* espconn: remove unused espconn code, take 1
This is the easiest part of https://github.com/nodemcu/nodemcu-firmware/issues/3004 .
It removes a bunch of functions that were never called in our tree.
* espconn: De-orbit espconn_gethostbyname
Further work on https://github.com/nodemcu/nodemcu-firmware/issues/3004
While here, remove `mqtt`'s charming DNS-retry logic (which is neither
shared with nor duplicated in other modules) and update its :connect()
return value behavior and documentation.
* espconn: remove scary global pktinfo
A write-only global! How about that.
* net: remove deprecated methods
All the TLS stuff moved over there a long time ago, and
net_createUDPSocket should just do what it says on the tin.
* espconn_secure: remove ESPCONN_SERVER support
We can barely function as a TLS client; being a TLS server seems like a
real stretch. This code was never called from Lua anyway.
* espconn_secure: more code removal
* espconn_secure: simplify ssl options structure
There is nothing "ssl_packet" about this structure. Get rid of the
terrifying "pbuffer" pointer.
Squash two structure types together and eliminate an unused field.
* espconn_secure: refactor mbedtls_msg_info_load
Split out espconn_mbedtls_parse, which we can use as part of our effort
towards addressing https://github.com/nodemcu/nodemcu-firmware/issues/3032
* espconn_secure: introduce TLS cert/key callbacks
The new feature part of https://github.com/nodemcu/nodemcu-firmware/issues/3032
Subsequent work will remove the old mechanism.
* tls: add deprecation warnings
* luacheck: net.ifinfo is a thing now
* tls: remove use of espconn->reverse
* mqtt: stop using espconn->reverse
Instead, just place the espconn structure itself at the top of the user
data. This enlarges the structure somewhat but removes one more layer
of dynamic heap usage and NULL checks.
While here, simplify the code a bit.
* mqtt: remove redundant pointer to connect_info
Everywhere we have the mqtt_state_t we also have the lmqtt_userdata.
* mqtt: doc fixes
* mqtt: note bug
* tls: allow :on(...,nil) to unregister a callback
* Remove stale putative MD2 support
This hasn't worked in a while, presumably since one of our upstream
merges. Don't bother making it work, since MD2 is generally considered
insecure.
* Land mbedtls 2.16.3-77-gf02988e57
* TLS: remove some dead code from espconn_mbedtls
There was some... frankly kind of scary buffer and data shuffling if
ESP8266_PLATFORM was defined. Since we don't, in fact, define that
preprocessor symbol, just drop the code lest anyone (possibly future-me)
be scared.
* TLS: espconn_mbedtls: run through astyle
No functional changes
* TLS: espconn_mbedtls: put the file_params on the stack
There's no need to malloc a structure that's used only locally.
* TLS: Further minor tidying of mbedtls glue
What an absolute shitshow this is. mbedtls should absolutely not
be mentioned inside sys/socket.h and app/mbedtls/app/lwIPSocket.c is not
so much glue as it as a complete copy of a random subset of lwIP; it
should go, but we aren't there yet.
Get rid of the mysterious "mbedlts_record" struct, which housed merely a
length of bytes sent solely for gating the "record sent" callback.
Remove spurious __attribute__((weak)) from symbols not otherwise
defined and rename them to emphasize that they are not actually part of
mbedtls proper.
* TLS: Rampage esp mbedtls glue and delete unused code
This at least makes the shitshow smaller
* TLS: lwip: fix some memp definitions
I presume these also need the new arguments
* TLS: Remove more non-NodeMCU code from our mbedtls
* TLS: drop support for 1.1
Depending on who you ask it's either EOL already or EOL soon, so
we may as well get rid of it now.
We just don't have the memory to be a real TLS client on the 8266. Put
that in a big box and point at it from the http and mqtt modules; others
may also wish to give reference.
* Update TLS protocol support
TLS1.0 is past PCI's EOL; BEAST is no more
Enable elliptic curve key exchanges
Do not enable the smallest ECs for security
Do not enable the largest ECs for computational time
Do not enable 25519 (sad) because it doesn't go across the wire
Drop non-PFS key exchanges
Drop ARC4, Blowfish, DES, genprime, XTEA code
Drop renegotiation support completely
It takes so much heap that it's not likely to work out well
Tidy handling of SSL_BUFFER_SIZE
Update docs
Drop mention of startcom, since they are no more, for letsencrypt
* Update mbedtls to 2.7.7
Preserve our vsnprintf and platform hacks
* Introduce TLS maximum fragment size knob
Reduce buffer size to 4Ki by default and advertize that. That's the
largest we can advertize with the TLS MFL extension, so there's no
point in making them larger. The truly adventurous can re-raise
SSL_BUFFER_SIZE and undefine the SSL_MAX_FRAGMENT_LENGTH_CODE and get
back to the earlier behavior.
* Default to mbedTLS debug with DEVELOP_VERSION
Nathaniel Wesley Filardo
Gregor Hartmann
sergio
Nathaniel Wesley Filardo
Marcel Stör