handshake in ssl_client.cpp (#2044)

a-c-sreedhar-reddy · me-no-dev · commit 46257c03b367 · 2018-11-26T23:25:08.000+01:00
* issue #2041 * handshake timeout * seconds to milliseconds
diff --git a/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp b/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp
@@ -35,7 +35,7 @@ WiFiClientSecure::WiFiClientSecure()
     sslclient = new sslclient_context;
     ssl_init(sslclient);
     sslclient->socket = -1;
-
+    sslclient->handshake_timeout = 120000;
     _CA_cert = NULL;
     _cert = NULL;
     _private_key = NULL;
@@ -50,6 +50,7 @@ WiFiClientSecure::WiFiClientSecure(int sock)
     sslclient = new sslclient_context;
     ssl_init(sslclient);
     sslclient->socket = sock;
+    sslclient->handshake_timeout = 120000;
 
     if (sock >= 0) {
         _connected = true;
@@ -285,3 +286,8 @@ int WiFiClientSecure::lastError(char *buf, const size_t size)
     snprintf(buf, size, "%s", error_buf);
     return _lastError;
 }
+
+void WiFiClientSecure::setHandshakeTimeout(unsigned long handshake_timeout)
+{
+    sslclient->handshake_timeout = handshake_timeout * 1000;
+}
diff --git a/libraries/WiFiClientSecure/src/WiFiClientSecure.h b/libraries/WiFiClientSecure/src/WiFiClientSecure.h
@@ -62,6 +62,7 @@ class WiFiClientSecure : public WiFiClient
     bool loadCertificate(Stream& stream, size_t size);
     bool loadPrivateKey(Stream& stream, size_t size);
     bool verify(const char* fingerprint, const char* domain_name);
+    void setHandshakeTimeout(unsigned long handshake_timeout);
 
     operator bool()
     {
diff --git a/libraries/WiFiClientSecure/src/ssl_client.cpp b/libraries/WiFiClientSecure/src/ssl_client.cpp
@@ -158,12 +158,14 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p
     mbedtls_ssl_set_bio(&ssl_client->ssl_ctx, &ssl_client->socket, mbedtls_net_send, mbedtls_net_recv, NULL );
 
     log_v("Performing the SSL/TLS handshake...");
-
+    unsigned long handshake_start_time=millis();
     while ((ret = mbedtls_ssl_handshake(&ssl_client->ssl_ctx)) != 0) {
         if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
             return handle_error(ret);
         }
-	vTaskDelay(10 / portTICK_PERIOD_MS);
+        if((millis()-handshake_start_time)>ssl_client->handshake_timeout)
+			return -1;
+	    vTaskDelay(10 / portTICK_PERIOD_MS);
     }
 
 
diff --git a/libraries/WiFiClientSecure/src/ssl_client.h b/libraries/WiFiClientSecure/src/ssl_client.h
@@ -23,6 +23,8 @@ typedef struct sslclient_context {
     mbedtls_x509_crt ca_cert;
     mbedtls_x509_crt client_cert;
     mbedtls_pk_context client_key;
+
+    unsigned long handshake_timeout;
 } sslclient_context;
 
 

Original file line number	Diff line number	Diff line change
`@@ -62,6 +62,7 @@ class WiFiClientSecure : public WiFiClient`
`62`	`62`	`bool loadCertificate(Stream& stream, size_t size);`
`63`	`63`	`bool loadPrivateKey(Stream& stream, size_t size);`
`64`	`64`	`bool verify(const char* fingerprint, const char* domain_name);`
	`65`	`+ void setHandshakeTimeout(unsigned long handshake_timeout);`
`65`	`66`
`66`	`67`	`operator bool()`
`67`	`68`	`{`
Original file line number	Diff line number	Diff line change
`@@ -158,12 +158,14 @@ int start_ssl_client(sslclient_context ssl_client, const char host, uint32_t p`
`158`	`158`	`mbedtls_ssl_set_bio(&ssl_client->ssl_ctx, &ssl_client->socket, mbedtls_net_send, mbedtls_net_recv, NULL );`
`159`	`159`
`160`	`160`	`log_v("Performing the SSL/TLS handshake...");`
`161`		`-`
	`161`	`+ unsigned long handshake_start_time=millis();`
`162`	`162`	`while ((ret = mbedtls_ssl_handshake(&ssl_client->ssl_ctx)) != 0) {`
`163`	`163`	`if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {`
`164`	`164`	`return handle_error(ret);`
`165`	`165`	`}`
`166`		`- vTaskDelay(10 / portTICK_PERIOD_MS);`
	`166`	`+ if((millis()-handshake_start_time)>ssl_client->handshake_timeout)`
	`167`	`+ return -1;`
	`168`	`+ vTaskDelay(10 / portTICK_PERIOD_MS);`
`167`	`169`	`}`
`168`	`170`
`169`	`171`