Merge pull request #436 from pennam/ssl-fixes

pennam · web-flow · commit f64f904e4f91 · 2025-02-21T11:10:45.000+01:00
C33 SSL client fix stop() and connect( .. ) with psk
diff --git a/libraries/SSLClient/src/SSLClient.cpp b/libraries/SSLClient/src/SSLClient.cpp
@@ -97,12 +97,9 @@ void SSLClient::setClient(Client& client)
 
 void SSLClient::stop()
 {
-    if (sslclient->client >= 0) {
-        //sslclient->client->stop();
-        _connected = false;
-        _peek = -1;
-    }
-    stop_ssl_socket(sslclient, _CA_cert, _cert, _private_key);
+    stop_ssl_socket(sslclient);
+    _connected = false;
+    _peek = -1;
 }
 
 int SSLClient::connect(IPAddress ip, uint16_t port)
@@ -150,12 +147,12 @@ int SSLClient::connect(const char *host, uint16_t port, const char *_CA_cert, co
 }
 
 int SSLClient::connect(IPAddress ip, uint16_t port, const char *pskIdent, const char *psKey) {
-    return connect(ip.toString().c_str(), port,_pskIdent, _psKey);
+    return connect(ip.toString().c_str(), port, pskIdent, psKey);
 }
 
 int SSLClient::connect(const char *host, uint16_t port, const char *pskIdent, const char *psKey) {
     log_v("start_ssl_client with PSK");
-    int ret = start_ssl_client(sslclient, host, port, _timeout, NULL, NULL, NULL, NULL, _pskIdent, _psKey, _use_insecure);
+    int ret = start_ssl_client(sslclient, host, port, _timeout, NULL, NULL, NULL, NULL, pskIdent, psKey, _use_insecure);
     _lastError = ret;
     if (ret < 0) {
         log_e("start_ssl_client: %d", ret);
diff --git a/libraries/SSLClient/src/ssl_client.cpp b/libraries/SSLClient/src/ssl_client.cpp
@@ -38,6 +38,7 @@ static int _handle_error(int err, const char * file, int line)
 
 #define handle_error(e) _handle_error(e, __FUNCTION__, __LINE__)
 
+#if defined(SSL_CLIENT_RECV_DISABLE_TIMEOUT)
 /**
  * \brief          Read at most 'len' characters. If no error occurs,
  *                 the actual amount read is returned.
@@ -52,11 +53,11 @@ static int _handle_error(int err, const char * file, int line)
  */
 static int client_net_recv( void *ctx, unsigned char *buf, size_t len ) {
     Client *client = (Client*)ctx;
-    if (!client) { 
+    if (!client) {
         log_e("Uninitialised!");
         return -1;
     }
-    
+
     //if (!client->connected()) {
     //    log_e("Not connected!");
     //    return -2;
@@ -68,31 +69,31 @@ static int client_net_recv( void *ctx, unsigned char *buf, size_t len ) {
     if (result > 0) {
         //esp_log_buffer_hexdump_internal("SSL.RD", buf, (uint16_t)result, ESP_LOG_VERBOSE);
     }
-    
+
     return result;
 }
-
-int client_net_recv_timeout( void *ctx, unsigned char *buf,
+#else
+static int client_net_recv_timeout( void *ctx, unsigned char *buf,
                              size_t len, uint32_t timeout ) {
     Client *client = (Client*)ctx;
-    if (!client) { 
+    if (!client) {
         log_e("Uninitialised!");
         return -1;
     }
     unsigned long start = millis();
     unsigned long tms = start + timeout;
-    int pending = client->available();
+    uint16_t pending = client->available();
     // If there is data in the client, wait for message completion
     if((pending > 0) && (pending < len))
     do {
-        int pending = client->available();
+        uint16_t pending = client->available();
         if (pending < len && timeout > 0) {
             delay(1);
         } else break;
     } while (millis() < tms);
-    
+
     int result = client->read(buf, len);
-    
+
     // lwIP interface return -1 if there is no data to read
     // report without throwing errors or block
     if (result <= 0) return MBEDTLS_ERR_SSL_WANT_READ;
@@ -102,10 +103,10 @@ int client_net_recv_timeout( void *ctx, unsigned char *buf,
     if (result > 0) {
         //esp_log_buffer_hexdump_internal("SSL.RD", buf, (uint16_t)result, ESP_LOG_VERBOSE);
     }
-    
+
     return result;
 }
-
+#endif
 
 /**
  * \brief          Write at most 'len' characters. If no error occurs,
@@ -121,20 +122,20 @@ int client_net_recv_timeout( void *ctx, unsigned char *buf,
  */
 static int client_net_send( void *ctx, const unsigned char *buf, size_t len ) {
     Client *client = (Client*)ctx;
-    if (!client) { 
+    if (!client) {
         log_e("Uninitialised!");
         return -1;
     }
-    
+
     //if (!client->connected()) {
     //    log_e("Not connected!");
     //    return -2;
     //}
-    
+
     //esp_log_buffer_hexdump_internal("SSL.WR", buf, (uint16_t)len, ESP_LOG_VERBOSE);
-    
+
     int result = client->write(buf, len);
-    
+
     log_d("SSL client TX res=%d len=%d", result, len);
     return result;
 }
@@ -152,7 +153,7 @@ void ssl_init(sslclient_context *ssl_client, Client *client, const char * ca_pat
     mbedtls_ssl_conf_ciphersuites(&ssl_client->ssl_conf, mbedtls_ssl_list_ciphersuites());
 
     mbedtls_ssl_conf_dbg(&ssl_client->ssl_conf, mbedtls_debug_print, NULL);
-    mbedtls_debug_set_threshold(DEBUG_LEVEL);
+    mbedtls_debug_set_threshold(SSL_DEBUG_LEVEL);
 
     mbedtls_fs_init(ca_path);
 }
@@ -225,7 +226,7 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p
         }
         unsigned char psk[MBEDTLS_PSK_MAX_LEN];
         size_t psk_len = strlen(psKey)/2;
-        for (int j=0; j<strlen(psKey); j+= 2) {
+        for (size_t j=0; j<strlen(psKey); j+= 2) {
             char c = psKey[j];
             if (c >= '0' && c <= '9') c -= '0';
             else if (c >= 'A' && c <= 'F') c -= 'A' - 10;
@@ -336,13 +337,13 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p
         memset(buf, 0, sizeof(buf));
         mbedtls_x509_crt_verify_info(buf, sizeof(buf), "  ! ", flags);
         log_e("Failed to verify peer certificate! verification info: %s", buf);
-        stop_ssl_socket(ssl_client, rootCABuff, cli_cert, cli_key);  //It's not safe continue.
+        stop_ssl_socket(ssl_client);  //It's not safe continue.
 
         return handle_error(ret);
     } else {
         log_v("Certificate verified.");
     }
-    
+
     if ((rootCABuff != NULL) || ((rootCAPath != NULL))) {
         log_d("free buffer");
         mbedtls_x509_crt_free(&ssl_client->ca_cert);
@@ -354,14 +355,14 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p
 
     if (cli_key != NULL) {
         mbedtls_pk_free(&ssl_client->client_key);
-    }    
+    }
 
     //return ssl_client->socket;
     return 1;
 }
 
 
-void stop_ssl_socket(sslclient_context *ssl_client, const char *rootCABuff, const char *cli_cert, const char *cli_key)
+void stop_ssl_socket(sslclient_context *ssl_client)
 {
     log_v("Cleaning SSL connection.");
 
diff --git a/libraries/SSLClient/src/ssl_client.h b/libraries/SSLClient/src/ssl_client.h
@@ -43,7 +43,7 @@ typedef struct sslclient_context {
 
 void ssl_init(sslclient_context *ssl_client, Client *client, const char *ca_path);
 int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t port, int timeout, const char *rootCABuff, const char *rootCAPath, const char *cli_cert, const char *cli_key, const char *pskIdent, const char *psKey, bool insecure);
-void stop_ssl_socket(sslclient_context *ssl_client, const char *rootCABuff, const char *cli_cert, const char *cli_key);
+void stop_ssl_socket(sslclient_context *ssl_client);
 int data_to_read(sslclient_context *ssl_client);
 int send_ssl_data(sslclient_context *ssl_client, const uint8_t *data, uint16_t len);
 int get_ssl_receive(sslclient_context *ssl_client, uint8_t *data, int length);
diff --git a/libraries/SSLClient/src/ssl_debug.cpp b/libraries/SSLClient/src/ssl_debug.cpp
@@ -20,7 +20,7 @@
 #include "ssl_debug.h"
 
 void ssl_debug_print(const char *format, ...) {
-    char debug_buf[1024];   
+    char debug_buf[1024];
     va_list argptr;
     va_start(argptr, format);
     vsnprintf(debug_buf, sizeof(debug_buf), format, argptr);
@@ -29,7 +29,7 @@ void ssl_debug_print(const char *format, ...) {
 }
 
 void ssl_debug_println(const char *format, ...) {
-    char debug_buf[1024];   
+    char debug_buf[1024];
     va_list argptr;
     va_start(argptr, format);
     vsnprintf(debug_buf, sizeof(debug_buf), format, argptr);
@@ -43,6 +43,7 @@ void ssl_debug_none(const char *format, ...) {
 
 void mbedtls_debug_print(void *ctx, int level, const char *file, int line, const char *str)
 {
+    ((void) ctx);
     ((void) level);
     ssl_debug_print("%s:%04d: %s", file, line, str);
 }
diff --git a/libraries/SSLClient/src/ssl_debug.h b/libraries/SSLClient/src/ssl_debug.h
@@ -29,33 +29,33 @@
  * 4: DEBUG
  * 5: VERBOSE
  */
-#define DEBUG_LEVEL 1
+#define SSL_DEBUG_LEVEL 1
 
-#if DEBUG_LEVEL > 0
+#if SSL_DEBUG_LEVEL > 0
     #define log_e ssl_debug_println
 #else
     #define log_e ssl_debug_none
 #endif
 
-#if DEBUG_LEVEL > 1
+#if SSL_DEBUG_LEVEL > 1
     #define log_w ssl_debug_println
 #else
     #define log_w ssl_debug_none
 #endif
 
-#if DEBUG_LEVEL > 2
+#if SSL_DEBUG_LEVEL > 2
     #define log_i ssl_debug_println
 #else
     #define log_i ssl_debug_none
 #endif
 
-#if DEBUG_LEVEL > 3
+#if SSL_DEBUG_LEVEL > 3
     #define log_d ssl_debug_println
 #else
     #define log_d ssl_debug_none
 #endif
-    
-#if DEBUG_LEVEL > 4
+
+#if SSL_DEBUG_LEVEL > 4
     #define log_v ssl_debug_println
 #else
     #define log_v ssl_debug_none
