Skip to content

M
mongoose
Commit dcf1cede authored by rojer's avatar rojer Committed by Cesanta Bot
Browse files
Options

SimpleLink SSL support; split cert and key opts 

SL requires cert and key to be separate files in DER format.

Date verification is disabled for now.

PUBLISHED_FROM=7d76150ed356140728a1e5fd82d8a0456347b7dc
parent 845e6082
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 246 additions and 61 deletions
docs/c-api/net.h/mg_set_ssl.md
View file @ dcf1cede
......@@ -7,12 +7,14 @@ signature: |
const char *ca_cert);
---
Note: This function is deprecated, please use SSL options in mg_connect_opt.
Enable SSL for a given connection.
`cert` is a server certificate file name for a listening connection,
or a client certificate file name for an outgoing connection.
Certificate files must be in PEM format. Server certificate file
must contain a certificate, concatenated with a private key, optionally
concatenated with parameters.
concatenated with DH parameters.
`ca_cert` is a CA certificate, or NULL if peer verification is not
required.
Return: NULL on success, or error message on error.
......
docs/c-api/net.h/struct_mg_bind_opts.md
View file @ dcf1cede
......@@ -10,6 +10,9 @@ signature: |
#ifdef MG_ENABLE_SSL
/* SSL settings. */
const char *ssl_cert; /* Server certificate to present to clients */
const char *ssl_key; /* Private key corresponding to the certificate.
If ssl_cert is set but ssl_key is not, ssl_cert
is used. */
const char *ssl_ca_cert; /* Verify client certificates with this CA bundle */
#endif
};
......
docs/c-api/net.h/struct_mg_connect_opts.md
View file @ dcf1cede
......@@ -10,6 +10,9 @@ signature: |
#ifdef MG_ENABLE_SSL
/* SSL settings. */
const char *ssl_cert; /* Client certificate to present to the server */
const char *ssl_key; /* Private key corresponding to the certificate.
If ssl_cert is set but ssl_key is not, ssl_cert
is used. */
const char *ssl_ca_cert; /* Verify server certificate using this CA bundle */
/*
......
docs/c-api/net.h/struct_mg_connection.md
View file @ dcf1cede
......@@ -14,8 +14,17 @@ signature: |
size_t recv_mbuf_limit; /* Max size of recv buffer */
struct mbuf recv_mbuf; /* Received data */
struct mbuf send_mbuf; /* Data scheduled for sending */
#if defined(MG_ENABLE_SSL)
#if !defined(MG_SOCKET_SIMPLELINK)
SSL *ssl;
SSL_CTX *ssl_ctx;
#else
char *ssl_cert;
char *ssl_key;
char *ssl_ca_cert;
char *ssl_server_name;
#endif
#endif
time_t last_io_time; /* Timestamp of the last socket IO */
double ev_timer_time; /* Timestamp of the future MG_EV_TIMER */
mg_event_handler_t proto_handler; /* Protocol-specific event handler */
......
examples/CC3200/Makefile.build
View file @ dcf1cede
......@@ -22,7 +22,7 @@ IPATH = . ../.. $(REPO_PATH)
VPATH = ../..
MONGOOSE_FEATURES = -DMG_ENABLE_HTTP_STREAMING_MULTIPART
MONGOOSE_FEATURES = -DMG_ENABLE_SSL -DMG_ENABLE_HTTP_STREAMING_MULTIPART
SDK_FLAGS = -DUSE_FREERTOS -DSL_PLATFORM_MULTI_THREADED
# -DTARGET_IS_CC3200 would reduce code size by using functions in ROM
......
examples/CC3200/main.c
View file @ dcf1cede
......@@ -167,7 +167,21 @@ static void mg_init(struct mg_mgr *mgr) {
LOG(LL_ERROR, ("Failed to start NWP"));
return;
}
LOG(LL_INFO, ("NWP started"));
{
SlVersionFull ver;
unsigned char opt = SL_DEVICE_GENERAL_VERSION;
unsigned char len = sizeof(ver);
memset(&ver, 0, sizeof(ver));
sl_DevGet(SL_DEVICE_GENERAL_CONFIGURATION, &opt, &len,
(unsigned char *) (&ver));
LOG(LL_INFO, ("NWP v%d.%d.%d.%d started, host v%d.%d.%d.%d",
ver.NwpVersion[0], ver.NwpVersion[1], ver.NwpVersion[2],
ver.NwpVersion[3], SL_MAJOR_VERSION_NUM, SL_MINOR_VERSION_NUM,
SL_VERSION_NUM, SL_SUB_VERSION_NUM));
}
GPIO_IF_LedToggle(MCU_RED_LED_GPIO);
data_init_sensors(TMP006_ADDR, BM222_ADDR);
......@@ -194,7 +208,7 @@ static void mg_init(struct mg_mgr *mgr) {
memset(&opts, 0, sizeof(opts));
opts.error_string = &err;
struct mg_connection *nc = mg_bind(mgr, "80", mg_ev_handler);
struct mg_connection *nc = mg_bind_opt(mgr, "80", mg_ev_handler, opts);
if (nc != NULL) {
mg_set_protocol_http_websocket(nc);
nc->ev_timer_time = mg_time(); /* Start data collection */
......
mongoose.c
View file @ dcf1cede
This diff is collapsed.
mongoose.h
View file @ dcf1cede
......@@ -731,6 +731,7 @@ char *inet_ntoa(struct in_addr in);
int inet_pton(int af, const char *src, void *dst);
struct mg_mgr;
struct mg_connection;
typedef void (*mg_init_cb)(struct mg_mgr *mgr);
bool mg_start_task(int priority, int stack_size, mg_init_cb mg_init);
......@@ -739,6 +740,8 @@ void mg_run_in_task(void (*cb)(struct mg_mgr *mgr, void *arg), void *cb_arg);
int sl_fs_init();
int sl_set_ssl_opts(struct mg_connection *nc);
#ifdef __cplusplus
}
#endif
......@@ -1172,11 +1175,10 @@ int json_emit_va(char *buf, int buf_len, const char *fmt, va_list);
#ifdef __APPLE__
#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
#endif
#if !defined(MG_SOCKET_SIMPLELINK)
#include <openssl/ssl.h>
#else
typedef void *SSL;
typedef void *SSL_CTX;
#endif
#endif /* MG_ENABLE_SSL */
#ifndef MG_VPRINTF_BUFFER_SIZE
#define MG_VPRINTF_BUFFER_SIZE 100
......@@ -1257,8 +1259,17 @@ struct mg_connection {
size_t recv_mbuf_limit; /* Max size of recv buffer */
struct mbuf recv_mbuf; /* Received data */
struct mbuf send_mbuf; /* Data scheduled for sending */
#if defined(MG_ENABLE_SSL)
#if !defined(MG_SOCKET_SIMPLELINK)
SSL *ssl;
SSL_CTX *ssl_ctx;
#else
char *ssl_cert;
char *ssl_key;
char *ssl_ca_cert;
char *ssl_server_name;
#endif
#endif
time_t last_io_time; /* Timestamp of the last socket IO */
double ev_timer_time; /* Timestamp of the future MG_EV_TIMER */
mg_event_handler_t proto_handler; /* Protocol-specific event handler */
......@@ -1402,6 +1413,9 @@ struct mg_bind_opts {
#ifdef MG_ENABLE_SSL
/* SSL settings. */
const char *ssl_cert; /* Server certificate to present to clients */
const char *ssl_key; /* Private key corresponding to the certificate.
If ssl_cert is set but ssl_key is not, ssl_cert
is used. */
const char *ssl_ca_cert; /* Verify client certificates with this CA bundle */
#endif
};
......@@ -1442,6 +1456,9 @@ struct mg_connect_opts {
#ifdef MG_ENABLE_SSL
/* SSL settings. */
const char *ssl_cert; /* Client certificate to present to the server */
const char *ssl_key; /* Private key corresponding to the certificate.
If ssl_cert is set but ssl_key is not, ssl_cert
is used. */
const char *ssl_ca_cert; /* Verify server certificate using this CA bundle */
/*
......@@ -1515,19 +1532,23 @@ struct mg_connection *mg_connect_opt(struct mg_mgr *mgr, const char *address,
mg_event_handler_t handler,
struct mg_connect_opts opts);
#if defined(MG_ENABLE_SSL) && !defined(MG_SOCKET_SIMPLELINK)
/*
* Note: This function is deprecated, please use SSL options in mg_connect_opt.
*
* Enable SSL for a given connection.
* `cert` is a server certificate file name for a listening connection,
* or a client certificate file name for an outgoing connection.
* Certificate files must be in PEM format. Server certificate file
* must contain a certificate, concatenated with a private key, optionally
* concatenated with parameters.
* concatenated with DH parameters.
* `ca_cert` is a CA certificate, or NULL if peer verification is not
* required.
* Return: NULL on success, or error message on error.
*/
const char *mg_set_ssl(struct mg_connection *nc, const char *cert,
const char *ca_cert);
#endif
/*
* Send data to the connection.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment