| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221 |
- /* OpenSSL server Example
- This example code is in the Public Domain (or CC0 licensed, at your option.)
- Unless required by applicable law or agreed to in writing, this
- software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
- CONDITIONS OF ANY KIND, either express or implied.
- */
- #include "openssl_server_example.h"
- #include <string.h>
- #include "openssl/ssl.h"
- #include "freertos/FreeRTOS.h"
- #include "freertos/task.h"
- #include "esp_log.h"
- #include "esp_wifi.h"
- #include "esp_event.h"
- #include "esp_netif.h"
- #include "nvs_flash.h"
- #include "protocol_examples_common.h"
- #include "lwip/sockets.h"
- #include "lwip/netdb.h"
- const static char *TAG = "Openssl_example";
- #define OPENSSL_EXAMPLE_SERVER_ACK "HTTP/1.1 200 OK\r\n" \
- "Content-Type: text/html\r\n" \
- "Content-Length: 106\r\n\r\n" \
- "<html>\r\n" \
- "<head>\r\n" \
- "<title>OpenSSL example</title></head><body>\r\n" \
- "OpenSSL server example!\r\n" \
- "</body>\r\n" \
- "</html>\r\n" \
- "\r\n"
- static void openssl_example_task(void *p)
- {
- int ret;
- SSL_CTX *ctx;
- SSL *ssl;
- int sockfd, new_sockfd;
- socklen_t addr_len;
- struct sockaddr_in sock_addr;
- char recv_buf[OPENSSL_EXAMPLE_RECV_BUF_LEN];
- const char send_data[] = OPENSSL_EXAMPLE_SERVER_ACK;
- const int send_bytes = sizeof(send_data);
- extern const unsigned char cacert_pem_start[] asm("_binary_cacert_pem_start");
- extern const unsigned char cacert_pem_end[] asm("_binary_cacert_pem_end");
- const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start;
- extern const unsigned char prvtkey_pem_start[] asm("_binary_prvtkey_pem_start");
- extern const unsigned char prvtkey_pem_end[] asm("_binary_prvtkey_pem_end");
- const unsigned int prvtkey_pem_bytes = prvtkey_pem_end - prvtkey_pem_start;
- ESP_LOGI(TAG, "SSL server context create ......");
- /* For security reasons, it is best if you can use
- TLSv1_2_server_method() here instead of TLS_server_method().
- However some old browsers may not support TLS v1.2.
- */
- ctx = SSL_CTX_new(TLS_server_method());
- if (!ctx) {
- ESP_LOGI(TAG, "failed");
- goto failed1;
- }
- ESP_LOGI(TAG, "OK");
- ESP_LOGI(TAG, "SSL server context set own certification......");
- ret = SSL_CTX_use_certificate_ASN1(ctx, cacert_pem_bytes, cacert_pem_start);
- if (!ret) {
- ESP_LOGI(TAG, "failed");
- goto failed2;
- }
- ESP_LOGI(TAG, "OK");
- ESP_LOGI(TAG, "SSL server context set private key......");
- ret = SSL_CTX_use_PrivateKey_ASN1(0, ctx, prvtkey_pem_start, prvtkey_pem_bytes);
- if (!ret) {
- ESP_LOGI(TAG, "failed");
- goto failed2;
- }
- ESP_LOGI(TAG, "OK");
- ESP_LOGI(TAG, "SSL server create socket ......");
- sockfd = socket(AF_INET, SOCK_STREAM, 0);
- if (sockfd < 0) {
- ESP_LOGI(TAG, "failed");
- goto failed2;
- }
- ESP_LOGI(TAG, "OK");
- ESP_LOGI(TAG, "SSL server socket bind ......");
- memset(&sock_addr, 0, sizeof(sock_addr));
- sock_addr.sin_family = AF_INET;
- sock_addr.sin_addr.s_addr = 0;
- sock_addr.sin_port = htons(OPENSSL_EXAMPLE_LOCAL_TCP_PORT);
- ret = bind(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
- if (ret) {
- ESP_LOGI(TAG, "failed");
- goto failed3;
- }
- ESP_LOGI(TAG, "OK");
- ESP_LOGI(TAG, "SSL server socket listen ......");
- ret = listen(sockfd, 32);
- if (ret) {
- ESP_LOGI(TAG, "failed");
- goto failed3;
- }
- ESP_LOGI(TAG, "OK");
- reconnect:
- ESP_LOGI(TAG, "SSL server create ......");
- ssl = SSL_new(ctx);
- if (!ssl) {
- ESP_LOGI(TAG, "failed");
- goto failed3;
- }
- ESP_LOGI(TAG, "OK");
- ESP_LOGI(TAG, "SSL server socket accept client ......");
- new_sockfd = accept(sockfd, (struct sockaddr *)&sock_addr, &addr_len);
- if (new_sockfd < 0) {
- ESP_LOGI(TAG, "failed" );
- goto failed4;
- }
- ESP_LOGI(TAG, "OK");
- SSL_set_fd(ssl, new_sockfd);
- ESP_LOGI(TAG, "SSL server accept client ......");
- ret = SSL_accept(ssl);
- if (!ret) {
- ESP_LOGI(TAG, "failed");
- goto failed5;
- }
- ESP_LOGI(TAG, "OK");
- ESP_LOGI(TAG, "SSL server read message ......");
- do {
- memset(recv_buf, 0, OPENSSL_EXAMPLE_RECV_BUF_LEN);
- ret = SSL_read(ssl, recv_buf, OPENSSL_EXAMPLE_RECV_BUF_LEN - 1);
- if (ret <= 0) {
- break;
- }
- ESP_LOGI(TAG, "SSL read: %s", recv_buf);
- if (strstr(recv_buf, "GET ") &&
- strstr(recv_buf, " HTTP/1.1")) {
- ESP_LOGI(TAG, "SSL get matched message");
- ESP_LOGI(TAG, "SSL write message");
- ret = SSL_write(ssl, send_data, send_bytes);
- if (ret > 0) {
- ESP_LOGI(TAG, "OK");
- } else {
- ESP_LOGI(TAG, "error");
- }
- break;
- }
- } while (1);
-
- SSL_shutdown(ssl);
- failed5:
- close(new_sockfd);
- new_sockfd = -1;
- failed4:
- SSL_free(ssl);
- ssl = NULL;
- goto reconnect;
- failed3:
- close(sockfd);
- sockfd = -1;
- failed2:
- SSL_CTX_free(ctx);
- ctx = NULL;
- failed1:
- vTaskDelete(NULL);
- return ;
- }
- static void openssl_server_init(void)
- {
- int ret;
- xTaskHandle openssl_handle;
- ret = xTaskCreate(openssl_example_task,
- OPENSSL_EXAMPLE_TASK_NAME,
- OPENSSL_EXAMPLE_TASK_STACK_WORDS,
- NULL,
- OPENSSL_EXAMPLE_TASK_PRIORITY,
- &openssl_handle);
- if (ret != pdPASS) {
- ESP_LOGI(TAG, "create task %s failed", OPENSSL_EXAMPLE_TASK_NAME);
- }
- }
- void app_main(void)
- {
- ESP_ERROR_CHECK(nvs_flash_init());
- ESP_ERROR_CHECK(esp_netif_init());
- ESP_ERROR_CHECK(esp_event_loop_create_default());
- /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
- * Read "Establishing Wi-Fi or Ethernet Connection" section in
- * examples/protocols/README.md for more information about this function.
- */
- ESP_ERROR_CHECK(example_connect());
- openssl_server_init();
- }
|
