Skip to content

Commit

Permalink
add sni support
Browse files Browse the repository at this point in the history 
This reverts commit c6a5278b8803cf0671ec59612f6b41920e846bb7.
  • Loading branch information
@axos88
axos88 committed Sep 26, 2022
1 parent 11bd59e commit b4d3c05
Show file tree
Hide file tree
Showing 3 changed files with 124 additions and 56 deletions.
40 changes: 37 additions & 3 deletions src/http/server.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,9 @@ use crate::private::mutex::{Mutex, RawMutex};
pub struct CHttpsSslConfig(pub httpd_ssl_config_t);


#[cfg(all(esp_idf_esp_tls_server_sni_hook, esp_idf_comp_esp_http_server_enabled))]
use super::sni::*;

#[derive(Copy, Clone, Debug)]
pub struct Configuration {
pub http_port: u16,
Expand Down Expand Up @@ -92,14 +95,38 @@ impl From<&Configuration> for Newtype<httpd_config_t> {
}
}

#[derive(Debug)]
#[cfg_attr(not(esp_idf_esp_tls_server_sni_hook), derive(Debug))]
pub struct SslConfiguration<'a> {
pub http_configuration: Configuration,
pub client_verify_cert: Option<&'a str>,
pub cacert: Option<&'a str>,
pub prvtkey: Option<&'a str>,
pub transport_mode_secure: bool,
pub session_tickets: bool,

#[cfg(esp_idf_esp_tls_server_sni_hook)]
pub sni: Option<Box<dyn SNICB<'a>>>,
}

#[cfg(esp_idf_esp_tls_server_sni_hook)]
impl<'a> Debug for SslConfiguration<'a> {
fn fmt(&self, f: &mut Formatter<'_>) -> core::fmt::Result {

let sni_s = if self.sni.is_some() {
"Some(..)"
} else { "None" };

f.write_fmt(format_args!(
"SslConfiguration {{ http_configuration = {:?}, client_verify_cert = {:?}, cacert = {:?}, prvtkey = {:?}, transport_mode_secure = {:?}, session_tickets = {:?}, sni = {:?} }}",
self.http_configuration,
self.client_verify_cert,
self.cacert,
self.prvtkey,
self.transport_mode_secure,
self.session_tickets,
sni_s
))
}
}

impl<'a> From<&SslConfiguration<'a>> for Newtype<httpd_config_t> {
Expand Down Expand Up @@ -128,7 +155,11 @@ impl<'a> From<&SslConfiguration<'a>> for CHttpsSslConfig {
port_secure: conf.http_configuration.https_port,
port_insecure: conf.http_configuration.http_port,
session_tickets: conf.session_tickets,
user_cb: None
user_cb: None,
#[cfg(esp_idf_esp_tls_server_sni_hook)]
sni_callback: Some(sni_trampoline),
#[cfg(esp_idf_esp_tls_server_sni_hook)]
sni_callback_p_info: conf.sni.as_ref().map(|cb| cb as *const _ as *mut c_types::c_void).unwrap_or(ptr::null_mut() as _),
})
}
}
Expand All @@ -141,7 +172,10 @@ impl<'a> Default for SslConfiguration<'a> {
cacert: None,
prvtkey: None,
transport_mode_secure: true,
session_tickets: false
session_tickets: false,

#[cfg(esp_idf_esp_tls_server_sni_hook)]
sni: None
}
}
}
Expand Down
82 changes: 82 additions & 0 deletions src/http/sni.rs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
use std::ffi::CStr;
use esp_idf_sys::*;
use log::*;

// Workaround for unstable feature 'trait_alias'
pub trait SNICB<'a>: FnMut(&'a str) -> SNIResult<'a> { }

// Workaround for unstable feature 'trait_alias'
impl<'a, T> SNICB<'a> for T
where T: FnMut(&'a str) -> SNIResult<'a> {
}


pub struct HandshakeServerCertificate<'a> {
pub pk: &'a mut mbedtls_pk_context,
pub cert: &'a mut mbedtls_x509_crt,
}

pub struct HandshakeCertifiacteAuthority<'a> {
pub ca: &'a mut mbedtls_x509_crt,
pub crl: &'a mut mbedtls_x509_crl,
}

pub struct HandshakeVerifyMode(c_types::c_int);

pub struct SNIResult<'a> {
server_certificate: Option<HandshakeServerCertificate<'a>>,
certificate_authority: Option<HandshakeCertifiacteAuthority<'a>>,
verify_mode: Option<HandshakeVerifyMode>
}

impl<'a> SNIResult<'a> {
pub fn new() -> SNIResult<'a> { SNIResult { server_certificate: None, certificate_authority: None, verify_mode: None }}

pub fn set_hs_server_certficate(mut self, pk: &'a mut mbedtls_pk_context, cert: &'a mut mbedtls_x509_crt) -> SNIResult<'a> {
self.server_certificate = Some(HandshakeServerCertificate { pk, cert });
self
}

pub fn set_hs_certificate_authority(mut self, ca: &'a mut mbedtls_x509_crt, crl: &'a mut mbedtls_x509_crl) -> SNIResult<'a> {
self.certificate_authority = Some(HandshakeCertifiacteAuthority { ca, crl });
self
}

pub fn set_hs_verify_mode(mut self, verify_mode: u32) -> SNIResult<'a> {
self.verify_mode = Some(HandshakeVerifyMode(verify_mode as _));
self
}
}


#[cfg(esp_idf_esp_tls_server_sni_hook)]
pub(crate) unsafe extern "C" fn sni_trampoline<'a>(p_info: *mut c_types::c_void, ssl: *mut mbedtls_ssl_context, name: *const c_types::c_uchar, _len: c_types::c_uint) -> esp_err_t
{
let cb = &mut *(p_info as *mut Box<dyn SNICB<'a>>);

let name = CStr::from_ptr(name as _).to_str().unwrap();

let SNIResult { server_certificate, certificate_authority, verify_mode } = cb(name);

if let Some(HandshakeServerCertificate { pk, cert }) = server_certificate {
if let Err(err) = esp!(mbedtls_pk_check_pair(&mut cert.pk, pk)) {
error!("Certificate and private key supplied by the SNI callback do not match: {:?}", err);
return err.code()
};

if let Err(err) = esp!(mbedtls_ssl_set_hs_own_cert(ssl, cert, pk)) {
error!("Could not set handshake certificate and private key: {:?}", err);
return err.code()
};
};

if let Some(HandshakeCertifiacteAuthority { ca, crl }) = certificate_authority {
mbedtls_ssl_set_hs_ca_chain(ssl, ca, crl)
};

if let Some(HandshakeVerifyMode(authmode)) = verify_mode {
mbedtls_ssl_set_hs_authmode(ssl, authmode)
};

return ESP_OK;
}
58 changes: 5 additions & 53 deletions src/wifi.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,7 @@ impl From<Newtype<&wifi_ap_record_t>> for AccessPointInfo {
wifi_second_chan_t_WIFI_SECOND_CHAN_BELOW => SecondaryChannel::Below,
_ => panic!(),
},
signal_strength: a.rssi as _,
signal_strength: a.rssi as u8,
protocols: EnumSet::<Protocol>::empty(), // TODO
auth_method: AuthMethod::from(Newtype::<wifi_auth_mode_t>(a.authmode)),
}
Expand Down Expand Up @@ -639,7 +639,7 @@ where
WifiDriver::is_started(self)
}

fn is_connected(&self) -> Result<bool, Self::Error> {
fn is_up(&self) -> Result<bool, Self::Error> {
WifiDriver::is_up(self)
}

Expand All @@ -660,22 +660,6 @@ where
fn scan(&mut self) -> Result<alloc::vec::Vec<AccessPointInfo>, Self::Error> {
WifiDriver::scan(self)
}

fn start(&mut self) -> Result<(), Self::Error> {
WifiDriver::start(self)
}

fn stop(&mut self) -> Result<(), Self::Error> {
WifiDriver::stop(self)
}

fn connect(&mut self) -> Result<(), Self::Error> {
WifiDriver::connect(self)
}

fn disconnect(&mut self) -> Result<(), Self::Error> {
WifiDriver::disconnect(self)
}
}

#[cfg(esp_idf_comp_esp_netif_enabled)]
Expand Down Expand Up @@ -869,7 +853,7 @@ where
EspWifi::is_started(self)
}

fn is_connected(&self) -> Result<bool, Self::Error> {
fn is_up(&self) -> Result<bool, Self::Error> {
EspWifi::is_up(self)
}

Expand All @@ -887,25 +871,9 @@ where
EspWifi::scan_n(self)
}

fn scan(&mut self) -> Result<Vec<AccessPointInfo>, Self::Error> {
fn scan(&mut self) -> Result<alloc::vec::Vec<AccessPointInfo>, Self::Error> {
EspWifi::scan(self)
}

fn start(&mut self) -> Result<(), Self::Error> {
EspWifi::start(self)
}

fn stop(&mut self) -> Result<(), Self::Error> {
EspWifi::stop(self)
}

fn connect(&mut self) -> Result<(), Self::Error> {
EspWifi::connect(self)
}

fn disconnect(&mut self) -> Result<(), Self::Error> {
EspWifi::disconnect(self)
}
}

#[derive(Copy, Clone, Debug, Eq, PartialEq)]
Expand Down Expand Up @@ -1120,7 +1088,7 @@ where
EspRawWifi::is_started(self)
}

fn is_connected(&self) -> Result<bool, Self::Error> {
fn is_up(&self) -> Result<bool, Self::Error> {
EspRawWifi::is_up(self)
}

Expand All @@ -1141,22 +1109,6 @@ where
fn scan(&mut self) -> Result<alloc::vec::Vec<AccessPointInfo>, Self::Error> {
EspRawWifi::scan(self)
}

fn start(&mut self) -> Result<(), Self::Error> {
EspRawWifi::start(self)
}

fn stop(&mut self) -> Result<(), Self::Error> {
EspRawWifi::stop(self)
}

fn connect(&mut self) -> Result<(), Self::Error> {
EspRawWifi::connect(self)
}

fn disconnect(&mut self) -> Result<(), Self::Error> {
EspRawWifi::disconnect(self)
}
}

#[derive(Copy, Clone, Debug, Eq, PartialEq)]
Expand Down

0 comments on commit b4d3c05

Please sign in to comment.