From 43835273dd2f210ca022eaad6cd6302dd6613c4d Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 2 Aug 2023 23:21:46 +0700 Subject: [PATCH] Fix X.509 verification time in Reaspery Pi Pico. --- examples/certificate/certificate.ino | 182 +++++++++++++++++ examples/ethernet/ethernet.ino | 138 +++++++++++++ examples/gsm/gsm.ino | 267 +++++++++++++++++++++++++ examples/http_upgrade/http_upgrade.ino | 6 +- examples/https/https.ino | 6 +- examples/mqtt/mqtt.ino | 6 +- library.json | 2 +- library.properties | 2 +- src/ESP_SSLClient.h | 4 +- src/ESP_SSLClient_Const.h | 5 +- src/ESP_SSLClient_FS.h | 4 +- src/client/BSSL_CertStore.cpp | 5 +- src/client/BSSL_CertStore.h | 5 +- src/client/BSSL_Helper.cpp | 6 +- src/client/BSSL_Helper.h | 5 +- src/client/BSSL_SSL_Client.cpp | 15 +- src/client/BSSL_SSL_Client.h | 11 +- src/client/BSSL_TCP_Client.cpp | 9 +- src/client/BSSL_TCP_Client.h | 10 +- 19 files changed, 645 insertions(+), 43 deletions(-) create mode 100644 examples/certificate/certificate.ino create mode 100644 examples/ethernet/ethernet.ino create mode 100644 examples/gsm/gsm.ino diff --git a/examples/certificate/certificate.ino b/examples/certificate/certificate.ino new file mode 100644 index 0000000..0e95c7c --- /dev/null +++ b/examples/certificate/certificate.ino @@ -0,0 +1,182 @@ +/** + * This example shows how to connect to server via https and verify the root certificate using the SSL client. + * + * This example works on the Arduino-Pico SDK from Earle F. Philhower. + * https://github.com/earlephilhower/arduino-pico + * + * Email: suwatchai@outlook.com + * + * Github: https://github.com/mobizt/ESP_SSLSClient + * + * Copyright (c) 2023 mobizt + * + */ + +#include +#if defined(ESP32) || defined(ARDUINO_RASPBERRY_PI_PICO_W) +#include +#elif defined(ESP8266) +#include +#elif __has_include() +#include ) +#include + +#define WIFI_SSID "WIFI_AP" +#define WIFI_PASSWORD "WIFI_PASSWORD" + +// Baltimore CyberTrust Root +// Expired on Tue May 13 2025 +const char rootCA[] PROGMEM = "-----BEGIN CERTIFICATE-----\n" + "MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ\n" + "RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD\n" + "VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX\n" + "DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y\n" + "ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy\n" + "VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr\n" + "mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr\n" + "IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK\n" + "mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu\n" + "XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy\n" + "dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye\n" + "jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1\n" + "BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3\n" + "DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92\n" + "9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx\n" + "jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0\n" + "Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz\n" + "ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS\n" + "R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp\n" + "-----END CERTIFICATE-----\n"; + +ESP_SSLClient ssl_client; + +// EthernetClient basic_client; +// GSMClient basic_client; +WiFiClient basic_client; + +#if defined(ARDUINO_RASPBERRY_PI_PICO_W) +WiFiMulti multi; +#endif + +void setup() +{ + Serial.begin(115200); + +#if defined(ARDUINO_RASPBERRY_PI_PICO_W) + multi.addAP(WIFI_SSID, WIFI_PASSWORD); + multi.run(); +#else + WiFi.begin(WIFI_SSID, WIFI_PASSWORD); +#endif + + Serial.print("Connecting to Wi-Fi"); + unsigned long ms = millis(); + while (WiFi.status() != WL_CONNECTED) + { + Serial.print("."); + delay(300); +#if defined(ARDUINO_RASPBERRY_PI_PICO_W) + if (millis() - ms > 10000) + break; +#endif + } + Serial.println(); + Serial.print("Connected with IP: "); + Serial.println(WiFi.localIP()); + Serial.println(); + +// The valid time is required for server certificate verification. +#if defined(ESP8266) || defined(ESP32) && !defined(ARDUINO_NANO_RP2040_CONNECT) + + configTime(0, 0, "pool.ntp.org", "time.nist.gov"); + while (time(nullptr) < ESP_SSLCLIENT_VALID_TIMESTAMP) + { + delay(100); + } + + // If verification time was not set via this function, the device system time will be used + // ssl_client.setX509Time(time(nullptr)); + +#elif defined(ARDUINO_ARCH_RP2040) && !defined(ARDUINO_NANO_RP2040_CONNECT) + + configTime(10000, 0, "pool.ntp.org", "time.nist.gov"); + while (time(nullptr) < ESP_SSLCLIENT_VALID_TIMESTAMP) + { + delay(100); + } + + // If verification time was not set via this function, the device system time will be used + // ssl_client.setX509Time(time(nullptr)); + +#elif __has_include() || __has_include() + time_t ts = WiFi.getTime(); + + // The verification time setting is required because the device system time i.e. time(nullptr) is not available in this case. + ssl_client.setX509Time(ts); +#endif + + // Set the server certificate, intermediate cerificate or root certificate + ssl_client.setCACert(rootCA); + + // Set the receive and transmit buffers size in bytes for memory allocation (512 to 16384). + ssl_client.setBufferSizes(1024 /* rx */, 512 /* tx */); + + /** Call setDebugLevel(level) to set the debug + * esp_ssl_debug_none = 0 + * esp_ssl_debug_error = 1 + * esp_ssl_debug_warn = 2 + * esp_ssl_debug_info = 3 + * esp_ssl_debug_dump = 4 + */ + ssl_client.setDebugLevel(1); + + // assign the basic client + ssl_client.setClient(&basic_client); +} + +void loop() +{ + Serial.println("---------------------------------"); + Serial.print("Connecting to server..."); + + String payload = "{\"title\":\"hello\"}"; + + if (ssl_client.connect("reqres.in", 443)) + { + Serial.println(" ok"); + Serial.println("Send POST request..."); + ssl_client.print("POST /api/users HTTP/1.1\n"); + ssl_client.print("Host: reqres.in\n"); + ssl_client.print("Content-Type: application/json\n"); + ssl_client.print("Content-Length: "); + ssl_client.print(payload.length()); + ssl_client.print("\n\n"); + ssl_client.print(payload); + + Serial.print("Read response..."); + + unsigned long ms = millis(); + while (!ssl_client.available() && millis() - ms < 3000) + { + delay(0); + } + Serial.println(); + while (ssl_client.available()) + { + Serial.print((char)ssl_client.read()); + } + Serial.println(); + } + else + Serial.println(" failed\n"); + + ssl_client.stop(); + + Serial.println(); + + delay(5000); +} \ No newline at end of file diff --git a/examples/ethernet/ethernet.ino b/examples/ethernet/ethernet.ino new file mode 100644 index 0000000..b8efd04 --- /dev/null +++ b/examples/ethernet/ethernet.ino @@ -0,0 +1,138 @@ +/** + * This example shows how to connect to server using W5500, ESP32 and SSL Client. + * + * This example works on the Arduino-Pico SDK from Earle F. Philhower. + * https://github.com/earlephilhower/arduino-pico + * + * Email: suwatchai@outlook.com + * + * Github: https://github.com/mobizt/ESP_SSLSClient + * + * Copyright (c) 2023 mobizt + * + */ + +#include +#include + +#include + +#define WIZNET_RESET_PIN 26 // Connect W5500 Reset pin to GPIO 26 of ESP32 +#define WIZNET_CS_PIN 5 // Connect W5500 CS pin to GPIO 5 of ESP32 +#define WIZNET_MISO_PIN 19 // Connect W5500 MISO pin to GPIO 19 of ESP32 +#define WIZNET_MOSI_PIN 23 // Connect W5500 MOSI pin to GPIO 23 of ESP32 +#define WIZNET_SCLK_PIN 18 // Connect W5500 SCLK pin to GPIO 18 of ESP32 + +ESP_SSLClient ssl_client; + +EthernetClient basic_client; + +uint8_t Eth_MAC[] = {0x02, 0xF0, 0x0D, 0xBE, 0xEF, 0x01}; + +void ResetEthernet() +{ + Serial.println("Resetting WIZnet W5500 Ethernet Board... "); + pinMode(WIZNET_RESET_PIN, OUTPUT); + digitalWrite(WIZNET_RESET_PIN, HIGH); + delay(200); + digitalWrite(WIZNET_RESET_PIN, LOW); + delay(50); + digitalWrite(WIZNET_RESET_PIN, HIGH); + delay(200); +} + +void networkConnection() +{ + + Ethernet.init(WIZNET_CS_PIN); + + ResetEthernet(); + + Serial.println("Starting Ethernet connection..."); + Ethernet.begin(Eth_MAC); + + unsigned long to = millis(); + + while (Ethernet.linkStatus() == LinkOFF || millis() - to < 2000) + { + delay(100); + } + + if (Ethernet.linkStatus() == LinkON) + { + Serial.print("Connected with IP "); + Serial.println(Ethernet.localIP()); + } + else + { + Serial.println("Can't connect"); + } +} + +void setup() +{ + Serial.begin(115200); + + networkConnection(); + + // ignore server ssl certificate verification + ssl_client.setInsecure(); + + // Set the receive and transmit buffers size in bytes for memory allocation (512 to 16384). + ssl_client.setBufferSizes(1024 /* rx */, 512 /* tx */); + + /** Call setDebugLevel(level) to set the debug + * esp_ssl_debug_none = 0 + * esp_ssl_debug_error = 1 + * esp_ssl_debug_warn = 2 + * esp_ssl_debug_info = 3 + * esp_ssl_debug_dump = 4 + */ + ssl_client.setDebugLevel(1); + + // assign the basic client + ssl_client.setClient(&basic_client); +} + +void loop() +{ + Serial.println("---------------------------------"); + Serial.print("Connecting to server..."); + + String payload = "{\"title\":\"hello\"}"; + + if (ssl_client.connect("reqres.in", 443)) + { + Serial.println(" ok"); + Serial.println("Send POST request..."); + ssl_client.print("POST /api/users HTTP/1.1\n"); + ssl_client.print("Host: reqres.in\n"); + ssl_client.print("Content-Type: application/json\n"); + ssl_client.print("Content-Length: "); + ssl_client.print(payload.length()); + ssl_client.print("\n\n"); + ssl_client.print(payload); + + Serial.print("Read response..."); + + unsigned long ms = millis(); + while (!ssl_client.available() && millis() - ms < 3000) + { + delay(0); + } + Serial.println(); + while (ssl_client.available()) + { + Serial.print((char)ssl_client.read()); + } + Serial.println(); + } + else + Serial.println(" failed\n"); + + ssl_client.stop(); + + Serial.println(); + + delay(5000); +} \ No newline at end of file diff --git a/examples/gsm/gsm.ino b/examples/gsm/gsm.ino new file mode 100644 index 0000000..c5843d9 --- /dev/null +++ b/examples/gsm/gsm.ino @@ -0,0 +1,267 @@ +/** + * This example shows how to connect to server using LilyGo TTGO T-A7670X and SSL Client. + * + * This example works on the Arduino-Pico SDK from Earle F. Philhower. + * https://github.com/earlephilhower/arduino-pico + * + * Email: suwatchai@outlook.com + * + * Github: https://github.com/mobizt/ESP_SSLSClient + * + * Copyright (c) 2023 mobizt + * + */ + +#define TINY_GSM_MODEM_SIM7600 // SIMA7670 Compatible with SIM7600 AT instructions + +// Set serial for debug console (to the Serial Monitor, default speed 115200) +#define SerialMon Serial + +// Set serial for AT commands (to the module) +// Use Hardware Serial on Mega, Leonardo, Micro +#define SerialAT Serial1 + +// See all AT commands, if wanted +// #define DUMP_AT_COMMANDS + +// Define the serial console for debug prints, if needed +#define TINY_GSM_DEBUG SerialMon + +#define TINY_GSM_USE_GPRS true +#define TINY_GSM_USE_WIFI false + +// set GSM PIN, if any +#define GSM_PIN "" + +// Your GPRS credentials, if any +const char apn[] = "YourAPN"; +const char gprsUser[] = ""; +const char gprsPass[] = ""; + + +#include + +#include + +#ifdef DUMP_AT_COMMANDS +#include +StreamDebugger debugger(SerialAT, SerialMon); +TinyGsm modem(debugger); +#else +TinyGsm modem(SerialAT); +#endif + +TinyGsmClient basic_client(modem); + +ESP_SSLClient ssl_client; + +#define uS_TO_S_FACTOR 1000000ULL // Conversion factor for micro seconds to seconds +#define TIME_TO_SLEEP 600 // Time ESP32 will go to sleep (in seconds) + +#define UART_BAUD 115200 +#define PIN_DTR 25 +#define PIN_TX 26 +#define PIN_RX 27 +#define PWR_PIN 4 +#define BAT_ADC 35 +#define BAT_EN 12 +#define PIN_RI 33 +#define PIN_DTR 25 +#define RESET 5 + +#define SD_MISO 2 +#define SD_MOSI 15 +#define SD_SCLK 14 +#define SD_CS 13 + +void setup() +{ + // Set console baud rate + SerialMon.begin(115200); + delay(10); + pinMode(BAT_EN, OUTPUT); + digitalWrite(BAT_EN, HIGH); + + // A7670 Reset + pinMode(RESET, OUTPUT); + digitalWrite(RESET, LOW); + delay(100); + digitalWrite(RESET, HIGH); + delay(3000); + digitalWrite(RESET, LOW); + + pinMode(PWR_PIN, OUTPUT); + digitalWrite(PWR_PIN, LOW); + delay(100); + digitalWrite(PWR_PIN, HIGH); + delay(1000); + digitalWrite(PWR_PIN, LOW); + + DBG("Wait..."); + + delay(3000); + + SerialAT.begin(UART_BAUD, SERIAL_8N1, PIN_RX, PIN_TX); + + // Restart takes quite some time + // To skip it, call init() instead of restart() + DBG("Initializing modem..."); + if (!modem.init()) + { + DBG("Failed to restart modem, delaying 10s and retrying"); + return; + } + + /* + 2 Automatic + 13 GSM Only + 14 WCDMA Only + 38 LTE Only + */ + String result; + result = modem.setNetworkMode(38); + if (modem.waitResponse(10000L) != 1) + { + DBG(" setNetworkMode faill"); + return; + } + + // ignore server ssl certificate verification + ssl_client.setInsecure(); + + // Set the receive and transmit buffers size in bytes for memory allocation (512 to 16384). + ssl_client.setBufferSizes(1024 /* rx */, 512 /* tx */); + + /** Call setDebugLevel(level) to set the debug + * esp_ssl_debug_none = 0 + * esp_ssl_debug_error = 1 + * esp_ssl_debug_warn = 2 + * esp_ssl_debug_info = 3 + * esp_ssl_debug_dump = 4 + */ + ssl_client.setDebugLevel(1); + + // assign the basic client + ssl_client.setClient(&basic_client); +} + +void loop() +{ + // Restart takes quite some time + // To skip it, call init() instead of restart() + /* DBG("Initializing modem..."); + if (!modem.restart()) { + DBG("Failed to restart modem, delaying 10s and retrying"); + return; + }*/ + + String name = modem.getModemName(); + DBG("Modem Name:", name); + + String modemInfo = modem.getModemInfo(); + DBG("Modem Info:", modemInfo); + +#if TINY_GSM_USE_GPRS + // Unlock your SIM card with a PIN if needed + if (GSM_PIN && modem.getSimStatus() != 3) + { + modem.simUnlock(GSM_PIN); + } +#endif + +#if TINY_GSM_USE_WIFI + // Wifi connection parameters must be set before waiting for the network + SerialMon.print(F("Setting SSID/password...")); + if (!modem.networkConnect(wifiSSID, wifiPass)) + { + SerialMon.println(" fail"); + delay(10000); + return; + } + SerialMon.println(" success"); +#endif + +#if TINY_GSM_USE_GPRS && defined TINY_GSM_MODEM_XBEE + // The XBee must run the gprsConnect function BEFORE waiting for network! + modem.gprsConnect(apn, gprsUser, gprsPass); +#endif + + SerialMon.print("Waiting for network..."); + if (!modem.waitForNetwork()) + { + SerialMon.println(" fail"); + delay(10000); + return; + } + SerialMon.println(" success"); + + if (modem.isNetworkConnected()) + { + SerialMon.println("Network connected"); + } + +#if TINY_GSM_USE_GPRS + // GPRS connection parameters are usually set after network registration + SerialMon.print(F("Connecting to ")); + SerialMon.print(apn); + if (!modem.gprsConnect(apn, gprsUser, gprsPass)) + { + SerialMon.println(" fail"); + delay(10000); + return; + } + SerialMon.println(" success"); + + if (modem.isGprsConnected()) + { + SerialMon.println("GPRS connected"); + } +#endif + + Serial.println("---------------------------------"); + Serial.print("Connecting to server..."); + + String payload = "{\"title\":\"hello\"}"; + + if (ssl_client.connect("reqres.in", 443)) + { + Serial.println(" ok"); + Serial.println("Send POST request..."); + ssl_client.print("POST /api/users HTTP/1.1\n"); + ssl_client.print("Host: reqres.in\n"); + ssl_client.print("Content-Type: application/json\n"); + ssl_client.print("Content-Length: "); + ssl_client.print(payload.length()); + ssl_client.print("\n\n"); + ssl_client.print(payload); + + Serial.print("Read response..."); + + unsigned long ms = millis(); + while (!ssl_client.available() && millis() - ms < 3000) + { + delay(0); + } + Serial.println(); + while (ssl_client.available()) + { + Serial.print((char)ssl_client.read()); + } + Serial.println(); + } + else + Serial.println(" failed\n"); + + ssl_client.stop(); + + Serial.println(); + + modem.gprsDisconnect(); + SerialMon.println(F("GPRS disconnected")); + + // Do nothing forevermore + while (true) + { + delay(1000); + } +} \ No newline at end of file diff --git a/examples/http_upgrade/http_upgrade.ino b/examples/http_upgrade/http_upgrade.ino index 4122588..9507bca 100644 --- a/examples/http_upgrade/http_upgrade.ino +++ b/examples/http_upgrade/http_upgrade.ino @@ -12,10 +12,14 @@ * */ #include -#if defined(ESP32) || defined(PICO_RP2040) +#if defined(ESP32) || defined(ARDUINO_RASPBERRY_PI_PICO_W) #include #elif defined(ESP8266) #include +#elif __has_include() +#include ) +#include diff --git a/examples/https/https.ino b/examples/https/https.ino index e72b5d5..b288e3a 100644 --- a/examples/https/https.ino +++ b/examples/https/https.ino @@ -13,10 +13,14 @@ */ #include -#if defined(ESP32) || defined(PICO_RP2040) +#if defined(ESP32) || defined(ARDUINO_RASPBERRY_PI_PICO_W) #include #elif defined(ESP8266) #include +#elif __has_include() +#include ) +#include diff --git a/examples/mqtt/mqtt.ino b/examples/mqtt/mqtt.ino index ccc3575..46386f2 100644 --- a/examples/mqtt/mqtt.ino +++ b/examples/mqtt/mqtt.ino @@ -12,10 +12,14 @@ * */ #include -#if defined(ESP32) || defined(PICO_RP2040) +#if defined(ESP32) || defined(ARDUINO_RASPBERRY_PI_PICO_W) #include #elif defined(ESP8266) #include +#elif __has_include() +#include ) +#include diff --git a/library.json b/library.json index 85391e1..d0c78d2 100644 --- a/library.json +++ b/library.json @@ -1,6 +1,6 @@ { "name": "ESP_SSLClient", - "version": "2.0.1", + "version": "2.0.3", "keywords": "communication, REST, esp32, esp8266, arduino", "description": "This library provided the Secure Layer Networking (SSL/TLS) TCP Client for ESP8266, ESP32 and Raspberry Pi RP2040, Teensy, SAMD, AVR and other Arduino devices that support external networking interfaces e.g., WiFiClient, EthernetClient and GSMClient.", "repository": { diff --git a/library.properties b/library.properties index 059b225..213b475 100644 --- a/library.properties +++ b/library.properties @@ -1,6 +1,6 @@ name=ESP_SSLClient -version=2.0.1 +version=2.0.3 author=Mobizt diff --git a/src/ESP_SSLClient.h b/src/ESP_SSLClient.h index 2121531..9f7bc59 100644 --- a/src/ESP_SSLClient.h +++ b/src/ESP_SSLClient.h @@ -1,8 +1,8 @@ /** * - * The ESP SSL Client Class, ESP_SSLClient.h v2.0.1 + * The ESP SSL Client Class, ESP_SSLClient.h v2.0.3 * - * Created August 2, 2023 + * Created August 3, 2023 * * The MIT License (MIT) * Copyright (c) 2023 K. Suwatchai (Mobizt) diff --git a/src/ESP_SSLClient_Const.h b/src/ESP_SSLClient_Const.h index 9410eb6..19711bc 100644 --- a/src/ESP_SSLClient_Const.h +++ b/src/ESP_SSLClient_Const.h @@ -1,6 +1,3 @@ -#pragma GCC diagnostic ignored "-Wunused-function" -#pragma GCC diagnostic ignored "-Wvla" - #ifndef ESP_SSLCLIENT_CONST_H #define ESP_SSLCLIENT_CONST_H @@ -12,6 +9,8 @@ #include #include +#define ESP_SSLCLIENT_VALID_TIMESTAMP 1690979919 + #ifndef SSLCLIENT_CONNECTION_UPGRADABLE #define SSLCLIENT_CONNECTION_UPGRADABLE #endif diff --git a/src/ESP_SSLClient_FS.h b/src/ESP_SSLClient_FS.h index 4ac1213..a7f5509 100644 --- a/src/ESP_SSLClient_FS.h +++ b/src/ESP_SSLClient_FS.h @@ -1,8 +1,8 @@ #ifndef ESP_SSLClient_FS_H #define ESP_SSLClient_FS_H - -#if (defined(ESP8266) || defined(PICO_RP2040)) && !defined(ARDUINO_NANO_RP2040_CONNECT) +#if (defined(ESP8266) || defined(ARDUINO_ARCH_RP2040)) && !defined(ARDUINO_NANO_RP2040_CONNECT) +// for ESP8266 and Raspberry Pi Pico (RP2040) only except for Arduino Nano RP2040 Connect #define USE_EMBED_SSL_ENGINE #else #define USE_LIB_SSL_ENGINE diff --git a/src/client/BSSL_CertStore.cpp b/src/client/BSSL_CertStore.cpp index 45c2c48..f3df622 100644 --- a/src/client/BSSL_CertStore.cpp +++ b/src/client/BSSL_CertStore.cpp @@ -16,6 +16,8 @@ License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ +#ifndef BSSL_CERTSTORE_CPP +#define BSSL_CERTSTORE_CPP #pragma GCC diagnostic ignored "-Wunused-function" #pragma GCC diagnostic ignored "-Wvla" @@ -24,9 +26,6 @@ #include "ESP_SSLClient_FS.h" #if defined(USE_LIB_SSL_ENGINE) -#ifndef BSSL_CERTSTORE_CPP -#define BSSL_CERTSTORE_CPP - #include "BSSL_CertStore.h" #if defined(ESP_SSL_FS_SUPPORTED) diff --git a/src/client/BSSL_CertStore.h b/src/client/BSSL_CertStore.h index 50e4853..31e9571 100644 --- a/src/client/BSSL_CertStore.h +++ b/src/client/BSSL_CertStore.h @@ -17,6 +17,9 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ +#ifndef BSSL_CERTSTORE_H +#define BSSL_CERTSTORE_H + #pragma GCC diagnostic ignored "-Wunused-function" #pragma GCC diagnostic ignored "-Wvla" @@ -24,8 +27,6 @@ #include "ESP_SSLClient_FS.h" #if defined(USE_LIB_SSL_ENGINE) -#ifndef BSSL_CERTSTORE_H -#define BSSL_CERTSTORE_H #if defined __has_include #if __has_include() && defined(ESP_SSLCLIENT_USE_FILESYSTEM) diff --git a/src/client/BSSL_Helper.cpp b/src/client/BSSL_Helper.cpp index 24dac99..2e1eb60 100644 --- a/src/client/BSSL_Helper.cpp +++ b/src/client/BSSL_Helper.cpp @@ -20,6 +20,9 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ +#ifndef BSSL_HELPER_CPP +#define BSSL_HELPER_CPP + #pragma GCC diagnostic ignored "-Wunused-function" #pragma GCC diagnostic ignored "-Wvla" @@ -27,9 +30,6 @@ #include "ESP_SSLClient_FS.h" #if defined(USE_LIB_SSL_ENGINE) -#ifndef BSSL_HELPER_CPP -#define BSSL_HELPER_CPP - #include "BSSL_Helper.h" #include #include diff --git a/src/client/BSSL_Helper.h b/src/client/BSSL_Helper.h index cc0ab3d..d8064b1 100644 --- a/src/client/BSSL_Helper.h +++ b/src/client/BSSL_Helper.h @@ -20,12 +20,13 @@ License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ -#pragma GCC diagnostic ignored "-Wunused-function" -#pragma GCC diagnostic ignored "-Wvla" #ifndef BSSL_HELPER_H #define BSSL_HELPER_H +#pragma GCC diagnostic ignored "-Wunused-function" +#pragma GCC diagnostic ignored "-Wvla" + #include #include "ESP_SSLClient_FS.h" diff --git a/src/client/BSSL_SSL_Client.cpp b/src/client/BSSL_SSL_Client.cpp index f75724c..61cffec 100644 --- a/src/client/BSSL_SSL_Client.cpp +++ b/src/client/BSSL_SSL_Client.cpp @@ -1,7 +1,7 @@ /** - * BSSL_SSL_Client library v1.0 for Arduino devices. + * BSSL_SSL_Client library v1.0.1 for Arduino devices. * - * Created August 1, 2003 + * Created August 3, 2003 * * This work contains codes based on WiFiClientSecure from Earle F. Philhower and SSLClient from OSU OPEnS Lab. * @@ -31,12 +31,12 @@ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ -#pragma GCC diagnostic ignored "-Wunused-function" -#pragma GCC diagnostic ignored "-Wvla" - #ifndef BSSL_SSL_CLIENT_CPP #define BSSL_SSL_CLIENT_CPP +#pragma GCC diagnostic ignored "-Wunused-function" +#pragma GCC diagnostic ignored "-Wvla" + #include #include "ESP_SSLClient_FS.h" #if defined(USE_LIB_SSL_ENGINE) || defined(USE_EMBED_SSL_ENGINE) @@ -2017,6 +2017,11 @@ bool BSSL_SSL_Client::mInstallClientX509Validator() br_x509_minimal_set_ecdsa(_x509_minimal.get(), br_ssl_engine_get_ec(_eng), br_ssl_engine_get_ecdsa(_eng)); #endif bssl::br_x509_minimal_install_hashes(_x509_minimal.get()); + +#if (defined(ESP32) || defined(ESP8266) || defined(ARDUINO_ARCH_RP2040)) && !defined(ARDUINO_NANO_RP2040_CONNECT) + if (_now < ESP_SSLCLIENT_VALID_TIMESTAMP) + _now = time(nullptr); +#endif if (_now) { // Magic constants convert to x509 times diff --git a/src/client/BSSL_SSL_Client.h b/src/client/BSSL_SSL_Client.h index 6fd12da..88e1a68 100644 --- a/src/client/BSSL_SSL_Client.h +++ b/src/client/BSSL_SSL_Client.h @@ -1,7 +1,7 @@ /** - * BSSL_SSL_Client library v1.0 for Arduino devices. + * BSSL_SSL_Client library v1.0.1 for Arduino devices. * - * Created August 1, 2003 + * Created August 3, 2003 * * This work contains codes based on WiFiClientSecure from Earle F. Philhower and SSLClient from OSU OPEnS Lab. * @@ -30,6 +30,8 @@ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ +#ifndef BSSL_SSL_CLIENT_H +#define BSSL_SSL_CLIENT_H #pragma GCC diagnostic ignored "-Wunused-function" #pragma GCC diagnostic ignored "-Wvla" @@ -38,9 +40,6 @@ #include "ESP_SSLClient_FS.h" #if defined(USE_LIB_SSL_ENGINE) || defined(USE_EMBED_SSL_ENGINE) -#ifndef BSSL_SSL_CLIENT_H -#define BSSL_SSL_Client_H - #include "ESP_SSLClient_Const.h" #include @@ -331,4 +330,4 @@ class BSSL_SSL_Client : public Client #endif -#endif /** BSSL_SSL_Client_H_ */ +#endif /** BSSL_SSL_Client_H */ diff --git a/src/client/BSSL_TCP_Client.cpp b/src/client/BSSL_TCP_Client.cpp index 00be6c5..341109b 100644 --- a/src/client/BSSL_TCP_Client.cpp +++ b/src/client/BSSL_TCP_Client.cpp @@ -1,7 +1,7 @@ /** - * BSSL_TCP_Client v2.0.1 for Arduino devices. + * BSSL_TCP_Client v2.0.3 for Arduino devices. * - * Created August 2, 2023 + * Created August 3, 2023 * * The MIT License (MIT) * Copyright (c) 2023 K. Suwatchai (Mobizt) @@ -43,6 +43,8 @@ License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ +#ifndef BSSL_TCP_CLIENT_CPP +#define BSSL_TCP_CLIENT_CPP #pragma GCC diagnostic ignored "-Wunused-function" #pragma GCC diagnostic ignored "-Wvla" @@ -51,9 +53,6 @@ #include "ESP_SSLClient_FS.h" #if defined(USE_LIB_SSL_ENGINE) || defined(USE_EMBED_SSL_ENGINE) -#ifndef BSSL_TCP_CLIENT_CPP -#define BSSL_TCP_Client_CPP - #include "BSSL_TCP_Client.h" //#include //#include diff --git a/src/client/BSSL_TCP_Client.h b/src/client/BSSL_TCP_Client.h index f505220..3574d5e 100644 --- a/src/client/BSSL_TCP_Client.h +++ b/src/client/BSSL_TCP_Client.h @@ -1,7 +1,7 @@ /** - * BSSL_TCP_Client v2.0.1 for Arduino devices. + * BSSL_TCP_Client v2.0.3 for Arduino devices. * - * Created August 2, 2023 + * Created August 3, 2023 * * The MIT License (MIT) * Copyright (c) 2023 K. Suwatchai (Mobizt) @@ -44,6 +44,9 @@ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ +#ifndef BSSL_TCP_CLIENT_H +#define BSSL_TCP_CLIENT_H + #pragma GCC diagnostic ignored "-Wunused-function" #pragma GCC diagnostic ignored "-Wvla" @@ -51,9 +54,6 @@ #include "ESP_SSLClient_FS.h" #if defined(USE_LIB_SSL_ENGINE) || defined(USE_EMBED_SSL_ENGINE) -#ifndef BSSL_TCP_CLIENT_H -#define BSSL_TCP_Client_H - #include "BSSL_SSL_Client.h" #include