Add SSL server examples #9
Conversation
- Update examples - Fix server examples for esp32s3 BREAKING CHANGE: Session::new() now takes `&mut socket`, instead of `socket`
- Update examples - Fix server examples for esp32s3 BREAKING CHANGE: Session::new() now takes `&mut socket`, instead of `socket`
…ndin/esp-mbedtls into ssl-server-experiment
…elf-signed certificates instead of crashing
|
After looking more into it, it looks like it would be up to the user to handle the self-signed error in the browser, as the connection is closed when it occurs. There is also a bug with the async example, it seems to hang when the connection gets closed due to a self-signed certificate error. It doesn't return the correct |
|
Oh yes - probably the user just needs to choose to ignore the problem with the certificate or use command line wget/curl with the right options 👍 Regarding the async example: That definitely needs a fix then |
- Rename examples to be more comprehensive - Add server examples for `esp32`, `esp32c3` - Refactor and document Certificates struct for better comprehensiveness
…ndin/esp-mbedtls into ssl-server-experiment
|
I've renamed and added the missing examples. That was a very lengthy process. I think we should merge them together, and use features for the different arch, considering most of the examples are code duplication. It becomes very long to maintain when changing the public facing API. All objectives I wanted to fulfill in this issue are done, but there's still this async error that should get fixed. This might need some squashing and rebasing before merging, as I've duplicate commits. Also, for better maintainability, we should have a script that automatically update SSL certs, and put them in a folder, so that we don't have to update them when they expire. |
|
Good idea about the examples - maybe we should do something like we have in esp-wifi (while not everyone likes that approach) |
|
Considering how most of the code is identical between the architectures, I wonder if we could get by, by only using the arch as a feature for the different versions. We would have to specify the build target when compiling, but this doesn't seem to be a hassle per say. |
That's what we initially did in esp-wifi and what we still do in esp-storage. There is a lot of conditional compilation for initialization but that is not too bad. The real ugly thing there was the problem that we cannot have dev-dependencies (like esp-println etc.) per target (which are just features) which was fine for the Xtensas which each had their own "architecture" but for the RISCV chips they are all riscv32-imc and the later ones riscv32-imac. I totally agree that having multiple identical copies of the same example code is also not idea |
This PR add examples and bring changes needed to be able to use as a server.
TODO
Fix
MbedTlsError(-30592),(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE)when a browser (or curl) displays a self-signed certificate error. I believe this should be fixed before merging this PR. This maybe has something to do with https://os.mbed.com/teams/sandbox/code/mbedtls/docs/tip/ssl_8h.html#a38ee2c1e3f232444df5ba3952d7ded33Chores
esp32,esp32c3client_cert,client_keyin theCertificatesstruct