#include "sdkconfig.h"#include <mbedtls/net.h>#include <mbedtls/ssl.h>#i

1. #include "sdkconfig.h"
2.  
3. #include <mbedtls/net.h>
4. #include <mbedtls/ssl.h>
5. #include <mbedtls/entropy.h>
6. #include <mbedtls/ctr_drbg.h>
7. #include <mbedtls/debug.h>
8. #include <mbedtls/platform.h>
9. // https://tls.mbed.org/api/ssl__server_8c_source.html
10. //
11. #include <mbedtls/error.h>
12.  
13. #include <esp_log.h>
14. #include <string.h>
15. #include <stdio.h>
16.  
17. #include "certificate_pem.h"
18. #include "private_pem.h"
19.  
20.  
21. #define SERVER_PORT "443"
22. static const char* LOG_TAG = "sslServer";
23.  
24. static char errortext[256];
25.  
26. static void my_debug(void *ctx, int level, const char *file, int line, const char *str) {
27. ((void) level);
28. ((void) ctx);
29. printf("%s:%04d: %s", file, line, str);
30. }
31.  
32. void sslServer() {
33. ESP_LOGD(LOG_TAG, ">> sslServer");
34. mbedtls_net_context server_fd;
35. mbedtls_net_context listen_fd;
36. mbedtls_entropy_context entropy;
37. mbedtls_ctr_drbg_context ctr_drbg;
38. mbedtls_ssl_context ssl;
39. mbedtls_ssl_config conf;
40. mbedtls_x509_crt srvcert;
41. mbedtls_pk_context pkey;
42.  
43. int ret;
44. int len;
45. char *pers = "ssl_server";
46. unsigned char buf[1024];
47.  
48.  
49. mbedtls_net_init(&server_fd);
50. mbedtls_net_init(&listen_fd);
51. mbedtls_ssl_init(&ssl);
52. mbedtls_ssl_config_init(&conf);
53. mbedtls_x509_crt_init(&srvcert);
54. mbedtls_pk_init(&pkey);
55. mbedtls_entropy_init(&entropy);
56. mbedtls_ctr_drbg_init(&ctr_drbg);
57.  
58.  
59. mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
60.  
61. mbedtls_debug_set_threshold(4); // Log at error only
62.  
63. ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *)certificate_pem, certificate_pem_len);
64. if( ret != 0 ) {
65. ESP_LOGE(LOG_TAG, " failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret );
66. return;
67. }
68.  
69. ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) private_pem, private_pem_len, NULL, 0);
70. if( ret != 0 ) {
71. ESP_LOGE(LOG_TAG, " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
72. return;
73. }
74.  
75. ret = mbedtls_net_bind(&server_fd, NULL, "9080", MBEDTLS_NET_PROTO_TCP);
76. if( ret != 0 ) {
77. ESP_LOGE(LOG_TAG, " failed\n ! mbedtls_net_bind returned %d\n\n", ret );
78. return;
79. }
80.  
81. ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers));
82. if (ret != 0) {
83. ESP_LOGE(LOG_TAG, " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
84. return;
85. }
86.  
87. ret = mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
88. if (ret != 0) {
89. ESP_LOGE(LOG_TAG, " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
90. return;
91. }
92.  
93. mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
94.  
95.  
96. mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
97. ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey );
98. if(ret != 0) {
99. ESP_LOGE(LOG_TAG, " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
100. return;
101. }
102.  
103. ret = mbedtls_ssl_setup(&ssl, &conf);
104. if (ret != 0) {
105. mbedtls_strerror(ret, errortext, sizeof(errortext));
106. ESP_LOGE(LOG_TAG, "error from mbedtls_ssl_setup: %d -%x - %s\n", ret, ret, errortext);
107. return;
108. }
109.  
110. //while(1) {
111. mbedtls_net_free(&listen_fd);
112. mbedtls_ssl_session_reset(&ssl);
113.  
114.  
115. //mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
116.  
117. ESP_LOGD(LOG_TAG, ">> waiting for accept");
118. ret = mbedtls_net_accept( &server_fd, &listen_fd, NULL, 0, NULL );
119. if(ret != 0) {
120. ESP_LOGE(LOG_TAG, " failed\n ! mbedtls_net_accept returned %d\n\n", ret );
121. return;
122. }
123.  
124. mbedtls_ssl_set_bio(&ssl, &listen_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
125.  
126. while((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
127. if(ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
128. ESP_LOGE(LOG_TAG, " failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret );
129. return;
130. }
131. }
132.  
133.  
134. len = sizeof(buf);
135. ret = mbedtls_ssl_read(&ssl, buf, len);
136. if (ret < 0) {
137. ESP_LOGE(LOG_TAG, "error from read: %d\n", len);
138. return;
139. }
140.  
141. printf("Result: [size: %d]\n%.*s\n", ret, ret, buf);
142. //}
143.  
144. mbedtls_net_free(&server_fd);
145. mbedtls_ssl_free(&ssl);
146. mbedtls_ssl_config_free(&conf);
147. mbedtls_ctr_drbg_free(&ctr_drbg);
148. mbedtls_entropy_free(&entropy);
149. ESP_LOGV(LOG_TAG, "All done");
150. }