Skip to content

Commit 4b74777

Browse files
pennampennam
committed
wifi ssl: add flags to handle custom root ca and client cert on reconnect
1 parent 706a8f6 commit 4b74777

File tree

2 files changed

+47
-4
lines changed

2 files changed

+47
-4
lines changed

UNOR4USBBridge/at_handler.h

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,10 +85,15 @@ class CAtHandler {
8585
void add_cmds_preferences();
8686
void add_cmds_se();
8787
public:
88+
/* Used by cmds_wifi_SSL */
8889
std::vector<std::uint8_t> cert_buf;
89-
std::vector<std::uint8_t> se_buf;
9090
std::vector<std::uint8_t> client_cert_pem;
9191
std::vector<std::uint8_t> client_key_pem;
92+
bool client_cert = false;
93+
bool ca_root_custom = false;
94+
95+
/* Used by cmds_se */
96+
std::vector<std::uint8_t> se_buf;
9297

9398
/* Used by cmds_ota */
9499
std::vector<std::uint8_t> ota_cert_buf;

UNOR4USBBridge/cmds_wifi_SSL.h

Lines changed: 41 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,6 @@ void CAtHandler::add_cmds_wifi_SSL() {
6868
return chAT::CommandStatus::ERROR;
6969
}
7070

71-
bool ca_root_custom = false;
7271
int ca_root_size = 0;
7372
if (parser.args.size() >= 2){
7473
auto &ca_root_size_str = parser.args[1];
@@ -80,8 +79,6 @@ void CAtHandler::add_cmds_wifi_SSL() {
8079
}
8180

8281
if(ca_root_custom) {
83-
84-
8582
cert_buf = srv.inhibit_read(ca_root_size);
8683
size_t offset = cert_buf.size();
8784

@@ -204,6 +201,8 @@ void CAtHandler::add_cmds_wifi_SSL() {
204201
/* Set client key */
205202
the_client.sslclient->setPrivateKey((const char *)client_key_pem.data());
206203

204+
client_cert = true;
205+
207206
return chAT::CommandStatus::OK;
208207
}
209208
default:
@@ -277,6 +276,19 @@ void CAtHandler::add_cmds_wifi_SSL() {
277276
return chAT::CommandStatus::ERROR;
278277
}
279278

279+
/* Set custom root ca */
280+
if (ca_root_custom) {
281+
the_client.sslclient->setCACert((const char *)cert_buf.data());
282+
}
283+
/* Default ca bundle is configured automatically on connect by the WiFiSSLClient */
284+
285+
if (client_cert) {
286+
/* Set client certificate */
287+
the_client.sslclient->setCertificate((const char *)client_cert_pem.data());
288+
/* Set client key */
289+
the_client.sslclient->setPrivateKey((const char *)client_key_pem.data());
290+
}
291+
280292
if (!the_client.sslclient->connect(host.c_str(), atoi(port.c_str()))) {
281293
return chAT::CommandStatus::ERROR;
282294
}
@@ -326,6 +338,19 @@ void CAtHandler::add_cmds_wifi_SSL() {
326338
return chAT::CommandStatus::ERROR;
327339
}
328340

341+
/* Set custom root ca */
342+
if (ca_root_custom) {
343+
the_client.sslclient->setCACert((const char *)cert_buf.data());
344+
}
345+
/* Default ca bundle is configured automatically on connect by the WiFiSSLClient */
346+
347+
if (client_cert) {
348+
/* Set client certificate */
349+
the_client.sslclient->setCertificate((const char *)client_cert_pem.data());
350+
/* Set client key */
351+
the_client.sslclient->setPrivateKey((const char *)client_key_pem.data());
352+
}
353+
329354
if (!the_client.sslclient->connect(address, atoi(hostport.c_str()))) {
330355
return chAT::CommandStatus::ERROR;
331356
}
@@ -381,6 +406,19 @@ void CAtHandler::add_cmds_wifi_SSL() {
381406
}
382407
}
383408

409+
/* Set custom root ca */
410+
if (ca_root_custom) {
411+
the_client.sslclient->setCACert((const char *)cert_buf.data());
412+
}
413+
/* Default ca bundle is configured automatically on connect by the WiFiSSLClient */
414+
415+
if (client_cert) {
416+
/* Set client certificate */
417+
the_client.sslclient->setCertificate((const char *)client_cert_pem.data());
418+
/* Set client key */
419+
the_client.sslclient->setPrivateKey((const char *)client_key_pem.data());
420+
}
421+
384422
if (!the_client.sslclient->connect(host.c_str(), atoi(port.c_str()), timeout)) {
385423
return chAT::CommandStatus::ERROR;
386424
}

0 commit comments

Comments
 (0)