -762,11 +762,11 @@ int perform_ssl_handshake(sslclient_context *ssl_client, const char *cli_cert, c * } * \endcode * - * \note This function assumes that the sslclient_context structure is properly initialized and the + * \note This function assumes that the sslclient__context structure is properly initialized and the * mbedtls libraries are correctly configured. Also, ensure that the root CA certificate is correct * and corresponds to the CA that issued the server's certificate. */ -int verify_server_cert(sslclient_context *ssl_client) { +int verify_server_cert(sslclient__context *ssl_client) { if (ssl_client == nullptr) { log_e("Uninitialised context!"); return -1; @@ -782,12 +782,12 @@ int verify_server_cert(sslclient_context *ssl_client) { /** * \brief Stop the ssl socket. * - * \param ssl_client sslclient_context* - The ssl client context. + * \param ssl_client sslclient__context* - The ssl client context. * \param rootCABuff const char* - The root CA certificate. * \param cli_cert const char* - The client certificate. * \param cli_key const char* - The client key. */ -void stop_ssl_socket(sslclient_context *ssl_client, const char *rootCABuff, const char *cli_cert, const char *cli_key) { +void stop_ssl_socket(sslclient__context *ssl_client, const char *rootCABuff, const char *cli_cert, const char *cli_key) { log_d("Cleaning SSL connection."); // Stop the client connection @@ -831,10 +831,10 @@ void stop_ssl_socket(sslclient_context *ssl_client, const char *rootCABuff, cons /** * \brief Check if there is data to read or not. * - * \param ssl_client sslclient_context* - The ssl client context. + * \param ssl_client sslclient__context* - The ssl client context. * \return int The number of bytes to read. */ -int data_to_read(sslclient_context *ssl_client) { +int data_to_read(sslclient__context *ssl_client) { int ret, res; ret = mbedtls_ssl_read(&ssl_client->ssl_ctx, NULL, 0); @@ -853,12 +853,12 @@ int data_to_read(sslclient_context *ssl_client) { /** * \brief Send data to the ssl server. * - * \param ssl_client sslclient_context* - The ssl client context. + * \param ssl_client sslclient__context* - The ssl client context. * \param data const uint8_t* - The data to send. * \param len size_t - The length of the data. * \return int The number of bytes sent. */ -int send_ssl_data(sslclient_context *ssl_client, const uint8_t *data, size_t len) { +int send_ssl_data(sslclient__context *ssl_client, const uint8_t *data, size_t len) { if(ssl_client != nullptr) { log_v("ssl_client->client: %p", (void *)ssl_client->client); log_v("ssl_client->handshake_timeout: %lu", ssl_client->handshake_timeout); @@ -890,12 +890,12 @@ int send_ssl_data(sslclient_context *ssl_client, const uint8_t *data, size_t len /** * \brief Get the ssl receive object. * - * \param ssl_client sslclient_context* - The ssl client context. + * \param ssl_client sslclient__context* - The ssl client context. * \param data uint8_t* - The data to receive. * \param length int - The length of the data. * \return size_t The number of bytes received. */ -int get_ssl_receive(sslclient_context *ssl_client, uint8_t *data, size_t length) { +int get_ssl_receive(sslclient__context *ssl_client, uint8_t *data, size_t length) { log_v( "Reading SSL (%d bytes)", length); int ret = -1; @@ -908,7 +908,7 @@ int get_ssl_receive(sslclient_context *ssl_client, uint8_t *data, size_t length) /** * \brief Get the ssl receive object with timeout. * - * \param pb sslclient_context* - The ssl client context. + * \param pb sslclient__context* - The ssl client context. * \param res uint8_t* - The data to receive. * \return bool True if the data was received, false otherwise. */ @@ -963,12 +963,12 @@ static bool match_name(const string& name, const string& domainName) { /** * \brief Verifies certificate provided by the peer to match specified SHA256 fingerprint. * - * \param ssl_client sslclient_context* - The ssl client context. + * \param ssl_client sslclient__context* - The ssl client context. * \param fp const char* - The SHA256 fingerprint. * \param domain_name const char* - The domain name. * \return bool True if the certificate matches the fingerprint, false otherwise. */ -bool verify_ssl_fingerprint(sslclient_context *ssl_client, const char* fp, const char* domain_name) { +bool verify_ssl_fingerprint(sslclient__context *ssl_client, const char* fp, const char* domain_name) { // Convert hex string to byte array uint8_t fingerprint_local[32]; int len = strlen(fp); @@ -1026,11 +1026,11 @@ bool verify_ssl_fingerprint(sslclient_context *ssl_client, const char* fp, const /** * \brief Checks if peer certificate has specified domain in CN or SANs. * - * \param ssl_client sslclient_context* - The ssl client context. + * \param ssl_client sslclient__context* - The ssl client context. * \param domain_name const char* - The domain name. * \return bool True if the certificate has the domain name, false otherwise. */ -bool verify_ssl_dn(sslclient_context *ssl_client, const char* domain_name) +bool verify_ssl_dn(sslclient__context *ssl_client, const char* domain_name) { log_d("domain name: '%s'", (domain_name)?domain_name:"(null)"); string domain_name_str(domain_name); diff --git a/src/ssl__client.h b/src/ssl__client.h new file mode 100644 index 0000000..7eb460c --- /dev/null +++ b/src/ssl__client.h @@ -0,0 +1,71 @@ +/* Provide SSL/TLS functions to ESP32 with Arduino + * by Evandro Copercini - 2017 - Apache 2.0 License + * Additions Copyright (C) 2019 Vadim Govorovski. + */ + +#ifndef SSL__CLIENT_H +#define SSL__CLIENT_H + +#ifdef SSL_CLIENT_TEST_ENVIRONMENT +#include "MbedTLS.h" +#else +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#endif + +#include + +#define SSL_CLIENT_LOW_LATENCY_NETWORK_HANDSHAKE_TIMEOUT 5000U +#define SSL_CLIENT_DEFAULT_HANDSHAKE_TIMEOUT 15000U +#define SSL_CLIENT_SLOW_NETWORK_HANDSHAKE_TIMEOUT 30000U +#define SSL_CLIENT_UNRELIABLE_NETWORK_HANDSHAKE_TIMEOUT 45000U +#define SSL_CLIENT_SEND_BUFFER_SIZE 1024U + +using namespace std; + +typedef struct sslclient__context { + Client* client; + + mbedtls_ssl_context ssl_ctx; + mbedtls_ssl_config ssl_conf; + + mbedtls_ctr_drbg_context drbg_ctx; + mbedtls_entropy_context entropy_ctx; + + mbedtls_x509_crt ca_cert; + mbedtls_x509_crt client_cert; + mbedtls_pk_context client_key; + + unsigned long handshake_timeout; +} sslclient__context; + +void ssl_init(sslclient__context *ssl_client, Client *client); +void log_failed_cert(int flags); +void cleanup(sslclient__context *ssl_client, bool ca_cert_initialized, bool client_cert_initialized, bool client_key_initialized, int ret, const char *rootCABuff, const char *cli_cert, const char *cli_key); +int start_ssl_client(sslclient__context *ssl_client, const char *host, uint32_t port, int timeout, const char *rootCABuff, const char *cli_cert, const char *cli_key, const char *pskIdent, const char *psKey); +int init_tcp_connection(sslclient__context *ssl_client, const char *host, uint32_t port); +int seed_random_number_generator(sslclient__context *ssl_client); +int set_up_tls_defaults(sslclient__context *ssl_client); +int auth_root_ca_buff(sslclient__context *ssl_client, const char *rootCABuff, bool *ca_cert_initialized, const char *pskIdent, const char *psKey); +int auth_client_cert_key(sslclient__context *ssl_client, const char *cli_cert, const char *cli_key, bool *client_cert_initialized, bool *client_key_initialized); +int set_hostname_for_tls(sslclient__context *ssl_client, const char *host); +int set_io_callbacks_and_timeout(sslclient__context *ssl_client, int timeout); +int perform_ssl_handshake(sslclient__context *ssl_client, const char *cli_cert, const char *cli_key); +int verify_server_cert(sslclient__context *ssl_client); +void stop_ssl_socket(sslclient__context *ssl_client, const char *rootCABuff, const char *cli_cert, const char *cli_key); +int data_to_read(sslclient__context *ssl_client); +int send_ssl_data(sslclient__context *ssl_client, const uint8_t *data, size_t len); +int get_ssl_receive(sslclient__context *ssl_client, uint8_t *data, size_t length); +bool verify_ssl_fingerprint(sslclient__context *ssl_client, const char* fp, const char* domain_name); +bool verify_ssl_dn(sslclient__context *ssl_client, const char* domain_name); + +#endif diff --git a/src/ssl_client.h b/src/ssl_client.h deleted file mode 100644 index 91d40db..0000000 --- a/src/ssl_client.h +++ /dev/null @@ -1,71 +0,0 @@ -/* Provide SSL/TLS functions to ESP32 with Arduino - * by Evandro Copercini - 2017 - Apache 2.0 License - * Additions Copyright (C) 2019 Vadim Govorovski. - */ - -#ifndef ARD_SSL_H -#define ARD_SSL_H - -#ifdef SSL_CLIENT_TEST_ENVIRONMENT -#include "MbedTLS.h" -#else -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#endif - -#include - -#define SSL_CLIENT_LOW_LATENCY_NETWORK_HANDSHAKE_TIMEOUT 5000U -#define SSL_CLIENT_DEFAULT_HANDSHAKE_TIMEOUT 15000U -#define SSL_CLIENT_SLOW_NETWORK_HANDSHAKE_TIMEOUT 30000U -#define SSL_CLIENT_UNRELIABLE_NETWORK_HANDSHAKE_TIMEOUT 45000U -#define SSL_CLIENT_SEND_BUFFER_SIZE 1024U - -using namespace std; - -typedef struct sslclient_context { - Client* client; - - mbedtls_ssl_context ssl_ctx; - mbedtls_ssl_config ssl_conf; - - mbedtls_ctr_drbg_context drbg_ctx; - mbedtls_entropy_context entropy_ctx; - - mbedtls_x509_crt ca_cert; - mbedtls_x509_crt client_cert; - mbedtls_pk_context client_key; - - unsigned long handshake_timeout; -} sslclient_context; - -void ssl_init(sslclient_context *ssl_client, Client *client); -void log_failed_cert(int flags); -void cleanup(sslclient_context *ssl_client, bool ca_cert_initialized, bool client_cert_initialized, bool client_key_initialized, int ret, const char *rootCABuff, const char *cli_cert, const char *cli_key); -int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t port, int timeout, const char *rootCABuff, const char *cli_cert, const char *cli_key, const char *pskIdent, const char *psKey); -int init_tcp_connection(sslclient_context *ssl_client, const char *host, uint32_t port); -int seed_random_number_generator(sslclient_context *ssl_client); -int set_up_tls_defaults(sslclient_context *ssl_client); -int auth_root_ca_buff(sslclient_context *ssl_client, const char *rootCABuff, bool *ca_cert_initialized, const char *pskIdent, const char *psKey); -int auth_client_cert_key(sslclient_context *ssl_client, const char *cli_cert, const char *cli_key, bool *client_cert_initialized, bool *client_key_initialized); -int set_hostname_for_tls(sslclient_context *ssl_client, const char *host); -int set_io_callbacks_and_timeout(sslclient_context *ssl_client, int timeout); -int perform_ssl_handshake(sslclient_context *ssl_client, const char *cli_cert, const char *cli_key); -int verify_server_cert(sslclient_context *ssl_client); -void stop_ssl_socket(sslclient_context *ssl_client, const char *rootCABuff, const char *cli_cert, const char *cli_key); -int data_to_read(sslclient_context *ssl_client); -int send_ssl_data(sslclient_context *ssl_client, const uint8_t *data, size_t len); -int get_ssl_receive(sslclient_context *ssl_client, uint8_t *data, size_t length); -bool verify_ssl_fingerprint(sslclient_context *ssl_client, const char* fp, const char* domain_name); -bool verify_ssl_dn(sslclient_context *ssl_client, const char* domain_name); - -#endif diff --git a/test/unit_test_private_api.cpp b/test/unit_test_private_api.cpp index f7bbb61..fba1e5b 100644 --- a/test/unit_test_private_api.cpp +++ b/test/unit_test_private_api.cpp @@ -8,20 +8,20 @@ #include "mocks/ESPClass.hpp" #include "mocks/TestClient.h" -#include "ssl_client.cpp" +#include "ssl__client.cpp" using namespace fakeit; TestClient testClient; // Mocked client -sslclient_context *testContext; // Context for tests +sslclient__context *testContext; // Context for tests /** * @brief Set the up stop ssl socket object for these tests. * - * @param ctx The sslclient_context to set up. + * @param ctx The sslclient__context to set up. * @param client The client to set up. */ -void setup_stop_ssl_socket(sslclient_context* ctx, Client* client) { +void setup_stop_ssl_socket(sslclient__context* ctx, Client* client) { ctx->ssl_conf.actual_ca_chain = (mbedtls_x509_crt*) malloc(sizeof(mbedtls_x509_crt)); ctx->ssl_conf.actual_key_cert = &dummy_cert; ctx->ssl_conf.ca_chain = ctx->ssl_conf.actual_ca_chain; @@ -34,7 +34,7 @@ void setUp(void) { testClient.reset(); testClient.returns("connected", (uint8_t)1); mbedtls_mock_reset_return_values(); - testContext = new sslclient_context(); + testContext = new sslclient__context(); } void tearDown(void) { @@ -481,7 +481,7 @@ void test_cleanup_with_all_resources_initialized_and_no_error(void) { void test_cleanup_with_some_resources_initialized_and_no_error(void) { // Arrange - sslclient_context ssl_client; + sslclient__context ssl_client; bool ca_cert_initialized = true; bool client_cert_initialized = false; bool client_key_initialized = true; From 2a1d3209a262b43932ae61b75053144417fd0394 Mon Sep 17 00:00:00 2001 From: RobertByrnes Date: Wed, 10 Apr 2024 21:29:22 +0100 Subject: [PATCH 2/4] ci: update action versions --- .github/workflows/ci_master.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci_master.yml b/.github/workflows/ci_master.yml index 6328821..d35c656 100644 --- a/.github/workflows/ci_master.yml +++ b/.github/workflows/ci_master.yml @@ -11,12 +11,12 @@ jobs: steps: - name: Check out the code - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Set up Python - uses: actions/setup-python@v2 + uses: actions/setup-python@v3 with: - python-version: '3.x' + python-version: '3.9' - name: Install PlatformIO run: | From 7ec26f236194b45c3cd64e12f7561e4c0820e90b Mon Sep 17 00:00:00 2001 From: RobertByrnes Date: Wed, 10 Apr 2024 21:57:03 +0100 Subject: [PATCH 3/4] ci: fix unity install --- platformio.ini | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/platformio.ini b/platformio.ini index a5e77d3..50748df 100644 --- a/platformio.ini +++ b/platformio.ini @@ -12,15 +12,15 @@ default_envs = native [env:native] -test_framework = unity +# test_framework = unity platform = native build_type = test lib_deps = - digitaldragon/Emulation@0.1.5 - # armmbed/mbedtls@^2.23.0 + digitaldragon/Emulation@0.1.6 + throwtheswitch/Unity@^2.5.2 lib_ldf_mode = deep+ build_unflags = -std=gnu++11 build_flags = -std=gnu++17 -I test/mocks - -D SSL_CLIENT_TEST_ENVIRONMENT \ No newline at end of file + -D SSL_CLIENT_TEST_ENVIRONMENT From 4b2f6c27d91557f7409788502a7719b769e466bd Mon Sep 17 00:00:00 2001 From: RobertByrnes Date: Wed, 10 Apr 2024 21:59:02 +0100 Subject: [PATCH 4/4] chore: tag 1.1.8 --- README.md | 4 ++-- library.json | 2 +- library.properties | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 83c6b1a..248bf9a 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,8 @@ -### Now updated on PlatformIO registry as digitaldragon/SSLClient@1.1.7 -### Updated on Arduino Libraries registry to digitaldragon/GovoroxSSLClient@1.1.7 +### Now updated on PlatformIO registry as digitaldragon/SSLClient@1.1.8 +### Updated on Arduino Libraries registry to digitaldragon/GovoroxSSLClient@1.1.8 # SSLClient Arduino library using *mbedtls* functions The SSLClient class implements support for secure connections using TLS (SSL). It Provides a transparent SSL wrapper over existing transport object of a **Client** class. diff --git a/library.json b/library.json index a646a1b..35f6588 100644 --- a/library.json +++ b/library.json @@ -1,6 +1,6 @@ { "name": "SSLClient", - "version": "1.1.7", + "version": "1.1.8", "repository": { "type": "git", diff --git a/library.properties b/library.properties index fe2b607..42e4641 100644 --- a/library.properties +++ b/library.properties @@ -1,5 +1,5 @@ name=GovoroxSSLClient -version=1.1.7 +version=1.1.8 author=V Govorovski maintainer=Robert Byrnes sentence=Provides secure network connection over a generic Client trasport object.