Added ESP32 WiFiClientSecure::setCACertBundle().

Oozlum · Oozlum · commit bc4600ea4dc1 · 2022-03-24T16:56:28.000Z
WiFiClientSecure can now use a bundle of certificates to authenticate a server. See espressif/arduino-esp32#6106
diff --git a/src/Tiny_Websockets_Generic/client.hpp b/src/Tiny_Websockets_Generic/client.hpp
@@ -169,6 +169,7 @@ namespace websockets2_generic
       //////
   #elif defined(ESP32)
       void setCACert(const char* ca_cert);
+      void setCACertBundle(const uint8_t* ca_cert_bundle);
       void setCertificate(const char* client_ca);
       void setPrivateKey(const char* private_key);
   #endif
@@ -211,6 +212,7 @@ namespace websockets2_generic
       //////
   #elif defined(ESP32)
       const char* _optional_ssl_ca_cert = nullptr;
+      const uint8_t* _optional_ssl_ca_cert_bundle = nullptr;
       const char* _optional_ssl_client_ca = nullptr;
       const char* _optional_ssl_private_key = nullptr;
   #endif
diff --git a/src/Tiny_Websockets_Generic/network/esp32/esp32_tcp.hpp b/src/Tiny_Websockets_Generic/network/esp32/esp32_tcp.hpp
@@ -48,6 +48,11 @@ namespace websockets2_generic
           this->client.setCACert(ca_cert);
         }
     
+        void setCACertBundle(const uint8_t* ca_cert_bundle)
+        {
+          this->client.setCACertBundle(ca_cert_bundle);
+        }
+
         void setCertificate(const char* client_ca)
         {
           this->client.setCertificate(client_ca);
diff --git a/src/WebSockets2_Generic_Client.hpp b/src/WebSockets2_Generic_Client.hpp
@@ -458,13 +458,19 @@ namespace websockets2_generic
     
   #elif defined(ESP32)
 
-    if (this->_optional_ssl_ca_cert || this->_optional_ssl_client_ca || this->_optional_ssl_private_key)
+    if (this->_optional_ssl_ca_cert || this->_optional_ssl_ca_cert_bundle ||
+        this->_optional_ssl_client_ca || this->_optional_ssl_private_key)
     {
       if (this->_optional_ssl_ca_cert)
       {
         client->setCACert(this->_optional_ssl_ca_cert);
       }
 
+      if (this->_optional_ssl_ca_cert_bundle)
+      {
+        client->setCACertBundle(this->_optional_ssl_ca_cert_bundle);
+      }
+
       if (this->_optional_ssl_client_ca)
       {
         client->setCertificate(this->_optional_ssl_client_ca);
@@ -1119,6 +1125,13 @@ namespace websockets2_generic
   
   /////////////////////////////////////////////////////////
 
+  void WebsocketsClient::setCACertBundle(const uint8_t* ca_cert_bundle)
+  {
+    this->_optional_ssl_ca_cert_bundle = ca_cert_bundle;
+  }
+
+  /////////////////////////////////////////////////////////
+
   void WebsocketsClient::setCertificate(const char* client_ca)
   {
     this->_optional_ssl_client_ca = client_ca;
@@ -1136,6 +1149,7 @@ namespace websockets2_generic
   void WebsocketsClient::setInsecure()
   {
     this->_optional_ssl_ca_cert = nullptr;
+    this->_optional_ssl_ca_cert_bundle = nullptr;
     this->_optional_ssl_client_ca = nullptr;
     this->_optional_ssl_private_key = nullptr;
   }

Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,11 @@ namespace websockets2_generic`
`48`	`48`	`this->client.setCACert(ca_cert);`
`49`	`49`	`}`
`50`	`50`
	`51`	`+ void setCACertBundle(const uint8_t* ca_cert_bundle)`
	`52`	`+ {`
	`53`	`+ this->client.setCACertBundle(ca_cert_bundle);`
	`54`	`+ }`
	`55`	`+`
`51`	`56`	`void setCertificate(const char* client_ca)`
`52`	`57`	`{`
`53`	`58`	`this->client.setCertificate(client_ca);`
Original file line number	Diff line number	Diff line change
`@@ -458,13 +458,19 @@ namespace websockets2_generic`
`458`	`458`
`459`	`459`	`#elif defined(ESP32)`
`460`	`460`
`461`		`- if (this->_optional_ssl_ca_cert \|\| this->_optional_ssl_client_ca \|\| this->_optional_ssl_private_key)`
	`461`	`+ if (this->_optional_ssl_ca_cert \|\| this->_optional_ssl_ca_cert_bundle \|\|`
	`462`	`+ this->_optional_ssl_client_ca \|\| this->_optional_ssl_private_key)`
`462`	`463`	`{`
`463`	`464`	`if (this->_optional_ssl_ca_cert)`
`464`	`465`	`{`
`465`	`466`	`client->setCACert(this->_optional_ssl_ca_cert);`
`466`	`467`	`}`
`467`	`468`
	`469`	`+ if (this->_optional_ssl_ca_cert_bundle)`
	`470`	`+ {`
	`471`	`+ client->setCACertBundle(this->_optional_ssl_ca_cert_bundle);`
	`472`	`+ }`
	`473`	`+`
`468`	`474`	`if (this->_optional_ssl_client_ca)`
`469`	`475`	`{`
`470`	`476`	`client->setCertificate(this->_optional_ssl_client_ca);`
`@@ -1119,6 +1125,13 @@ namespace websockets2_generic`
`1119`	`1125`
`1120`	`1126`	`/////////////////////////////////////////////////////////`
`1121`	`1127`
	`1128`	`+ void WebsocketsClient::setCACertBundle(const uint8_t* ca_cert_bundle)`
	`1129`	`+ {`
	`1130`	`+ this->_optional_ssl_ca_cert_bundle = ca_cert_bundle;`
	`1131`	`+ }`
	`1132`	`+`
	`1133`	`+ /////////////////////////////////////////////////////////`
	`1134`	`+`
`1122`	`1135`	`void WebsocketsClient::setCertificate(const char* client_ca)`
`1123`	`1136`	`{`
`1124`	`1137`	`this->_optional_ssl_client_ca = client_ca;`
`@@ -1136,6 +1149,7 @@ namespace websockets2_generic`
`1136`	`1149`	`void WebsocketsClient::setInsecure()`
`1137`	`1150`	`{`
`1138`	`1151`	`this->_optional_ssl_ca_cert = nullptr;`
	`1152`	`+ this->_optional_ssl_ca_cert_bundle = nullptr;`
`1139`	`1153`	`this->_optional_ssl_client_ca = nullptr;`
`1140`	`1154`	`this->_optional_ssl_private_key = nullptr;`
`1141`	`1155`	`}`