update AxTLS HTTPS examples, update AxTLS API to deprecated

d-a-v · d-a-v · commit 7e40b184a03f · 2018-11-24T01:10:27.000+01:00
diff --git a/libraries/ESP8266WiFi/examples/HTTPSRequestAxTLS/HTTPSRequestAxTLS.ino b/libraries/ESP8266WiFi/examples/HTTPSRequestAxTLS/HTTPSRequestAxTLS.ino
@@ -0,0 +1,102 @@
+/*
+    HTTP over TLS (HTTPS) example sketch
+
+    This example demonstrates how to use
+    WiFiClientSecure class to access HTTPS API.
+    We fetch and display the status of
+    esp8266/Arduino project continuous integration
+    build.
+
+    Limitations:
+      only RSA certificates
+      no support of Perfect Forward Secrecy (PFS)
+      TLSv1.2 is supported since version 2.4.0-rc1
+
+    Created by Ivan Grokhotkov, 2015.
+    This example is in public domain.
+*/
+
+#include <ESP8266WiFi.h>
+
+// force use of AxTLS (BearSSL is now default)
+#include <WiFiClientSecureAxTLS.h>
+using namespace axTLS;
+
+#ifndef STASSID
+#define STASSID "your-ssid"
+#define PSK  "your-password"
+#endif
+
+const char* ssid = STASSID;
+const char* password = PSK;
+
+const char* host = "api.github.com";
+const int httpsPort = 443;
+
+// Use web browser to view and copy
+// SHA1 fingerprint of the certificate
+const char* fingerprint = "5F F1 60 31 09 04 3E F2 90 D2 B0 8A 50 38 04 E8 37 9F BC 76";
+
+void setup() {
+  Serial.begin(115200);
+  Serial.println();
+  Serial.print("connecting to ");
+  Serial.println(ssid);
+  WiFi.mode(WIFI_STA);
+  WiFi.begin(ssid, password);
+  while (WiFi.status() != WL_CONNECTED) {
+    delay(500);
+    Serial.print(".");
+  }
+  Serial.println("");
+  Serial.println("WiFi connected");
+  Serial.println("IP address: ");
+  Serial.println(WiFi.localIP());
+
+  // Use WiFiClientSecure class to create TLS connection
+  WiFiClientSecure client;
+  Serial.print("connecting to ");
+  Serial.println(host);
+  if (!client.connect(host, httpsPort)) {
+    Serial.println("connection failed");
+    return;
+  }
+
+  if (client.verify(fingerprint, host)) {
+    Serial.println("certificate matches");
+  } else {
+    Serial.println("certificate doesn't match");
+  }
+
+  String url = "/repos/esp8266/Arduino/commits/master/status";
+  Serial.print("requesting URL: ");
+  Serial.println(url);
+
+  client.print(String("GET ") + url + " HTTP/1.1\r\n" +
+               "Host: " + host + "\r\n" +
+               "User-Agent: BuildFailureDetectorESP8266\r\n" +
+               "Connection: close\r\n\r\n");
+
+  Serial.println("request sent");
+  while (client.connected()) {
+    String line = client.readStringUntil('\n');
+    if (line == "\r") {
+      Serial.println("headers received");
+      break;
+    }
+  }
+  String line = client.readStringUntil('\n');
+  if (line.startsWith("{\"state\":\"success\"")) {
+    Serial.println("esp8266/Arduino CI successfull!");
+  } else {
+    Serial.println("esp8266/Arduino CI has failed");
+  }
+  Serial.println("reply was:");
+  Serial.println("==========");
+  Serial.println(line);
+  Serial.println("==========");
+  Serial.println("closing connection");
+}
+
+void loop() {
+}
diff --git a/libraries/ESP8266WiFi/examples/HTTPSRequestCACertAxTLS/CACert.ino b/libraries/ESP8266WiFi/examples/HTTPSRequestCACertAxTLS/CACert.ino
diff --git a/libraries/ESP8266WiFi/examples/HTTPSRequestCACertAxTLS/HTTPSRequestCACertAxTLS.ino b/libraries/ESP8266WiFi/examples/HTTPSRequestCACertAxTLS/HTTPSRequestCACertAxTLS.ino
@@ -20,10 +20,7 @@
 
 // force use of AxTLS (BearSSL is now default)
 #include <WiFiClientSecureAxTLS.h>
-using namespace AxTLS;
-
-// uncomment the line below to run the sketch
-#error Keeping this example for history, watch BearSSL_Validation example instead
+using namespace axTLS;
 
 #ifndef STASSID
 #define STASSID "your-ssid"
diff --git a/libraries/ESP8266WiFi/src/ESP8266WiFi.h b/libraries/ESP8266WiFi/src/ESP8266WiFi.h
@@ -38,10 +38,10 @@ extern "C" {
 
 #include "WiFiClient.h"
 #include "WiFiServer.h"
-#include "WiFiServerSecure.h"
-#include "WiFiClientSecure.h"
-#include "BearSSLHelpers.h"
-#include "CertStoreBearSSL.h"
+//#include "WiFiServerSecure.h"
+//#include "WiFiClientSecure.h"
+//#include "BearSSLHelpers.h"
+//#include "CertStoreBearSSL.h"
 
 #ifdef DEBUG_ESP_WIFI
 #ifdef DEBUG_ESP_PORT
diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecure.h b/libraries/ESP8266WiFi/src/WiFiClientSecure.h
@@ -20,18 +20,21 @@
 
 */
 
-#include "WiFiClientSecureAxTLS.h"
-#include "WiFiClientSecureBearSSL.h"
-
+//#include "WiFiClientSecureAxTLS.h"
 //using namespace axTLS;
+
+#include "WiFiClientSecureBearSSL.h"
 using namespace BearSSL;
 
-/* !! Now BearSSL is the default !!
+/**********************************
+ * !! Now BearSSL is the default !!
  
    While not advised,
-   to keep legacy code without updating, use:
+   Use legacy API without updating with:
 
+//#include <WiFiClientSecure.h>
 #include "WiFiClientSecureAxTLS.h"
 using namespace axTLS;
 
-*/
+ *
+ **********************************/
diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecureAxTLS.h b/libraries/ESP8266WiFi/src/WiFiClientSecureAxTLS.h
@@ -32,7 +32,7 @@ class SSLContext;
 
 class WiFiClientSecure : public WiFiClient {
 public:
-  WiFiClientSecure();
+  WiFiClientSecure() __attribute__((deprecated("Upgrade to BearSSL is advised, check https://github.com/esp8266/Arduino/blob/master/libraries/ESP8266WiFi/src/WiFiClientSecure.h#L25-L99")));
   ~WiFiClientSecure() override;
 
   int connect(IPAddress ip, uint16_t port) override;
diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h b/libraries/ESP8266WiFi/src/WiFiClientSecureBearSSL.h
@@ -121,10 +121,6 @@ class WiFiClientSecure : public WiFiClient {
     static bool probeMaxFragmentLength(const char *hostname, uint16_t port, uint16_t len);
     static bool probeMaxFragmentLength(const String host, uint16_t port, uint16_t len);
 
-    // AXTLS compatible wrappers
-    // Cannot implement this mode, we need FP before we can connect: bool verify(const char* fingerprint, const char* domain_name)
-    bool verifyCertChain(const char* domain_name) { (void)domain_name; return connected(); } // If we're connected, the cert passed validation during handshake
-
     bool setCACert(const uint8_t* pk, size_t size);
     bool setCertificate(const uint8_t* pk, size_t size);
     bool setPrivateKey(const uint8_t* pk, size_t size);
@@ -152,6 +148,21 @@ class WiFiClientSecure : public WiFiClient {
       return loadCACert(file, file.size());
     }
 
+    // AxTLS API deprecated warnings to help upgrading
+
+    bool verify(const char* fingerprint, const char* domain_name)
+      __attribute__((deprecated("This is deprecated AxTLS API, check https://github.com/esp8266/Arduino/blob/master/libraries/ESP8266WiFi/src/WiFiClientSecure.h#L25-L99"))) {
+      (void)fingerprint;
+      (void)domain_name;
+      return connected();
+    }
+
+    bool verifyCertChain(const char* domain_name)
+      __attribute__((deprecated("This is deprecated AxTLS API, check https://github.com/esp8266/Arduino/blob/master/libraries/ESP8266WiFi/src/WiFiClientSecure.h#L25-L99"))) {
+      (void)domain_name;
+      return connected();
+    }
+
   private:
     void _clear();
     void _clearAuthenticationSettings();
diff --git a/libraries/ESP8266WiFi/src/WiFiServerSecureAxTLS.cpp b/libraries/ESP8266WiFi/src/WiFiServerSecureAxTLS.cpp
@@ -30,6 +30,7 @@ extern "C" {
 #include "ESP8266WiFi.h"
 #include "WiFiClient.h"
 #include "WiFiServer.h"
+#include "WiFiClientSecureAxTLS.h"
 #include "lwip/opt.h"
 #include "lwip/tcp.h"
 #include "lwip/inet.h"
@@ -77,7 +78,10 @@ WiFiClientSecure WiFiServerSecure::available(uint8_t* status)
     }
 
     optimistic_yield(1000);
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored  "-Wdeprecated-declarations"
     return WiFiClientSecure();
+#pragma GCC diagnostic pop
 }
 
 };
