Fix handshake issue for connection upgrade.

library.json

@@ -1,6 +1,6 @@
 {
  "name": "ESP_SSLClient",
- "version": "2.1.5",
+ "version": "2.1.6",
  "keywords": "communication, REST, esp32, esp8266, arduino",
  "description": "This library provided the Secure Layer Networking (SSL/TLS) TCP Client for ESP8266, ESP32 and Raspberry Pi RP2040, Teensy, SAMD, AVR and other Arduino devices (except for avr) that support external networking interfaces e.g., WiFiClient, EthernetClient and GSMClient.",
  "repository": {

library.properties

@@ -1,6 +1,6 @@
 name=ESP_SSLClient
 
-version=2.1.5
+version=2.1.6
 
 author=Mobizt
 

src/ESP_SSLClient.h

@@ -1,8 +1,8 @@
 /**
  *
- * The ESP SSL Client Class, ESP_SSLClient.h v2.1.5
+ * The ESP SSL Client Class, ESP_SSLClient.h v2.1.6
  *
- * Created August 22, 2023
+ * Created August 27, 2023
  *
  * The MIT License (MIT)
  * Copyright (c) 2023 K. Suwatchai (Mobizt)

src/client/BSSL_SSL_Client.cpp

@@ -1,7 +1,7 @@
 /**
- * BSSL_SSL_Client library v1.0.10 for Arduino devices.
+ * BSSL_SSL_Client library v1.0.11 for Arduino devices.
  *
- * Created August 22, 2003
+ * Created August 27, 2003
  *
  * This work contains codes based on WiFiClientSecure from Earle F. Philhower and SSLClient from OSU OPEnS Lab.
  *
@@ -435,8 +435,6 @@ int BSSL_SSL_Client::connectSSL(IPAddress ip, uint16_t port)
  if (!mIsClientInitialized(true))
  return 0;
 
- validate(ip, port);
-
  if (!_basic_client->connected() && !mConnectBasicClient(nullptr, ip, port))
  return 0;
 
@@ -452,8 +450,6 @@ int BSSL_SSL_Client::connectSSL(const char *host, uint16_t port)
  if (!mIsClientInitialized(true))
  return 0;
 
- validate(host, port);
-
  if (!_basic_client->connected() && !mConnectBasicClient(host, IPAddress(), port))
  return 0;
 

src/client/BSSL_SSL_Client.h

@@ -1,7 +1,7 @@
 /**
- * BSSL_SSL_Client library v1.0.10 for Arduino devices.
+ * BSSL_SSL_Client library v1.0.11 for Arduino devices.
  *
- * Created August 22, 2003
+ * Created August 27, 2003
  *
  * This work contains codes based on WiFiClientSecure from Earle F. Philhower and SSLClient from OSU OPEnS Lab.
  *
@@ -98,7 +98,7 @@ class BSSL_SSL_Client : public Client
 
  uint8_t connected() override;
 
- void validate(const char* host, uint16_t port);
+ void validate(const char *host, uint16_t port);
 
  void validate(IPAddress ip, uint16_t port);
 
@@ -128,8 +128,6 @@ class BSSL_SSL_Client : public Client
 
  int connectSSL(const char *host, uint16_t port);
 
-
-
  void stop() override;
 
  void setTimeout(unsigned int timeoutMs);
@@ -342,7 +340,7 @@ class BSSL_SSL_Client : public Client
  unsigned long _handshake_timeout = 60000;
  bool _isSSLEnabled = false;
  String _host;
- uint16_t _port;
+ uint16_t _port = 0;
  IPAddress _ip;
 };
 

src/client/BSSL_TCP_Client.cpp

@@ -1,7 +1,7 @@
 /**
- * BSSL_TCP_Client v2.0.11 for Arduino devices.
+ * BSSL_TCP_Client v2.0.12 for Arduino devices.
  *
- * Created August 22, 2023
+ * Created August 27, 2023
  *
  * The MIT License (MIT)
  * Copyright (c) 2023 K. Suwatchai (Mobizt)

src/client/BSSL_TCP_Client.h

@@ -1,7 +1,7 @@
 /**
- * BSSL_TCP_Client v2.0.11 for Arduino devices.
+ * BSSL_TCP_Client v2.0.12 for Arduino devices.
  *
- * Created August 22, 2023
+ * Created August 27, 2023
  *
  * The MIT License (MIT)
  * Copyright (c) 2023 K. Suwatchai (Mobizt)

src/client/ESP_SSLClient.h

@@ -0,0 +1,47 @@
+/**
+ *
+ * The ESP SSL Client Class, ESP_SSLClient.h v2.0.6
+ *
+ * Created August 6, 2023
+ *
+ * The MIT License (MIT)
+ * Copyright (c) 2023 K. Suwatchai (Mobizt)
+ *
+ *
+ * Permission is hereby granted, free of charge, to any person returning a copy of
+ * this software and associated documentation files (the "Software"), to deal in
+ * the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+ * the Software, and to permit persons to whom the Software is furnished to do so,
+ * subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+ * FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+ * COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+ * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+#ifndef ESP_SSLCLIENT_H
+#define ESP_SSLCLIENT_H
+
+#include "ESP_SSLClient_FS.h"
+
+#ifndef SSLCLIENT_CONNECTION_UPGRADABLE
+#define SSLCLIENT_CONNECTION_UPGRADABLE
+#endif
+
+#include "client/BSSL_TCP_Client.h"
+
+class ESP_SSLClient : public BSSL_TCP_Client
+{ 
+public:
+ ESP_SSLClient(){};
+ ~ESP_SSLClient(){};
+};
+
+#endif

src/client/ESP_SSLClient_Const.h

@@ -0,0 +1,124 @@
+#ifndef ESP_SSLCLIENT_CONST_H
+#define ESP_SSLCLIENT_CONST_H
+
+#pragma GCC diagnostic ignored "-Wunused-function"
+#pragma GCC diagnostic ignored "-Wvla"
+
+#include "ESP_SSLClient_FS.h"
+
+#include <Arduino.h>
+#include <Client.h>
+
+#define ESP_SSLCLIENT_VALID_TIMESTAMP 1690979919
+
+#ifndef SSLCLIENT_CONNECTION_UPGRADABLE
+#define SSLCLIENT_CONNECTION_UPGRADABLE
+#endif
+
+#ifdef ESP_SSLCLIENT_ENABLE_DEBUG
+#if !defined(ESP_SSLCLIENT_DEBUG_PORT)
+#define ESP_SSLCLIENT_DEBUG_PORT Serial
+#endif
+#define ESP_SSLCLIENT_DEBUG_PRINT ESP_SSLCLIENT_DEBUG_PORT.print
+#else
+#define ESP_SSLCLIENT_DEBUG_PRINT(...)
+#endif
+
+enum esp_ssl_client_debug_level
+{
+ esp_ssl_debug_none = 0,
+ esp_ssl_debug_error = 1,
+ esp_ssl_debug_warn = 2,
+ esp_ssl_debug_info = 3,
+ esp_ssl_debug_dump = 4
+};
+
+enum esp_ssl_client_error_types
+{
+ esp_ssl_ok,
+ esp_ssl_connection_fail,
+ esp_ssl_write_error,
+ esp_ssl_read_error,
+ esp_ssl_out_of_memory,
+ esp_ssl_internal_error
+};
+
+#if defined(ESP_SSLCLIENT_ENABLE_DEBUG)
+
+static void esp_ssl_debug_print_prefix(const char *func_name, int level)
+{
+ ESP_SSLCLIENT_DEBUG_PRINT(PSTR("> "));
+ // print the debug level
+ switch (level)
+ {
+ case esp_ssl_debug_info:
+ ESP_SSLCLIENT_DEBUG_PRINT(PSTR("INFO."));
+ break;
+ case esp_ssl_debug_warn:
+ ESP_SSLCLIENT_DEBUG_PRINT(PSTR("WARN."));
+ break;
+ case esp_ssl_debug_error:
+ ESP_SSLCLIENT_DEBUG_PRINT(PSTR("ERROR."));
+ break;
+ default:
+ break;
+ }
+
+ // print the function name
+ ESP_SSLCLIENT_DEBUG_PRINT(PSTR(""));
+ ESP_SSLCLIENT_DEBUG_PRINT(func_name);
+ ESP_SSLCLIENT_DEBUG_PRINT(PSTR(": "));
+}
+
+static void esp_ssl_debug_print(PGM_P msg, int debug_level, int level, const char *func_name)
+{
+ if (debug_level >= level)
+ {
+ esp_ssl_debug_print_prefix(func_name, level);
+ ESP_SSLCLIENT_DEBUG_PRINT(msg);
+ ESP_SSLCLIENT_DEBUG_PRINT("\r\n");
+ }
+}
+
+#endif
+
+static uint8_t htoi(unsigned char c)
+{
+ if (c >= '0' && c <= '9')
+ return c - '0';
+ else if (c >= 'A' && c <= 'F')
+ return 10 + c - 'A';
+ else if (c >= 'a' && c <= 'f')
+ return 10 + c - 'a';
+ else
+ return 255;
+}
+
+// Helper function which aborts a TLS handshake by sending TLS
+// ClientAbort and ClientClose messages.
+static bool send_abort(Client *probe, bool supportsLen)
+{
+ // If we're still connected, send the appropriate notice that
+ // we're aborting the handshake per RFCs.
+ static const uint8_t clientAbort_P[] PROGMEM = {
+ 0x15 /*alert*/, 0x03, 0x03 /*TLS 1.2*/, 0x00, 0x02,
+ 1, 90 /* warning: user_cancelled */
+ };
+ static const uint8_t clientClose_P[] PROGMEM = {
+ 0x15 /*alert*/, 0x03, 0x03 /*TLS 1.2*/, 0x00, 0x02,
+ 1, 0 /* warning: close_notify */
+ };
+ if (probe->connected())
+ {
+ uint8_t msg[sizeof(clientAbort_P)];
+ memcpy_P(msg, clientAbort_P, sizeof(clientAbort_P));
+ probe->write(msg, sizeof(clientAbort_P));
+ memcpy_P(msg, clientClose_P, sizeof(clientClose_P));
+ probe->write(msg, sizeof(clientClose_P));
+ }
+ return supportsLen;
+}
+
+const uint16_t _secure_ports[26] = {443 /* HTTPS */, 465 /* SMTP */, 563 /* NNTP */, 636 /* LDAPS */, 695 /* IEEE-MMS-SSL */, 832 /* NETCONF */, 853 /* DNS */, 989 /* FTPS */, 990 /* FTPS */, 992 /* Telnet */, 993 /* IMAP */, 995 /* POP3 */, 4116 /* Smartcard */, 4843 /* OPC */, 5061 /* SIP */, 5085 /* LLIP */, 5349 /* NAT */, 5671 /* AMQP */, 5986 /* WinRM-HTTPS */, 6513 /* NETCONF */, 6514 /* Syslog */, 6515 /* Elipse RPC */, 6619 /* OFTP */, 8243 /* Apache Synapse */, 8403 /* GxFWD */, 8883 /* MQTT */};
+
+#endif

src/client/ESP_SSLClient_FS.h

@@ -0,0 +1,39 @@
+#ifndef ESP_SSLClient_FS_H
+#define ESP_SSLClient_FS_H
+
+#if (defined(ESP8266) || defined(ARDUINO_ARCH_RP2040)) && !defined(ARDUINO_NANO_RP2040_CONNECT)
+// for ESP8266 and Raspberry Pi Pico (RP2040) only except for Arduino Nano RP2040 Connect 
+#define USE_EMBED_SSL_ENGINE
+#else
+#define USE_LIB_SSL_ENGINE
+#endif
+
+#pragma once
+
+// for enable debugging
+#define ESP_SSLCLIENT_ENABLE_DEBUG
+
+/** Call ssl_client.setDebugLevel(x) to set the debug
+ * esp_ssl_debug_none = 0
+ * esp_ssl_debug_error = 1
+ * esp_ssl_debug_warn = 2
+ * esp_ssl_debug_info = 3
+ * esp_ssl_debug_dump = 4
+ */
+
+// for debug port
+#define ESP_SSLCLIENT_DEBUG_PORT Serial
+
+// for SSL Error String
+#define ESP_SSLCLIENT_ENABLE_SSL_ERROR_STRING
+
+// for Filesystem support that required for CertStore
+#define ESP_SSLCLIENT_USE_FILESYSTEM
+
+#if defined __has_include
+#if __has_include(<Custom_ESP_SSLClient_FS.h>)
+#include "Custom_ESP_SSLClient_FS"
+#endif
+#endif
+
+#endif