Skip to content

Commit

Permalink
esp_https_server: Fixed a PR which adds support for mutual auth in
Browse files Browse the repository at this point in the history 
https_server
Closes #4184
Closes IDFGH-2004
  • Loading branch information
@AdityaHPatwardhan
AdityaHPatwardhan committed Mar 2, 2020
1 parent 559cd57 commit cc0eec5
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 15 deletions.
18 changes: 11 additions & 7 deletions components/esp_https_server/include/esp_https_server.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,17 +41,21 @@ struct httpd_ssl_config {
*/
httpd_config_t httpd;

/** CA certificate */
/** CA certificate (here it is treated as server cert)
* Todo: Fix this change in release/v5.0 as it would be a breaking change
* i.e. Rename the nomenclature of variables holding different certs in https_server component as well as example
* 1)The cacert variable should hold the CA which is used to authenticate clients (should inherit current role of client_verify_cert_pem var)
* 2)There should be another variable servercert which whould hold servers own certificate (should inherit current role of cacert var) */
const uint8_t *cacert_pem;

/** CA certificate byte length */
size_t cacert_len;

/** Server certificate */
const uint8_t *servercert_pem;
/** Client verify authority certificate (CA used to sign clients, or client cert itself */
const uint8_t *client_verify_cert_pem;

/** Server certificate byte length */
size_t servercert_len;
/** Client verify authority cert len */
size_t client_verify_cert_len;

/** Private key */
const uint8_t *prvtkey_pem;
Expand Down Expand Up @@ -106,10 +110,10 @@ typedef struct httpd_ssl_config httpd_ssl_config_t;
}, \
.cacert_pem = NULL, \
.cacert_len = 0, \
.servercert_pem = NULL, \
.servercert_len = 0, \
.prvtkey_pem = NULL, \
.prvtkey_len = 0, \
.client_verify_cert_pem = NULL, \
.client_verify_cert_len = 0, \
.transport_mode = HTTPD_SSL_TRANSPORT_SECURE, \
.port_secure = 443, \
.port_insecure = 80, \
Expand Down
22 changes: 14 additions & 8 deletions components/esp_https_server/src/https_server.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,25 +153,31 @@ static esp_tls_cfg_server_t *create_secure_context(const struct httpd_ssl_config
if (!cfg) {
return NULL;
}
cfg->cacert_buf = (unsigned char *)malloc(config->cacert_len);
if (!cfg->cacert_buf) {
free(cfg);
return NULL;
/* cacert = CA which signs client cert, or client cert itself , which is mapped to client_verify_cert_pem */
if(config->client_verify_cert_pem != NULL) {
cfg->cacert_buf = (unsigned char *)malloc(config->client_verify_cert_len);
if (!cfg->cacert_buf) {
ESP_LOGE(TAG, "Could not allocate memory");
free(cfg);
return NULL;
}
memcpy((char *)cfg->cacert_buf, config->client_verify_cert_pem, config->client_verify_cert_len);
cfg->cacert_bytes = config->client_verify_cert_len;
}
memcpy((char *)cfg->cacert_buf, config->cacert_pem, config->cacert_len);
cfg->cacert_bytes = config->cacert_len;

/* servercert = cert of server itself ( in our case it is mapped to cacert in https_server example) */
cfg->servercert_buf = (unsigned char *)malloc(config->cacert_len);
if (!cfg->servercert_buf) {
ESP_LOGE(TAG, "Could not allocate memory");
free((void *)cfg->cacert_buf);
free(cfg);
return NULL;
}
memcpy((char *)cfg->servercert_buf, config->servercert_pem, config->servercert_len);
memcpy((char *)cfg->servercert_buf, config->cacert_pem, config->cacert_len);
cfg->servercert_bytes = config->cacert_len;

cfg->serverkey_buf = (unsigned char *)malloc(config->prvtkey_len);
if (!cfg->serverkey_buf) {
ESP_LOGE(TAG, "Could not allocate memory");
free((void *)cfg->servercert_buf);
free((void *)cfg->cacert_buf);
free(cfg);
Expand Down

0 comments on commit cc0eec5

Please sign in to comment.