espressif/ESP8266_RTOS_SDK
1
0
Fork 0
mirror of https://github.com/espressif/ESP8266_RTOS_SDK.git synced 2025-08-06 15:15:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(examples): Update openssl server/client example to use pem file directly

Browse Source
This commit is contained in:
Zhang Jun Hao
2018-05-10 19:18:33 +08:00
parent f076399d45
commit 5d2ea7e4cf
31 changed files with 1017 additions and 811 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
examples/protocols/openssl_client/README.md
View File

@ -1,43 +1,29 @@
1. Run ./gencrt.sh or if you have your own certificate, move to the openssl_client directory, the name is ca.crt,server.crt, server.key, client.crt and client.key.
1. Run `./gencrt.sh` or if you have your own certifications, move them to the main directory, the name is ca.pem, server.pem, server.key, client.pem and client.key.
The server.crt and client.crt was generate by the same ca.crt in ./gencrt.sh.
The server.pem and client.pem was generated by the same ca.pem in gencrt.sh.
Server side needs ca.crt(to verify client.crt), server.crt, server.key
Server side needs ca.pem(to verify client.pem), server.pem, server.key
Client side needs ca.crt(to verify server.crt), client.crt, client.key
Client side needs ca.pem(to verify server.pem), client.pem, client.key
If you have two ca.crt to generate server.crt and client.crt respectively, client1.crt is generate by ca1.crt and client1.key, server2.crt is generate by ca2.crt and server2.key:
If you have two ca.pem to generate server.pem and client.pem respectively, client1.pem is generate by ca1.pem and client1.key, server2.pem is generate by ca2.pem and server2.key:
Client side needs ca2.crt, client1.crt, client1.key.
Client side needs ca2.pem, client1.pem, client1.key.
Server side needs ca1.crt, server2.crt, server2.key.
Server side needs ca1.pem, server2.pem, server2.key.
Rename ca2.crt client1.crt client1.key to ca.crt client.crt client.key and run ./genheader.sh.
Rename ca2.pem client1.pem client1.key to ca.pem client.pem client.key.
Use ca1.crt in openssl s_server -CAfile option.
Use ca1.pem in openssl s_server -CAfile option.
2. Run ./genheader.sh.
2. Run `openssl s_server -CAfile ca.pem -cert server.pem -key server.key -verify 1 -tls1_2 -accept 443` in ./main directory to start server on your PC and wait for ESP8266 client to connect it.
3. Modify this two lines in file openssl_demo.c to your computer server ip and port.
```#define OPENSSL_DEMO_TARGET_NAME "192.168.3.196"```
```#define OPENSSL_DEMO_TARGET_TCP_PORT 443```
4. Modify thease two lines in file user_config.h to your local Wi-Fi SSID and Password.
```#define SSID "HUAWEI001"```
```#define PASSWORD ""```
5. Make sure that the computer and ESP8266 are in the same local area network.
6. Run ./gen_misc.sh.
7. Run openssl s_server -CAfile ca.crt -cert server.crt -key server.key -verify 1 -tls1_1 -accept 443.
8. Download bin file to ESP8266.
3. Compile and download
- run `make menuconfig`
- Modify SSID and PASSWORD under menu "Example Configuration".
Make sure that the computer and ESP8266 are in the same local area network.
- Modify TARGET_NAME and TARGET_PORT under menu "Example Configuration".
- run `make flash monitor`
**ATTENTION**
@ -45,4 +31,4 @@
**2. Make sure the private key length larger than 2048.**
**3. Make sure the fragment size range is between 2048 and 8192.**
**3. Make sure the fragment size range is between 2048 and 16384.**

13
examples/protocols/openssl_client/gencrt.sh
View File

@ -22,6 +22,13 @@ openssl req -new -key server.key -out server.csr -text -subj $LEVEL2_SUBJECT
openssl req -new -key client.key -out client.csr -text -subj $LEVEL3_SUBJECT
# generate the actual certs.
openssl x509 -req -in ca.csr -out ca.crt -sha1 -days 5000 -signkey ca.key -text -extensions v3_ca
openssl x509 -req -in server.csr -out server.crt -sha1 -CAcreateserial -days 5000 -CA ca.crt -CAkey ca.key -text -extensions v3_ca
openssl x509 -req -in client.csr -out client.crt -sha1 -CAcreateserial -days 5000 -CA ca.crt -CAkey ca.key -text -extensions v3_ca
openssl x509 -req -in ca.csr -out ca.pem -sha256 -days 5000 -signkey ca.key -text -extensions v3_ca
openssl x509 -req -in server.csr -out server.pem -sha256 -CAcreateserial -days 5000 -CA ca.pem -CAkey ca.key -text -extensions v3_ca
openssl x509 -req -in client.csr -out client.pem -sha256 -CAcreateserial -days 5000 -CA ca.pem -CAkey ca.key -text -extensions v3_ca
rm *.csr
rm *.srl
mv ca.* ./main
mv server.* ./main
mv client.* ./main

12
examples/protocols/openssl_client/genheader.sh
View File

@ -1,12 +0,0 @@
#!/bin/bash
# set ca crt for use in the client
xxd -i ca.crt | sed -e "s/ca_crt/ca_crt/" > ssl_client_crt.h
# set client crt for use in the client
xxd -i client.crt | sed -e "s/client_crt/client_crt/" >> ssl_client_crt.h
# set private key for use in the client
xxd -i client.key | sed -e "s/client_key/client_key/" >> ssl_client_crt.h
mv ssl_client_crt.h ./include

30
examples/protocols/openssl_client/main/Kconfig.projbuild Normal file
View File

@ -0,0 +1,30 @@
menu "Example Configuration"
config TARGET_DOMAIN
string "Target Domain"
default "192.168.4.1"
help
Target domain for the example to connect to.
config TARGET_PORT_NUMBER
int "Target port number"
range 0 65535
default 443
help
Target port number for the example to connect to.
config WIFI_SSID
string "WiFi SSID"
default "myssid"
help
SSID (network name) for the example to connect to.
config WIFI_PASSWORD
string "WiFi Password"
default "mypassword"
help
WiFi password (WPA or WPA2) for the example to use.
Can be left blank if the network has no security set.
endmenu

21
examples/protocols/openssl_client/main/ca.pem Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDXjCCAkYCCQCVKSVPdESWTzANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJD
MTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDExDTAL
BgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0BCQEW
BEVTUDEwHhcNMTgwNTExMDIzNzQ0WhcNMzIwMTE4MDIzNzQ0WjBxMQswCQYDVQQG
EwJDMTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDEx
DTALBgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0B
CQEWBEVTUDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCKJT+2qiM
+sKBwFyb0fFwm8OmFMXhYM9bx44/zw/MNy8PU9/0FbjB4V74KpUwgwtcdV7kb6S8
gXLJ/St483QeV2P9SZNfqmBIZR1jEdzv2S8aiqH2jNQD25QP0URtzF+z2H9j5d8g
wLbDa7m/JhpD6JYNpoA/ZvMCxNoOh7tkAS7sTkPwTpswlyIEL52zs7njjptSPeAs
dlmFTdzUf7pplZrl0bEqUKxZftgiUeQ73/yBp52yX1IML/wgu9Vcvg7y8NCunX3O
gzn6fAsM4HBITCUi4noPsCGoyRZ9mNofrI6ddbYp8PmzkkS2Ox5s5R/MAKBPrjco
UmAcCXYRZd7RAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAC53zBJxhyfB5ZAEDaVm
tWB3Y5M8gA3I+6UcHiVQEOWm5kapJrMYQYCcLSQLt95FdaJkhEqZRfg2hxCRBGwk
9ochIvHH3KkK+eXPj0iBwz1hNhBE2ajvdZieOaf4zLwm6NwVS2emlvE2djhv1U1D
gmEvW+D47qPGU4QlEspOVXRmWZl0slx93xkDrL4l9FHJEOAbyaaAtVI7OCvlkrcr
egvbVyhV+/m7bkzcZq3GrElT8cQYNGEvoDJ4bELQci2lEh+e8+ShJE7msoRkLAan
Qhawblxq9MFnlcgqhtq8vJtNX6J+jHqjncVoaZMHsunslIsTBhLjolhSghr3GIo3
nHg=
-----END CERTIFICATE-----

27
examples/protocols/openssl_client/main/client.key Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAo+moW4Z6AqNIjwArqrZ1a6poUg0j7Y51jqC3rFmFV3i2+VIC
KalEIzJFCsD0mzU13NOcbsxD6cNnpSCqFX0Y1rfGy9eH9wkcm25gkUROd3NKgtKC
jCPolEdPqBKcIutV/J/qyfLkpAkqN53BF+zhC1Hx8agZMPlnvYYqEV9gOpnZES/p
YnKmUhMZNjRKDtjcQwQSin6VX8onx1ZKxsTMrDrTCE0c5lerS0zdw/Y+P7gb3hYk
8UvXaTp885DDtzd0Lk6KS06Z1+Eso3JlKdZL9i1gMeOjS0s+5G/OMp5e0evL8OSt
SuZTorJPjseVSy39GiNXfb8Jx/NHH1OO0SeB5QIDAQABAoIBAFQC0G2IsURk2C2j
Er5+ohQ61Rko7v81Av/FVB6cC4HXt0B2TfF4dhnsDAME/toGHcM/GnCXdT99DcRO
x54X7gEvVE7p+yAcpXLs0cXi0qzahJgkuRCG3xAQtL0aPLiREhNXC4nSWmnQ4Lh8
vJk8qeOZbn5DgBXf3tH+z9Tzo2ik29cw5/IPkqXO2j8nd8Rt4wUdDdD5RiGTv7zh
1frLEi9Qchg03iq4E0QTZufcdgdzZYqmLw+S/rTH8Y2WnZ8hqdOneT6TCRewfbo5
3dYJ23fOQXbycI0OvilcQV7bFIAKB2qiAJAp8z7HfsrEwo4nSC8lXJafgivedXgb
RQoZ1YECgYEA0ddfBMxQDPbwwxvLKaiQn+7bTBOgiqlYr2ITtVFTDlj99OcnV7qN
6d/whfnrRFgsqsmgK1uNPAJMGmyG+l8TKFEZosZYTQEpVVLSGOjsZ8Gb3oK6YynB
lHKlIn/ISy7F7HBQWfRF3Y0nk1s7A3P2QaH/GQ0BtjBgqz5dAJqanNUCgYEAx/fy
Zx3zXzmuK/zbfCk1JA4K6GjSEWXPhcYVpFiU/gGEZ+cUvcgRp7gaLrNhxMEL0qXN
Kj3Df279Vdlkk+AFIhLxOGGU8rA0AxIyCD3eESDBTDwA99LkIwNPVkU5GQZP/hq7
iSTDpVDE54DweZz6EsK2RTVOy9DCHCgMkogTmNECgYB2B92TdlTEphXQuQ5ylTUc
MJ87UILp281dgR4yy9aa6GWYXnjbuLxgQ60nvuadn7coLZchLDLqASTLbCYUKGw/
LjbsPwKl9bRJIPe6OTHYPqes5f1vD6qqFD5chGGmIF4F2zrnDiZKMz6CfTtZet2W
F0fE0HMZBmcpiz+Gum+jLQKBgGmWfdN/GBvnDBXD/W0RITM5iv7vIkT3el2Lm6/c
6kc5K93lQal4NAJYjtKr+2r1+DUxQSUV2d23EGO9V4NRncRBNkfsFscSzVP1zp9V
c6WdoxOK94PkQnxOah0GjkCteZ2WJgIjfH8VJ/OJvPCqN82iLLZckI/EWkqdxw20
doyRAoGAQ7DnBPe8Jdtj2PU7tUqPbg1EUTuQHr1EH6scCLtGqKFskIYZt5zHtGpF
wwpmSun2D9X3OTHP4oIlraDnjsQlasHZ1yaghLXKNd7hpe2e5uSB6mEqbfuZoWuy
jh6hsr5xVfwADf76wGU9JaDXyU6ItgqpniuQd7pkrK1ubST3DLs=
-----END RSA PRIVATE KEY-----

21
examples/protocols/openssl_client/main/client.pem Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDajCCAlICCQCSgOJ0ov23EjANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJD
MTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDExDTAL
BgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0BCQEW
BEVTUDEwHhcNMTgwNTExMDIzNzQ0WhcNMzIwMTE4MDIzNzQ0WjB9MQswCQYDVQQG
EwJDMzEOMAwGA1UECAwFSlMzMzMxDjAMBgNVBAcMBVdYMzMzMQ8wDQYDVQQKDAZF
U1AzMzMxDzANBgNVBAsMBkVTUDMzMzEVMBMGA1UEAwwMU2VydmVyMzMzIENBMRUw
EwYJKoZIhvcNAQkBFgZFU1AzMzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCj6ahbhnoCo0iPACuqtnVrqmhSDSPtjnWOoLesWYVXeLb5UgIpqUQjMkUK
wPSbNTXc05xuzEPpw2elIKoVfRjWt8bL14f3CRybbmCRRE53c0qC0oKMI+iUR0+o
Epwi61X8n+rJ8uSkCSo3ncEX7OELUfHxqBkw+We9hioRX2A6mdkRL+licqZSExk2
NEoO2NxDBBKKfpVfyifHVkrGxMysOtMITRzmV6tLTN3D9j4/uBveFiTxS9dpOnzz
kMO3N3QuTopLTpnX4SyjcmUp1kv2LWAx46NLSz7kb84ynl7R68vw5K1K5lOisk+O
x5VLLf0aI1d9vwnH80cfU47RJ4HlAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAEB8
SMViLcLx2H4jKnUxbeEcfudNi22In6EcV+s9s+1zLv0CedCgmo7Fj0in4YkmZu8f
SWTfllcwpH3ZThr3W+1nORjUMJMjAWgfjovJTooiJrWrJpC9wQE0DtSGfpvzUN0X
PP3VInyBc92QH9eCmoM0kT1ODK1/fBsIKCm9y9mmFpBt+D32EQJrLM+LvjQD3FZX
d/hr+7sTIlpONW/mMTLybBtRV0x/JPoVWRb/bfvZhRXpiMeGRUd1igotf6WVf4sf
Qh9MmfBDuhjSMlqFqYjlrVjFmG7U84v78AR0J6gDh85xZz5Hd/IE+dxssfSULgGr
cgNhnGg2dL4o2kysUF8=
-----END CERTIFICATE-----

4
examples/protocols/openssl_client/main/component.mk
View File

@ -2,4 +2,6 @@
# "main" pseudo-component makefile.
#
# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)
COMPONENT_EMBED_TXTFILES := ca.pem
COMPONENT_EMBED_TXTFILES += client.pem
COMPONENT_EMBED_TXTFILES += client.key

341
examples/protocols/openssl_client/main/openssl_client_example_main.c Normal file
View File

@ -0,0 +1,341 @@
/* openSSL client example
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#include "sdkconfig.h"
#include "esp_misc.h"
#include "esp_sta.h"
#include "esp_system.h"
#include "freertos/FreeRTOS.h"
#include "freertos/task.h"
#include <sys/socket.h>
#include <netdb.h>
#include "openssl/ssl.h"
#define OPENSSL_CLIENT_THREAD_NAME "openssl_client"
#define OPENSSL_CLIENT_THREAD_STACK_WORDS 2048
#define OPENSSL_CLIENT_THREAD_PRORIOTY 6
extern const uint8_t ca_pem_start[] asm("_binary_ca_pem_start");
extern const uint8_t ca_pem_end[] asm("_binary_ca_pem_end");
extern const uint8_t client_pem_start[] asm("_binary_client_pem_start");
extern const uint8_t client_pem_end[] asm("_binary_client_pem_end");
extern const uint8_t client_key_start[] asm("_binary_client_key_start");
extern const uint8_t client_key_end[] asm("_binary_client_key_end");
/*
Fragment size range 2048~8192
| Private key len | Fragment size recommend |
| RSA2048 | 2048 |
| RSA3072 | 3072 |
| RSA4096 | 4096 |
*/
#define OPENSSL_CLIENT_FRAGMENT_SIZE 2048
/* Local tcp port */
#define OPENSSL_CLIENT_LOCAL_TCP_PORT 1000
#define OPENSSL_CLIENT_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n"
/* receive length */
#define OPENSSL_CLIENT_RECV_BUF_LEN 1024
LOCAL xTaskHandle openssl_handle;
LOCAL char send_data[] = OPENSSL_CLIENT_REQUEST;
LOCAL int send_bytes = sizeof(send_data);
LOCAL char recv_buf[OPENSSL_CLIENT_RECV_BUF_LEN];
LOCAL void openssl_client_thread(void* p)
{
int ret;
SSL_CTX* ctx;
SSL* ssl;
int socket;
struct sockaddr_in sock_addr;
struct hostent* entry = NULL;
int recv_bytes = 0;
printf("OpenSSL client thread start...\n");
/*get addr info for hostname*/
do {
entry = gethostbyname(CONFIG_TARGET_DOMAIN);
vTaskDelay(100 / portTICK_RATE_MS);
} while (entry == NULL);
printf("create SSL context ......");
ctx = SSL_CTX_new(TLSv1_2_client_method());
if (!ctx) {
printf("failed\n");
goto failed1;
}
printf("OK\n");
printf("load ca crt ......");
X509* cacrt = d2i_X509(NULL, ca_pem_start, ca_pem_end - ca_pem_start);
if (cacrt) {
SSL_CTX_add_client_CA(ctx, cacrt);
printf("OK\n");
} else {
printf("failed\n");
goto failed2;
}
printf("load client crt ......");
ret = SSL_CTX_use_certificate_ASN1(ctx, client_pem_end - client_pem_start, client_pem_start);
if (ret) {
printf("OK\n");
} else {
printf("failed\n");
goto failed2;
}
printf("load client private key ......");
ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, client_key_start, client_key_end - client_key_start);
if (ret) {
printf("OK\n");
} else {
printf("failed\n");
goto failed2;
}
printf("set verify mode verify peer\n");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
printf("set SSL context read buffer size ......");
SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_CLIENT_FRAGMENT_SIZE);
ret = 0;
if (ret) {
printf("failed, return %d\n", ret);
goto failed2;
}
printf("OK\n");
printf("create socket ......");
socket = socket(AF_INET, SOCK_STREAM, 0);
if (socket < 0) {
printf("failed\n");
goto failed3;
}
printf("OK\n");
printf("bind socket ......");
memset(&sock_addr, 0, sizeof(sock_addr));
sock_addr.sin_family = AF_INET;
sock_addr.sin_addr.s_addr = 0;
sock_addr.sin_port = htons(OPENSSL_CLIENT_LOCAL_TCP_PORT);
ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
if (ret) {
printf("failed\n");
goto failed4;
}
printf("OK\n");
printf("socket connect to remote ......");
memset(&sock_addr, 0, sizeof(sock_addr));
sock_addr.sin_family = AF_INET;
sock_addr.sin_addr.s_addr = ((struct in_addr*)(entry->h_addr))->s_addr;
sock_addr.sin_port = htons(CONFIG_TARGET_PORT_NUMBER);
ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
if (ret) {
printf("failed\n");
goto failed5;
}
printf("OK\n");
printf("create SSL ......");
ssl = SSL_new(ctx);
if (!ssl) {
printf("failed\n");
goto failed6;
}
printf("OK\n");
SSL_set_fd(ssl, socket);
printf("SSL connected to %s port %d ......", CONFIG_TARGET_DOMAIN, CONFIG_TARGET_PORT_NUMBER);
ret = SSL_connect(ssl);
if (ret <= 0) {
printf("failed, return [-0x%x]\n", -ret);
goto failed7;
}
printf("OK\n");
printf("send request to %s port %d ......", CONFIG_TARGET_DOMAIN, CONFIG_TARGET_PORT_NUMBER);
ret = SSL_write(ssl, send_data, send_bytes);
if (ret <= 0) {
printf("failed, return [-0x%x]\n", -ret);
goto failed8;
}
printf("OK\n\n");
do {
ret = SSL_read(ssl, recv_buf, OPENSSL_CLIENT_RECV_BUF_LEN - 1);
if (ret <= 0) {
break;
}
recv_bytes += ret;
recv_buf[ret] = '\0';
printf("%s", recv_buf);
} while (1);
printf("read %d bytes data from %s ......\n", recv_bytes, CONFIG_TARGET_DOMAIN);
failed8:
SSL_shutdown(ssl);
failed7:
SSL_free(ssl);
failed6:
failed5:
failed4:
close(socket);
failed3:
failed2:
SSL_CTX_free(ctx);
failed1:
vTaskDelete(NULL);
printf("task exit\n");
return ;
}
void user_conn_init(void)
{
int ret;
ret = xTaskCreate(openssl_client_thread,
OPENSSL_CLIENT_THREAD_NAME,
OPENSSL_CLIENT_THREAD_STACK_WORDS,
NULL,
OPENSSL_CLIENT_THREAD_PRORIOTY,
&openssl_handle);
if (ret != pdPASS) {
printf("create thread %s failed\n", OPENSSL_CLIENT_THREAD_NAME);
return ;
}
}
/******************************************************************************
* FunctionName : user_rf_cal_sector_set
* Description : SDK just reversed 4 sectors, used for rf init data and paramters.
* We add this function to force users to set rf cal sector, since
* we don't know which sector is free in user's application.
* sector map for last several sectors : ABCCC
* A : rf cal
* B : rf init data
* C : sdk parameters
* Parameters : none
* Returns : rf cal sector
*******************************************************************************/
uint32 user_rf_cal_sector_set(void)
{
flash_size_map size_map = system_get_flash_size_map();
uint32 rf_cal_sec = 0;
switch (size_map) {
case FLASH_SIZE_4M_MAP_256_256:
rf_cal_sec = 128 - 5;
break;
case FLASH_SIZE_8M_MAP_512_512:
rf_cal_sec = 256 - 5;
break;
case FLASH_SIZE_16M_MAP_512_512:
case FLASH_SIZE_16M_MAP_1024_1024:
rf_cal_sec = 512 - 5;
break;
case FLASH_SIZE_32M_MAP_512_512:
case FLASH_SIZE_32M_MAP_1024_1024:
rf_cal_sec = 1024 - 5;
break;
case FLASH_SIZE_64M_MAP_1024_1024:
rf_cal_sec = 2048 - 5;
break;
case FLASH_SIZE_128M_MAP_1024_1024:
rf_cal_sec = 4096 - 5;
break;
default:
rf_cal_sec = 0;
break;
}
return rf_cal_sec;
}
void wifi_event_handler_cb(System_Event_t* event)
{
if (event == NULL) {
return;
}
switch (event->event_id) {
case EVENT_STAMODE_GOT_IP:
printf("sta got ip , creat task %d\n", system_get_free_heap_size());
user_conn_init();
break;
default:
break;
}
}
/******************************************************************************
* FunctionName : user_init
* Description : entry of user application, init user function here
* Parameters : none
* Returns : none
*******************************************************************************/
void user_init(void)
{
printf("SDK version:%s %d\n", system_get_sdk_version(), system_get_free_heap_size());
wifi_set_opmode(STATION_MODE);
// set AP parameter
struct station_config config;
bzero(&config, sizeof(struct station_config));
sprintf((char*)config.ssid, CONFIG_WIFI_SSID);
sprintf((char*)config.password, CONFIG_WIFI_PASSWORD);
wifi_station_set_config(&config);
wifi_set_event_handler_cb(wifi_event_handler_cb);
}

228
examples/protocols/openssl_client/main/openssl_demo.c
View File

@ -1,228 +0,0 @@
/* openSSL client example
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#include <stddef.h>
#include "openssl_demo.h"
#include "openssl/ssl.h"
#include "freertos/FreeRTOS.h"
#include "freertos/task.h"
#include "c_types.h"
#include "esp_misc.h"
#include "lwip/sockets.h"
#include "lwip/api.h"
#include "ssl_client_crt.h"
#define OPENSSL_DEMO_THREAD_NAME "ssl_demo"
#define OPENSSL_DEMO_THREAD_STACK_WORDS 2048
#define OPENSSL_DEMO_THREAD_PRORIOTY 6
/*
Fragment size range 2048~8192
| Private key len | Fragment size recommend |
| RSA2048 | 2048 |
| RSA3072 | 3072 |
| RSA4096 | 4096 |
*/
#define OPENSSL_DEMO_FRAGMENT_SIZE 2048
/* Local tcp port */
#define OPENSSL_DEMO_LOCAL_TCP_PORT 1000
/* Server ip address */
#define OPENSSL_DEMO_TARGET_NAME "192.168.3.196"
/* Server tcp port */
#define OPENSSL_DEMO_TARGET_TCP_PORT 443
#define OPENSSL_DEMO_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n"
/* receive length */
#define OPENSSL_DEMO_RECV_BUF_LEN 1024
LOCAL xTaskHandle openssl_handle;
LOCAL char send_data[] = OPENSSL_DEMO_REQUEST;
LOCAL int send_bytes = sizeof(send_data);
LOCAL char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN];
LOCAL void openssl_demo_thread(void* p)
{
int ret;
SSL_CTX* ctx;
SSL* ssl;
int socket;
struct sockaddr_in sock_addr;
ip_addr_t target_ip;
int recv_bytes = 0;
printf("OpenSSL demo thread start...\n");
do {
ret = netconn_gethostbyname(OPENSSL_DEMO_TARGET_NAME, &target_ip);
} while (ret);
printf("get target IP is "IPSTR"\n", IP2STR(&(target_ip.u_addr.ip4)));
printf("create SSL context ......");
ctx = SSL_CTX_new(TLSv1_1_client_method());
if (!ctx) {
printf("failed\n");
goto failed1;
}
printf("OK\n");
printf("load ca crt ......");
X509 *cacrt = d2i_X509(NULL, ca_crt, ca_crt_len);
if(cacrt){
SSL_CTX_add_client_CA(ctx, cacrt);
printf("OK\n");
}else{
printf("failed\n");
goto failed2;
}
printf("load client crt ......");
ret = SSL_CTX_use_certificate_ASN1(ctx, client_crt_len, client_crt);
if(ret){
printf("OK\n");
}else{
printf("failed\n");
goto failed2;
}
printf("load client private key ......");
ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, client_key, client_key_len);
if(ret){
printf("OK\n");
}else{
printf("failed\n");
goto failed2;
}
printf("set verify mode verify peer\n");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
printf("set SSL context read buffer size ......");
SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_DEMO_FRAGMENT_SIZE);
ret = 0;
if (ret) {
printf("failed, return %d\n", ret);
goto failed2;
}
printf("OK\n");
printf("create socket ......");
socket = socket(AF_INET, SOCK_STREAM, 0);
if (socket < 0) {
printf("failed\n");
goto failed3;
}
printf("OK\n");
printf("bind socket ......");
memset(&sock_addr, 0, sizeof(sock_addr));
sock_addr.sin_family = AF_INET;
sock_addr.sin_addr.s_addr = 0;
sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT);
ret = bind(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
if (ret) {
printf("failed\n");
goto failed4;
}
printf("OK\n");
printf("socket connect to remote ......");
memset(&sock_addr, 0, sizeof(sock_addr));
sock_addr.sin_family = AF_INET;
sock_addr.sin_addr.s_addr = target_ip.u_addr.ip4.addr;
sock_addr.sin_port = htons(OPENSSL_DEMO_TARGET_TCP_PORT);
ret = connect(socket, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
if (ret) {
printf("failed\n");
goto failed5;
}
printf("OK\n");
printf("create SSL ......");
ssl = SSL_new(ctx);
if (!ssl) {
printf("failed\n");
goto failed6;
}
printf("OK\n");
SSL_set_fd(ssl, socket);
printf("SSL connected to %s port %d ......", OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT);
ret = SSL_connect(ssl);
if (ret <= 0) {
printf("failed, return [-0x%x]\n", -ret);
goto failed7;
}
printf("OK\n");
printf("send request to %s port %d ......", OPENSSL_DEMO_TARGET_NAME, OPENSSL_DEMO_TARGET_TCP_PORT);
ret = SSL_write(ssl, send_data, send_bytes);
if (ret <= 0) {
printf("failed, return [-0x%x]\n", -ret);
goto failed8;
}
printf("OK\n\n");
do {
ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1);
if (ret <= 0) {
break;
}
recv_bytes += ret;
recv_buf[ret] = '\0';
printf("%s", recv_buf);
} while (1);
printf("read %d bytes data from %s ......\n", recv_bytes, OPENSSL_DEMO_TARGET_NAME);
failed8:
SSL_shutdown(ssl);
failed7:
SSL_free(ssl);
failed6:
failed5:
failed4:
close(socket);
failed3:
failed2:
SSL_CTX_free(ctx);
failed1:
vTaskDelete(NULL);
printf("task exit\n");
return ;
}
void user_conn_init(void)
{
int ret;
ret = xTaskCreate(openssl_demo_thread,
OPENSSL_DEMO_THREAD_NAME,
OPENSSL_DEMO_THREAD_STACK_WORDS,
NULL,
OPENSSL_DEMO_THREAD_PRORIOTY,
&openssl_handle);
if (ret != pdPASS) {
printf("create thread %s failed\n", OPENSSL_DEMO_THREAD_NAME);
return ;
}
}

14
examples/protocols/openssl_client/main/openssl_demo.h
View File

@ -1,14 +0,0 @@
/*
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#ifndef _OPENSSL_DEMO_H_
#define _OPENSSL_DEMO_H_
void user_conn_init(void);
#endif

27
examples/protocols/openssl_client/main/server.key Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA4wXG8hMRb6vOxWQOHMKNvSNbzYRxBNRYqLGHZjH9/jGySN9I
T+RymtSv9lH+XjNCGaanzcVxrgQzupk1GH2pgkrWczauqasZoRfnBECKOdihpyjx
iknh+lVbjK3intRqrF0dKYhNNXUvK26YMVCFktniucauK6iv9FhV+B/dO7KFgJzi
7qbtrT0UMSgitoGl+Q27wyKSkTbzUtiHWEfzFvQEaPdejH5AuWDKQW5K3eV2nckd
PL+0WOa1jAsEZyy4qZsH49YidW0Gp6CUZ79QJjsjHzvlbr+dsdaWdbqkNPv7oHjj
iJNAlcwucjUiNgHXwByGObDL2PZ2KdCNTs8t/wIDAQABAoIBAEUv7Iq3/vdej/ye
WqKvNE0xKng+5cbIBGEdAZvGnpbKhIAq9DnM8JR5P0s9f90rl/iDTt6qTtPu2ekD
aigVnARmVGb2glKZH4114GTuWnH4sINmOf6gN6t4OhdsowUuzXfMROf0bztchEyj
PuTAmoS/vJZLk6cgmMdJ6KFe7KiVU4PPu4eT6XP41nYV7ZYETevJzW6f4jUZJ2ta
FKI70JE+u5iFc1amGqHfJJezPPdLM4FbPW2qYhWEfe75kVsyUJrlBCgxTXiv3jgh
1ewd7m+loBe+S/I+51Hi6rLWRU5cjhiRmDRzgVP9OYeHypXykfS0JN0F7VlySEPG
gXEc7LECgYEA+x6eENjsQlJcrUe5vQKrnzguZrWStbWbJeuIvAvtr7s9GhdLNZl5
eVk3xlyOyo6wonrbtrS5REs5HIRRRMdLo30PCgYWJRYT51UF2aLv9oMTGhNSlvdA
5L/X/aOJpZJXpV7YMbi7ILn3Hpm3zgXprX0px6wSVFNczZTdnr4JPakCgYEA529F
XNqVoIAOS5LR2dc9JHMtbNyvf3vo9LUu57XOv9OKJYGOrpTLAfN1pNfJ69BqWzX6
JMeghIlosvDXG9XRk4mAtjb9rwiBrXDg0FqOb6z5QWmMsVHW9lsOD1iHqdc7rYPV
QuCmxJFK5cUEFqfEfrYSa+RrpDlNtPZtb9iBx2cCgYEA0kAdSa/Fh/XbgH1YJsdQ
mBt6xiXqMtddkg81SXSXShXzn5+3KaZZDV/EkgE20KNNgoxo3v1LTMHKjHTAclyG
mNiBOfxEmEJ24a3PGxwP24589M0OzjUwERYKqmM9QPJZDa1uR5sKmej53ZYITaen
scjkrTgFlLLDNaEZOOqVZBkCgYAgUMIvr/nammbkmJCiyVIpR8fc/oem1md12+K7
ygAfeus8R3Xj3LToBdW0eckhG03uhH/0KMe6GfG7orN2mImV/0owp0cO7LImxK8v
iKWA5Hc9cf6KN/I7HgW9kNAIoBweI11g5DuFEQCTSspCW5StWMEDvbZmDPZTwWEQ
j/u3GwKBgAH3fWE+fMF+BmaYAubgUUQzBQEsC9bZC/anELABex2ru3p5zR1HVuAT
KgEmFCizRf5ST4bihq/rzxJ9TbwHXlN1ZSI6Hvgm1etY0CZRg4o7vMBYglfibX0L
AyhS+oeWdUWSJMxMxrL3uPvXfksX4ol1WiXdkHF3jAzmhjJdRx+W
-----END RSA PRIVATE KEY-----

21
examples/protocols/openssl_client/main/server.pem Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDZDCCAkwCCQCSgOJ0ov23ETANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJD
MTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDExDTAL
BgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0BCQEW
BEVTUDEwHhcNMTgwNTExMDIzNzQ0WhcNMzIwMTE4MDIzNzQ0WjB3MQswCQYDVQQG
EwJDMjENMAsGA1UECAwESlMyMjENMAsGA1UEBwwEV1gyMjEOMAwGA1UECgwFRVNQ
MjIxDjAMBgNVBAsMBUVTUDIyMRQwEgYDVQQDDAtTZXJ2ZXIyMiBDQTEUMBIGCSqG
SIb3DQEJARYFRVNQMjIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDj
BcbyExFvq87FZA4cwo29I1vNhHEE1FiosYdmMf3+MbJI30hP5HKa1K/2Uf5eM0IZ
pqfNxXGuBDO6mTUYfamCStZzNq6pqxmhF+cEQIo52KGnKPGKSeH6VVuMreKe1Gqs
XR0piE01dS8rbpgxUIWS2eK5xq4rqK/0WFX4H907soWAnOLupu2tPRQxKCK2gaX5
DbvDIpKRNvNS2IdYR/MW9ARo916MfkC5YMpBbkrd5XadyR08v7RY5rWMCwRnLLip
mwfj1iJ1bQanoJRnv1AmOyMfO+Vuv52x1pZ1uqQ0+/ugeOOIk0CVzC5yNSI2AdfA
HIY5sMvY9nYp0I1Ozy3/AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAHHC3TO3TWoD
FKrjs8nMQxm+PrTEaV4+4nzJU86pSrdrXdPfsWd6RixXYidb0p1Pg4urCwLf+1Cu
/JmXA1F/9yFCfV53VPYnT6HQ+W1DwU8A+cyTweh4hZvEQEmFtbt2dHZMLTMlUwBQ
mmGM4Urfl1AyCdqQIK4EmPqBwtuBGVjIAixdRH3YcWPSkxV51ppHh2P6yk/4/D2B
GYfTBA3h7myfbdqiMDRJuBIfUAsaDmohPOmYQIuh0YdwdWQxZVi6r6JSg3nV9udI
M2p5MfFrpXz9MkC9XUZ/pQXszsPQJHyL76mozujEWpANWwofskfLHJmWPOcsJmIk
VLMMmm1AhdI=
-----END CERTIFICATE-----

18
examples/protocols/openssl_client/main/user_config.h
View File

@ -1,18 +0,0 @@
/*
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#ifndef __USER_CONFIG_H__
#define __USER_CONFIG_H__
#include "openssl_demo.h"
#define SSID "HUAWEI001"
#define PASSWORD ""
#endif

100
examples/protocols/openssl_client/main/user_main.c
View File

@ -1,100 +0,0 @@
/* openSSL client example
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#include "esp_common.h"
#include "user_config.h"
/******************************************************************************
* FunctionName : user_rf_cal_sector_set
* Description : SDK just reversed 4 sectors, used for rf init data and paramters.
* We add this function to force users to set rf cal sector, since
* we don't know which sector is free in user's application.
* sector map for last several sectors : ABCCC
* A : rf cal
* B : rf init data
* C : sdk parameters
* Parameters : none
* Returns : rf cal sector
*******************************************************************************/
uint32 user_rf_cal_sector_set(void)
{
flash_size_map size_map = system_get_flash_size_map();
uint32 rf_cal_sec = 0;
switch (size_map) {
case FLASH_SIZE_4M_MAP_256_256:
rf_cal_sec = 128 - 5;
break;
case FLASH_SIZE_8M_MAP_512_512:
rf_cal_sec = 256 - 5;
break;
case FLASH_SIZE_16M_MAP_512_512:
case FLASH_SIZE_16M_MAP_1024_1024:
rf_cal_sec = 512 - 5;
break;
case FLASH_SIZE_32M_MAP_512_512:
case FLASH_SIZE_32M_MAP_1024_1024:
rf_cal_sec = 1024 - 5;
break;
case FLASH_SIZE_64M_MAP_1024_1024:
rf_cal_sec = 2048 - 5;
break;
case FLASH_SIZE_128M_MAP_1024_1024:
rf_cal_sec = 4096 - 5;
break;
default:
rf_cal_sec = 0;
break;
}
return rf_cal_sec;
}
void wifi_event_handler_cb(System_Event_t* event)
{
if (event == NULL) {
return;
}
switch (event->event_id) {
case EVENT_STAMODE_GOT_IP:
printf("sta got ip , creat task %d\n", system_get_free_heap_size());
user_conn_init();
break;
default:
break;
}
}
/******************************************************************************
* FunctionName : user_init
* Description : entry of user application, init user function here
* Parameters : none
* Returns : none
*******************************************************************************/
void user_init(void)
{
printf("SDK version:%s %d\n", system_get_sdk_version(), system_get_free_heap_size());
wifi_set_opmode(STATION_MODE);
// set AP parameter
struct station_config config;
bzero(&config, sizeof(struct station_config));
sprintf(config.ssid, SSID);
sprintf(config.password, PASSWORD);
wifi_station_set_config(&config);
wifi_set_event_handler_cb(wifi_event_handler_cb);
}

2
examples/protocols/openssl_server/Makefile
View File

@ -3,7 +3,7 @@
# project subdirectory.
#
PROJECT_NAME := hello-world
PROJECT_NAME := openssl-server
include $(IDF_PATH)/make/project.mk

43
examples/protocols/openssl_server/README.md
View File

@ -1,39 +1,30 @@
1. Run ./gencrt.sh or if you have your own certificate, move to the openssl_server directory, the name is ca.crt,server.crt, server.key, client.crt and client.key.
1. Run `./gencrt.sh` or if you have your own certifications, move them to the main directory, the name is ca.pem, server.pem, server.key, client.pem and client.key.
The server.crt and client.crt was generate by the same ca.crt in ./gencrt.sh.
The server.pem and client.pem was generated by the same ca.pem in gencrt.sh.
Server side needs ca.crt(to verify client.crt), server.crt, server.key
Server side needs ca.pem(to verify client.pem), server.pem, server.key
Client side needs ca.crt(to verify server.crt), client.crt, client.key
Client side needs ca.pem(to verify server.pem), client.pem, client.key
If you have two ca.crt to generate server.crt and client.crt respectively, client1.crt is generate by ca1.crt and client1.key, server2.crt is generate by ca2.crt and server2.key:
If you have two ca.pem to generate server.pem and client.pem respectively, client1.pem is generate by ca1.pem and client1.key, server2.pem is generate by ca2.pem and server2.key:
Client side needs ca2.crt, client1.crt, client1.key.
Client side needs ca2.pem, client1.pem, client1.key.
Server side needs ca1.crt, server2.crt, server2.key.
Server side needs ca1.pem, server2.pem, server2.key.
Rename ca1.crt server2.crt server2.key to ca.crt server.crt server.key and run ./genheader.sh.
Rename ca1.pem server2.pem server2.key to ca.pem server.pem server.key.
Use ca2.crt in openssl s_client -CAfile option.
Use ca2.pem in openssl s_client -CAfile option.
2. Run ./genheader.sh.
2. Compile and download
- run `make menuconfig`
- Modify SSID and PASSWORD under menu "Example Configuration".
Make sure that the computer and ESP8266 are in the same local area network.
- run `make flash monitor`
3. Modify thease two lines in file user_config.h to your local Wi-Fi SSID and Password.
```#define SSID "HUAWEI001"```
```#define PASSWORD ""```
4. Make sure that the computer and ESP8266 are in the same local area network.
5. Run ./gen_misc.sh.
6. Download bin file to ESP8266.
Find server ip address in ESP8266 UART log: ip:192.168.3.6,mask:255.255.255.0,gw:192.168.3.1.
7. Run openssl s_client -CAfile ca.crt -cert client.crt -key client.key -verify 1 -tls1_1 -host 192.168.3.6 -port 443.
3. Find server ip address in ESP8266 UART log, such as:`ip:192.168.3.6,mask:255.255.255.0,gw:192.168.3.1`.
4. Run `openssl s_client -CAfile ca.pem -cert client.pem -key client.key -verify 1 -tls1_2 -host 192.168.3.6 -port 443` in ./main directory to start client on your PC and connect to ESP8266 server.
**ATTENTION**
@ -41,4 +32,4 @@
**2. Make sure the private key length larger than 2048.**
**3. Make sure the fragment size range is between 2048 and 8192.**
**3. Make sure the fragment size range is between 2048 and 16384.**

13
examples/protocols/openssl_server/gencrt.sh
View File

@ -22,6 +22,13 @@ openssl req -new -key server.key -out server.csr -text -subj $LEVEL2_SUBJECT
openssl req -new -key client.key -out client.csr -text -subj $LEVEL3_SUBJECT
# generate the actual certs.
openssl x509 -req -in ca.csr -out ca.crt -sha1 -days 5000 -signkey ca.key -text -extensions v3_ca
openssl x509 -req -in server.csr -out server.crt -sha1 -CAcreateserial -days 5000 -CA ca.crt -CAkey ca.key -text -extensions v3_ca
openssl x509 -req -in client.csr -out client.crt -sha1 -CAcreateserial -days 5000 -CA ca.crt -CAkey ca.key -text -extensions v3_ca
openssl x509 -req -in ca.csr -out ca.pem -sha1 -days 5000 -signkey ca.key -text -extensions v3_ca
openssl x509 -req -in server.csr -out server.pem -sha1 -CAcreateserial -days 5000 -CA ca.pem -CAkey ca.key -text -extensions v3_ca
openssl x509 -req -in client.csr -out client.pem -sha1 -CAcreateserial -days 5000 -CA ca.pem -CAkey ca.key -text -extensions v3_ca
rm *.csr
rm *.srl
mv ca.* ./main
mv server.* ./main
mv client.* ./main

12
examples/protocols/openssl_server/genheader.sh
View File

@ -1,12 +0,0 @@
#!/bin/bash
# set ca crt for use in the server
xxd -i ca.crt | sed -e "s/ca_crt/ca_crt/" > ssl_server_crt.h
# set server crt for use in the server
xxd -i server.crt | sed -e "s/server_crt/server_crt/" >> ssl_server_crt.h
# set private key for use in the server
xxd -i server.key | sed -e "s/server_key/server_key/" >> ssl_server_crt.h
mv ssl_server_crt.h ./include

17
examples/protocols/openssl_server/main/Kconfig.projbuild Normal file
View File

@ -0,0 +1,17 @@
menu "Example Configuration"
config WIFI_SSID
string "WiFi SSID"
default "myssid"
help
SSID (network name) for the example to connect to.
config WIFI_PASSWORD
string "WiFi Password"
default "mypassword"
help
WiFi password (WPA or WPA2) for the example to use.
Can be left blank if the network has no security set.
endmenu

21
examples/protocols/openssl_server/main/ca.pem Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDXjCCAkYCCQCKO2+tDiY2HTANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJD
MTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDExDTAL
BgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0BCQEW
BEVTUDEwHhcNMTgwNTExMDQ0NDQ4WhcNMzIwMTE4MDQ0NDQ4WjBxMQswCQYDVQQG
EwJDMTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDEx
DTALBgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0B
CQEWBEVTUDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4/Tn8wT+3
M7XpH4X0kF2WSVwCNWcU9nhpOki/9U8bMIfk/S6i2IYhUVSnDgogxiW9tMfGzjar
gk4ZrWFeRxicgknxKMhWSrUny8mXvEE2aUU7F+Udqimi56ZYAkF+v2wNMrh6UWDH
IF2FfPXsngg2vbM1+nSLaSvTzVL5bupqWFU5gFUocyoAMKInGinz2prG4xDWVkoL
d0Ees9XrozWYmWG1M48xNK1PdtN4aK/UEAY4W9QMX3Lgo26wTauSB4m3pb+5D2pL
MzGmCkZadcpug8rkf0yA+D0V1uP5DJH1mtKCWwHRaYjOazv5USk7lifOYbi83MwY
/tM6UPhFpZCzAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAEDnb5fBpYaDjFSRst9s
Yu2yqCj6GyOeRLlDL4N9ySm/kPfgEGlrMhMgdYNKXkHf0F9fioKqXDI0apT8NHAq
lpDRifPU+pYu1YWalti0f+Ktwy+A56cPU/e5TzKLw7gcQ8UGeG6EsSUeq8OU7+Sg
cBmRouUT7q4LExq8AEo0S2ELlNIcV9k0KASCQLDR0aTBiaWnLXoq5hVvGbEsuDeG
6YUhO+L4IQs8o+JZYmXM7Fl1lpddu7XSEdpe+4n/u350GoR9xLXDiCuE/AS/g85f
+U5XybySN5Mvr+GqnGo/JbAsArgXW4mu+5q50aZ7MgJSeWAEEmhDV5pEATeqLfbO
9tk=
-----END CERTIFICATE-----

27
examples/protocols/openssl_server/main/client.key Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAtaPgzM+DKRyHYrGU0iOgsOj+/U0sRXmQ6fqcuuLq/1JMCJ17
PRmr7wMpmtFS93NnbYeFyvNNshecsv9qmhvNXiatez6gd79cqP00O0QSRC3DhZCa
nVpjB7EsFcHMH9T1EXQmJ6GGo3jyQGvoneqWWAuiT0hth8sp9ms3Q/WhgjLaC9qe
eebD3IxyCIJhXe9XX1ToBQIaGofbf1cQpPxPK4ITve9cALgaknJ+E70jhSG2B24p
c+LqzIj7QeGkmq6CJf1qhYsJmxXi26osmYjQyC6fsQ0Fa3X5YXQsshR0eZ/cexwi
nILSK1aBCBAuORwvghIAN7zXuCay4U2qOWRSSwIDAQABAoIBAE1WeWC6+h2HCB39
fl/6y3CHxAoV0cPC/vCgxBrOg0Ayyizg4JgjVhFuR0ij16+Ec4UvLsg6z9oEM7QD
DGCRdd+gmDzhbXGPCOTq6lJRqXVeBuHXr/1PftrHlP2uhjsHcVD9I0G8hJcV6A+F
4oVaXKkgSvt22yv2VOeWvvEwpJPKW1zZvbL75LBfgNbeJB1WeXRj7XGnwl4XlTWT
QnKKcgcPgMrw4fWDhVYpdA/6SOi46w+MsRWPCmFUB5b8Qwiqimm4zcWZHB3iNqCf
hxeqkuAV7RUBtJVQVhE1CTaGAaaScRt+Iz4vnH3tziBFIr8vBOHQQT7nkQOR8V5O
dddicAECgYEA3RjPDwNKlyfGMrNfFA3xSZvlTUueL0AF1r3NbTa4uw6tu7ZdUYS3
zESaiTm35Hg0uaOKKLojbgMJaDRuw7/te6hBGIYPJFpOtpA7Y3JZU3Xdh0C8K9uU
5i6ctkfj1m23nVrwc3eOz/qyVrR6ru7I4Z2wJQzeTVPV4k6ea4P4q5kCgYEA0lCA
v35NR08ocCekhbiOSPdsW7NS/+/+nLVsWpH2U11nD5EYrMY55PewhfB+jytw6hxV
UXBaNB+IAaFgcBNKPqwXaFMXLrrr+cXx8b9j8XsLGmS7CX9kyX8R7450NkxPXmkh
ts+kf2xvzECeRuI8Xi2VNEatqR2JSH9PWouCe4MCgYBxBClzZx9NvMsXR5EmUyov
kjzYEfs98+AIMOU9Gme7VnmAJmv1K344MCk+U/6oDroE2o/Y2a0aovrABW1JKmZe
e1crDfvXfUIXGAsDfoQioXEnnfOSB6BJOTJqCr1v8o2VJdMbctXRgjh/EapUmUKd
8VkE11sa8+u0zrM0CjWmoQKBgQC86o1L9fMKzAMiA6oYZ/h/eKlAEevLdNP8BkeH
b7eZmLv70rUcdY8JqqhJGAdHKZlq4fqNheOxEGXGOSR8aAd4FnOMRZ78XfGcUn+L
TQVEo+cMVVFhLarmCJue2RJwt8lPoBYltY0o3Mnr6luChrP9UOrGo3pY/+wSUDGC
vvB9awKBgQCEzfvWcPN9PHOSnYjxwEIRhFLeDWG77lFj0qSTSrjJ06uLMMIp9hcg
PYgk6AJwQNCDfoYHyF7ZUn8UydL93fq6CzmDFHIulw3eUIriOFgPbWjaLdcW3XEC
/gVhSlWIQhFpiHJJbAZ3DEw8OxXpA7rpuI7l29I43sf42t9lzYN6Nw==
-----END RSA PRIVATE KEY-----

21
examples/protocols/openssl_server/main/client.pem Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDajCCAlICCQDcpwWJyoCFiDANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJD
MTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDExDTAL
BgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0BCQEW
BEVTUDEwHhcNMTgwNTExMDQ0NDQ4WhcNMzIwMTE4MDQ0NDQ4WjB9MQswCQYDVQQG
EwJDMzEOMAwGA1UECAwFSlMzMzMxDjAMBgNVBAcMBVdYMzMzMQ8wDQYDVQQKDAZF
U1AzMzMxDzANBgNVBAsMBkVTUDMzMzEVMBMGA1UEAwwMU2VydmVyMzMzIENBMRUw
EwYJKoZIhvcNAQkBFgZFU1AzMzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC1o+DMz4MpHIdisZTSI6Cw6P79TSxFeZDp+py64ur/UkwInXs9GavvAyma
0VL3c2dth4XK802yF5yy/2qaG81eJq17PqB3v1yo/TQ7RBJELcOFkJqdWmMHsSwV
wcwf1PURdCYnoYajePJAa+id6pZYC6JPSG2Hyyn2azdD9aGCMtoL2p555sPcjHII
gmFd71dfVOgFAhoah9t/VxCk/E8rghO971wAuBqScn4TvSOFIbYHbilz4urMiPtB
4aSaroIl/WqFiwmbFeLbqiyZiNDILp+xDQVrdflhdCyyFHR5n9x7HCKcgtIrVoEI
EC45HC+CEgA3vNe4JrLhTao5ZFJLAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAJDf
Ofo/NL/N1xL2g6bUfk2OQUfWWVTPPOtkbvbP2PrLwxjmZFl2p5uvA6lTGWo0IcQx
YN4baF+KbD8WdzDkfrXvPE2h1SwQut2XXi3JB+TgU/ZJq6qf7LkkYvojxaI6/80X
3l1CbpwLCr+Empw9mtgMGkl4SCGR2qirYWoDbF+fNMM/fwMpPUtssbIrcueVmrJc
TE2T7zhdY1a7h+M1vojqnZ6eHqf7VhH83+DwO1tIeC0dpFbCdTtymtVRxlHPvdU1
rZt7+CIBM9LQhwzX7LaGG+Mk53mMzO7nqdD+APSRgKq4bLWXOeXs58YRHRiYdHAE
g/rV6gxK6lhBb/gQ+uw=
-----END CERTIFICATE-----

4
examples/protocols/openssl_server/main/component.mk
View File

@ -2,4 +2,6 @@
# "main" pseudo-component makefile.
#
# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)
COMPONENT_EMBED_TXTFILES := ca.pem
COMPONENT_EMBED_TXTFILES += server.pem
COMPONENT_EMBED_TXTFILES += server.key

226
examples/protocols/openssl_server/main/openssl_demo.c
View File

@ -1,226 +0,0 @@
/* openSSL server example
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#include <stddef.h>
#include "openssl_demo.h"
#include "openssl/ssl.h"
#include "freertos/FreeRTOS.h"
#include "freertos/task.h"
#include "c_types.h"
#include "esp_misc.h"
#include "lwip/sockets.h"
#include "ssl_server_crt.h"
#define OPENSSL_DEMO_THREAD_NAME "ssl_demo"
#define OPENSSL_DEMO_THREAD_STACK_WORDS 2048
#define OPENSSL_DEMO_THREAD_PRORIOTY 6
/*
Fragment size range 2048~8192
| Private key len | Fragment size recommend |
| RSA2048 | 2048 |
| RSA3072 | 3072 |
| RSA4096 | 4096 |
*/
#define OPENSSL_DEMO_FRAGMENT_SIZE 2048
/* Local server tcp port */
#define OPENSSL_DEMO_LOCAL_TCP_PORT 443
#define OPENSSL_DEMO_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n"
/* receive length */
#define OPENSSL_DEMO_RECV_BUF_LEN 1024
LOCAL xTaskHandle openssl_handle;
LOCAL char send_data[] = OPENSSL_DEMO_REQUEST;
LOCAL int send_bytes = sizeof(send_data);
LOCAL char recv_buf[OPENSSL_DEMO_RECV_BUF_LEN];
LOCAL void openssl_demo_thread(void* p)
{
int ret;
SSL_CTX* ctx;
SSL* ssl;
struct sockaddr_in sock_addr;
int sockfd, new_sockfd;
int recv_bytes = 0;
socklen_t addr_len;
printf("OpenSSL demo thread start...\n");
printf("create SSL context ......");
ctx = SSL_CTX_new(TLSv1_1_server_method());
if (!ctx) {
printf("failed\n");
goto failed1;
}
printf("OK\n");
printf("load ca crt ......");
X509* cacrt = d2i_X509(NULL, ca_crt, ca_crt_len);
if (cacrt) {
SSL_CTX_add_client_CA(ctx, cacrt);
printf("OK\n");
} else {
printf("failed\n");
goto failed2;
}
printf("load server crt ......");
ret = SSL_CTX_use_certificate_ASN1(ctx, server_crt_len, server_crt);
if (ret) {
printf("OK\n");
} else {
printf("failed\n");
goto failed2;
}
printf("load server private key ......");
ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, server_key, server_key_len);
if (ret) {
printf("OK\n");
} else {
printf("failed\n");
goto failed2;
}
printf("set verify mode verify peer\n");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
printf("set SSL context read buffer size ......OK\n");
SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_DEMO_FRAGMENT_SIZE);
printf("create socket ......");
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0) {
printf("failed\n");
goto failed2;
}
printf("OK\n");
printf("socket bind ......");
memset(&sock_addr, 0, sizeof(sock_addr));
sock_addr.sin_family = AF_INET;
sock_addr.sin_addr.s_addr = 0;
sock_addr.sin_port = htons(OPENSSL_DEMO_LOCAL_TCP_PORT);
ret = bind(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
if (ret) {
printf("bind failed\n");
goto failed3;
}
printf("bind OK\n");
printf("server socket listen ......");
ret = listen(sockfd, 32);
if (ret) {
printf("failed\n");
goto failed3;
}
printf("OK\n");
reconnect:
printf("SSL server create ......");
ssl = SSL_new(ctx);
if (!ssl) {
printf("failed\n");
goto failed3;
}
printf("OK\n");
printf("SSL server socket accept client ......");
new_sockfd = accept(sockfd, (struct sockaddr*)&sock_addr, &addr_len);
if (new_sockfd < 0) {
printf("failed");
goto failed4;
}
printf("OK\n");
SSL_set_fd(ssl, new_sockfd);
printf("SSL server accept client ......");
ret = SSL_accept(ssl);
if (!ret) {
printf("failed\n");
goto failed5;
}
printf("OK\n");
do {
ret = SSL_read(ssl, recv_buf, OPENSSL_DEMO_RECV_BUF_LEN - 1);
if (ret <= 0) {
break;
}
recv_bytes += ret;
recv_buf[ret] = '\0';
printf("%s", recv_buf);
} while (1);
SSL_shutdown(ssl);
failed5:
close(new_sockfd);
new_sockfd = -1;
failed4:
SSL_free(ssl);
ssl = NULL;
goto reconnect;
failed3:
close(sockfd);
sockfd = -1;
failed2:
SSL_CTX_free(ctx);
ctx = NULL;
failed1:
vTaskDelete(NULL);
printf("task exit\n");
return ;
}
void user_conn_init(void)
{
int ret;
ret = xTaskCreate(openssl_demo_thread,
OPENSSL_DEMO_THREAD_NAME,
OPENSSL_DEMO_THREAD_STACK_WORDS,
NULL,
OPENSSL_DEMO_THREAD_PRORIOTY,
&openssl_handle);
if (ret != pdPASS) {
printf("create thread %s failed\n", OPENSSL_DEMO_THREAD_NAME);
return ;
}
}

15
examples/protocols/openssl_server/main/openssl_demo.h
View File

@ -1,15 +0,0 @@
/* openSSL server example
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#ifndef _OPENSSL_DEMO_H_
#define _OPENSSL_DEMO_H_
void user_conn_init(void);
#endif

334
examples/protocols/openssl_server/main/openssl_server_example_main.c Normal file
View File

@ -0,0 +1,334 @@
/* openSSL server example
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#include "sdkconfig.h"
#include "esp_misc.h"
#include "esp_sta.h"
#include "esp_system.h"
#include "freertos/FreeRTOS.h"
#include "freertos/task.h"
#include <sys/socket.h>
#include "openssl/ssl.h"
#define OPENSSL_SERVER_THREAD_NAME "openssl_server"
#define OPENSSL_SERVER_THREAD_STACK_WORDS 2048
#define OPENSSL_SERVER_THREAD_PRORIOTY 6
extern const uint8_t ca_pem_start[] asm("_binary_ca_pem_start");
extern const uint8_t ca_pem_end[] asm("_binary_ca_pem_end");
extern const uint8_t server_pem_start[] asm("_binary_server_pem_start");
extern const uint8_t server_pem_end[] asm("_binary_server_pem_end");
extern const uint8_t server_key_start[] asm("_binary_server_key_start");
extern const uint8_t server_key_end[] asm("_binary_server_key_end");
/*
Fragment size range 2048~8192
| Private key len | Fragment size recommend |
| RSA2048 | 2048 |
| RSA3072 | 3072 |
| RSA4096 | 4096 |
*/
#define OPENSSL_SERVER_FRAGMENT_SIZE 2048
/* Local server tcp port */
#define OPENSSL_SERVER_LOCAL_TCP_PORT 443
#define OPENSSL_SERVER_REQUEST "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n"
/* receive length */
#define OPENSSL_SERVER_RECV_BUF_LEN 1024
LOCAL xTaskHandle openssl_handle;
LOCAL char send_data[] = OPENSSL_SERVER_REQUEST;
LOCAL int send_bytes = sizeof(send_data);
LOCAL char recv_buf[OPENSSL_SERVER_RECV_BUF_LEN];
LOCAL void openssl_server_thread(void* p)
{
int ret;
SSL_CTX* ctx;
SSL* ssl;
struct sockaddr_in sock_addr;
int sockfd, new_sockfd;
int recv_bytes = 0;
socklen_t addr_len;
printf("OpenSSL server thread start...\n");
printf("create SSL context ......");
ctx = SSL_CTX_new(TLSv1_2_server_method());
if (!ctx) {
printf("failed\n");
goto failed1;
}
printf("OK\n");
printf("load ca crt ......");
X509* cacrt = d2i_X509(NULL, ca_pem_start, ca_pem_end - ca_pem_start);
if (cacrt) {
SSL_CTX_add_client_CA(ctx, cacrt);
printf("OK\n");
} else {
printf("failed\n");
goto failed2;
}
printf("load server crt ......");
ret = SSL_CTX_use_certificate_ASN1(ctx, server_pem_end - server_pem_start, server_pem_start);
if (ret) {
printf("OK\n");
} else {
printf("failed\n");
goto failed2;
}
printf("load server private key ......");
ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, server_key_start, server_key_end - server_key_start);
if (ret) {
printf("OK\n");
} else {
printf("failed\n");
goto failed2;
}
printf("set verify mode verify peer\n");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
printf("set SSL context read buffer size ......OK\n");
SSL_CTX_set_default_read_buffer_len(ctx, OPENSSL_SERVER_FRAGMENT_SIZE);
printf("create socket ......");
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0) {
printf("failed\n");
goto failed2;
}
printf("OK\n");
printf("socket bind ......");
memset(&sock_addr, 0, sizeof(sock_addr));
sock_addr.sin_family = AF_INET;
sock_addr.sin_addr.s_addr = 0;
sock_addr.sin_port = htons(OPENSSL_SERVER_LOCAL_TCP_PORT);
ret = bind(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
if (ret) {
printf("bind failed\n");
goto failed3;
}
printf("bind OK\n");
printf("server socket listen ......");
ret = listen(sockfd, 32);
if (ret) {
printf("failed\n");
goto failed3;
}
printf("OK\n");
reconnect:
printf("SSL server create ......");
ssl = SSL_new(ctx);
if (!ssl) {
printf("failed\n");
goto failed3;
}
printf("OK\n");
printf("SSL server socket accept client ......");
new_sockfd = accept(sockfd, (struct sockaddr*)&sock_addr, &addr_len);
if (new_sockfd < 0) {
printf("failed");
goto failed4;
}
printf("OK\n");
SSL_set_fd(ssl, new_sockfd);
printf("SSL server accept client ......");
ret = SSL_accept(ssl);
if (!ret) {
printf("failed\n");
goto failed5;
}
printf("OK\n");
printf("send data to client ......");
ret = SSL_write(ssl, send_data, send_bytes);
if (ret <= 0) {
printf("failed, return [-0x%x]\n", -ret);
goto failed5;
}
printf("OK\n\n");
do {
ret = SSL_read(ssl, recv_buf, OPENSSL_SERVER_RECV_BUF_LEN - 1);
if (ret <= 0) {
break;
}
recv_bytes += ret;
recv_buf[ret] = '\0';
printf("%s", recv_buf);
} while (1);
SSL_shutdown(ssl);
failed5:
close(new_sockfd);
new_sockfd = -1;
failed4:
SSL_free(ssl);
ssl = NULL;
goto reconnect;
failed3:
close(sockfd);
sockfd = -1;
failed2:
SSL_CTX_free(ctx);
ctx = NULL;
failed1:
vTaskDelete(NULL);
printf("task exit\n");
return ;
}
void user_conn_init(void)
{
int ret;
ret = xTaskCreate(openssl_server_thread,
OPENSSL_SERVER_THREAD_NAME,
OPENSSL_SERVER_THREAD_STACK_WORDS,
NULL,
OPENSSL_SERVER_THREAD_PRORIOTY,
&openssl_handle);
if (ret != pdPASS) {
printf("create thread %s failed\n", OPENSSL_SERVER_THREAD_NAME);
return ;
}
}
/******************************************************************************
* FunctionName : user_rf_cal_sector_set
* Description : SDK just reversed 4 sectors, used for rf init data and paramters.
* We add this function to force users to set rf cal sector, since
* we don't know which sector is free in user's application.
* sector map for last several sectors : ABCCC
* A : rf cal
* B : rf init data
* C : sdk parameters
* Parameters : none
* Returns : rf cal sector
*******************************************************************************/
uint32 user_rf_cal_sector_set(void)
{
flash_size_map size_map = system_get_flash_size_map();
uint32 rf_cal_sec = 0;
switch (size_map) {
case FLASH_SIZE_4M_MAP_256_256:
rf_cal_sec = 128 - 5;
break;
case FLASH_SIZE_8M_MAP_512_512:
rf_cal_sec = 256 - 5;
break;
case FLASH_SIZE_16M_MAP_512_512:
case FLASH_SIZE_16M_MAP_1024_1024:
rf_cal_sec = 512 - 5;
break;
case FLASH_SIZE_32M_MAP_512_512:
case FLASH_SIZE_32M_MAP_1024_1024:
rf_cal_sec = 1024 - 5;
break;
case FLASH_SIZE_64M_MAP_1024_1024:
rf_cal_sec = 2048 - 5;
break;
case FLASH_SIZE_128M_MAP_1024_1024:
rf_cal_sec = 4096 - 5;
break;
default:
rf_cal_sec = 0;
break;
}
return rf_cal_sec;
}
void wifi_event_handler_cb(System_Event_t* event)
{
if (event == NULL) {
return;
}
switch (event->event_id) {
case EVENT_STAMODE_GOT_IP:
printf("sta got ip , creat task %d\n", system_get_free_heap_size());
user_conn_init();
break;
default:
break;
}
}
/******************************************************************************
* FunctionName : user_init
* Description : entry of user application, init user function here
* Parameters : none
* Returns : none
*******************************************************************************/
void user_init(void)
{
printf("SDK version:%s %d\n", system_get_sdk_version(), system_get_free_heap_size());
wifi_set_opmode(STATION_MODE);
// set AP parameter
struct station_config config;
bzero(&config, sizeof(struct station_config));
sprintf((char*)config.ssid, CONFIG_WIFI_SSID);
sprintf((char*)config.password, CONFIG_WIFI_PASSWORD);
wifi_station_set_config(&config);
wifi_set_event_handler_cb(wifi_event_handler_cb);
}

27
examples/protocols/openssl_server/main/server.key Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA4hO0qkELImKZbfwjYDmeMkAE9Umi+iJwYZrjKJtCR86yAw7n
YBdurbPPbRE5709vJzg0XUbOAzus7g1MQGy+P/WJZQQ03iO4/ro/E2oLH+YLarFS
mFL9DXNGf597SEnUlRV6/3eBCmFCeil79F42mDjqcZ3AnVpfLPz5Y6Tqo6Y9xOsT
nJTgSXIMl3pNRwAhAEgTAMDAHqAtbZiztoF6QNSujPbwU/2K/YkTlMn1UpF2OxR6
kNHWFYZnrXRn8Eld2VfOCbe6mZaCW+QHTLhq6CIqPhuTI7KYqxHwmacZhqHFEX4p
lbCB6zexJxuNF1VbHbGS4A4S7vmaHJ/nPWmidQIDAQABAoIBAAtOzQSPCE2J/P6h
U+umNiFxTk4uhrZYLqLTKnWHfoM09XZtsmj+Aw0xJzjfWbR8lqSxjPz1Y6yJuZaW
l6/JQKLWVy70TOinhMNI8Yq5DSFlUkDd6bGwxPN9RpNvmKz+9GEYl/RbN9sbDkYp
+Qc6ByUKA7/3EgFM2eHYLWksgIf62pceH7JO7efNrHnVaOh6vms8IjM9g+9eG6fx
n1/7GqoXUSTRTSR9B/LzqJxDLrNq0ryniVV1SYIlgojMaL38cl1OBdl/1Lfvjh0y
WtQnZnTmvymnND9zb7wMOs9IsbaOakOIh/17fekTB2y0ZYrqQK0PQI/nJLWqFwPb
wHGSfqkCgYEA/Srd+JAlHQcCz+dDytfCl4OcK40nA3WGAthcH9JY5aiG/OCrwzuO
bheERYD76C/d1E2Rgvr8kD1vqU6fGOChBP0bBmnFEAJgppVQKi2SJiNn/RUVca4I
llpecL7JDUfnxSrr2dx0ntcWX6ypywlEN+l2nzBC2Dp7A+ClbBeVNbMCgYEA5Js+
th1Bq04GkOorXKT/dVb8YzSFVxD3kVqQgaXM2EoNZwCaXngCrlC6pckpMVNQmCDg
rwi+FLAGIk9L5SGu4TxsBBvVcPlHMSeJZZguV8zpV3UPqou2QXUYzTVXfOsnRUEZ
7IpCppZ6Tyf9EAyFYHw9owBBk1wG4927+vdeAzcCgYEAxUwdBNNBOSf3lxLCEFip
e+7DTGWKm/WA5MK8uMfzI7d8y6JD+bh2PXHyUUA+ESsMk6GH3y2+mqJmXOm6r2aP
1hVydEMFon5X2DrQ6K3vEe3R4rgFqDxa0OHIa9EjWkhJZa0XdQeLkyZId3NWN7cX
BQPawCCaV2zr5Y+zG1QdomUCgYBldh2kOGHwBOZXJQdvy+9xhdTotuPDW811Hsvq
Lss2588A+zyIVx1hfoUIlbqJoN+xVU5DgU7T4bgnPCiEHqn+X5HVVQErbgfR4ilS
BPP0lgaugU8ds3qFnNIQKe+ViszYKOe3mzmvtDO+tBHWMKh1xU6Z7MAuBfcs5TnM
TkPUiwKBgQC+9Yxv4IqjlqLqXNDyb4jJn5MNt9Gt6W85+ScdXAL6vdF38CrZWqyz
ORI3sr6JQ3p4Sq9e9mwcl472Y1bqIQ0ApxYA5fDCyzPP6P3hmhGY77hE6HEQvQq2
qKfCcxBcLuvbcqeX0hairUOhjg8m2tb/sDNxm6ZaQmMHNRyIM1WgIw==
-----END RSA PRIVATE KEY-----

21
examples/protocols/openssl_server/main/server.pem Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDZDCCAkwCCQDcpwWJyoCFhzANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJD
MTEMMAoGA1UECAwDSlMxMQwwCgYDVQQHDANXWDExDTALBgNVBAoMBEVTUDExDTAL
BgNVBAsMBEVTUDExEzARBgNVBAMMClNlcnZlcjEgQ0ExEzARBgkqhkiG9w0BCQEW
BEVTUDEwHhcNMTgwNTExMDQ0NDQ4WhcNMzIwMTE4MDQ0NDQ4WjB3MQswCQYDVQQG
EwJDMjENMAsGA1UECAwESlMyMjENMAsGA1UEBwwEV1gyMjEOMAwGA1UECgwFRVNQ
MjIxDjAMBgNVBAsMBUVTUDIyMRQwEgYDVQQDDAtTZXJ2ZXIyMiBDQTEUMBIGCSqG
SIb3DQEJARYFRVNQMjIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDi
E7SqQQsiYplt/CNgOZ4yQAT1SaL6InBhmuMom0JHzrIDDudgF26ts89tETnvT28n
ODRdRs4DO6zuDUxAbL4/9YllBDTeI7j+uj8Tagsf5gtqsVKYUv0Nc0Z/n3tISdSV
FXr/d4EKYUJ6KXv0XjaYOOpxncCdWl8s/PljpOqjpj3E6xOclOBJcgyXek1HACEA
SBMAwMAeoC1tmLO2gXpA1K6M9vBT/Yr9iROUyfVSkXY7FHqQ0dYVhmetdGfwSV3Z
V84Jt7qZloJb5AdMuGroIio+G5MjspirEfCZpxmGocURfimVsIHrN7EnG40XVVsd
sZLgDhLu+Zocn+c9aaJ1AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBABZ7dxV/AjwU
1J0JeCQAXGBsNJDErmYLP9mZ0UVLiXoK29ulDAmruf2nm4GK3YfSdErO4fUJHw2i
zysTucNHJTOX6NSTigfQK7YKo8Cngt8RCNk9dRD88zwehlXKom52aLrC3SeC469O
Pu4PF7hFEskChz1qNNg+jcNkV5hvpdNwE55as86LWVcWeax6r9013Ojz6BKmKNIF
w3LXEQtvl/4lTyxI2hydXLaeIVfOe6c1LeJa29C+GXZsP2J5rkJZ1GGai0/KlwwH
6zaIhzjjiEDmkugKAgV0dnoV+E/m91OfMSge+ljllC7Il1qhr0/UXwmtnj1zQTLw
2VbO1/x/B7s=
-----END CERTIFICATE-----

19
examples/protocols/openssl_server/main/user_config.h
View File

@ -1,19 +0,0 @@
/* openSSL server example
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#ifndef __USER_CONFIG_H__
#define __USER_CONFIG_H__
#include "openssl_demo.h"
#define SSID "HUAWEI001"
#define PASSWORD ""
#endif

101
examples/protocols/openssl_server/main/user_main.c
View File

@ -1,101 +0,0 @@
/* openSSL server example
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#include "esp_common.h"
#include "user_config.h"
/******************************************************************************
* FunctionName : user_rf_cal_sector_set
* Description : SDK just reversed 4 sectors, used for rf init data and paramters.
* We add this function to force users to set rf cal sector, since
* we don't know which sector is free in user's application.
* sector map for last several sectors : ABCCC
* A : rf cal
* B : rf init data
* C : sdk parameters
* Parameters : none
* Returns : rf cal sector
*******************************************************************************/
uint32 user_rf_cal_sector_set(void)
{
flash_size_map size_map = system_get_flash_size_map();
uint32 rf_cal_sec = 0;
switch (size_map) {
case FLASH_SIZE_4M_MAP_256_256:
rf_cal_sec = 128 - 5;
break;
case FLASH_SIZE_8M_MAP_512_512:
rf_cal_sec = 256 - 5;
break;
case FLASH_SIZE_16M_MAP_512_512:
case FLASH_SIZE_16M_MAP_1024_1024:
rf_cal_sec = 512 - 5;
break;
case FLASH_SIZE_32M_MAP_512_512:
case FLASH_SIZE_32M_MAP_1024_1024:
rf_cal_sec = 1024 - 5;
break;
case FLASH_SIZE_64M_MAP_1024_1024:
rf_cal_sec = 2048 - 5;
break;
case FLASH_SIZE_128M_MAP_1024_1024:
rf_cal_sec = 4096 - 5;
break;
default:
rf_cal_sec = 0;
break;
}
return rf_cal_sec;
}
void wifi_event_handler_cb(System_Event_t* event)
{
if (event == NULL) {
return;
}
switch (event->event_id) {
case EVENT_STAMODE_GOT_IP:
printf("sta got ip , creat task %d\n", system_get_free_heap_size());
user_conn_init();
break;
default:
break;
}
}
/******************************************************************************
* FunctionName : user_init
* Description : entry of user application, init user function here
* Parameters : none
* Returns : none
*******************************************************************************/
void user_init(void)
{
printf("SDK version:%s %d\n", system_get_sdk_version(), system_get_free_heap_size());
wifi_set_opmode(STATION_MODE);
// set AP parameter
struct station_config config;
bzero(&config, sizeof(struct station_config));
sprintf(config.ssid, SSID);
sprintf(config.password, PASSWORD);
wifi_station_set_config(&config);
wifi_set_event_handler_cb(wifi_event_handler_cb);
}