espressif/ESP8266_RTOS_SDK
1
0
Fork 0
mirror of https://github.com/espressif/ESP8266_RTOS_SDK.git synced 2025-08-06 07:00:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(examples): Update openssl server/client example to use pem file directly

Browse Source
This commit is contained in:
Zhang Jun Hao
2018-05-10 19:18:33 +08:00
parent f076399d45
commit 5d2ea7e4cf
31 changed files with 1017 additions and 811 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
examples/protocols/openssl_server/README.md
View File

@ -1,39 +1,30 @@
1. Run ./gencrt.sh or if you have your own certificate, move to the openssl_server directory, the name is ca.crt,server.crt, server.key, client.crt and client.key.
1. Run `./gencrt.sh` or if you have your own certifications, move them to the main directory, the name is ca.pem, server.pem, server.key, client.pem and client.key.
The server.crt and client.crt was generate by the same ca.crt in ./gencrt.sh.
The server.pem and client.pem was generated by the same ca.pem in gencrt.sh.
Server side needs ca.crt(to verify client.crt), server.crt, server.key
Server side needs ca.pem(to verify client.pem), server.pem, server.key
Client side needs ca.crt(to verify server.crt), client.crt, client.key
Client side needs ca.pem(to verify server.pem), client.pem, client.key
If you have two ca.crt to generate server.crt and client.crt respectively, client1.crt is generate by ca1.crt and client1.key, server2.crt is generate by ca2.crt and server2.key:
If you have two ca.pem to generate server.pem and client.pem respectively, client1.pem is generate by ca1.pem and client1.key, server2.pem is generate by ca2.pem and server2.key:
Client side needs ca2.crt, client1.crt, client1.key.
Client side needs ca2.pem, client1.pem, client1.key.
Server side needs ca1.crt, server2.crt, server2.key.
Server side needs ca1.pem, server2.pem, server2.key.
Rename ca1.crt server2.crt server2.key to ca.crt server.crt server.key and run ./genheader.sh.
Rename ca1.pem server2.pem server2.key to ca.pem server.pem server.key.
Use ca2.crt in openssl s_client -CAfile option.
Use ca2.pem in openssl s_client -CAfile option.
2. Run ./genheader.sh.
2. Compile and download
- run `make menuconfig`
- Modify SSID and PASSWORD under menu "Example Configuration".
Make sure that the computer and ESP8266 are in the same local area network.
- run `make flash monitor`
3. Modify thease two lines in file user_config.h to your local Wi-Fi SSID and Password.
```#define SSID "HUAWEI001"```
```#define PASSWORD ""```
4. Make sure that the computer and ESP8266 are in the same local area network.
5. Run ./gen_misc.sh.
6. Download bin file to ESP8266.
Find server ip address in ESP8266 UART log: ip:192.168.3.6,mask:255.255.255.0,gw:192.168.3.1.
7. Run openssl s_client -CAfile ca.crt -cert client.crt -key client.key -verify 1 -tls1_1 -host 192.168.3.6 -port 443.
3. Find server ip address in ESP8266 UART log, such as:`ip:192.168.3.6,mask:255.255.255.0,gw:192.168.3.1`.
4. Run `openssl s_client -CAfile ca.pem -cert client.pem -key client.key -verify 1 -tls1_2 -host 192.168.3.6 -port 443` in ./main directory to start client on your PC and connect to ESP8266 server.
**ATTENTION**
@ -41,4 +32,4 @@
**2. Make sure the private key length larger than 2048.**
**3. Make sure the fragment size range is between 2048 and 8192.**
**3. Make sure the fragment size range is between 2048 and 16384.**