MirrorSave
/
nodemcu-firmware
mirror of https://github.com/nodemcu/nodemcu-firmware.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nodemcu-firmware/app/modules/tls.c

653 lines
19 KiB
C
Raw Normal View History

Net functionality rewrite on top of LWIP (#1379) * Rewrite net.dns.resolve on LWIP * Move IGMP (net multicast) to LWIP * Cleanup net module * Move secure connection operations to tls module * Net module on LWIP * Server timeout parameter * TCP hold * Fixes in documentation * Documentation fixes * Note TLS module depends on net * Add TLS module to user_modules.h * Callback on connect event * Fix depends net module on tls module * Fix unhold exponential time issue
2016-12-31 13:14:03 +01:00
// Module for TLS
#include "module.h"
#if defined(CLIENT_SSL_ENABLE) && defined(LUA_USE_MODULES_NET)
#include "lauxlib.h"
#include "platform.h"
#include "lmem.h"
Major cleanup - c_whatever is finally history. (#2838) The PR removed the bulk of non-newlib headers from the NodeMCU source base. app/libc has now been cut down to the bare minimum overrides to shadow the corresponding functions in the SDK's libc. The old c_xyz.h headerfiles have been nuked in favour of the standard <xyz.h> headers, with a few exceptions over in sdk-overrides. Again, shipping a libc.a without headers is a terrible thing to do. We're still living on a prayer that libc was configured the same was as a default-configured xtensa gcc toolchain assumes it is. That part I cannot do anything about, unfortunately, but it's no worse than it has been before. This enables our source files to compile successfully using the standard header files, and use the typical malloc()/calloc()/realloc()/free(), the strwhatever()s and memwhatever()s. These end up, through macro and linker magic, mapped to the appropriate SDK or ROM functions.
2019-07-21 23:58:21 +02:00
#include <string.h>
Evict c_types.h, tidy up a other c_prefixes. (#2841)
2019-07-23 06:22:38 +02:00
#include <stddef.h>
Net functionality rewrite on top of LWIP (#1379) * Rewrite net.dns.resolve on LWIP * Move IGMP (net multicast) to LWIP * Cleanup net module * Move secure connection operations to tls module * Net module on LWIP * Server timeout parameter * TCP hold * Fixes in documentation * Documentation fixes * Note TLS module depends on net * Add TLS module to user_modules.h * Callback on connect event * Fix depends net module on tls module * Fix unhold exponential time issue
2016-12-31 13:14:03 +01:00
Evict c_types.h, tidy up a other c_prefixes. (#2841)
2019-07-23 06:22:38 +02:00
#include <stdint.h>
Net functionality rewrite on top of LWIP (#1379) * Rewrite net.dns.resolve on LWIP * Move IGMP (net multicast) to LWIP * Cleanup net module * Move secure connection operations to tls module * Net module on LWIP * Server timeout parameter * TCP hold * Fixes in documentation * Documentation fixes * Note TLS module depends on net * Add TLS module to user_modules.h * Callback on connect event * Fix depends net module on tls module * Fix unhold exponential time issue
2016-12-31 13:14:03 +01:00
#include "mem.h"
#include "lwip/ip_addr.h"
#include "espconn.h"
Update to sdk 2.2 Initial commit for https://github.com/nodemcu/nodemcu-firmware/issues/2225 . Replay patches from Espressif's repository at https://github.com/espressif/ESP8266_NONOS_SDK between tags v2.1.0 and v2.2.0: 0001-sync-from-ccca00f2.patch Superseded by existing changes, but lines reordered in app/driver/key.c to minimize divergences. 0002-sync-from-3f38ad5a.patch Upstream files only 0003-Update-links.patch Not meaningful to NodeMCU 0004-sync-from-01990ad0.patch 0005-sync-from-cdf6877d.patch Upstream files only 0006-sync-from-f29e744c.patch Upstream files only, user_interface.h override non-conflicting 0009-feat-lwip-Move-lwip-source-code-to-third_party-folde.patch Merged change to lwip/app/espconn_udp.c; rest is just moves or appears to not apply. 0010-feat-mbedtls-Add-mbedtls-source-code-in-third_party-.patch Does not apply; we use our own mbedtls 0011-added-C-support.patch Merged to Makefile 0012-feat-mbedtls-Rebuild-libmbedtls.patch Already applied 0013-fix-at-Fix-some-bugs-of-AT.patch Upstream files only 0014-feat-err_t-Redefine-err_t-to-s32_t.patch Merged to app/include/arch/cc.h and ./app/include/lwip/app/espconn.h; the rest is upstream files. 0015-fix-wpa-Fix-wpa-wpa2-ptk-gtk-reinstallation-vulnerab.patch 0016-fix-wifi-Remove-group-key-entry-before-connecting-to.patch 0017-feat-lib-Remove-time-function-in-libmain.patch Upstream files only 0018-feat-espconn-Modification-for-espconn.patch Merged to app/include/lwip/app/espconn.h, app/include/lwip/app/espconn_tcp.h, app/lwip/app/espconn.c, app/lwip/app/espconn_tcp.c 0019-feat-at-Use-new-espconn_recv-to-fix-tcp-server-issue.patch 0020-feat-examples-Update-mqtt-demo-and-auto-bin-generate.patch Upstream files only 0021-wifi-Add-scan-threshold-and-dwell-time.patch 0022-feat-wifi-Add-country-code-API.patch 0023-feat-wifi-Record-more-information-of-scanned-ap.patch Upstream files only, user_interface.h override non-conflicting 0024-fix-example-Fix-IoT_Demo-user-sector-error.patch Upstream files only 0025-fix-lwip-Fix-sequence-number-error-of-RST-ACK.patch Merged app/lwip/core/tcp_in.c 0026-fix-mbedtls-Fix-memory-leak.patch Merged app/mbedtls/app/lwIPSocket.c 0027-fix-mbedtls-Fix-call-send-callback-function-failed.patch Merged app/mbedtls/app/espconn_mbedtls.c 0028-feat-Add-USE_OPTIMIZE_PRINTF-in-third_party-Makefile.patch Merged app/Makefile 0029-fix-api-Fix-ets_delay_us-declaration.patch Upstream files only, osapi.h override non-conflicting 0030-fix-wifi-Remove-max_tx_power-in-wifi_country_t-in-li.patch 0031-fix-wifi-Fix-softAP-wrong-behavior-after-call-system.patch 0032-fix-wifi-bugfix-of-scan-fail-after-connected-if-max-.patch 0033-feat-at-Enable-scan-time-scan-type-and-add-scan-resu.patch 0034-feat-at-Add-command-AT-CWCOUNTRY.patch 0035-fix-at-Fix-that-AT-CIPSTART-causes-busy-if-the-serve.patch Upstream files only 0036-feat-mbedtls-Speed-up-mbedtls-handshake-process.patch Merged app/mbedtls/app/espconn_mbedtls.c 0037-fix-api-Fix-os_calloc-declaration.patch Merged app/include/lwip/mem.h; sdk-overrides/include/mem.h non-conflicting. 0038-fix-mbedtls-Fix-disconnect-callback-function-never-b.patch Merged app/mbedtls/app/espconn_mbedtls.c; minor revision to logic in 6576af959b1e704003ae5b93f6d6b89fcf86d429. Whitespace fixes. 0039-feat-at-Add-country-code-start-channel-in-AT-CWCOUNT.patch 0040-fix-net80211-Fix-Null-pointer-in-ieee80211_rfid_locp.patch Upstream files only 0041-feat-wifi-Add-new-esp_init_data_default-v08-bin.patch Upstream files only, but impacts Makefile 0042-fix-mbedtls-Fix-load-cert-fail-when-the-private-key-.patch Merged app/mbedtls/app/espconn_mbedtls.c 0043-fix-wifi-The-start-channel-can-be-any-valid-channel.patch 0044-fix-wifi-Fix-scan-do-not-start-after-connect.patch 0045-feat-wifi-Add-keep-connection-for-station-to-keep-co.patch 0046-feat-at-Update-AT-version-to-1.6.0.0.patch 0047-fix-at-Fix-GSLP-too-long-time.patch 0048-fix-at-Fix-the-message-is-incorrect-when-creating-UD.patch 0049-feat-at-Add-AT-CIPSERVERMAXCONN.patch Upstream files only 0050-feat-system-Add-softap-distributes-station-ip-event.patch Upstream files only, user_interface.h override non-conflicting 0051-feat-example-Use-libmbedtls.a-instead-of-libssl.a-in.patch Upstream files only 0052-feat-mesh-Remove-mesh-support.patch Upstream files only, but go ahead and remove comment from ld/nodemcu.ld. 0053-fix-example-Fix-forget-to-add-integer-parameter-when.patch Upstream files only 0054-fix-mbedtls-Fix-reconnect_callback-is-not-triggered-.patch Merged app/mbedtls/app/espconn_mbedtls.c 0055-feat-at-Add-AT-SYSMSG-to-enable-some-report-informat.patch 0056-fix-at-Fix-the-incorrect-link-id-when-client-connect.patch 0057-fix-at-Fix-the-bug-that-it-should-be-error-when-the-.patch 0058-fix-smartconfig-Fix-the-smartconfig-scan-time-issue.patch 0059-fix-lwip-Fix-the-bug-of-lwip-output.patch Upstream files only 0060-fix-lwip-Fix-the-length-of-TCP-data-in-one-packet-is.patch 0061-fix-lwip-Fix-send-TCP-data-with-two-or-more-pbuf.patch Merged app/lwip/core/tcp_out.c 0062-fix-wifi-Fix-assert-happen-when-smartconfig-start-th.patch Upstream files only 0063-fix-mbedtls-Fix-memory-leak-when-ESP8266-as-SSL-TLS-.patch Merged app/mbedtls/app/espconn_mbedtls.c 0064-fix-mbedtls-Fix-already-freed-and-exception-bug-when.patch Merged app/mbedtls/app/lwIPSocket.c 0065-fix-at-Fix-bug-that-there-is-no-result-when-sending-.patch 0066-feat-example-Add-AT-bin-version.patch 0067-feat-version-Update-version-to-2.2.0-and-add-version.patch 0068-feat-bin-Update-AT-bin-for-SDK-2.2.0.patch Upstream files only Apply local changes to build: app/include/lwip/app/espconn.h pulls changes (and license decl) from upstream SDK. Makefile is altered to use this file ahead of the SDK's. Remove lwip's sntp support, since it was never really wired in anyway. See https://github.com/nodemcu/nodemcu-firmware/issues/2042 for more information. Patch Makefile to strip time.o, the consumer of lwip's sntp functionality, from libmain.a, resulting in much easier-to-understand error messages. This has consequences for mbedtls. The simplest thing to do, which is, impressively, not a change in behavior, is to completely disable TLS certificate time validation; a later patch can optionally couple this to RTCTIME support. Similarly, it happens that the sqlite3 import was calling time(), but this was not going to work out well for it. Just stub it out to always return unix timestamp 0, as would have happened anyway. Changes unprocessed: 0007-sync-from-080c37e1.patch 0008-feat-lib-Compile-some-libraries-with-ffunction-secti.patch These two make changes to the linker script; perhaps they are worth porting over, but I have not done so here. This is build-tested (ADC, BIT, COLOR_UTILS, CRON, CRYPTO, DHT, ENCODER, FILE, GPIO, HTTP, I2C, MQTT, NET, NODE, OW, PCM, PERF, PWM, RTCFIFO, RTCMEM, RTCTIME, SNTP, SPI, SQLITE3, STRUCT, TLS, TMR, UART, WIFI, WS2812, WS2812_EFFECTS) and boots, but only limited run-time testing has been performed. Testing done does, however, include having made a few TLS connections through the HTTP module, so things are not hopelessly broken, at the very least.
2018-02-20 03:03:09 +01:00
#include "sys/espconn_mbedtls.h"
Net functionality rewrite on top of LWIP (#1379) * Rewrite net.dns.resolve on LWIP * Move IGMP (net multicast) to LWIP * Cleanup net module * Move secure connection operations to tls module * Net module on LWIP * Server timeout parameter * TCP hold * Fixes in documentation * Documentation fixes * Note TLS module depends on net * Add TLS module to user_modules.h * Callback on connect event * Fix depends net module on tls module * Fix unhold exponential time issue
2016-12-31 13:14:03 +01:00
#include "lwip/err.h"
#include "lwip/dns.h"
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
#include "mbedtls/debug.h"
#include "user_mbedtls.h"
Net functionality rewrite on top of LWIP (#1379) * Rewrite net.dns.resolve on LWIP * Move IGMP (net multicast) to LWIP * Cleanup net module * Move secure connection operations to tls module * Net module on LWIP * Server timeout parameter * TCP hold * Fixes in documentation * Documentation fixes * Note TLS module depends on net * Add TLS module to user_modules.h * Callback on connect event * Fix depends net module on tls module * Fix unhold exponential time issue
2016-12-31 13:14:03 +01:00
#ifdef HAVE_SSL_SERVER_CRT
#include HAVE_SSL_SERVER_CRT
#else
__attribute__((section(".servercert.flash"))) unsigned char tls_server_cert_area[INTERNAL_FLASH_SECTOR_SIZE];
#endif
__attribute__((section(".clientcert.flash"))) unsigned char tls_client_cert_area[INTERNAL_FLASH_SECTOR_SIZE];
extern int tls_socket_create( lua_State *L );
Updated ROTables 1st tranch (#2742) Updated ROTables
2019-05-08 13:08:20 +02:00
LROT_EXTERN(tls_cert);
Net functionality rewrite on top of LWIP (#1379) * Rewrite net.dns.resolve on LWIP * Move IGMP (net multicast) to LWIP * Cleanup net module * Move secure connection operations to tls module * Net module on LWIP * Server timeout parameter * TCP hold * Fixes in documentation * Documentation fixes * Note TLS module depends on net * Add TLS module to user_modules.h * Callback on connect event * Fix depends net module on tls module * Fix unhold exponential time issue
2016-12-31 13:14:03 +01:00
typedef struct {
struct espconn *pesp_conn;
int self_ref;
int cb_connect_ref;
int cb_reconnect_ref;
int cb_disconnect_ref;
int cb_sent_ref;
int cb_receive_ref;
int cb_dns_ref;
} tls_socket_ud;
int tls_socket_create( lua_State *L ) {
tls_socket_ud *ud = (tls_socket_ud*) lua_newuserdata(L, sizeof(tls_socket_ud));
ud->pesp_conn = NULL;
ud->self_ref =
ud->cb_connect_ref =
ud->cb_reconnect_ref =
ud->cb_disconnect_ref =
ud->cb_sent_ref =
ud->cb_receive_ref =
ud->cb_dns_ref = LUA_NOREF;
luaL_getmetatable(L, "tls.socket");
lua_setmetatable(L, -2);
return 1;
}
static void tls_socket_onconnect( struct espconn *pesp_conn ) {
tls_socket_ud *ud = (tls_socket_ud *)pesp_conn->reverse;
if (!ud || ud->self_ref == LUA_NOREF) return;
if (ud->cb_connect_ref != LUA_NOREF) {
lua_State *L = lua_getstate();
lua_rawgeti(L, LUA_REGISTRYINDEX, ud->cb_connect_ref);
lua_rawgeti(L, LUA_REGISTRYINDEX, ud->self_ref);
lua_call(L, 1, 0);
}
}
static void tls_socket_cleanup(tls_socket_ud *ud) {
if (ud->pesp_conn) {
espconn_secure_disconnect(ud->pesp_conn);
if (ud->pesp_conn->proto.tcp) {
Major cleanup - c_whatever is finally history. (#2838) The PR removed the bulk of non-newlib headers from the NodeMCU source base. app/libc has now been cut down to the bare minimum overrides to shadow the corresponding functions in the SDK's libc. The old c_xyz.h headerfiles have been nuked in favour of the standard <xyz.h> headers, with a few exceptions over in sdk-overrides. Again, shipping a libc.a without headers is a terrible thing to do. We're still living on a prayer that libc was configured the same was as a default-configured xtensa gcc toolchain assumes it is. That part I cannot do anything about, unfortunately, but it's no worse than it has been before. This enables our source files to compile successfully using the standard header files, and use the typical malloc()/calloc()/realloc()/free(), the strwhatever()s and memwhatever()s. These end up, through macro and linker magic, mapped to the appropriate SDK or ROM functions.
2019-07-21 23:58:21 +02:00
free(ud->pesp_conn->proto.tcp);
Net functionality rewrite on top of LWIP (#1379) * Rewrite net.dns.resolve on LWIP * Move IGMP (net multicast) to LWIP * Cleanup net module * Move secure connection operations to tls module * Net module on LWIP * Server timeout parameter * TCP hold * Fixes in documentation * Documentation fixes * Note TLS module depends on net * Add TLS module to user_modules.h * Callback on connect event * Fix depends net module on tls module * Fix unhold exponential time issue
2016-12-31 13:14:03 +01:00
ud->pesp_conn->proto.tcp = NULL;
}
Major cleanup - c_whatever is finally history. (#2838) The PR removed the bulk of non-newlib headers from the NodeMCU source base. app/libc has now been cut down to the bare minimum overrides to shadow the corresponding functions in the SDK's libc. The old c_xyz.h headerfiles have been nuked in favour of the standard <xyz.h> headers, with a few exceptions over in sdk-overrides. Again, shipping a libc.a without headers is a terrible thing to do. We're still living on a prayer that libc was configured the same was as a default-configured xtensa gcc toolchain assumes it is. That part I cannot do anything about, unfortunately, but it's no worse than it has been before. This enables our source files to compile successfully using the standard header files, and use the typical malloc()/calloc()/realloc()/free(), the strwhatever()s and memwhatever()s. These end up, through macro and linker magic, mapped to the appropriate SDK or ROM functions.
2019-07-21 23:58:21 +02:00
free(ud->pesp_conn);
Net functionality rewrite on top of LWIP (#1379) * Rewrite net.dns.resolve on LWIP * Move IGMP (net multicast) to LWIP * Cleanup net module * Move secure connection operations to tls module * Net module on LWIP * Server timeout parameter * TCP hold * Fixes in documentation * Documentation fixes * Note TLS module depends on net * Add TLS module to user_modules.h * Callback on connect event * Fix depends net module on tls module * Fix unhold exponential time issue
2016-12-31 13:14:03 +01:00
ud->pesp_conn = NULL;
}
lua_State *L = lua_getstate();
lua_gc(L, LUA_GCSTOP, 0);
luaL_unref(L, LUA_REGISTRYINDEX, ud->self_ref);
ud->self_ref = LUA_NOREF;
lua_gc(L, LUA_GCRESTART, 0);
}
static void tls_socket_ondisconnect( struct espconn *pesp_conn ) {
tls_socket_ud *ud = (tls_socket_ud *)pesp_conn->reverse;
if (!ud || ud->self_ref == LUA_NOREF) return;
tls_socket_cleanup(ud);
if (ud->cb_disconnect_ref != LUA_NOREF) {
lua_State *L = lua_getstate();
lua_rawgeti(L, LUA_REGISTRYINDEX, ud->cb_disconnect_ref);
lua_rawgeti(L, LUA_REGISTRYINDEX, ud->self_ref);
tls_socket_cleanup(ud);
lua_call(L, 1, 0);
} else tls_socket_cleanup(ud);
}
static void tls_socket_onreconnect( struct espconn *pesp_conn, s8 err ) {
tls_socket_ud *ud = (tls_socket_ud *)pesp_conn->reverse;
if (!ud || ud->self_ref == LUA_NOREF) return;
if (ud->cb_reconnect_ref != LUA_NOREF) {
const char* reason = NULL;
switch (err) {
case(ESPCONN_MEM): reason = "Out of memory"; break;
case(ESPCONN_TIMEOUT): reason = "Timeout"; break;
case(ESPCONN_RTE): reason = "Routing problem"; break;
case(ESPCONN_ABRT): reason = "Connection aborted"; break;
case(ESPCONN_RST): reason = "Connection reset"; break;
case(ESPCONN_CLSD): reason = "Connection closed"; break;
case(ESPCONN_HANDSHAKE): reason = "SSL handshake failed"; break;
case(ESPCONN_SSL_INVALID_DATA): reason = "SSL application invalid"; break;
}
lua_State *L = lua_getstate();
lua_rawgeti(L, LUA_REGISTRYINDEX, ud->cb_reconnect_ref);
lua_rawgeti(L, LUA_REGISTRYINDEX, ud->self_ref);
if (reason != NULL) {
lua_pushstring(L, reason);
} else {
lua_pushnil(L);
}
tls_socket_cleanup(ud);
lua_call(L, 2, 0);
} else tls_socket_cleanup(ud);
}
static void tls_socket_onrecv( struct espconn *pesp_conn, char *buf, u16 length ) {
tls_socket_ud *ud = (tls_socket_ud *)pesp_conn->reverse;
if (!ud || ud->self_ref == LUA_NOREF) return;
if (ud->cb_receive_ref != LUA_NOREF) {
lua_State *L = lua_getstate();
lua_rawgeti(L, LUA_REGISTRYINDEX, ud->cb_receive_ref);
lua_rawgeti(L, LUA_REGISTRYINDEX, ud->self_ref);
lua_pushlstring(L, buf, length);
lua_call(L, 2, 0);
}
}
static void tls_socket_onsent( struct espconn *pesp_conn ) {
tls_socket_ud *ud = (tls_socket_ud *)pesp_conn->reverse;
if (!ud || ud->self_ref == LUA_NOREF) return;
if (ud->cb_sent_ref != LUA_NOREF) {
lua_State *L = lua_getstate();
lua_rawgeti(L, LUA_REGISTRYINDEX, ud->cb_sent_ref);
lua_rawgeti(L, LUA_REGISTRYINDEX, ud->self_ref);
lua_call(L, 1, 0);
}
}
static void tls_socket_dns_cb( const char* domain, const ip_addr_t *ip_addr, tls_socket_ud *ud ) {
if (ud->self_ref == LUA_NOREF) return;
ip_addr_t addr;
if (ip_addr) addr = *ip_addr;
else addr.addr = 0xFFFFFFFF;
lua_State *L = lua_getstate();
if (ud->cb_dns_ref != LUA_NOREF) {
lua_rawgeti(L, LUA_REGISTRYINDEX, ud->cb_dns_ref);
lua_rawgeti(L, LUA_REGISTRYINDEX, ud->self_ref);
if (addr.addr == 0xFFFFFFFF) {
lua_pushnil(L);
} else {
char tmp[20];
Major cleanup - c_whatever is finally history. (#2838) The PR removed the bulk of non-newlib headers from the NodeMCU source base. app/libc has now been cut down to the bare minimum overrides to shadow the corresponding functions in the SDK's libc. The old c_xyz.h headerfiles have been nuked in favour of the standard <xyz.h> headers, with a few exceptions over in sdk-overrides. Again, shipping a libc.a without headers is a terrible thing to do. We're still living on a prayer that libc was configured the same was as a default-configured xtensa gcc toolchain assumes it is. That part I cannot do anything about, unfortunately, but it's no worse than it has been before. This enables our source files to compile successfully using the standard header files, and use the typical malloc()/calloc()/realloc()/free(), the strwhatever()s and memwhatever()s. These end up, through macro and linker magic, mapped to the appropriate SDK or ROM functions.
2019-07-21 23:58:21 +02:00
sprintf(tmp, IPSTR, IP2STR(&addr.addr));
Net functionality rewrite on top of LWIP (#1379) * Rewrite net.dns.resolve on LWIP * Move IGMP (net multicast) to LWIP * Cleanup net module * Move secure connection operations to tls module * Net module on LWIP * Server timeout parameter * TCP hold * Fixes in documentation * Documentation fixes * Note TLS module depends on net * Add TLS module to user_modules.h * Callback on connect event * Fix depends net module on tls module * Fix unhold exponential time issue
2016-12-31 13:14:03 +01:00
lua_pushstring(L, tmp);
}
lua_call(L, 2, 0);
}
if (addr.addr == 0xFFFFFFFF) {
lua_gc(L, LUA_GCSTOP, 0);
luaL_unref(L, LUA_REGISTRYINDEX, ud->self_ref);
ud->self_ref = LUA_NOREF;
lua_gc(L, LUA_GCRESTART, 0);
} else {
os_memcpy(ud->pesp_conn->proto.tcp->remote_ip, &addr.addr, 4);
espconn_secure_connect(ud->pesp_conn);
}
}
static int tls_socket_connect( lua_State *L ) {
tls_socket_ud *ud = (tls_socket_ud *)luaL_checkudata(L, 1, "tls.socket");
luaL_argcheck(L, ud, 1, "TLS socket expected");
if(ud==NULL){
NODE_DBG("userdata is nil.\n");
return 0;
}
if (ud->pesp_conn) {
return luaL_error(L, "already connected");
}
u16 port = luaL_checkinteger( L, 2 );
size_t il;
const char *domain = "127.0.0.1";
if( lua_isstring(L, 3) )
domain = luaL_checklstring( L, 3, &il );
if (port == 0)
return luaL_error(L, "invalid port");
if (domain == NULL)
return luaL_error(L, "invalid domain");
Major cleanup - c_whatever is finally history. (#2838) The PR removed the bulk of non-newlib headers from the NodeMCU source base. app/libc has now been cut down to the bare minimum overrides to shadow the corresponding functions in the SDK's libc. The old c_xyz.h headerfiles have been nuked in favour of the standard <xyz.h> headers, with a few exceptions over in sdk-overrides. Again, shipping a libc.a without headers is a terrible thing to do. We're still living on a prayer that libc was configured the same was as a default-configured xtensa gcc toolchain assumes it is. That part I cannot do anything about, unfortunately, but it's no worse than it has been before. This enables our source files to compile successfully using the standard header files, and use the typical malloc()/calloc()/realloc()/free(), the strwhatever()s and memwhatever()s. These end up, through macro and linker magic, mapped to the appropriate SDK or ROM functions.
2019-07-21 23:58:21 +02:00
ud->pesp_conn = (struct espconn*)calloc(1,sizeof(struct espconn));
Net functionality rewrite on top of LWIP (#1379) * Rewrite net.dns.resolve on LWIP * Move IGMP (net multicast) to LWIP * Cleanup net module * Move secure connection operations to tls module * Net module on LWIP * Server timeout parameter * TCP hold * Fixes in documentation * Documentation fixes * Note TLS module depends on net * Add TLS module to user_modules.h * Callback on connect event * Fix depends net module on tls module * Fix unhold exponential time issue
2016-12-31 13:14:03 +01:00
if(!ud->pesp_conn)
return luaL_error(L, "not enough memory");
ud->pesp_conn->proto.udp = NULL;
Major cleanup - c_whatever is finally history. (#2838) The PR removed the bulk of non-newlib headers from the NodeMCU source base. app/libc has now been cut down to the bare minimum overrides to shadow the corresponding functions in the SDK's libc. The old c_xyz.h headerfiles have been nuked in favour of the standard <xyz.h> headers, with a few exceptions over in sdk-overrides. Again, shipping a libc.a without headers is a terrible thing to do. We're still living on a prayer that libc was configured the same was as a default-configured xtensa gcc toolchain assumes it is. That part I cannot do anything about, unfortunately, but it's no worse than it has been before. This enables our source files to compile successfully using the standard header files, and use the typical malloc()/calloc()/realloc()/free(), the strwhatever()s and memwhatever()s. These end up, through macro and linker magic, mapped to the appropriate SDK or ROM functions.
2019-07-21 23:58:21 +02:00
ud->pesp_conn->proto.tcp = (esp_tcp *)calloc(1,sizeof(esp_tcp));
Net functionality rewrite on top of LWIP (#1379) * Rewrite net.dns.resolve on LWIP * Move IGMP (net multicast) to LWIP * Cleanup net module * Move secure connection operations to tls module * Net module on LWIP * Server timeout parameter * TCP hold * Fixes in documentation * Documentation fixes * Note TLS module depends on net * Add TLS module to user_modules.h * Callback on connect event * Fix depends net module on tls module * Fix unhold exponential time issue
2016-12-31 13:14:03 +01:00
if(!ud->pesp_conn->proto.tcp){
Major cleanup - c_whatever is finally history. (#2838) The PR removed the bulk of non-newlib headers from the NodeMCU source base. app/libc has now been cut down to the bare minimum overrides to shadow the corresponding functions in the SDK's libc. The old c_xyz.h headerfiles have been nuked in favour of the standard <xyz.h> headers, with a few exceptions over in sdk-overrides. Again, shipping a libc.a without headers is a terrible thing to do. We're still living on a prayer that libc was configured the same was as a default-configured xtensa gcc toolchain assumes it is. That part I cannot do anything about, unfortunately, but it's no worse than it has been before. This enables our source files to compile successfully using the standard header files, and use the typical malloc()/calloc()/realloc()/free(), the strwhatever()s and memwhatever()s. These end up, through macro and linker magic, mapped to the appropriate SDK or ROM functions.
2019-07-21 23:58:21 +02:00
free(ud->pesp_conn);
Net functionality rewrite on top of LWIP (#1379) * Rewrite net.dns.resolve on LWIP * Move IGMP (net multicast) to LWIP * Cleanup net module * Move secure connection operations to tls module * Net module on LWIP * Server timeout parameter * TCP hold * Fixes in documentation * Documentation fixes * Note TLS module depends on net * Add TLS module to user_modules.h * Callback on connect event * Fix depends net module on tls module * Fix unhold exponential time issue
2016-12-31 13:14:03 +01:00
ud->pesp_conn = NULL;
return luaL_error(L, "not enough memory");
}
ud->pesp_conn->type = ESPCONN_TCP;
ud->pesp_conn->state = ESPCONN_NONE;
ud->pesp_conn->reverse = ud;
ud->pesp_conn->proto.tcp->remote_port = port;
espconn_regist_connectcb(ud->pesp_conn, (espconn_connect_callback)tls_socket_onconnect);
espconn_regist_disconcb(ud->pesp_conn, (espconn_connect_callback)tls_socket_ondisconnect);
espconn_regist_reconcb(ud->pesp_conn, (espconn_reconnect_callback)tls_socket_onreconnect);
espconn_regist_recvcb(ud->pesp_conn, (espconn_recv_callback)tls_socket_onrecv);
espconn_regist_sentcb(ud->pesp_conn, (espconn_sent_callback)tls_socket_onsent);
if (ud->self_ref == LUA_NOREF) {
lua_pushvalue(L, 1); // copy to the top of stack
ud->self_ref = luaL_ref(L, LUA_REGISTRYINDEX);
}
ip_addr_t addr;
err_t err = dns_gethostbyname(domain, &addr, (dns_found_callback)tls_socket_dns_cb, ud);
if (err == ERR_OK) {
tls_socket_dns_cb(domain, &addr, ud);
} else if (err != ERR_INPROGRESS) {
tls_socket_dns_cb(domain, NULL, ud);
}
return 0;
}
static int tls_socket_on( lua_State *L ) {
tls_socket_ud *ud = (tls_socket_ud *)luaL_checkudata(L, 1, "tls.socket");
luaL_argcheck(L, ud, 1, "TLS socket expected");
if(ud==NULL){
NODE_DBG("userdata is nil.\n");
return 0;
}
size_t sl;
const char *method = luaL_checklstring( L, 2, &sl );
if (method == NULL)
return luaL_error( L, "wrong arg type" );
luaL_checkanyfunction(L, 3);
lua_pushvalue(L, 3); // copy argument (func) to the top of stack
if (strcmp(method, "connection") == 0) {
luaL_unref(L, LUA_REGISTRYINDEX, ud->cb_connect_ref);
ud->cb_connect_ref = luaL_ref(L, LUA_REGISTRYINDEX);
} else if (strcmp(method, "disconnection") == 0) {
luaL_unref(L, LUA_REGISTRYINDEX, ud->cb_disconnect_ref);
ud->cb_disconnect_ref = luaL_ref(L, LUA_REGISTRYINDEX);
} else if (strcmp(method, "reconnection") == 0) {
luaL_unref(L, LUA_REGISTRYINDEX, ud->cb_reconnect_ref);
ud->cb_reconnect_ref = luaL_ref(L, LUA_REGISTRYINDEX);
} else if (strcmp(method, "receive") == 0) {
luaL_unref(L, LUA_REGISTRYINDEX, ud->cb_receive_ref);
ud->cb_receive_ref = luaL_ref(L, LUA_REGISTRYINDEX);
} else if (strcmp(method, "sent") == 0) {
luaL_unref(L, LUA_REGISTRYINDEX, ud->cb_sent_ref);
ud->cb_sent_ref = luaL_ref(L, LUA_REGISTRYINDEX);
} else if (strcmp(method, "dns") == 0) {
luaL_unref(L, LUA_REGISTRYINDEX, ud->cb_dns_ref);
ud->cb_dns_ref = luaL_ref(L, LUA_REGISTRYINDEX);
} else {
return luaL_error(L, "invalid method");
}
return 0;
}
static int tls_socket_send( lua_State *L ) {
tls_socket_ud *ud = (tls_socket_ud *)luaL_checkudata(L, 1, "tls.socket");
luaL_argcheck(L, ud, 1, "TLS socket expected");
if(ud==NULL){
NODE_DBG("userdata is nil.\n");
return 0;
}
if(ud->pesp_conn == NULL) {
NODE_DBG("not connected");
return 0;
}
size_t sl;
const char* buf = luaL_checklstring(L, 2, &sl);
if (!buf) {
return luaL_error(L, "wrong arg type");
}
espconn_secure_send(ud->pesp_conn, (void*)buf, sl);
return 0;
}
static int tls_socket_hold( lua_State *L ) {
tls_socket_ud *ud = (tls_socket_ud *)luaL_checkudata(L, 1, "tls.socket");
luaL_argcheck(L, ud, 1, "TLS socket expected");
if(ud==NULL){
NODE_DBG("userdata is nil.\n");
return 0;
}
if(ud->pesp_conn == NULL) {
NODE_DBG("not connected");
return 0;
}
espconn_recv_hold(ud->pesp_conn);
return 0;
}
static int tls_socket_unhold( lua_State *L ) {
tls_socket_ud *ud = (tls_socket_ud *)luaL_checkudata(L, 1, "tls.socket");
luaL_argcheck(L, ud, 1, "TLS socket expected");
if(ud==NULL){
NODE_DBG("userdata is nil.\n");
return 0;
}
if(ud->pesp_conn == NULL) {
NODE_DBG("not connected");
return 0;
}
espconn_recv_unhold(ud->pesp_conn);
return 0;
}
static int tls_socket_getpeer( lua_State *L ) {
tls_socket_ud *ud = (tls_socket_ud *)luaL_checkudata(L, 1, "tls.socket");
luaL_argcheck(L, ud, 1, "TLS socket expected");
if(ud==NULL){
NODE_DBG("userdata is nil.\n");
return 0;
}
if(ud->pesp_conn && ud->pesp_conn->proto.tcp->remote_port != 0){
char temp[20] = {0};
Major cleanup - c_whatever is finally history. (#2838) The PR removed the bulk of non-newlib headers from the NodeMCU source base. app/libc has now been cut down to the bare minimum overrides to shadow the corresponding functions in the SDK's libc. The old c_xyz.h headerfiles have been nuked in favour of the standard <xyz.h> headers, with a few exceptions over in sdk-overrides. Again, shipping a libc.a without headers is a terrible thing to do. We're still living on a prayer that libc was configured the same was as a default-configured xtensa gcc toolchain assumes it is. That part I cannot do anything about, unfortunately, but it's no worse than it has been before. This enables our source files to compile successfully using the standard header files, and use the typical malloc()/calloc()/realloc()/free(), the strwhatever()s and memwhatever()s. These end up, through macro and linker magic, mapped to the appropriate SDK or ROM functions.
2019-07-21 23:58:21 +02:00
sprintf(temp, IPSTR, IP2STR( &(ud->pesp_conn->proto.tcp->remote_ip) ) );
Net functionality rewrite on top of LWIP (#1379) * Rewrite net.dns.resolve on LWIP * Move IGMP (net multicast) to LWIP * Cleanup net module * Move secure connection operations to tls module * Net module on LWIP * Server timeout parameter * TCP hold * Fixes in documentation * Documentation fixes * Note TLS module depends on net * Add TLS module to user_modules.h * Callback on connect event * Fix depends net module on tls module * Fix unhold exponential time issue
2016-12-31 13:14:03 +01:00
lua_pushstring( L, temp );
lua_pushinteger( L, ud->pesp_conn->proto.tcp->remote_port );
} else {
lua_pushnil( L );
lua_pushnil( L );
}
return 2;
}
static int tls_socket_close( lua_State *L ) {
tls_socket_ud *ud = (tls_socket_ud *)luaL_checkudata(L, 1, "tls.socket");
luaL_argcheck(L, ud, 1, "TLS socket expected");
if(ud==NULL){
NODE_DBG("userdata is nil.\n");
return 0;
}
if (ud->pesp_conn) {
espconn_secure_disconnect(ud->pesp_conn);
}
return 0;
}
static int tls_socket_delete( lua_State *L ) {
tls_socket_ud *ud = (tls_socket_ud *)luaL_checkudata(L, 1, "tls.socket");
luaL_argcheck(L, ud, 1, "TLS socket expected");
if(ud==NULL){
NODE_DBG("userdata is nil.\n");
return 0;
}
if (ud->pesp_conn) {
espconn_secure_disconnect(ud->pesp_conn);
if (ud->pesp_conn->proto.tcp) {
Major cleanup - c_whatever is finally history. (#2838) The PR removed the bulk of non-newlib headers from the NodeMCU source base. app/libc has now been cut down to the bare minimum overrides to shadow the corresponding functions in the SDK's libc. The old c_xyz.h headerfiles have been nuked in favour of the standard <xyz.h> headers, with a few exceptions over in sdk-overrides. Again, shipping a libc.a without headers is a terrible thing to do. We're still living on a prayer that libc was configured the same was as a default-configured xtensa gcc toolchain assumes it is. That part I cannot do anything about, unfortunately, but it's no worse than it has been before. This enables our source files to compile successfully using the standard header files, and use the typical malloc()/calloc()/realloc()/free(), the strwhatever()s and memwhatever()s. These end up, through macro and linker magic, mapped to the appropriate SDK or ROM functions.
2019-07-21 23:58:21 +02:00
free(ud->pesp_conn->proto.tcp);
Net functionality rewrite on top of LWIP (#1379) * Rewrite net.dns.resolve on LWIP * Move IGMP (net multicast) to LWIP * Cleanup net module * Move secure connection operations to tls module * Net module on LWIP * Server timeout parameter * TCP hold * Fixes in documentation * Documentation fixes * Note TLS module depends on net * Add TLS module to user_modules.h * Callback on connect event * Fix depends net module on tls module * Fix unhold exponential time issue
2016-12-31 13:14:03 +01:00
ud->pesp_conn->proto.tcp = NULL;
}
Major cleanup - c_whatever is finally history. (#2838) The PR removed the bulk of non-newlib headers from the NodeMCU source base. app/libc has now been cut down to the bare minimum overrides to shadow the corresponding functions in the SDK's libc. The old c_xyz.h headerfiles have been nuked in favour of the standard <xyz.h> headers, with a few exceptions over in sdk-overrides. Again, shipping a libc.a without headers is a terrible thing to do. We're still living on a prayer that libc was configured the same was as a default-configured xtensa gcc toolchain assumes it is. That part I cannot do anything about, unfortunately, but it's no worse than it has been before. This enables our source files to compile successfully using the standard header files, and use the typical malloc()/calloc()/realloc()/free(), the strwhatever()s and memwhatever()s. These end up, through macro and linker magic, mapped to the appropriate SDK or ROM functions.
2019-07-21 23:58:21 +02:00
free(ud->pesp_conn);
Net functionality rewrite on top of LWIP (#1379) * Rewrite net.dns.resolve on LWIP * Move IGMP (net multicast) to LWIP * Cleanup net module * Move secure connection operations to tls module * Net module on LWIP * Server timeout parameter * TCP hold * Fixes in documentation * Documentation fixes * Note TLS module depends on net * Add TLS module to user_modules.h * Callback on connect event * Fix depends net module on tls module * Fix unhold exponential time issue
2016-12-31 13:14:03 +01:00
ud->pesp_conn = NULL;
}
luaL_unref(L, LUA_REGISTRYINDEX, ud->cb_connect_ref);
ud->cb_connect_ref = LUA_NOREF;
luaL_unref(L, LUA_REGISTRYINDEX, ud->cb_disconnect_ref);
ud->cb_disconnect_ref = LUA_NOREF;
luaL_unref(L, LUA_REGISTRYINDEX, ud->cb_reconnect_ref);
ud->cb_reconnect_ref = LUA_NOREF;
luaL_unref(L, LUA_REGISTRYINDEX, ud->cb_dns_ref);
ud->cb_dns_ref = LUA_NOREF;
luaL_unref(L, LUA_REGISTRYINDEX, ud->cb_receive_ref);
ud->cb_receive_ref = LUA_NOREF;
luaL_unref(L, LUA_REGISTRYINDEX, ud->cb_sent_ref);
ud->cb_sent_ref = LUA_NOREF;
lua_gc(L, LUA_GCSTOP, 0);
luaL_unref(L, LUA_REGISTRYINDEX, ud->self_ref);
ud->self_ref = LUA_NOREF;
lua_gc(L, LUA_GCRESTART, 0);
return 0;
}
// Returns NULL on success, error message otherwise
static const char *append_pem_blob(const char *pem, const char *type, uint8_t **buffer_p, uint8_t *buffer_limit, const char *name) {
char unb64[256];
memset(unb64, 0xff, sizeof(unb64));
int i;
for (i = 0; i < 64; i++) {
unb64["ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"[i]] = i;
}
if (!pem) {
return "No PEM blob";
}
// Scan for -----BEGIN CERT
pem = strstr(pem, "-----BEGIN ");
if (!pem) {
return "No PEM header";
}
if (strncmp(pem + 11, type, strlen(type))) {
return "Wrong PEM type";
}
pem = strchr(pem, '\n');
if (!pem) {
return "Incorrect PEM format";
}
//
// Base64 encoded data starts here
// Get all the base64 data into a single buffer....
// We will use the back end of the buffer....
//
uint8_t *buffer = *buffer_p;
uint8_t *dest = buffer + 32 + 2; // Leave space for name and length
int bitcount = 0;
int accumulator = 0;
for (; *pem && dest < buffer_limit; pem++) {
int val = unb64[*(uint8_t*) pem];
if (val & 0xC0) {
// not a base64 character
if (isspace(*(uint8_t*) pem)) {
continue;
}
if (*pem == '=') {
// just ignore -- at the end
bitcount = 0;
continue;
}
if (*pem == '-') {
break;
}
return "Invalid character in PEM";
} else {
bitcount += 6;
accumulator = (accumulator << 6) + val;
if (bitcount >= 8) {
bitcount -= 8;
*dest++ = accumulator >> bitcount;
}
}
}
if (dest >= buffer_limit || strncmp(pem, "-----END ", 9) || strncmp(pem + 9, type, strlen(type)) || bitcount) {
return "Invalid PEM format data";
}
size_t len = dest - (buffer + 32 + 2);
memset(buffer, 0, 32);
strcpy(buffer, name);
buffer[32] = len & 0xff;
buffer[33] = (len >> 8) & 0xff;
*buffer_p = dest;
return NULL;
}
trailing spaces cleanup (#2659)
2019-02-17 19:26:29 +01:00
static const char *fill_page_with_pem(lua_State *L, const unsigned char *flash_memory, int flash_offset, const char **types, const char **names)
Net functionality rewrite on top of LWIP (#1379) * Rewrite net.dns.resolve on LWIP * Move IGMP (net multicast) to LWIP * Cleanup net module * Move secure connection operations to tls module * Net module on LWIP * Server timeout parameter * TCP hold * Fixes in documentation * Documentation fixes * Note TLS module depends on net * Add TLS module to user_modules.h * Callback on connect event * Fix depends net module on tls module * Fix unhold exponential time issue
2016-12-31 13:14:03 +01:00
{
uint8_t *buffer = luaM_malloc(L, INTERNAL_FLASH_SECTOR_SIZE);
uint8_t *buffer_base = buffer;
uint8_t *buffer_limit = buffer + INTERNAL_FLASH_SECTOR_SIZE;
int argno;
for (argno = 1; argno <= lua_gettop(L) && types[argno - 1]; argno++) {
const char *pem = lua_tostring(L, argno);
const char *error = append_pem_blob(pem, types[argno - 1], &buffer, buffer_limit, names[argno - 1]);
if (error) {
luaM_free(L, buffer_base);
return error;
}
}
memset(buffer, 0xff, buffer_limit - buffer);
// Lets see if it matches what is already there....
Major cleanup - c_whatever is finally history. (#2838) The PR removed the bulk of non-newlib headers from the NodeMCU source base. app/libc has now been cut down to the bare minimum overrides to shadow the corresponding functions in the SDK's libc. The old c_xyz.h headerfiles have been nuked in favour of the standard <xyz.h> headers, with a few exceptions over in sdk-overrides. Again, shipping a libc.a without headers is a terrible thing to do. We're still living on a prayer that libc was configured the same was as a default-configured xtensa gcc toolchain assumes it is. That part I cannot do anything about, unfortunately, but it's no worse than it has been before. This enables our source files to compile successfully using the standard header files, and use the typical malloc()/calloc()/realloc()/free(), the strwhatever()s and memwhatever()s. These end up, through macro and linker magic, mapped to the appropriate SDK or ROM functions.
2019-07-21 23:58:21 +02:00
if (memcmp(buffer_base, flash_memory, INTERNAL_FLASH_SECTOR_SIZE) != 0) {
Net functionality rewrite on top of LWIP (#1379) * Rewrite net.dns.resolve on LWIP * Move IGMP (net multicast) to LWIP * Cleanup net module * Move secure connection operations to tls module * Net module on LWIP * Server timeout parameter * TCP hold * Fixes in documentation * Documentation fixes * Note TLS module depends on net * Add TLS module to user_modules.h * Callback on connect event * Fix depends net module on tls module * Fix unhold exponential time issue
2016-12-31 13:14:03 +01:00
// Starts being dangerous
if (platform_flash_erase_sector(flash_offset / INTERNAL_FLASH_SECTOR_SIZE) != PLATFORM_OK) {
luaM_free(L, buffer_base);
return "Failed to erase sector";
}
if (platform_s_flash_write(buffer_base, flash_offset, INTERNAL_FLASH_SECTOR_SIZE) != INTERNAL_FLASH_SECTOR_SIZE) {
luaM_free(L, buffer_base);
return "Failed to write sector";
}
// ends being dangerous
}
luaM_free(L, buffer_base);
return NULL;
}
// Lua: tls.cert.auth(true / false | PEM data [, PEM data] )
static int tls_cert_auth(lua_State *L)
{
int enable;
uint32_t flash_offset = platform_flash_mapped2phys((uint32_t) &tls_client_cert_area[0]);
if ((flash_offset & 0xfff) || flash_offset > 0xff000 || INTERNAL_FLASH_SECTOR_SIZE != 0x1000) {
// THis should never happen
return luaL_error( L, "bad offset" );
}
if (lua_type(L, 1) == LUA_TSTRING) {
const char *types[3] = { "CERTIFICATE", "RSA PRIVATE KEY", NULL };
const char *names[2] = { "certificate", "private_key" };
const char *error = fill_page_with_pem(L, &tls_client_cert_area[0], flash_offset, types, names);
if (error) {
return luaL_error(L, error);
}
enable = 1;
} else {
enable = lua_toboolean(L, 1);
}
bool rc;
if (enable) {
// See if there is a cert there
if (tls_client_cert_area[0] == 0x00 || tls_client_cert_area[0] == 0xff) {
return luaL_error( L, "no certificates found" );
}
rc = espconn_secure_cert_req_enable(1, flash_offset / INTERNAL_FLASH_SECTOR_SIZE);
} else {
rc = espconn_secure_cert_req_disable(1);
}
lua_pushboolean(L, rc);
return 1;
}
// Lua: tls.cert.verify(true / false | PEM data [, PEM data] )
static int tls_cert_verify(lua_State *L)
{
int enable;
uint32_t flash_offset = platform_flash_mapped2phys((uint32_t) &tls_server_cert_area[0]);
if ((flash_offset & 0xfff) || flash_offset > 0xff000 || INTERNAL_FLASH_SECTOR_SIZE != 0x1000) {
// THis should never happen
return luaL_error( L, "bad offset" );
}
if (lua_type(L, 1) == LUA_TSTRING) {
const char *types[2] = { "CERTIFICATE", NULL };
const char *names[1] = { "certificate" };
const char *error = fill_page_with_pem(L, &tls_server_cert_area[0], flash_offset, types, names);
if (error) {
return luaL_error(L, error);
}
enable = 1;
} else {
enable = lua_toboolean(L, 1);
}
bool rc;
if (enable) {
// See if there is a cert there
if (tls_server_cert_area[0] == 0x00 || tls_server_cert_area[0] == 0xff) {
return luaL_error( L, "no certificates found" );
}
rc = espconn_secure_ca_enable(1, flash_offset / INTERNAL_FLASH_SECTOR_SIZE);
} else {
rc = espconn_secure_ca_disable(1);
}
lua_pushboolean(L, rc);
return 1;
}
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
#if defined(MBEDTLS_DEBUG_C)
static int tls_set_debug_threshold(lua_State *L) {
mbedtls_debug_set_threshold(luaL_checkint( L, 1 ));
return 0;
}
#endif
Updated ROTables 1st tranch (#2742) Updated ROTables
2019-05-08 13:08:20 +02:00
LROT_BEGIN(tls_socket)
LROT_FUNCENTRY( connect, tls_socket_connect )
LROT_FUNCENTRY( close, tls_socket_close )
LROT_FUNCENTRY( on, tls_socket_on )
LROT_FUNCENTRY( send, tls_socket_send )
LROT_FUNCENTRY( hold, tls_socket_hold )
LROT_FUNCENTRY( unhold, tls_socket_unhold )
LROT_FUNCENTRY( getpeer, tls_socket_getpeer )
LROT_FUNCENTRY( __gc, tls_socket_delete )
LROT_TABENTRY( __index, tls_socket )
LROT_END( tls_socket, tls_socket, 0 )
LROT_PUBLIC_BEGIN(tls_cert)
LROT_FUNCENTRY( verify, tls_cert_verify )
LROT_FUNCENTRY( auth, tls_cert_auth )
LROT_TABENTRY( __index, tls_cert )
LROT_END( tls_cert, tls_cert, 0 )
LROT_BEGIN(tls)
LROT_FUNCENTRY( createConnection, tls_socket_create )
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
#if defined(MBEDTLS_DEBUG_C)
Updated ROTables 1st tranch (#2742) Updated ROTables
2019-05-08 13:08:20 +02:00
LROT_FUNCENTRY( setDebug, tls_set_debug_threshold )
Update mbedTLS to 2.7.0 (#2267) * mbedtls 2.7.0 (mbedtls-2.7.0-0-g32605dc8) Wholesale import, with a few changes from earlier preserved through. Ideally we would soon get to the point of having no divergences from upstream. * tls: add function to adjust mbedTLS debug level
2018-03-03 23:28:26 +01:00
#endif
Updated ROTables 1st tranch (#2742) Updated ROTables
2019-05-08 13:08:20 +02:00
LROT_TABENTRY( cert, tls_cert )
LROT_TABENTRY( __metatable, tls )
LROT_END( tls, tls, 0 )
Net functionality rewrite on top of LWIP (#1379) * Rewrite net.dns.resolve on LWIP * Move IGMP (net multicast) to LWIP * Cleanup net module * Move secure connection operations to tls module * Net module on LWIP * Server timeout parameter * TCP hold * Fixes in documentation * Documentation fixes * Note TLS module depends on net * Add TLS module to user_modules.h * Callback on connect event * Fix depends net module on tls module * Fix unhold exponential time issue
2016-12-31 13:14:03 +01:00
int luaopen_tls( lua_State *L ) {
Updated ROTables 1st tranch (#2742) Updated ROTables
2019-05-08 13:08:20 +02:00
luaL_rometatable(L, "tls.socket", LROT_TABLEREF(tls_socket));
Net functionality rewrite on top of LWIP (#1379) * Rewrite net.dns.resolve on LWIP * Move IGMP (net multicast) to LWIP * Cleanup net module * Move secure connection operations to tls module * Net module on LWIP * Server timeout parameter * TCP hold * Fixes in documentation * Documentation fixes * Note TLS module depends on net * Add TLS module to user_modules.h * Callback on connect event * Fix depends net module on tls module * Fix unhold exponential time issue
2016-12-31 13:14:03 +01:00
return 0;
}
Updated ROTables 1st tranch (#2742) Updated ROTables
2019-05-08 13:08:20 +02:00
NODEMCU_MODULE(TLS, "tls", tls, luaopen_tls);
Net functionality rewrite on top of LWIP (#1379) * Rewrite net.dns.resolve on LWIP * Move IGMP (net multicast) to LWIP * Cleanup net module * Move secure connection operations to tls module * Net module on LWIP * Server timeout parameter * TCP hold * Fixes in documentation * Documentation fixes * Note TLS module depends on net * Add TLS module to user_modules.h * Callback on connect event * Fix depends net module on tls module * Fix unhold exponential time issue
2016-12-31 13:14:03 +01:00
#endif