Skip to content

Add TLS support to Ethernet library #408

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Mar 7, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions libraries/Ethernet/src/EthernetSSLClient.cpp
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#include "EthernetSSLClient.h"

arduino::EthernetSSLClient::EthernetSSLClient(): _disableSNI{false} {
onBeforeConnect(mbed::callback(this, &EthernetSSLClient::setRootCA));
};
70 changes: 70 additions & 0 deletions libraries/Ethernet/src/EthernetSSLClient.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
/*
EthernetSSLClient.h
Copyright (c) 2021 Arduino SA. All right reserved.

This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/

#ifndef ETHERNETSSLCLIENT_H
#define ETHERNETSSLCLIENT_H

#include "EthernetClient.h"

#include <FATFileSystem.h>
#include <MBRBlockDevice.h>
#include <QSPIFBlockDevice.h>

extern const char CA_CERTIFICATES[];

namespace arduino {

class EthernetSSLClient : public arduino::EthernetClient {

public:
EthernetSSLClient();
virtual ~EthernetSSLClient() {
stop();
}

int connect(IPAddress ip, uint16_t port) {
return connectSSL(ip, port);
}
int connect(const char* host, uint16_t port) {
return connectSSL(host, port, _disableSNI);
}
void disableSNI(bool statusSNI) {
_disableSNI = statusSNI;
}

private:
int setRootCA() {

QSPIFBlockDevice root;
mbed::MBRBlockDevice wifi_data(&root, 1);
mbed::FATFileSystem wifi("wlan");

int err = wifi.mount(&wifi_data);
if (err)
return err;

return ((TLSSocket*)sock)->set_root_ca_cert_path("/wlan/");
}

bool _disableSNI;
};

}

#endif /* EthernetSSLCLIENT_H */