mchapman/nina-fw
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

removed ssl/tls handshake, replaced with one which honors ssl handshake timeout

Browse Source
This commit is contained in:
brentru
2019-10-01 15:59:13 -04:00
parent e2761767e7
commit beb3a98b05
2 changed files with 34 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
SSL_WORK.code-workspace Normal file
View File

@@ -0,0 +1,11 @@
{
"folders": [
{
"path": "."
},
{
"path": "/Users/brent/Desktop/git_repos/arduino-esp32/libraries/WiFiClientSecure"
}
],
"settings": {}
}

49
arduino/libraries/WiFi/src/WiFiSSLClient.cpp
View File

@@ -165,55 +165,52 @@ int WiFiSSLClient::connect(const char* host, uint16_t port)
} }
ets_printf("*** connect conf RNG\n"); ets_printf("*** connect conf RNG\n");
mbedtls_ssl_conf_rng(&_sslConfig, mbedtls_ctr_drbg_random, &_ctrDrbgContext); mbedtls_ssl_conf_rng(&_sslConfig, mbedtls_ctr_drbg_random, &_ctrDrbgContext);
ets_printf("*** connect ssl setup\n"); ets_printf("*** connect ssl setup\n");
if ((ret = mbedtls_ssl_setup(&_sslContext, &_sslConfig)) != 0) {
if (mbedtls_ssl_setup(&_sslContext, &_sslConfig) != 0) { ets_printf("Unable to connect ssl setup %d", ret);
stop(); stop();
return 0; return 0;
} }
char portStr[6]; char portStr[6];
itoa(port, portStr, 10); itoa(port, portStr, 10);
ets_printf("*** connect netconnect\n"); ets_printf("*** connect netconnect\n");
if (mbedtls_net_connect(&_netContext, host, portStr, MBEDTLS_NET_PROTO_TCP) != 0) { if (mbedtls_net_connect(&_netContext, host, portStr, MBEDTLS_NET_PROTO_TCP) != 0) {
stop(); stop();
return 0; return 0;
} }
ets_printf("*** connect set bio\n"); ets_printf("*** connect set bio\n");
mbedtls_ssl_set_bio(&_sslContext, &_netContext, mbedtls_net_send, mbedtls_net_recv, NULL); mbedtls_ssl_set_bio(&_sslContext, &_netContext, mbedtls_net_send, mbedtls_net_recv, NULL);
int result = -1; ets_printf("*** start SSL/TLS handshake...");
unsigned long start_handshake = millis();
do { // ref: https://tls.mbed.org/api/ssl_8h.html#a4a37e497cd08c896870a42b1b618186e
ets_printf("*** connect ssl handshake\n"); while ((ret = mbedtls_ssl_handshake(&_sslContext)) !=0) {
result = mbedtls_ssl_handshake(&_sslContext); if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
} while (result == MBEDTLS_ERR_SSL_WANT_READ || result == MBEDTLS_ERR_SSL_WANT_WRITE); ets_printf("Error performing SSL handshake");
}
if (result != 0) { if((millis() - start_handshake) > handshake_timeout){
uint8_t module_id = (result >> 12) & 0x7; ets_printf("Handshake timeout");
uint8_t module_dep = (result >> 7) & 0x1F; return -1;
uint8_t lowlevel = result & 0x7F; }
ets_printf("*** ssl fail! result %x\t module id: %x module dependant: %x lowlevel: %x\n", result, module_id, module_dep, lowlevel); vTaskDelay(10 / portTICK_PERIOD_MS);
char str[100];
mbedtls_strerror(result, str, 100);
ets_printf("strerror: %s\n", str);
stop();
return 0;
} }
if (client_cert != NULL && client_key != NULL)
{
ets_printf("Protocol is %s Ciphersuite is %s", mbedtls_ssl_get_version(&_sslContext), mbedtls_ssl_get_ciphersuite(&_sslContext));
}
ets_printf("*** ssl set nonblock\n"); ets_printf("*** ssl set nonblock\n");
mbedtls_net_set_nonblock(&_netContext); mbedtls_net_set_nonblock(&_netContext);
_connected = true;
// TODO: Free heap (all certs, incl. CA cert...)
_connected = true;
return 1; return 1;
} }
} }