Skip to content

Commit

Permalink
Fix X.509 verification time in Reaspery Pi Pico.
Browse files Browse the repository at this point in the history
  • Loading branch information
mobizt committed Aug 2, 2023
1 parent 2221985 commit 4383527
Show file tree
Hide file tree
Showing 19 changed files with 645 additions and 43 deletions.
182 changes: 182 additions & 0 deletions examples/certificate/certificate.ino
Original file line number Diff line number Diff line change
@@ -0,0 +1,182 @@
/**
* This example shows how to connect to server via https and verify the root certificate using the SSL client.
*
* This example works on the Arduino-Pico SDK from Earle F. Philhower.
* https://github.com/earlephilhower/arduino-pico
*
* Email: [email protected]
*
* Github: https://github.com/mobizt/ESP_SSLSClient
*
* Copyright (c) 2023 mobizt
*
*/

#include <Arduino.h>
#if defined(ESP32) || defined(ARDUINO_RASPBERRY_PI_PICO_W)
#include <WiFi.h>
#elif defined(ESP8266)
#include <ESP8266WiFi.h>
#elif __has_include(<WiFiNINA.h>)
#include <WiFiNINA.h
#elif __has_include(<WiFi101.h>)
#include <WiFi101.h
#endif
#include <ESP_SSLClient.h>

#define WIFI_SSID "WIFI_AP"
#define WIFI_PASSWORD "WIFI_PASSWORD"

// Baltimore CyberTrust Root
// Expired on Tue May 13 2025
const char rootCA[] PROGMEM = "-----BEGIN CERTIFICATE-----\n"
"MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ\n"
"RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD\n"
"VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX\n"
"DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y\n"
"ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy\n"
"VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr\n"
"mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr\n"
"IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK\n"
"mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu\n"
"XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy\n"
"dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye\n"
"jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1\n"
"BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3\n"
"DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92\n"
"9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx\n"
"jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0\n"
"Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz\n"
"ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS\n"
"R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp\n"
"-----END CERTIFICATE-----\n";

ESP_SSLClient ssl_client;

// EthernetClient basic_client;
// GSMClient basic_client;
WiFiClient basic_client;

#if defined(ARDUINO_RASPBERRY_PI_PICO_W)
WiFiMulti multi;
#endif

void setup()
{
Serial.begin(115200);

#if defined(ARDUINO_RASPBERRY_PI_PICO_W)
multi.addAP(WIFI_SSID, WIFI_PASSWORD);
multi.run();
#else
WiFi.begin(WIFI_SSID, WIFI_PASSWORD);
#endif

Serial.print("Connecting to Wi-Fi");
unsigned long ms = millis();
while (WiFi.status() != WL_CONNECTED)
{
Serial.print(".");
delay(300);
#if defined(ARDUINO_RASPBERRY_PI_PICO_W)
if (millis() - ms > 10000)
break;
#endif
}
Serial.println();
Serial.print("Connected with IP: ");
Serial.println(WiFi.localIP());
Serial.println();

// The valid time is required for server certificate verification.
#if defined(ESP8266) || defined(ESP32) && !defined(ARDUINO_NANO_RP2040_CONNECT)

configTime(0, 0, "pool.ntp.org", "time.nist.gov");
while (time(nullptr) < ESP_SSLCLIENT_VALID_TIMESTAMP)
{
delay(100);
}

// If verification time was not set via this function, the device system time will be used
// ssl_client.setX509Time(time(nullptr));

#elif defined(ARDUINO_ARCH_RP2040) && !defined(ARDUINO_NANO_RP2040_CONNECT)

configTime(10000, 0, "pool.ntp.org", "time.nist.gov");
while (time(nullptr) < ESP_SSLCLIENT_VALID_TIMESTAMP)
{
delay(100);
}

// If verification time was not set via this function, the device system time will be used
// ssl_client.setX509Time(time(nullptr));

#elif __has_include(<WiFiNINA.h>) || __has_include(<WiFi101.h>)
time_t ts = WiFi.getTime();

// The verification time setting is required because the device system time i.e. time(nullptr) is not available in this case.
ssl_client.setX509Time(ts);
#endif

// Set the server certificate, intermediate cerificate or root certificate
ssl_client.setCACert(rootCA);

// Set the receive and transmit buffers size in bytes for memory allocation (512 to 16384).
ssl_client.setBufferSizes(1024 /* rx */, 512 /* tx */);

/** Call setDebugLevel(level) to set the debug
* esp_ssl_debug_none = 0
* esp_ssl_debug_error = 1
* esp_ssl_debug_warn = 2
* esp_ssl_debug_info = 3
* esp_ssl_debug_dump = 4
*/
ssl_client.setDebugLevel(1);

// assign the basic client
ssl_client.setClient(&basic_client);
}

void loop()
{
Serial.println("---------------------------------");
Serial.print("Connecting to server...");

String payload = "{\"title\":\"hello\"}";

if (ssl_client.connect("reqres.in", 443))
{
Serial.println(" ok");
Serial.println("Send POST request...");
ssl_client.print("POST /api/users HTTP/1.1\n");
ssl_client.print("Host: reqres.in\n");
ssl_client.print("Content-Type: application/json\n");
ssl_client.print("Content-Length: ");
ssl_client.print(payload.length());
ssl_client.print("\n\n");
ssl_client.print(payload);

Serial.print("Read response...");

unsigned long ms = millis();
while (!ssl_client.available() && millis() - ms < 3000)
{
delay(0);
}
Serial.println();
while (ssl_client.available())
{
Serial.print((char)ssl_client.read());
}
Serial.println();
}
else
Serial.println(" failed\n");

ssl_client.stop();

Serial.println();

delay(5000);
}
138 changes: 138 additions & 0 deletions examples/ethernet/ethernet.ino
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
/**
* This example shows how to connect to server using W5500, ESP32 and SSL Client.
*
* This example works on the Arduino-Pico SDK from Earle F. Philhower.
* https://github.com/earlephilhower/arduino-pico
*
* Email: [email protected]
*
* Github: https://github.com/mobizt/ESP_SSLSClient
*
* Copyright (c) 2023 mobizt
*
*/

#include <Arduino.h>
#include <Ethernet.h>

#include <ESP_SSLClient.h>

#define WIZNET_RESET_PIN 26 // Connect W5500 Reset pin to GPIO 26 of ESP32
#define WIZNET_CS_PIN 5 // Connect W5500 CS pin to GPIO 5 of ESP32
#define WIZNET_MISO_PIN 19 // Connect W5500 MISO pin to GPIO 19 of ESP32
#define WIZNET_MOSI_PIN 23 // Connect W5500 MOSI pin to GPIO 23 of ESP32
#define WIZNET_SCLK_PIN 18 // Connect W5500 SCLK pin to GPIO 18 of ESP32

ESP_SSLClient ssl_client;

EthernetClient basic_client;

uint8_t Eth_MAC[] = {0x02, 0xF0, 0x0D, 0xBE, 0xEF, 0x01};

void ResetEthernet()
{
Serial.println("Resetting WIZnet W5500 Ethernet Board... ");
pinMode(WIZNET_RESET_PIN, OUTPUT);
digitalWrite(WIZNET_RESET_PIN, HIGH);
delay(200);
digitalWrite(WIZNET_RESET_PIN, LOW);
delay(50);
digitalWrite(WIZNET_RESET_PIN, HIGH);
delay(200);
}

void networkConnection()
{

Ethernet.init(WIZNET_CS_PIN);

ResetEthernet();

Serial.println("Starting Ethernet connection...");
Ethernet.begin(Eth_MAC);

unsigned long to = millis();

while (Ethernet.linkStatus() == LinkOFF || millis() - to < 2000)
{
delay(100);
}

if (Ethernet.linkStatus() == LinkON)
{
Serial.print("Connected with IP ");
Serial.println(Ethernet.localIP());
}
else
{
Serial.println("Can't connect");
}
}

void setup()
{
Serial.begin(115200);

networkConnection();

// ignore server ssl certificate verification
ssl_client.setInsecure();

// Set the receive and transmit buffers size in bytes for memory allocation (512 to 16384).
ssl_client.setBufferSizes(1024 /* rx */, 512 /* tx */);

/** Call setDebugLevel(level) to set the debug
* esp_ssl_debug_none = 0
* esp_ssl_debug_error = 1
* esp_ssl_debug_warn = 2
* esp_ssl_debug_info = 3
* esp_ssl_debug_dump = 4
*/
ssl_client.setDebugLevel(1);

// assign the basic client
ssl_client.setClient(&basic_client);
}

void loop()
{
Serial.println("---------------------------------");
Serial.print("Connecting to server...");

String payload = "{\"title\":\"hello\"}";

if (ssl_client.connect("reqres.in", 443))
{
Serial.println(" ok");
Serial.println("Send POST request...");
ssl_client.print("POST /api/users HTTP/1.1\n");
ssl_client.print("Host: reqres.in\n");
ssl_client.print("Content-Type: application/json\n");
ssl_client.print("Content-Length: ");
ssl_client.print(payload.length());
ssl_client.print("\n\n");
ssl_client.print(payload);

Serial.print("Read response...");

unsigned long ms = millis();
while (!ssl_client.available() && millis() - ms < 3000)
{
delay(0);
}
Serial.println();
while (ssl_client.available())
{
Serial.print((char)ssl_client.read());
}
Serial.println();
}
else
Serial.println(" failed\n");

ssl_client.stop();

Serial.println();

delay(5000);
}
Loading

0 comments on commit 4383527

Please sign in to comment.