esp_tls: Added getter function for esp_tls ssl ctx.

2025-03-09 17:19:09 -04:00 · 2022-04-20 11:30:56 +05:30 · 2022-04-20 11:30:56 +05:30 · 788c9ddf8d
commit 788c9ddf8d
parent 434e74ff73
7 changed files with 79 additions and 10 deletions
--- a/components/esp-tls/esp_tls.c
+++ b/components/esp-tls/esp_tls.c
@ -40,6 +40,7 @@ static const char *TAG = "esp-tls";
 #define _esp_tls_conn_delete                esp_mbedtls_conn_delete
 #define _esp_tls_net_init                   esp_mbedtls_net_init
 #define _esp_tls_get_client_session         esp_mbedtls_get_client_session
+#define _esp_tls_get_ssl_context            esp_mbedtls_get_ssl_context
 #ifdef CONFIG_ESP_TLS_SERVER
 #define _esp_tls_server_session_create      esp_mbedtls_server_session_create
 #define _esp_tls_server_session_delete      esp_mbedtls_server_session_delete
@ -66,6 +67,7 @@ static const char *TAG = "esp-tls";
 #define _esp_tls_init_global_ca_store       esp_wolfssl_init_global_ca_store
 #define _esp_tls_set_global_ca_store        esp_wolfssl_set_global_ca_store                 /*!< Callback function for setting global CA store data for TLS/SSL */
 #define _esp_tls_free_global_ca_store       esp_wolfssl_free_global_ca_store                /*!< Callback function for freeing global ca store for TLS/SSL */
+#define _esp_tls_get_ssl_context            esp_wolfssl_get_ssl_context
 #else   /* ESP_TLS_USING_WOLFSSL */
 #error "No TLS stack configured"
 #endif
@ -616,6 +618,11 @@ ssize_t esp_tls_get_bytes_avail(esp_tls_t *tls)
    return _esp_tls_get_bytes_avail(tls);
 }

+void *esp_tls_get_ssl_context(esp_tls_t *tls)
+{
+    return _esp_tls_get_ssl_context(tls);
+}
+
 esp_err_t esp_tls_get_conn_sockfd(esp_tls_t *tls, int *sockfd)
 {
    if (!tls || !sockfd) {
@ -644,7 +651,7 @@ esp_err_t esp_tls_get_and_clear_last_error(esp_tls_error_handle_t h, int *esp_tl

 esp_err_t esp_tls_get_error_handle(esp_tls_t *tls, esp_tls_error_handle_t *error_handle)
 {
-    if (tls == NULL) {
+    if (!tls || !error_handle) {
        return ESP_ERR_INVALID_ARG;
    }

--- a/components/esp-tls/esp_tls.h
+++ b/components/esp-tls/esp_tls.h
@ -473,6 +473,17 @@ ssize_t esp_tls_get_bytes_avail(esp_tls_t *tls);
 */
 esp_err_t esp_tls_get_conn_sockfd(esp_tls_t *tls, int *sockfd);

+/**
+ * @brief       Returns the ssl context
+ *
+ * @param[in]   tls          handle to esp_tls context
+ *
+ *
+ * @return     - ssl_ctx pointer to ssl context of underlying TLS layer on success
+ *             - NULL  in case of error
+ */
+void *esp_tls_get_ssl_context(esp_tls_t *tls);
+
 /**
 * @brief      Create a global CA store, initially empty.
 *
@ -554,7 +565,7 @@ esp_err_t esp_tls_get_and_clear_error_type(esp_tls_error_handle_t h, esp_tls_err
 * @return
 *             - ESP_OK             on success and error_handle will be updated with the ESP-TLS error handle.
 *
- *             - ESP_ERR_INVALID_ARG if (tls == NULL)
+ *             - ESP_ERR_INVALID_ARG if (tls == NULL || error_handle == NULL)
 */
 esp_err_t esp_tls_get_error_handle(esp_tls_t *tls, esp_tls_error_handle_t *error_handle);

--- a/components/esp-tls/esp_tls_mbedtls.c
+++ b/components/esp-tls/esp_tls_mbedtls.c
@ -18,6 +18,7 @@
 #include "esp_tls_error_capture_internal.h"
 #include <errno.h>
 #include "esp_log.h"
+#include "esp_check.h"

 #ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
 #include "esp_crt_bundle.h"
@ -140,6 +141,15 @@ exit:

 }

+void *esp_mbedtls_get_ssl_context(esp_tls_t *tls)
+{
+    if (tls == NULL) {
+        ESP_LOGE(TAG, "Invalid arguments");
+        return NULL;
+    }
+    return (void*)&tls->ssl;
+}
+
 #ifdef CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS
 esp_tls_client_session_t *esp_mbedtls_get_client_session(esp_tls_t *tls)
 {
--- a/components/esp-tls/esp_tls_wolfssl.c
+++ b/components/esp-tls/esp_tls_wolfssl.c
@ -115,6 +115,15 @@ static esp_err_t esp_load_wolfssl_verify_buffer(esp_tls_t *tls, const unsigned c
    }
 }

+void *esp_wolfssl_get_ssl_context(esp_tls_t *tls)
+{
+    if (tls == NULL) {
+        ESP_LOGE(TAG, "Invalid arguments");
+        return NULL;
+    }
+    return (void*)tls->priv_ssl;
+}
+
 esp_err_t esp_create_wolfssl_handle(const char *hostname, size_t hostlen, const void *cfg, esp_tls_t *tls)
 {
 #ifdef CONFIG_ESP_DEBUG_WOLFSSL
--- a/components/esp-tls/private_include/esp_tls_mbedtls.h
+++ b/components/esp-tls/private_include/esp_tls_mbedtls.h
@ -56,6 +56,11 @@ static inline void esp_mbedtls_net_init(esp_tls_t *tls)
    mbedtls_net_init(&tls->server_fd);
 }

+/**
+ * Return ssl context for mbedTLS stack
+ */
+void *esp_mbedtls_get_ssl_context(esp_tls_t *tls);
+
 #ifdef CONFIG_ESP_TLS_SERVER
 /**
 * Internal Callback for set_server_config
--- a/components/esp-tls/private_include/esp_tls_wolfssl.h
+++ b/components/esp-tls/private_include/esp_tls_wolfssl.h
@ -64,6 +64,11 @@ void esp_wolfssl_free_global_ca_store(void);
 */
 esp_err_t esp_wolfssl_init_global_ca_store(void);

+/**
+ *  Return ssl context for wolfSSL stack
+ */
+void *esp_wolfssl_get_ssl_context(esp_tls_t *tls);
+
 /**
 * wolfSSL function for Initializing socket wrappers (no-operation for wolfSSL)
 */
--- a/examples/protocols/https_server/simple/main/main.c
+++ b/examples/protocols/https_server/simple/main/main.c
@ -36,7 +36,7 @@ static esp_err_t root_get_handler(httpd_req_t *req)
 }

 #if CONFIG_EXAMPLE_ENABLE_HTTPS_USER_CALLBACK
-
+#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
 static void print_peer_cert_info(const mbedtls_ssl_context *ssl)
 {
    const mbedtls_x509_crt *cert;
@ -58,7 +58,7 @@ static void print_peer_cert_info(const mbedtls_ssl_context *ssl)

    free(buf);
 }
-
+#endif
 /**
 * Example callback function to get the certificate of connected clients,
 * whenever a new SSL connection is created and closed
@ -75,22 +75,44 @@ static void print_peer_cert_info(const mbedtls_ssl_context *ssl)
 static void https_server_user_callback(esp_https_server_user_cb_arg_t *user_cb)
 {
    ESP_LOGI(TAG, "User callback invoked!");
-
+#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
+    mbedtls_ssl_context *ssl_ctx = NULL;
+#endif
    switch(user_cb->user_cb_state) {
        case HTTPD_SSL_USER_CB_SESS_CREATE:
            ESP_LOGD(TAG, "At session creation");

            // Logging the socket FD
-            ESP_LOGI(TAG, "Socket FD: %d", user_cb->tls->sockfd);
-
+            int sockfd = -1;
+            esp_err_t esp_ret;
+            esp_ret = esp_tls_get_conn_sockfd(user_cb->tls, &sockfd);
+            if (esp_ret != ESP_OK) {
+                ESP_LOGE(TAG, "Error in obtaining the sockfd from tls context");
+                break;
+            }
+            ESP_LOGI(TAG, "Socket FD: %d", sockfd);
+#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
+            ssl_ctx = (mbedtls_ssl_context *) esp_tls_get_ssl_context(user_cb->tls);
+            if (ssl_ctx == NULL) {
+                ESP_LOGE(TAG, "Error in obtaining ssl context");
+                break;
+            }
            // Logging the current ciphersuite
-            ESP_LOGI(TAG, "Current Ciphersuite: %s", mbedtls_ssl_get_ciphersuite(&user_cb->tls->ssl));
+            ESP_LOGI(TAG, "Current Ciphersuite: %s", mbedtls_ssl_get_ciphersuite(ssl_ctx));
+#endif
            break;
+
        case HTTPD_SSL_USER_CB_SESS_CLOSE:
            ESP_LOGD(TAG, "At session close");
-
+#ifdef CONFIG_ESP_TLS_USING_MBEDTLS
            // Logging the peer certificate
-            print_peer_cert_info(&user_cb->tls->ssl);
+            ssl_ctx = (mbedtls_ssl_context *) esp_tls_get_ssl_context(user_cb->tls);
+            if (ssl_ctx == NULL) {
+                ESP_LOGE(TAG, "Error in obtaining ssl context");
+                break;
+            }
+            print_peer_cert_info(ssl_ctx);
+#endif
            break;
        default:
            ESP_LOGE(TAG, "Illegal state!");