jrtkcoder
diff --git a/‎examples/openssl_server/Makefile
+121 b/‎examples/openssl_server/Makefile
+121
diff --git a/‎examples/openssl_server/README.md
+44 b/‎examples/openssl_server/README.md
+44
diff --git a/‎examples/openssl_server/gen_misc.sh
+191 b/‎examples/openssl_server/gen_misc.sh
+191
diff --git a/‎examples/openssl_server/gencrt.sh
+27 b/‎examples/openssl_server/gencrt.sh
+27
diff --git a/‎examples/openssl_server/genheader.sh
+12 b/‎examples/openssl_server/genheader.sh
+12
@@ -0,0 +1,121 @@
+#############################################################
+# Required variables for each makefile
+# Discard this section from all parent makefiles
+# Expected variables (with automatic defaults):
+#   CSRCS (all "C" files in the dir)
+#   SUBDIRS (all subdirs with a Makefile)
+#   GEN_LIBS - list of libs to be generated ()
+#   GEN_IMAGES - list of object file images to be generated ()
+#   GEN_BINS - list of binaries to be generated ()
+#   COMPONENTS_xxx - a list of libs/objs in the form
+#     subdir/lib to be extracted and rolled up into
+#     a generated lib/image xxx.a ()
+#
+TARGET = eagle
+#FLAVOR = release
+FLAVOR = debug
+
+#EXTRA_CCFLAGS += -u
+
+ifndef PDIR # {
+GEN_IMAGES= eagle.app.v6.out
+GEN_BINS= eagle.app.v6.bin
+SPECIAL_MKTARGETS=$(APP_MKTARGETS)
+SUBDIRS=    \
+	user
+
+endif # } PDIR
+
+LDDIR = $(SDK_PATH)/ld
+
+CCFLAGS += -Os
+
+TARGET_LDFLAGS =		\
+	-nostdlib		\
+	-Wl,-EL \
+	--longcalls \
+	--text-section-literals
+
+ifeq ($(FLAVOR),debug)
+    TARGET_LDFLAGS += -g -O2
+endif
+
+ifeq ($(FLAVOR),release)
+    TARGET_LDFLAGS += -g -O0
+endif
+
+COMPONENTS_eagle.app.v6 = \
+	user/libuser.a
+
+LINKFLAGS_eagle.app.v6 =    \
+    -L$(SDK_PATH)/lib       \
+    -Wl,--gc-sections       \
+    -nostdlib               \
+    -T$(LD_FILE)            \
+    -Wl,--no-check-sections \
+    -u call_user_start      \
+    -Wl,-static             \
+    -Wl,--start-group       \
+    -lcirom                 \
+    -lgcc                   \
+    -lhal                   \
+    -lcrypto                \
+    -lfreertos              \
+    -llwip                  \
+    -lmain                  \
+    -lnet80211              \
+    -lphy                   \
+    -lpp                    \
+    -lmbedtls               \
+    -lopenssl               \
+    -lwpa                   \
+    $(DEP_LIBS_eagle.app.v6)\
+    -Wl,--end-group
+
+DEPENDS_eagle.app.v6 = \
+                $(LD_FILE) \
+                $(LDDIR)/eagle.rom.addr.v6.ld
+
+#############################################################
+# Configuration i.e. compile options etc.
+# Target specific stuff (defines etc.) goes in here!
+# Generally values applying to a tree are captured in the
+#   makefile at its root level - these are then overridden
+#   for a subtree within the makefile rooted therein
+#
+
+#UNIVERSAL_TARGET_DEFINES =		\
+
+# Other potential configuration flags include:
+#	-DTXRX_TXBUF_DEBUG
+#	-DTXRX_RXBUF_DEBUG
+#	-DWLAN_CONFIG_CCX
+CONFIGURATION_DEFINES =	-DICACHE_FLASH
+
+DEFINES +=				\
+	$(UNIVERSAL_TARGET_DEFINES)	\
+	$(CONFIGURATION_DEFINES)
+
+DDEFINES +=				\
+	$(UNIVERSAL_TARGET_DEFINES)	\
+	$(CONFIGURATION_DEFINES)
+
+
+#############################################################
+# Recursion Magic - Don't touch this!!
+#
+# Each subtree potentially has an include directory
+#   corresponding to the common APIs applicable to modules
+#   rooted at that subtree. Accordingly, the INCLUDE PATH
+#   of a module can only contain the include directories up
+#   its parent path, and not its siblings
+#
+# Required for each makefile to inherit from the parent
+#
+
+INCLUDES := $(INCLUDES) -I $(PDIR)include -I include -I $(SDK_PATH)/include/openssl
+sinclude $(SDK_PATH)/Makefile
+
+.PHONY: FORCE
+FORCE:
+
@@ -0,0 +1,44 @@
+1. Run ./gencrt.sh or if you have your own certificate, move to the openssl_server directory, the name is ca.crt,server.crt, server.key, client.crt and client.key.
+
+    The server.crt and client.crt was generate by the same ca.crt in ./gencrt.sh.
+
+    Server side needs ca.crt(to verify client.crt), server.crt, server.key
+
+    Client side needs ca.crt(to verify server.crt), client.crt, client.key
+
+    If you have two ca.crt to generate server.crt and client.crt respectively, client1.crt is generate by ca1.crt and client1.key, server2.crt is generate by ca2.crt and server2.key:
+
+    Client side needs ca2.crt, client1.crt, client1.key.
+
+    Server side needs ca1.crt, server2.crt, server2.key.
+
+    Rename ca1.crt server2.crt server2.key to ca.crt server.crt server.key and run ./genheader.sh.
+
+    Use ca2.crt in openssl s_client -CAfile option.
+
+2. Run ./genheader.sh.
+
+3. Modify thease two lines in file user_config.h to your local Wi-Fi SSID and Password.
+
+    ```#define SSID "HUAWEI001"```
+
+    ```#define PASSWORD ""```
+
+4. Make sure that the computer and ESP8266 are in the same local area network.
+
+5. Run ./gen_misc.sh.
+
+6. Download bin file to ESP8266.
+
+    Find server ip address in ESP8266 UART log: ip:192.168.3.6,mask:255.255.255.0,gw:192.168.3.1.
+
+7. Run openssl s_client -CAfile ca.crt -cert client.crt -key client.key -verify 1 -tls1_1 -host 192.168.3.6 -port 443.
+
+
+**ATTENTION**
+
+**1. Make sure the free heap size larger than 30K.**
+
+**2. Make sure the private key length larger than 2048.**
+
+**3. Make sure the fragment size range is between 2048 and 8192.**
@@ -0,0 +1,191 @@
+#!/bin/bash
+
+:<<!
+******NOTICE******
+MUST set SDK_PATH & BIN_PATH firstly!!!
+example:
+export SDK_PATH=~/esp_iot_sdk_freertos
+export BIN_PATH=~/esp8266_bin
+!
+
+export SDK_PATH=$SDK_PATH
+export BIN_PATH=$BIN_PATH
+
+echo "gen_misc.sh version 20150911"
+echo ""
+
+if [ $SDK_PATH ]; then
+    echo "SDK_PATH:"
+    echo "$SDK_PATH"
+    echo ""
+else
+    echo "ERROR: Please export SDK_PATH in gen_misc.sh firstly, exit!!!"
+    exit
+fi
+
+if [ $BIN_PATH ]; then
+    echo "BIN_PATH:"
+    echo "$BIN_PATH"
+    echo ""
+else
+    echo "ERROR: Please export BIN_PATH in gen_misc.sh firstly, exit!!!"
+    exit
+fi
+
+echo "Please check SDK_PATH & BIN_PATH, enter (Y/y) to continue:"
+read input
+
+if [[ $input != Y ]] && [[ $input != y ]]; then
+    exit
+fi
+
+echo ""
+
+echo "Please follow below steps(1-5) to generate specific bin(s):"
+echo "STEP 1: use boot_v1.2+ by default"
+boot=new
+
+echo "boot mode: $boot"
+echo ""
+
+echo "STEP 2: choose bin generate(0=eagle.flash.bin+eagle.irom0text.bin, 1=user1.bin, 2=user2.bin)"
+echo "enter (0/1/2, default 0):"
+read input
+
+if [ -z "$input" ]; then
+    if [ $boot != none ]; then
+    	boot=none
+	echo "ignore boot"
+    fi
+    app=0
+    echo "generate bin: eagle.flash.bin+eagle.irom0text.bin"
+elif [ $input == 1 ]; then
+    if [ $boot == none ]; then
+    	app=0
+	echo "choose no boot before"
+	echo "generate bin: eagle.flash.bin+eagle.irom0text.bin"
+    else
+	app=1
+        echo "generate bin: user1.bin"
+    fi
+elif [ $input == 2 ]; then
+    if [ $boot == none ]; then
+    	app=0
+	echo "choose no boot before"
+	echo "generate bin: eagle.flash.bin+eagle.irom0text.bin"
+    else
+    	app=2
+    	echo "generate bin: user2.bin"
+    fi
+else
+    if [ $boot != none ]; then
+    	boot=none
+	echo "ignore boot"
+    fi
+    app=0
+    echo "generate bin: eagle.flash.bin+eagle.irom0text.bin"
+fi
+
+echo ""
+
+echo "STEP 3: choose spi speed(0=20MHz, 1=26.7MHz, 2=40MHz, 3=80MHz)"
+echo "enter (0/1/2/3, default 2):"
+read input
+
+if [ -z "$input" ]; then
+    spi_speed=40
+elif [ $input == 0 ]; then
+    spi_speed=20
+elif [ $input == 1 ]; then
+    spi_speed=26.7
+elif [ $input == 3 ]; then
+    spi_speed=80
+else
+    spi_speed=40
+fi
+
+echo "spi speed: $spi_speed MHz"
+echo ""
+
+echo "STEP 4: choose spi mode(0=QIO, 1=QOUT, 2=DIO, 3=DOUT)"
+echo "enter (0/1/2/3, default 0):"
+read input
+
+if [ -z "$input" ]; then
+    spi_mode=QIO
+elif [ $input == 1 ]; then
+    spi_mode=QOUT
+elif [ $input == 2 ]; then
+    spi_mode=DIO
+elif [ $input == 3 ]; then
+    spi_mode=DOUT
+else
+    spi_mode=QIO
+fi
+
+echo "spi mode: $spi_mode"
+echo ""
+
+echo "STEP 5: choose spi size and map"
+echo "    0= 512KB( 256KB+ 256KB)"
+echo "    2=1024KB( 512KB+ 512KB)"
+echo "    3=2048KB( 512KB+ 512KB)"
+echo "    4=4096KB( 512KB+ 512KB)"
+echo "    5=2048KB(1024KB+1024KB)"
+echo "    6=4096KB(1024KB+1024KB)"
+echo "    7=4096KB(2048KB+2048KB) not support ,just for compatible with nodeMCU board"
+echo "    8=8192KB(1024KB+1024KB)"
+echo "    9=16384KB(1024KB+1024KB)"
+echo "enter (0/2/3/4/5/6/7/8/9, default 0):"
+read input
+
+if [ -z "$input" ]; then
+    spi_size_map=0
+    echo "spi size: 512KB"
+    echo "spi ota map:  256KB + 256KB"
+elif [ $input == 2 ]; then
+    spi_size_map=2
+    echo "spi size: 1024KB"
+    echo "spi ota map:  512KB + 512KB"
+elif [ $input == 3 ]; then
+    spi_size_map=3
+    echo "spi size: 2048KB"
+    echo "spi ota map:  512KB + 512KB"
+elif [ $input == 4 ]; then
+    spi_size_map=4
+    echo "spi size: 4096KB"
+    echo "spi ota map:  512KB + 512KB"
+elif [ $input == 5 ]; then
+    spi_size_map=5
+    echo "spi size: 2048KB"
+    echo "spi ota map:  1024KB + 1024KB"
+elif [ $input == 6 ]; then
+    spi_size_map=6
+    echo "spi size: 4096KB"
+    echo "spi ota map:  1024KB + 1024KB"
+elif [ $input == 7 ]; then
+    spi_size_map=7
+    echo"not support ,just for compatible with nodeMCU board"
+    exit
+elif [ $input == 8 ]; then
+    spi_size_map=8
+    echo "spi size: 8192KB"
+    echo "spi ota map:  1024KB + 1024KB"
+elif [ $input == 9 ]; then
+    spi_size_map=9
+    echo "spi size: 16384KB"
+    echo "spi ota map:  1024KB + 1024KB"
+else
+    spi_size_map=0
+    echo "spi size: 512KB"
+    echo "spi ota map:  256KB + 256KB"
+fi
+
+echo ""
+
+echo "start..."
+echo ""
+
+make clean
+
+make BOOT=$boot APP=$app SPI_SPEED=$spi_speed SPI_MODE=$spi_mode SPI_SIZE_MAP=$spi_size_map
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+#
+# Generate the certificates and keys for testing.
+#
+
+SAVEIFS=$IFS
+IFS=$(echo -en "\n\b")
+
+ROOT_SUBJECT="/C=C1/ST=JS1/L=WX1/O=ESP1/OU=ESP1/CN=Server1 CA/emailAddress=ESP1"
+LEVEL2_SUBJECT="/C=C2/ST=JS22/L=WX22/O=ESP22/OU=ESP22/CN=Server22 CA/emailAddress=ESP22"
+LEVEL3_SUBJECT="/C=C3/ST=JS333/L=WX333/O=ESP333/OU=ESP333/CN=Server333 CA/emailAddress=ESP333"
+
+# private key generation
+openssl genrsa -out ca.key 2048
+openssl genrsa -out server.key 2048
+openssl genrsa -out client.key 2048
+
+# cert requests
+openssl req -new -key ca.key -out ca.csr -text -subj $ROOT_SUBJECT
+openssl req -new -key server.key -out server.csr -text -subj $LEVEL2_SUBJECT
+openssl req -new -key client.key -out client.csr -text -subj $LEVEL3_SUBJECT
+
+# generate the actual certs.
+openssl x509 -req -in ca.csr -out ca.crt -sha1 -days 5000 -signkey ca.key -text -extensions v3_ca
+openssl x509 -req -in server.csr -out server.crt -sha1 -CAcreateserial -days 5000 -CA ca.crt -CAkey ca.key -text -extensions v3_ca
+openssl x509 -req -in client.csr -out client.crt -sha1 -CAcreateserial -days 5000 -CA ca.crt -CAkey ca.key -text -extensions v3_ca
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+# set ca crt for use in the server
+xxd -i ca.crt | sed -e "s/ca_crt/ca_crt/" > ssl_server_crt.h
+
+# set server crt for use in the server
+xxd -i server.crt | sed -e "s/server_crt/server_crt/" >> ssl_server_crt.h
+
+# set private key for use in the server
+xxd -i server.key | sed -e "s/server_key/server_key/" >> ssl_server_crt.h
+
+mv ssl_server_crt.h ./include