fix(example): fix https_mbedtls to use new APIs

2025-05-31 15:41:02 +08:00 · 2018-06-30 09:32:50 +08:00
parent 7e1efaa69d
commit d3769b9c6f
2 changed files with 210 additions and 155 deletions
--- a/examples/get-started/project_template/main/user_main.c
+++ b/examples/get-started/project_template/main/user_main.c
@ -64,12 +64,12 @@ uint32_t user_rf_cal_sector_set(void)
 }
 /******************************************************************************
- * FunctionName : user_init
+ * FunctionName : app_main
 * Description  : entry of user application, init user function here
 * Parameters   : none
 * Returns      : none
 *******************************************************************************/
-void user_init(void)
+void app_main(void)
 {
    printf("SDK version:%s\n", esp_get_idf_version());
 }
--- a/examples/protocols/https_mbedtls/main/https_mbedtls_example_main.c
+++ b/examples/protocols/https_mbedtls/main/https_mbedtls_example_main.c
@ -1,60 +1,136 @@
-/* mbedtls example
+/* HTTPS GET Example using plain mbedTLS sockets
-
+ *
-   This example code is in the Public Domain (or CC0 licensed, at your option.)
+ * Contacts the howsmyssl.com API via TLS v1.2 and reads a JSON
-
+ * response.
-   Unless required by applicable law or agreed to in writing, this
+ *
-   software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ * Adapted from the ssl_client1 example in mbedtls.
-   CONDITIONS OF ANY KIND, either express or implied.
+ *
 * Original Copyright (C) 2006-2016, ARM Limited, All Rights Reserved, Apache 2.0 License.
 * Additions Copyright (C) Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD, Apache 2.0 License.
 *
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 #include <string.h>
-#include <strings.h>
+#include <stdlib.h>
 #include "sdkconfig.h"
 #include "esp_misc.h"
 #include "esp_sta.h"
 #include "esp_system.h"
 #include "freertos/FreeRTOS.h"
 #include "freertos/task.h"
 #include "freertos/event_groups.h"
 #include "esp_wifi.h"
 #include "esp_event_loop.h"
 #include "esp_log.h"
 #include "esp_system.h"
 #include "nvs_flash.h"
-#include <sys/socket.h>
+#include "lwip/err.h"
-#include <netdb.h>
+#include "lwip/sockets.h"
-
+#include "lwip/sys.h"
-#include "lwip/apps/sntp.h"
+#include "lwip/netdb.h"
 #include "lwip/dns.h"
 #include "mbedtls/platform.h"
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/esp_debug.h"
 #include "mbedtls/ssl.h"
 #include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/error.h"
 #include "mbedtls/certs.h"
-extern const uint8_t server_root_cert_pem_start[] asm("_binary_server_root_cert_pem_start");
+/* The examples use simple WiFi configuration that you can set via
-extern const uint8_t server_root_cert_pem_end[]   asm("_binary_server_root_cert_pem_end");
+   'make menuconfig'.
   If you'd rather not, just change the below entries to strings with
   the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid"
 */
 #define EXAMPLE_WIFI_SSID CONFIG_WIFI_SSID
 #define EXAMPLE_WIFI_PASS CONFIG_WIFI_PASSWORD
 /* FreeRTOS event group to signal when we are connected & ready to make a request */
 static EventGroupHandle_t wifi_event_group;
 /* The event group allows multiple bits for each event,
   but we only care about one event - are we connected
   to the AP with an IP? */
 const int CONNECTED_BIT = 1 << 0;
 /* Constants that aren't configurable in menuconfig */
 #define WEB_SERVER "www.howsmyssl.com"
 #define WEB_PORT "443"
 #define WEB_URL "https://www.howsmyssl.com/a/check"
 static const char *TAG = "example";
 static const char *REQUEST = "GET " WEB_URL " HTTP/1.0\r\n"
    "Host: "WEB_SERVER"\r\n"
-                             "User-Agent: esp-idf/1.0 espressif\r\n"
+    "User-Agent: esp-idf/1.0 esp32\r\n"
    "\r\n";
-#define HTTPS_MBEDTLS_THREAD_NAME        "https_mbedtls"
+/* Root cert for howsmyssl.com, taken from server_root_cert.pem
 #define HTTPS_MBEDTLS_THREAD_STACK_WORDS 2048
 #define HTTPS_MBEDTLS_THREAD_PRORIOTY    6
-#define HTTPS_MBEDTLS_SNTP_SERVERS       "pool.ntp.org"
+   The PEM file was extracted from the output of this command:
   openssl s_client -showcerts -connect www.howsmyssl.com:443 </dev/null
-static void https_get_task()
+   The CA root cert is the last cert given in the chain of certs.
   To embed it in the app binary, the PEM file is named
   in the component.mk COMPONENT_EMBED_TXTFILES variable.
 */
 extern const uint8_t server_root_cert_pem_start[] asm("_binary_server_root_cert_pem_start");
 extern const uint8_t server_root_cert_pem_end[]   asm("_binary_server_root_cert_pem_end");
 static esp_err_t event_handler(void *ctx, system_event_t *event)
 {
    switch(event->event_id) {
    case SYSTEM_EVENT_STA_START:
        esp_wifi_connect();
        break;
    case SYSTEM_EVENT_STA_GOT_IP:
        xEventGroupSetBits(wifi_event_group, CONNECTED_BIT);
        break;
    case SYSTEM_EVENT_STA_DISCONNECTED:
        /* This is a workaround as ESP32 WiFi libs don't currently
           auto-reassociate. */
        esp_wifi_connect();
        xEventGroupClearBits(wifi_event_group, CONNECTED_BIT);
        break;
    default:
        break;
    }
    return ESP_OK;
 }
 static void initialise_wifi(void)
 {
    tcpip_adapter_init();
    wifi_event_group = xEventGroupCreate();
    ESP_ERROR_CHECK( esp_event_loop_init(event_handler, NULL) );
    wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
    ESP_ERROR_CHECK( esp_wifi_init(&cfg) );
    ESP_ERROR_CHECK( esp_wifi_set_storage(WIFI_STORAGE_RAM) );
    wifi_config_t wifi_config = {
        .sta = {
            .ssid = EXAMPLE_WIFI_SSID,
            .password = EXAMPLE_WIFI_PASS,
        },
    };
    ESP_LOGI(TAG, "Setting WiFi configuration SSID %s...", wifi_config.sta.ssid);
    ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) );
    ESP_ERROR_CHECK( esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) );
    ESP_ERROR_CHECK( esp_wifi_start() );
 }
 static void https_get_task(void *pvParameters)
 {
    char buf[512];
    int ret, flags, len;
@ -69,144 +145,166 @@ static void https_get_task()
    mbedtls_ssl_init(&ssl);
    mbedtls_x509_crt_init(&cacert);
    mbedtls_ctr_drbg_init(&ctr_drbg);
-    printf("Seeding the random number generator\n");
+    ESP_LOGI(TAG, "Seeding the random number generator");
    mbedtls_ssl_config_init(&conf);
    mbedtls_entropy_init(&entropy);
    if((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                     NULL, 0)) != 0) {
+                                    NULL, 0)) != 0)
-        printf("mbedtls_ctr_drbg_seed returned %d\n", ret);
+    {
-        vTaskDelete(NULL);
+        ESP_LOGE(TAG, "mbedtls_ctr_drbg_seed returned %d", ret);
-        return;
+        abort();
    }
-    printf("Loading the CA root certificate...\n");
+    ESP_LOGI(TAG, "Loading the CA root certificate...");
-    ret = mbedtls_x509_crt_parse(&cacert, server_root_cert_pem_start, server_root_cert_pem_end - server_root_cert_pem_start);
+    ret = mbedtls_x509_crt_parse(&cacert, server_root_cert_pem_start,
                                 server_root_cert_pem_end-server_root_cert_pem_start);
-    if (ret < 0) {
+    if(ret < 0)
-        printf("mbedtls_x509_crt_parse returned -0x%x\n\n", -ret);
+    {
-        vTaskDelete(NULL);
+        ESP_LOGE(TAG, "mbedtls_x509_crt_parse returned -0x%x\n\n", -ret);
-        return;
+        abort();
    }
-    printf("Setting hostname for TLS session...\n");
+    ESP_LOGI(TAG, "Setting hostname for TLS session...");
     /* Hostname set here should match CN in server certificate */
-    if ((ret = mbedtls_ssl_set_hostname(&ssl, WEB_SERVER)) != 0) {
+    if((ret = mbedtls_ssl_set_hostname(&ssl, WEB_SERVER)) != 0)
-        printf("mbedtls_ssl_set_hostname returned -0x%x", -ret);
+    {
-        vTaskDelete(NULL);
+        ESP_LOGE(TAG, "mbedtls_ssl_set_hostname returned -0x%x", -ret);
-        return;
+        abort();
    }
-    printf("Setting up the SSL/TLS structure...\n");
+    ESP_LOGI(TAG, "Setting up the SSL/TLS structure...");
    if((ret = mbedtls_ssl_config_defaults(&conf,
                                          MBEDTLS_SSL_IS_CLIENT,
                                          MBEDTLS_SSL_TRANSPORT_STREAM,
-                                           MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+                                          MBEDTLS_SSL_PRESET_DEFAULT)) != 0)
-        printf("mbedtls_ssl_config_defaults returned %d", ret);
+    {
        ESP_LOGE(TAG, "mbedtls_ssl_config_defaults returned %d", ret);
        goto exit;
    }
    /* MBEDTLS_SSL_VERIFY_OPTIONAL is bad for security, in this example it will print
       a warning if CA verification fails but it will continue to connect.
       You should consider using MBEDTLS_SSL_VERIFY_REQUIRED in your own code.
    */
    mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
    mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
    mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
 #ifdef CONFIG_MBEDTLS_DEBUG
    mbedtls_esp_enable_debug_log(&conf, 4);
 #endif
-    if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+    if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0)
-        printf("mbedtls_ssl_setup returned -0x%x\n\n", -ret);
+    {
        ESP_LOGE(TAG, "mbedtls_ssl_setup returned -0x%x\n\n", -ret);
        goto exit;
    }
    while(1) {
        /* Wait for the callback to set the CONNECTED_BIT in the
           event group.
        */
        xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT,
                            false, true, portMAX_DELAY);
        ESP_LOGI(TAG, "Connected to AP");
        mbedtls_net_init(&server_fd);
-        printf("Connecting to %s:%s...\n", WEB_SERVER, WEB_PORT);
+        ESP_LOGI(TAG, "Connecting to %s:%s...", WEB_SERVER, WEB_PORT);
        if ((ret = mbedtls_net_connect(&server_fd, WEB_SERVER,
-                                       WEB_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
+                                      WEB_PORT, MBEDTLS_NET_PROTO_TCP)) != 0)
-            printf("mbedtls_net_connect returned -%x\n", -ret);
+        {
            ESP_LOGE(TAG, "mbedtls_net_connect returned -%x", -ret);
            goto exit;
        }
-        printf("Connected.\n");
+        ESP_LOGI(TAG, "Connected.");
        mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
-        printf("Performing the SSL/TLS handshake...\n");
+        ESP_LOGI(TAG, "Performing the SSL/TLS handshake...");
-        while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+        while ((ret = mbedtls_ssl_handshake(&ssl)) != 0)
-            if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+        {
-                printf("mbedtls_ssl_handshake returned -0x%x\n", -ret);
+            if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE)
            {
                ESP_LOGE(TAG, "mbedtls_ssl_handshake returned -0x%x", -ret);
                goto exit;
            }
        }
-        printf("Verifying peer X.509 certificate...\n");
+        ESP_LOGI(TAG, "Verifying peer X.509 certificate...");
-        if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) {
+        if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0)
        {
            /* In real life, we probably want to close connection if ret != 0 */
-            printf("Failed to verify peer certificate!\n");
+            ESP_LOGW(TAG, "Failed to verify peer certificate!");
            bzero(buf, sizeof(buf));
            mbedtls_x509_crt_verify_info(buf, sizeof(buf), "  ! ", flags);
-            printf("verification info: %s\n", buf);
+            ESP_LOGW(TAG, "verification info: %s", buf);
-        } else {
+        }
-            printf("Certificate verified.\n");
+        else {
            ESP_LOGI(TAG, "Certificate verified.");
        }
-        printf("Cipher suite is %s\n", mbedtls_ssl_get_ciphersuite(&ssl));
+        ESP_LOGI(TAG, "Cipher suite is %s", mbedtls_ssl_get_ciphersuite(&ssl));
-        printf("Writing HTTP request...\n");
+        ESP_LOGI(TAG, "Writing HTTP request...");
        size_t written_bytes = 0;
        do {
            ret = mbedtls_ssl_write(&ssl,
                                    (const unsigned char *)REQUEST + written_bytes,
                                    strlen(REQUEST) - written_bytes);
            if (ret >= 0) {
-                printf("%d bytes written\n", ret);
+                ESP_LOGI(TAG, "%d bytes written", ret);
                written_bytes += ret;
            } else if (ret != MBEDTLS_ERR_SSL_WANT_WRITE && ret != MBEDTLS_ERR_SSL_WANT_READ) {
-                printf("mbedtls_ssl_write returned -0x%x\n", -ret);
+                ESP_LOGE(TAG, "mbedtls_ssl_write returned -0x%x", -ret);
                goto exit;
            }
        } while(written_bytes < strlen(REQUEST));
-        printf("Reading HTTP response...\n");
+        ESP_LOGI(TAG, "Reading HTTP response...");
-        do {
+        do
        {
            len = sizeof(buf) - 1;
            bzero(buf, sizeof(buf));
            ret = mbedtls_ssl_read(&ssl, (unsigned char *)buf, len);
-            if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
+            if(ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE)
                continue;
            }
            if(ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
                ret = 0;
                break;
            }
-            if (ret < 0) {
+            if(ret < 0)
-                printf("mbedtls_ssl_read returned -0x%x\n", -ret);
+            {
                ESP_LOGE(TAG, "mbedtls_ssl_read returned -0x%x", -ret);
                break;
            }
-            if (ret == 0) {
+            if(ret == 0)
-                printf("\nconnection closed\n");
+            {
                ESP_LOGI(TAG, "connection closed");
                break;
            }
            len = ret;
-
+            ESP_LOGD(TAG, "%d bytes read", len);
            /* Print response directly to stdout as it is read */
            for(int i = 0; i < len; i++) {
-                printf("%c", buf[i]);
+                putchar(buf[i]);
            }
        } while(1);
@ -216,56 +314,22 @@ exit:
        mbedtls_ssl_session_reset(&ssl);
        mbedtls_net_free(&server_fd);
-        if (ret != 0) {
+        if(ret != 0)
        {
            mbedtls_strerror(ret, buf, 100);
-            printf("Last error was: -0x%x - %s\n", -ret, buf);
+            ESP_LOGE(TAG, "Last error was: -0x%x - %s", -ret, buf);
        }
-        printf("\n"); // JSON output doesn't have a newline at end
+        putchar('\n'); // JSON output doesn't have a newline at end
        static int request_count;
-        printf("Completed %d requests\n", ++request_count);
+        ESP_LOGI(TAG, "Completed %d requests", ++request_count);
        for(int countdown = 10; countdown >= 0; countdown--) {
-            printf("%d...\n", countdown);
+            ESP_LOGI(TAG, "%d...", countdown);
-            vTaskDelay(1000 / portTICK_RATE_MS);
+            vTaskDelay(1000 / portTICK_PERIOD_MS);
        }
-
+        ESP_LOGI(TAG, "Starting again!");
        printf("Starting again!\n");
    }
 }
 void user_conn_init(void)
 {
    int32_t ret;
    ret = xTaskCreate(https_get_task,
                      HTTPS_MBEDTLS_THREAD_NAME,
                      HTTPS_MBEDTLS_THREAD_STACK_WORDS,
                      NULL,
                      HTTPS_MBEDTLS_THREAD_PRORIOTY,
                      NULL);
    if (ret != pdPASS)  {
        printf("create thread %s failed\n", HTTPS_MBEDTLS_THREAD_NAME);
        return ;
    }
 }
 void wifi_event_handler_cb(System_Event_t* event)
 {
    if (event == NULL) {
        return;
    }
    switch (event->event_id) {
        case EVENT_STAMODE_GOT_IP:
            printf("sta got ip\n");
            user_conn_init();
            break;
        default:
            break;
    }
 }
@ -321,18 +385,9 @@ uint32_t user_rf_cal_sector_set(void)
    return rf_cal_sec;
 }
-void user_init()
+void app_main()
 {
-    wifi_set_opmode(STATION_MODE);
+    ESP_ERROR_CHECK( nvs_flash_init() );
-
+    initialise_wifi();
-    {
+    xTaskCreate(&https_get_task, "https_get_task", 2048, NULL, 5, NULL);
        // set AP parameter
        struct station_config config;
        bzero(&config, sizeof(struct station_config));
        sprintf((char*)config.ssid, CONFIG_WIFI_SSID);
        sprintf((char*)config.password, CONFIG_WIFI_PASSWORD);
        wifi_station_set_config(&config);
    }
    wifi_set_event_handler_cb(wifi_event_handler_cb);
 }