From 9efbd3c7dbc24fef272fd464b68f37288ec5423e Mon Sep 17 00:00:00 2001 From: pennam Date: Tue, 6 Feb 2024 14:57:36 +0100 Subject: [PATCH 1/2] WiFiSSLClient: add setEccSlot method to configure client private key and certificate --- libraries/WiFiS3/src/WiFiSSLClient.cpp | 11 +++++++++++ libraries/WiFiS3/src/WiFiSSLClient.h | 1 + 2 files changed, 12 insertions(+) diff --git a/libraries/WiFiS3/src/WiFiSSLClient.cpp b/libraries/WiFiS3/src/WiFiSSLClient.cpp index 92b66f01b..0a5efd18f 100644 --- a/libraries/WiFiS3/src/WiFiSSLClient.cpp +++ b/libraries/WiFiS3/src/WiFiSSLClient.cpp @@ -67,6 +67,17 @@ void WiFiSSLClient::setCACert(const char* root_ca, size_t size) { } } +/* -------------------------------------------------------------------------- */ +void WiFiSSLClient::setEccSlot(int ecc508KeySlot, const byte cert[], int certLength) { +/* -------------------------------------------------------------------------- */ + getSocket(); + string res = ""; + if(certLength > 0) { + modem.write_nowait(string(PROMPT(_SETECCSLOT)),res, "%s%d,%d,%d\r\n" , CMD_WRITE(_SETECCSLOT), _sock, ecc508KeySlot, certLength); + modem.passthrough((uint8_t *)cert, certLength); + } +} + /* -------------------------------------------------------------------------- */ size_t WiFiSSLClient::write(uint8_t b){ /* -------------------------------------------------------------------------- */ diff --git a/libraries/WiFiS3/src/WiFiSSLClient.h b/libraries/WiFiS3/src/WiFiSSLClient.h index 4e6f0baf3..59a585ed7 100644 --- a/libraries/WiFiS3/src/WiFiSSLClient.h +++ b/libraries/WiFiS3/src/WiFiSSLClient.h @@ -34,6 +34,7 @@ class WiFiSSLClient : public WiFiClient { virtual int connect(IPAddress ip, uint16_t port); virtual int connect(const char* host, uint16_t port); void setCACert(const char* root_ca = NULL, size_t size = 0); + void setEccSlot(int ecc508KeySlot, const byte cert[], int certLength); virtual size_t write(uint8_t); virtual size_t write(const uint8_t *buf, size_t size); virtual int available(); From 267cae554bd29bfd9da9d9fe37e05dded610bb33 Mon Sep 17 00:00:00 2001 From: pennam Date: Wed, 14 Feb 2024 17:07:30 +0100 Subject: [PATCH 2/2] WiFiSSLClient: configure cusutom root_ca or client credentials on connect --- libraries/WiFiS3/src/WiFiSSLClient.cpp | 12 ++++++++++-- libraries/WiFiS3/src/WiFiSSLClient.h | 6 +++++- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/libraries/WiFiS3/src/WiFiSSLClient.cpp b/libraries/WiFiS3/src/WiFiSSLClient.cpp index 0a5efd18f..973e5700c 100644 --- a/libraries/WiFiS3/src/WiFiSSLClient.cpp +++ b/libraries/WiFiS3/src/WiFiSSLClient.cpp @@ -36,9 +36,14 @@ int WiFiSSLClient::connect(IPAddress ip, uint16_t port) { int WiFiSSLClient::connect(const char* host, uint16_t port) { /* -------------------------------------------------------------------------- */ getSocket(); - if (!_custom_root) { + if (_root_ca != nullptr) { + setCACert(_root_ca); + } else { setCACert(); } + if ((_ecc_slot != -1) && (_ecc_cert != nullptr) && (_ecc_cert_len != 0)) { + setEccSlot(_ecc_slot, _ecc_cert, _ecc_cert_len); + } string res = ""; if (_connectionTimeout) { if(modem.write(string(PROMPT(_SSLCLIENTCONNECT)),res, "%s%d,%s,%d,%d\r\n" , CMD_WRITE(_SSLCLIENTCONNECT), _sock, host,port, _connectionTimeout)) { @@ -60,7 +65,7 @@ void WiFiSSLClient::setCACert(const char* root_ca, size_t size) { if(size > 0) { modem.write_nowait(string(PROMPT(_SETCAROOT)),res, "%s%d,%d\r\n" , CMD_WRITE(_SETCAROOT), _sock, size); if(modem.passthrough((uint8_t *)root_ca, size)) { - _custom_root = true; + _root_ca = root_ca; } } else { modem.write(string(PROMPT(_SETCAROOT)),res, "%s%d\r\n" , CMD_WRITE(_SETCAROOT), _sock); @@ -75,6 +80,9 @@ void WiFiSSLClient::setEccSlot(int ecc508KeySlot, const byte cert[], int certLen if(certLength > 0) { modem.write_nowait(string(PROMPT(_SETECCSLOT)),res, "%s%d,%d,%d\r\n" , CMD_WRITE(_SETECCSLOT), _sock, ecc508KeySlot, certLength); modem.passthrough((uint8_t *)cert, certLength); + _ecc_slot = ecc508KeySlot; + _ecc_cert = cert; + _ecc_cert_len = certLength; } } diff --git a/libraries/WiFiS3/src/WiFiSSLClient.h b/libraries/WiFiS3/src/WiFiSSLClient.h index 59a585ed7..9f6f5c98e 100644 --- a/libraries/WiFiS3/src/WiFiSSLClient.h +++ b/libraries/WiFiS3/src/WiFiSSLClient.h @@ -61,10 +61,14 @@ class WiFiSSLClient : public WiFiClient { private: int _sock; - bool _custom_root = false; void getSocket(); int _read(); void read_if_needed(size_t s); + const char* _root_ca = nullptr; + int _ecc_slot = -1; + const byte* _ecc_cert = nullptr; + int _ecc_cert_len = 0; + }; #endif /* WIFISSLCLIENT_H */