diff --git a/CMakeLists.txt b/CMakeLists.txt index f52e1c93..c7ad8b7a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -13,3 +13,7 @@ set(COMPONENT_REQUIRES register_component() target_compile_options(${COMPONENT_TARGET} PRIVATE -fno-rtti) + +if(CONFIG_ASYNC_TCP_SSL_ENABLED) + target_compile_options(${COMPONENT_TARGET} PRIVATE -DASYNC_TCP_SSL_ENABLED) +endif() diff --git a/Kconfig.projbuild b/Kconfig.projbuild index 17749264..ab9ac57f 100644 --- a/Kconfig.projbuild +++ b/Kconfig.projbuild @@ -27,4 +27,10 @@ config ASYNC_TCP_USE_WDT help Enable WDT for the AsyncTCP task, so it will trigger if a handler is locking the thread. +config ASYNC_TCP_SSL_ENABLED + bool "Enable SSL for AsyncTCP client" + default "n" + help + Enables mbedTLS support for AsyncTCP clients. + endmenu diff --git a/src/AsyncTCP.cpp b/src/AsyncTCP.cpp index c1616dc9..abd5afd9 100644 --- a/src/AsyncTCP.cpp +++ b/src/AsyncTCP.cpp @@ -157,8 +157,10 @@ static bool _remove_events_with_arg(void * arg){ } static void _handle_async_event(lwip_event_packet_t * e){ - //ets_printf("T %s- ", pcTaskGetTaskName(xTaskGetCurrentTaskHandle())); - if(e->event == LWIP_TCP_CLEAR){ + if(e->arg == NULL){ + // do nothing when arg is NULL + //ets_printf("event arg == NULL: 0x%08x\n", e->recv.pcb); + } else if(e->event == LWIP_TCP_CLEAR){ _remove_events_with_arg(e->arg); } else if(e->event == LWIP_TCP_RECV){ //ets_printf("-R: 0x%08x\n", e->recv.pcb); @@ -972,11 +974,11 @@ int8_t AsyncClient::_connected(void* pcb, int8_t err){ #if ASYNC_TCP_SSL_ENABLED if(_pcb_secure){ bool err = false; - if(_root_ca) { + if (_psk_ident != NULL and _psk != NULL) { + err = tcp_ssl_new_psk_client(_pcb, this, _psk_ident, _psk) < 0; + } else { err = tcp_ssl_new_client(_pcb, this, _hostname.empty() ? NULL : _hostname.c_str(), _root_ca, _root_ca_len) < 0; - } else { - err = tcp_ssl_new_psk_client(_pcb, this, _psk_ident, _psk) < 0; } if (err) { log_e("closing...."); diff --git a/src/AsyncTCP.h b/src/AsyncTCP.h index d2e4f4ee..8992279b 100644 --- a/src/AsyncTCP.h +++ b/src/AsyncTCP.h @@ -26,8 +26,10 @@ #include "sdkconfig.h" #include #include +#if ASYNC_TCP_SSL_ENABLED #include #include "tcp_mbedtls.h" +#endif extern "C" { #include "freertos/semphr.h" #include "lwip/pbuf.h" diff --git a/src/tcp_mbedtls.c b/src/tcp_mbedtls.c index a0ec5266..8288b8d8 100644 --- a/src/tcp_mbedtls.c +++ b/src/tcp_mbedtls.c @@ -231,7 +231,7 @@ int tcp_ssl_new_client(struct tcp_pcb *tcp, void *arg, const char* hostname, con mbedtls_ssl_config_init(&tcp_ssl->ssl_conf); mbedtls_ctr_drbg_seed(&tcp_ssl->drbg_ctx, mbedtls_entropy_func, - &tcp_ssl->entropy_ctx, (const unsigned char*)pers, strlen(pers)); + &tcp_ssl->entropy_ctx, (const unsigned char*)pers, sizeof(pers)); if(mbedtls_ssl_config_defaults(&tcp_ssl->ssl_conf, MBEDTLS_SSL_IS_CLIENT, @@ -297,6 +297,11 @@ int tcp_ssl_new_client(struct tcp_pcb *tcp, void *arg, const char* hostname, con int tcp_ssl_new_psk_client(struct tcp_pcb *tcp, void *arg, const char* psk_ident, const char* pskey) { tcp_ssl_t* tcp_ssl; + if (pskey == NULL || psk_ident == NULL) { + TCP_SSL_DEBUG(" failed\n ! pre-shared key or identity is NULL\n\n"); + return -1; + } + if(tcp == NULL) return -1; if(tcp_ssl_get(tcp) != NULL) return -1; @@ -309,7 +314,7 @@ int tcp_ssl_new_psk_client(struct tcp_pcb *tcp, void *arg, const char* psk_ident mbedtls_ssl_config_init(&tcp_ssl->ssl_conf); mbedtls_ctr_drbg_seed(&tcp_ssl->drbg_ctx, mbedtls_entropy_func, - &tcp_ssl->entropy_ctx, (const uint8_t*)pers, strlen(pers)); + &tcp_ssl->entropy_ctx, (const uint8_t*)pers, sizeof(pers)); if(mbedtls_ssl_config_defaults(&tcp_ssl->ssl_conf, MBEDTLS_SSL_IS_CLIENT,