mirror
/
esp-idf
kopia lustrzana https://github.com/espressif/esp-idf
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

Merge branch 'fix/make_esp_tls_t_private' into 'master' 

Make esp_tls_t as private structure

Closes IDF-2812

See merge request espressif/esp-idf!17812
pull/8968/head
Mahavir Jain 2022-05-12 14:47:42 +08:00
rodzic 8ff7b0c998 26a15058d3
commit af1f342ee8
21 zmienionych plików z 288 dodań i 112 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

8
components/esp-tls/CMakeLists.txt
Wyświetl plik

@ -12,10 +12,10 @@ endif()
idf_component_register(SRCS "${srcs}"
INCLUDE_DIRS . esp-tls-crypto
PRIV_INCLUDE_DIRS "private_include"
# lwip and mbedtls are public requirements becasue esp_tls.h
# includes sys/socket.h and mbedtls header files.
REQUIRES mbedtls lwip
PRIV_REQUIRES http_parser)
# mbedtls is public requirements becasue esp_tls.h
# includes mbedtls header files.
REQUIRES mbedtls
PRIV_REQUIRES lwip http_parser)
if(CONFIG_ESP_TLS_USING_WOLFSSL)
idf_component_get_property(wolfssl esp-wolfssl COMPONENT_LIB)

30
components/esp-tls/esp_tls.c
Wyświetl plik

@ -14,6 +14,7 @@
#include <http_parser.h>
#include "esp_tls.h"
#include "esp_tls_private.h"
#include "esp_tls_error_capture_internal.h"
#include <errno.h>
static const char *TAG = "esp-tls";
@ -39,6 +40,7 @@ static const char *TAG = "esp-tls";
#define _esp_tls_conn_delete esp_mbedtls_conn_delete
#define _esp_tls_net_init esp_mbedtls_net_init
#define _esp_tls_get_client_session esp_mbedtls_get_client_session
#define _esp_tls_get_ssl_context esp_mbedtls_get_ssl_context
#ifdef CONFIG_ESP_TLS_SERVER
#define _esp_tls_server_session_create esp_mbedtls_server_session_create
#define _esp_tls_server_session_delete esp_mbedtls_server_session_delete
@ -65,6 +67,7 @@ static const char *TAG = "esp-tls";
#define _esp_tls_init_global_ca_store esp_wolfssl_init_global_ca_store
#define _esp_tls_set_global_ca_store esp_wolfssl_set_global_ca_store /*!< Callback function for setting global CA store data for TLS/SSL */
#define _esp_tls_free_global_ca_store esp_wolfssl_free_global_ca_store /*!< Callback function for freeing global ca store for TLS/SSL */
#define _esp_tls_get_ssl_context esp_wolfssl_get_ssl_context
#else /* ESP_TLS_USING_WOLFSSL */
#error "No TLS stack configured"
#endif
@ -89,6 +92,18 @@ static ssize_t tcp_write(esp_tls_t *tls, const char *data, size_t datalen)
return send(tls->sockfd, data, datalen, 0);
}
ssize_t esp_tls_conn_read(esp_tls_t *tls, void *data, size_t datalen)
{
return tls->read(tls, (char *)data, datalen);
}
ssize_t esp_tls_conn_write(esp_tls_t *tls, const void *data, size_t datalen)
{
return tls->write(tls, (char *)data, datalen);
}
/**
* @brief Close the TLS connection and free any allocated resources.
*/
@ -603,6 +618,11 @@ ssize_t esp_tls_get_bytes_avail(esp_tls_t *tls)
return _esp_tls_get_bytes_avail(tls);
}
void *esp_tls_get_ssl_context(esp_tls_t *tls)
{
return _esp_tls_get_ssl_context(tls);
}
esp_err_t esp_tls_get_conn_sockfd(esp_tls_t *tls, int *sockfd)
{
if (!tls || !sockfd) {
@ -629,6 +649,16 @@ esp_err_t esp_tls_get_and_clear_last_error(esp_tls_error_handle_t h, int *esp_tl
return last_err;
}
esp_err_t esp_tls_get_error_handle(esp_tls_t *tls, esp_tls_error_handle_t *error_handle)
{
if (!tls || !error_handle) {
return ESP_ERR_INVALID_ARG;
}
*error_handle = tls->error_handle;
return ESP_OK;
}
esp_err_t esp_tls_init_global_ca_store(void)
{
return _esp_tls_init_global_ca_store();

106
components/esp-tls/esp_tls.h
Wyświetl plik

@ -7,18 +7,11 @@
#define _ESP_TLS_H_
#include <stdbool.h>
#include <sys/socket.h>
#include <fcntl.h>
#include "esp_err.h"
#include "esp_tls_errors.h"
#include "sdkconfig.h"
#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
#include "mbedtls/platform.h"
#include "mbedtls/net_sockets.h"
#include "mbedtls/esp_debug.h"
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/error.h"
#ifdef CONFIG_ESP_TLS_SERVER_SESSION_TICKETS
#include "mbedtls/ssl_ticket.h"
#endif
@ -27,6 +20,7 @@
#include "wolfssl/ssl.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
@ -290,66 +284,7 @@ esp_err_t esp_tls_cfg_server_session_tickets_init(esp_tls_cfg_server_t *cfg);
void esp_tls_cfg_server_session_tickets_free(esp_tls_cfg_server_t *cfg);
#endif /* ! CONFIG_ESP_TLS_SERVER */
/**
* @brief ESP-TLS Connection Handle
*/
typedef struct esp_tls {
#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
mbedtls_ssl_context ssl; /*!< TLS/SSL context */
mbedtls_entropy_context entropy; /*!< mbedTLS entropy context structure */
mbedtls_ctr_drbg_context ctr_drbg; /*!< mbedTLS ctr drbg context structure.
CTR_DRBG is deterministic random
bit generation based on AES-256 */
mbedtls_ssl_config conf; /*!< TLS/SSL configuration to be shared
between mbedtls_ssl_context
structures */
mbedtls_net_context server_fd; /*!< mbedTLS wrapper type for sockets */
mbedtls_x509_crt cacert; /*!< Container for the X.509 CA certificate */
mbedtls_x509_crt *cacert_ptr; /*!< Pointer to the cacert being used. */
mbedtls_x509_crt clientcert; /*!< Container for the X.509 client certificate */
mbedtls_pk_context clientkey; /*!< Container for the private key of the client
certificate */
#ifdef CONFIG_ESP_TLS_SERVER
mbedtls_x509_crt servercert; /*!< Container for the X.509 server certificate */
mbedtls_pk_context serverkey; /*!< Container for the private key of the server
certificate */
#endif
#elif CONFIG_ESP_TLS_USING_WOLFSSL
void *priv_ctx;
void *priv_ssl;
#endif
int sockfd; /*!< Underlying socket file descriptor. */
ssize_t (*read)(struct esp_tls *tls, char *data, size_t datalen); /*!< Callback function for reading data from TLS/SSL
connection. */
ssize_t (*write)(struct esp_tls *tls, const char *data, size_t datalen); /*!< Callback function for writing data to TLS/SSL
connection. */
esp_tls_conn_state_t conn_state; /*!< ESP-TLS Connection state */
fd_set rset; /*!< read file descriptors */
fd_set wset; /*!< write file descriptors */
bool is_tls; /*!< indicates connection type (TLS or NON-TLS) */
esp_tls_role_t role; /*!< esp-tls role
- ESP_TLS_CLIENT
- ESP_TLS_SERVER */
esp_tls_error_handle_t error_handle; /*!< handle to error descriptor */
} esp_tls_t;
typedef struct esp_tls esp_tls_t;
/**
* @brief Create TLS connection
@ -470,10 +405,7 @@ int esp_tls_conn_http_new_async(const char *url, const esp_tls_cfg_t *cfg, esp_t
* if the handshake is incomplete and waiting for data to be available for reading.
* In this case this functions needs to be called again when the underlying transport is ready for operation.
*/
static inline ssize_t esp_tls_conn_write(esp_tls_t *tls, const void *data, size_t datalen)
{
return tls->write(tls, (char *)data, datalen);
}
ssize_t esp_tls_conn_write(esp_tls_t *tls, const void *data, size_t datalen);
/**
* @brief Read from specified tls connection into the buffer 'data'.
@ -490,10 +422,7 @@ static inline ssize_t esp_tls_conn_write(esp_tls_t *tls, const void *data, size_
* - <0 if read operation was not successful, because either an
* error occured or an action must be taken by the calling process.
*/
static inline ssize_t esp_tls_conn_read(esp_tls_t *tls, void *data, size_t datalen)
{
return tls->read(tls, (char *)data, datalen);
}
ssize_t esp_tls_conn_read(esp_tls_t *tls, void *data, size_t datalen);
/**
* @brief Close the TLS/SSL connection and free any allocated resources.
@ -536,6 +465,17 @@ ssize_t esp_tls_get_bytes_avail(esp_tls_t *tls);
*/
esp_err_t esp_tls_get_conn_sockfd(esp_tls_t *tls, int *sockfd);
/**
* @brief Returns the ssl context
*
* @param[in] tls handle to esp_tls context
*
*
* @return - ssl_ctx pointer to ssl context of underlying TLS layer on success
* - NULL in case of error
*/
void *esp_tls_get_ssl_context(esp_tls_t *tls);
/**
* @brief Create a global CA store, initially empty.
*
@ -607,6 +547,20 @@ esp_err_t esp_tls_get_and_clear_last_error(esp_tls_error_handle_t h, int *esp_tl
*/
esp_err_t esp_tls_get_and_clear_error_type(esp_tls_error_handle_t h, esp_tls_error_type_t err_type, int *error_code);
/**
* @brief Returns the ESP-TLS error_handle
*
* @param[in] tls handle to esp_tls context
*
* @param[out] error_handle pointer to the error handle.
*
* @return
* - ESP_OK on success and error_handle will be updated with the ESP-TLS error handle.
*
* - ESP_ERR_INVALID_ARG if (tls == NULL || error_handle == NULL)
*/
esp_err_t esp_tls_get_error_handle(esp_tls_t *tls, esp_tls_error_handle_t *error_handle);
#if CONFIG_ESP_TLS_USING_MBEDTLS
/**
* @brief Get the pointer to the global CA store currently being used.

6
components/esp-tls/esp_tls_errors.h
Wyświetl plik

@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2021-22 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@ -8,6 +8,10 @@
#define _ESP_TLS_ERRORS_H_
#include "esp_err.h"
#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
#include "mbedtls/error.h"
#endif
/* For wolfSSL, errors are included through ssl.h which is included by default by esp_tls.h */
#ifdef __cplusplus
extern "C" {

11
components/esp-tls/esp_tls_mbedtls.c
Wyświetl plik

@ -14,9 +14,11 @@
#include <http_parser.h>
#include "esp_tls_mbedtls.h"
#include "esp_tls_private.h"
#include "esp_tls_error_capture_internal.h"
#include <errno.h>
#include "esp_log.h"
#include "esp_check.h"
#ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
#include "esp_crt_bundle.h"
@ -139,6 +141,15 @@ exit:
}
void *esp_mbedtls_get_ssl_context(esp_tls_t *tls)
{
if (tls == NULL) {
ESP_LOGE(TAG, "Invalid arguments");
return NULL;
}
return (void*)&tls->ssl;
}
#ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
esp_tls_client_session_t *esp_mbedtls_get_client_session(esp_tls_t *tls)
{

9
components/esp-tls/esp_tls_wolfssl.c
Wyświetl plik

@ -115,6 +115,15 @@ static esp_err_t esp_load_wolfssl_verify_buffer(esp_tls_t *tls, const unsigned c
}
}
void *esp_wolfssl_get_ssl_context(esp_tls_t *tls)
{
if (tls == NULL) {
ESP_LOGE(TAG, "Invalid arguments");
return NULL;
}
return (void*)tls->priv_ssl;
}
esp_err_t esp_create_wolfssl_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls)
{
#ifdef CONFIG_ESP_DEBUG_WOLFSSL

6
components/esp-tls/private_include/esp_tls_mbedtls.h
Wyświetl plik

@ -6,6 +6,7 @@
#pragma once
#include "esp_tls.h"
#include "esp_tls_private.h"
/**
* Internal Callback API for mbedtls_ssl_read
@ -55,6 +56,11 @@ static inline void esp_mbedtls_net_init(esp_tls_t *tls)
mbedtls_net_init(&tls->server_fd);
}
/**
* Return ssl context for mbedTLS stack
*/
void *esp_mbedtls_get_ssl_context(esp_tls_t *tls);
#ifdef CONFIG_ESP_TLS_SERVER
/**
* Internal Callback for set_server_config

90
components/esp-tls/private_include/esp_tls_private.h 100644
Wyświetl plik

@ -0,0 +1,90 @@
/*
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
/**
* @brief ESP-TLS Connection Handle
*/
#include <stdbool.h>
#include <sys/socket.h>
#include <fcntl.h>
#include "esp_err.h"
#include "esp_tls_errors.h"
#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
#include "mbedtls/platform.h"
#include "mbedtls/net_sockets.h"
#include "mbedtls/esp_debug.h"
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/error.h"
#ifdef CONFIG_ESP_TLS_SERVER_SESSION_TICKETS
#include "mbedtls/ssl_ticket.h"
#endif
#elif CONFIG_ESP_TLS_USING_WOLFSSL
#include "wolfssl/wolfcrypt/settings.h"
#include "wolfssl/ssl.h"
#endif
struct esp_tls {
#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
mbedtls_ssl_context ssl; /*!< TLS/SSL context */
mbedtls_entropy_context entropy; /*!< mbedTLS entropy context structure */
mbedtls_ctr_drbg_context ctr_drbg; /*!< mbedTLS ctr drbg context structure.
CTR_DRBG is deterministic random
bit generation based on AES-256 */
mbedtls_ssl_config conf; /*!< TLS/SSL configuration to be shared
between mbedtls_ssl_context
structures */
mbedtls_net_context server_fd; /*!< mbedTLS wrapper type for sockets */
mbedtls_x509_crt cacert; /*!< Container for the X.509 CA certificate */
mbedtls_x509_crt *cacert_ptr; /*!< Pointer to the cacert being used. */
mbedtls_x509_crt clientcert; /*!< Container for the X.509 client certificate */
mbedtls_pk_context clientkey; /*!< Container for the private key of the client
certificate */
#ifdef CONFIG_ESP_TLS_SERVER
mbedtls_x509_crt servercert; /*!< Container for the X.509 server certificate */
mbedtls_pk_context serverkey; /*!< Container for the private key of the server
certificate */
#endif
#elif CONFIG_ESP_TLS_USING_WOLFSSL
void *priv_ctx;
void *priv_ssl;
#endif
int sockfd; /*!< Underlying socket file descriptor. */
ssize_t (*read)(esp_tls_t *tls, char *data, size_t datalen); /*!< Callback function for reading data from TLS/SSL
connection. */
ssize_t (*write)(esp_tls_t *tls, const char *data, size_t datalen); /*!< Callback function for writing data to TLS/SSL
connection. */
esp_tls_conn_state_t conn_state; /*!< ESP-TLS Connection state */
fd_set rset; /*!< read file descriptors */
fd_set wset; /*!< write file descriptors */
bool is_tls; /*!< indicates connection type (TLS or NON-TLS) */
esp_tls_role_t role; /*!< esp-tls role
- ESP_TLS_CLIENT
- ESP_TLS_SERVER */
esp_tls_error_handle_t error_handle; /*!< handle to error descriptor */
};

6
components/esp-tls/private_include/esp_tls_wolfssl.h
Wyświetl plik

@ -6,6 +6,7 @@
#pragma once
#include "esp_tls.h"
#include "esp_tls_private.h"
/**
* Internal Callback for creating ssl handle for wolfssl
@ -63,6 +64,11 @@ void esp_wolfssl_free_global_ca_store(void);
*/
esp_err_t esp_wolfssl_init_global_ca_store(void);
/**
* Return ssl context for wolfSSL stack
*/
void *esp_wolfssl_get_ssl_context(esp_tls_t *tls);
/**
* wolfSSL function for Initializing socket wrappers (no-operation for wolfSSL)
*/

1
components/esp-tls/test/test_esp_tls.c
Wyświetl plik

@ -10,6 +10,7 @@
#include "esp_err.h"
#include "esp_log.h"
#include "esp_mac.h"
#include "sys/socket.h"
#if SOC_SHA_SUPPORT_PARALLEL_ENG
#include "sha/sha_parallel_engine.h"
#elif SOC_SHA_SUPPORT_DMA

2
components/esp_https_server/include/esp_https_server.h
Wyświetl plik

@ -36,7 +36,7 @@ typedef enum {
*/
typedef struct esp_https_server_user_cb_arg {
httpd_ssl_user_cb_state_t user_cb_state;
const esp_tls_t *tls;
esp_tls_t *tls;
} esp_https_server_user_cb_arg_t;
/**

2
components/esp_https_server/src/https_server.c
Wyświetl plik

@ -118,7 +118,7 @@ static esp_err_t httpd_ssl_open(httpd_handle_t server, int sockfd)
httpd_ssl_ctx_t *global_ctx = httpd_get_global_transport_ctx(server);
assert(global_ctx != NULL);
esp_tls_t *tls = (esp_tls_t *)calloc(1, sizeof(esp_tls_t));
esp_tls_t *tls = esp_tls_init();
if (!tls) {
return ESP_ERR_NO_MEM;
}

27
components/tcp_transport/private_include/esp_transport_internal.h
Wyświetl plik

@ -1,23 +1,20 @@
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef _ESP_TRANSPORT_INTERNAL_H_
#define _ESP_TRANSPORT_INTERNAL_H_
#include "esp_transport.h"
#include "sys/socket.h"
#include "sys/queue.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef int (*get_socket_func)(esp_transport_handle_t t);
typedef struct esp_foundation_transport {
@ -116,4 +113,8 @@ void esp_transport_esp_tls_destroy(struct transport_esp_tls* transport_esp_tls);
*/
void esp_transport_set_errors(esp_transport_handle_t t, const esp_tls_error_handle_t error_handle);
#ifdef __cplusplus
}
#endif
#endif //_ESP_TRANSPORT_INTERNAL_H_

37
components/tcp_transport/transport_ssl.c
Wyświetl plik

@ -76,7 +76,11 @@ static int esp_tls_connect_async(esp_transport_handle_t t, const char *host, int
if (ssl->conn_state == TRANS_SSL_CONNECTING) {
int progress = esp_tls_conn_new_async(host, strlen(host), port, &ssl->cfg, ssl->tls);
if (progress >= 0) {
ssl->sockfd = ssl->tls->sockfd;
if (esp_tls_get_conn_sockfd(ssl->tls, &ssl->sockfd) != ESP_OK) {
ESP_LOGE(TAG, "Error in obtaining socket fd for the session");
esp_tls_conn_destroy(ssl->tls);
return -1;
}
}
return progress;
@ -110,14 +114,23 @@ static int ssl_connect(esp_transport_handle_t t, const char *host, int port, int
}
if (esp_tls_conn_new_sync(host, strlen(host), port, &ssl->cfg, ssl->tls) <= 0) {
ESP_LOGE(TAG, "Failed to open a new connection");
esp_transport_set_errors(t, ssl->tls->error_handle);
esp_tls_error_handle_t esp_tls_error_handle;
esp_tls_get_error_handle(ssl->tls, &esp_tls_error_handle);
esp_transport_set_errors(t, esp_tls_error_handle);
goto exit_failure;
}
if (esp_tls_get_conn_sockfd(ssl->tls, &ssl->sockfd) != ESP_OK) {
ESP_LOGE(TAG, "Error in obtaining socket fd for the session");
goto exit_failure;
}
return 0;
exit_failure:
esp_tls_conn_destroy(ssl->tls);
ssl->tls = NULL;
ssl->sockfd = INVALID_SOCKET;
return -1;
}
ssl->sockfd = ssl->tls->sockfd;
return 0;
}
static int tcp_connect(esp_transport_handle_t t, const char *host, int port, int timeout_ms)
@ -200,7 +213,12 @@ static int ssl_write(esp_transport_handle_t t, const char *buffer, int len, int
int ret = esp_tls_conn_write(ssl->tls, (const unsigned char *) buffer, len);
if (ret < 0) {
ESP_LOGE(TAG, "esp_tls_conn_write error, errno=%s", strerror(errno));
esp_transport_set_errors(t, ssl->tls->error_handle);
esp_tls_error_handle_t esp_tls_error_handle;
if (esp_tls_get_error_handle(ssl->tls, &esp_tls_error_handle) == ESP_OK) {
esp_transport_set_errors(t, esp_tls_error_handle);
} else {
ESP_LOGE(TAG, "Error in obtaining the error handle");
}
}
return ret;
}
@ -233,7 +251,12 @@ static int ssl_read(esp_transport_handle_t t, char *buffer, int len, int timeout
int ret = esp_tls_conn_read(ssl->tls, (unsigned char *)buffer, len);
if (ret < 0) {
ESP_LOGE(TAG, "esp_tls_conn_read error, errno=%s", strerror(errno));
esp_transport_set_errors(t, ssl->tls->error_handle);
esp_tls_error_handle_t esp_tls_error_handle;
if (esp_tls_get_error_handle(ssl->tls, &esp_tls_error_handle) == ESP_OK) {
esp_transport_set_errors(t, esp_tls_error_handle);
} else {
ESP_LOGE(TAG, "Error in obtaining the error handle");
}
}
if (ret == 0) {
if (poll > 0) {

14
docs/en/migration-guides/protocols.rst
Wyświetl plik

@ -20,6 +20,7 @@ Most structure fields are now private
- Appropriate accessor functions (getter/setter) must be used for the same. A temporary workaround would be to use ``MBEDTLS_PRIVATE`` macro (**not recommended**).
- For more details, refer to the official guide `here <https://github.com/espressif/mbedtls/blob/9bb5effc3298265f829878825d9bd38478e67514/docs/3.0-migration-guide.md#most-structure-fields-are-now-private>`__.
SSL
^^^
- Removed support for TLS 1.0, 1.1 and DTLS 1.0
@ -103,6 +104,19 @@ ESP-TLS
Breaking Changes (Summary)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
esp_tls_t structure is now private
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The :cpp:type:`esp_tls_t` has now been made completely private. You cannot access its internal structures directly. Any necessary data that needs to be obtained from the esp-tls handle can be done through respective getter/setter functions. If there is a requirement of a specific getter/setter function please raise an issue on ESP-IDF.
The list of newly added getter/setter function is as as follows:
.. list::
* :cpp:func:`esp_tls_get_ssl_context` - Obtain the ssl context of the underlying ssl stack from the esp-tls handle.
Function deprecations and recommended alternatives
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Following table summarizes the deprecated functions removed and their alternatives to be used from ESP-IDF v5.0 onwards.
+-----------------------------------+----------------------------------------+

2
examples/protocols/http2_request/main/http2_request_example_main.c
Wyświetl plik

@ -22,6 +22,8 @@
#include "nvs_flash.h"
#include "protocol_examples_common.h"
#include "esp_netif.h"
#include "sdkconfig.h"
#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
#include "esp_crt_bundle.h"
#endif

1
examples/protocols/http_request/main/http_request_example_main.c
Wyświetl plik

@ -21,6 +21,7 @@
#include "lwip/sys.h"
#include "lwip/netdb.h"
#include "lwip/dns.h"
#include "sdkconfig.h"
/* Constants that aren't configurable in menuconfig */
#define WEB_SERVER "example.com"

1
examples/protocols/https_request/main/https_request_example_main.c
Wyświetl plik

@ -38,6 +38,7 @@
#include "lwip/dns.h"
#include "esp_tls.h"
#include "sdkconfig.h"
#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
#include "esp_crt_bundle.h"
#endif

39
examples/protocols/https_server/simple/main/main.c
Wyświetl plik

@ -19,6 +19,7 @@
#include <esp_https_server.h>
#include "esp_tls.h"
#include "sdkconfig.h"
/* A simple example that demonstrates how to create GET and POST
* handlers and start an HTTPS server.
@ -36,7 +37,7 @@ static esp_err_t root_get_handler(httpd_req_t *req)
}
#if CONFIG_EXAMPLE_ENABLE_HTTPS_USER_CALLBACK
#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
static void print_peer_cert_info(const mbedtls_ssl_context *ssl)
{
const mbedtls_x509_crt *cert;
@ -58,7 +59,7 @@ static void print_peer_cert_info(const mbedtls_ssl_context *ssl)
free(buf);
}
#endif
/**
* Example callback function to get the certificate of connected clients,
* whenever a new SSL connection is created and closed
@ -75,22 +76,44 @@ static void print_peer_cert_info(const mbedtls_ssl_context *ssl)
static void https_server_user_callback(esp_https_server_user_cb_arg_t *user_cb)
{
ESP_LOGI(TAG, "User callback invoked!");
#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
mbedtls_ssl_context *ssl_ctx = NULL;
#endif
switch(user_cb->user_cb_state) {
case HTTPD_SSL_USER_CB_SESS_CREATE:
ESP_LOGD(TAG, "At session creation");
// Logging the socket FD
ESP_LOGI(TAG, "Socket FD: %d", user_cb->tls->sockfd);
int sockfd = -1;
esp_err_t esp_ret;
esp_ret = esp_tls_get_conn_sockfd(user_cb->tls, &sockfd);
if (esp_ret != ESP_OK) {
ESP_LOGE(TAG, "Error in obtaining the sockfd from tls context");
break;
}
ESP_LOGI(TAG, "Socket FD: %d", sockfd);
#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
ssl_ctx = (mbedtls_ssl_context *) esp_tls_get_ssl_context(user_cb->tls);
if (ssl_ctx == NULL) {
ESP_LOGE(TAG, "Error in obtaining ssl context");
break;
}
// Logging the current ciphersuite
ESP_LOGI(TAG, "Current Ciphersuite: %s", mbedtls_ssl_get_ciphersuite(&user_cb->tls->ssl));
ESP_LOGI(TAG, "Current Ciphersuite: %s", mbedtls_ssl_get_ciphersuite(ssl_ctx));
#endif
break;
case HTTPD_SSL_USER_CB_SESS_CLOSE:
ESP_LOGD(TAG, "At session close");
#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
// Logging the peer certificate
print_peer_cert_info(&user_cb->tls->ssl);
ssl_ctx = (mbedtls_ssl_context *) esp_tls_get_ssl_context(user_cb->tls);
if (ssl_ctx == NULL) {
ESP_LOGE(TAG, "Error in obtaining ssl context");
break;
}
print_peer_cert_info(ssl_ctx);
#endif
break;
default:
ESP_LOGE(TAG, "Illegal state!");

1
examples/protocols/https_server/wss_server/main/wss_server_example.c
Wyświetl plik

@ -18,6 +18,7 @@
#include <esp_https_server.h>
#include "keep_alive.h"
#include "sdkconfig.h"
#if !CONFIG_HTTPD_WS_SUPPORT
#error This example cannot be used unless HTTPD_WS_SUPPORT is enabled in esp-http-server component configuration

1
tools/ci/check_copyright_ignore.txt
Wyświetl plik

@ -1605,7 +1605,6 @@ components/spi_flash/test/test_spi_flash.c
components/tcp_transport/include/esp_transport_ssl.h
components/tcp_transport/include/esp_transport_tcp.h
components/tcp_transport/include/esp_transport_ws.h
components/tcp_transport/private_include/esp_transport_internal.h
components/tcp_transport/private_include/esp_transport_utils.h
components/tcp_transport/test/tcp_transport_fixtures.h
components/tcp_transport/test/test_transport_basic.c