From caaef4afd018a8788b17b3feee03829f16e1168b Mon Sep 17 00:00:00 2001 From: acreddy Date: Sat, 10 Nov 2018 12:49:37 +0530 Subject: [PATCH 1/3] issue #2041 --- libraries/WiFiClientSecure/src/ssl_client.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libraries/WiFiClientSecure/src/ssl_client.cpp b/libraries/WiFiClientSecure/src/ssl_client.cpp index 08be7d42984..3f17904c73a 100644 --- a/libraries/WiFiClientSecure/src/ssl_client.cpp +++ b/libraries/WiFiClientSecure/src/ssl_client.cpp @@ -158,12 +158,14 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p mbedtls_ssl_set_bio(&ssl_client->ssl_ctx, &ssl_client->socket, mbedtls_net_send, mbedtls_net_recv, NULL ); log_v("Performing the SSL/TLS handshake..."); - + unsigned long handshake_start_time=millis(); while ((ret = mbedtls_ssl_handshake(&ssl_client->ssl_ctx)) != 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { return handle_error(ret); } - vTaskDelay(10 / portTICK_PERIOD_MS); + if((millis()-handshake_start_time)>120000) + return -1; + vTaskDelay(10 / portTICK_PERIOD_MS); } From ae7fc6ce7822b9e0730ea90d158585e98485967c Mon Sep 17 00:00:00 2001 From: acreddy Date: Tue, 20 Nov 2018 00:08:30 +0530 Subject: [PATCH 2/3] handshake timeout --- libraries/WiFiClientSecure/src/WiFiClientSecure.cpp | 8 +++++++- libraries/WiFiClientSecure/src/WiFiClientSecure.h | 1 + libraries/WiFiClientSecure/src/ssl_client.cpp | 2 +- libraries/WiFiClientSecure/src/ssl_client.h | 2 ++ 4 files changed, 11 insertions(+), 2 deletions(-) diff --git a/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp b/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp index 40054f1c1e1..ed1e35c7c9b 100644 --- a/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp +++ b/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp @@ -35,7 +35,7 @@ WiFiClientSecure::WiFiClientSecure() sslclient = new sslclient_context; ssl_init(sslclient); sslclient->socket = -1; - + sslclient->handshake_timeout = 120000; _CA_cert = NULL; _cert = NULL; _private_key = NULL; @@ -50,6 +50,7 @@ WiFiClientSecure::WiFiClientSecure(int sock) sslclient = new sslclient_context; ssl_init(sslclient); sslclient->socket = sock; + sslclient->handshake_timeout = 120000; if (sock >= 0) { _connected = true; @@ -285,3 +286,8 @@ int WiFiClientSecure::lastError(char *buf, const size_t size) snprintf(buf, size, "%s", error_buf); return _lastError; } + +void WiFiClientSecure::setHandshakeTimeout(unsigned long handshake_timeout) +{ + sslclient->handshake_timeout = handshake_timeout; +} \ No newline at end of file diff --git a/libraries/WiFiClientSecure/src/WiFiClientSecure.h b/libraries/WiFiClientSecure/src/WiFiClientSecure.h index 21d9152fc3a..a9ba37617a3 100644 --- a/libraries/WiFiClientSecure/src/WiFiClientSecure.h +++ b/libraries/WiFiClientSecure/src/WiFiClientSecure.h @@ -62,6 +62,7 @@ class WiFiClientSecure : public WiFiClient bool loadCertificate(Stream& stream, size_t size); bool loadPrivateKey(Stream& stream, size_t size); bool verify(const char* fingerprint, const char* domain_name); + void setHandshakeTimeout(unsigned long handshake_timeout); operator bool() { diff --git a/libraries/WiFiClientSecure/src/ssl_client.cpp b/libraries/WiFiClientSecure/src/ssl_client.cpp index 3f17904c73a..f8736bd5dfd 100644 --- a/libraries/WiFiClientSecure/src/ssl_client.cpp +++ b/libraries/WiFiClientSecure/src/ssl_client.cpp @@ -163,7 +163,7 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { return handle_error(ret); } - if((millis()-handshake_start_time)>120000) + if((millis()-handshake_start_time)>ssl_client->handshake_timeout) return -1; vTaskDelay(10 / portTICK_PERIOD_MS); } diff --git a/libraries/WiFiClientSecure/src/ssl_client.h b/libraries/WiFiClientSecure/src/ssl_client.h index 81e0b33a7ce..6575313d78e 100644 --- a/libraries/WiFiClientSecure/src/ssl_client.h +++ b/libraries/WiFiClientSecure/src/ssl_client.h @@ -23,6 +23,8 @@ typedef struct sslclient_context { mbedtls_x509_crt ca_cert; mbedtls_x509_crt client_cert; mbedtls_pk_context client_key; + + unsigned long handshake_timeout; } sslclient_context; From decf8268664e6257bb59c562486afa355b56f0ff Mon Sep 17 00:00:00 2001 From: acreddy Date: Tue, 20 Nov 2018 00:11:51 +0530 Subject: [PATCH 3/3] seconds to milliseconds --- libraries/WiFiClientSecure/src/WiFiClientSecure.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp b/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp index ed1e35c7c9b..1a8574757b2 100644 --- a/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp +++ b/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp @@ -289,5 +289,5 @@ int WiFiClientSecure::lastError(char *buf, const size_t size) void WiFiClientSecure::setHandshakeTimeout(unsigned long handshake_timeout) { - sslclient->handshake_timeout = handshake_timeout; + sslclient->handshake_timeout = handshake_timeout * 1000; } \ No newline at end of file