-
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix X.509 verification time in Reaspery Pi Pico.
- Loading branch information
Showing
19 changed files
with
645 additions
and
43 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,182 @@ | ||
/** | ||
* This example shows how to connect to server via https and verify the root certificate using the SSL client. | ||
* | ||
* This example works on the Arduino-Pico SDK from Earle F. Philhower. | ||
* https://github.com/earlephilhower/arduino-pico | ||
* | ||
* Email: [email protected] | ||
* | ||
* Github: https://github.com/mobizt/ESP_SSLSClient | ||
* | ||
* Copyright (c) 2023 mobizt | ||
* | ||
*/ | ||
|
||
#include <Arduino.h> | ||
#if defined(ESP32) || defined(ARDUINO_RASPBERRY_PI_PICO_W) | ||
#include <WiFi.h> | ||
#elif defined(ESP8266) | ||
#include <ESP8266WiFi.h> | ||
#elif __has_include(<WiFiNINA.h>) | ||
#include <WiFiNINA.h | ||
#elif __has_include(<WiFi101.h>) | ||
#include <WiFi101.h | ||
#endif | ||
#include <ESP_SSLClient.h> | ||
|
||
#define WIFI_SSID "WIFI_AP" | ||
#define WIFI_PASSWORD "WIFI_PASSWORD" | ||
|
||
// Baltimore CyberTrust Root | ||
// Expired on Tue May 13 2025 | ||
const char rootCA[] PROGMEM = "-----BEGIN CERTIFICATE-----\n" | ||
"MIIDdzCCAl+gAwIBAgIEAgAAuTANBgkqhkiG9w0BAQUFADBaMQswCQYDVQQGEwJJ\n" | ||
"RTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJlclRydXN0MSIwIAYD\n" | ||
"VQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTAwMDUxMjE4NDYwMFoX\n" | ||
"DTI1MDUxMjIzNTkwMFowWjELMAkGA1UEBhMCSUUxEjAQBgNVBAoTCUJhbHRpbW9y\n" | ||
"ZTETMBEGA1UECxMKQ3liZXJUcnVzdDEiMCAGA1UEAxMZQmFsdGltb3JlIEN5YmVy\n" | ||
"VHJ1c3QgUm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKMEuyKr\n" | ||
"mD1X6CZymrV51Cni4eiVgLGw41uOKymaZN+hXe2wCQVt2yguzmKiYv60iNoS6zjr\n" | ||
"IZ3AQSsBUnuId9Mcj8e6uYi1agnnc+gRQKfRzMpijS3ljwumUNKoUMMo6vWrJYeK\n" | ||
"mpYcqWe4PwzV9/lSEy/CG9VwcPCPwBLKBsua4dnKM3p31vjsufFoREJIE9LAwqSu\n" | ||
"XmD+tqYF/LTdB1kC1FkYmGP1pWPgkAx9XbIGevOF6uvUA65ehD5f/xXtabz5OTZy\n" | ||
"dc93Uk3zyZAsuT3lySNTPx8kmCFcB5kpvcY67Oduhjprl3RjM71oGDHweI12v/ye\n" | ||
"jl0qhqdNkNwnGjkCAwEAAaNFMEMwHQYDVR0OBBYEFOWdWTCCR1jMrPoIVDaGezq1\n" | ||
"BE3wMBIGA1UdEwEB/wQIMAYBAf8CAQMwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3\n" | ||
"DQEBBQUAA4IBAQCFDF2O5G9RaEIFoN27TyclhAO992T9Ldcw46QQF+vaKSm2eT92\n" | ||
"9hkTI7gQCvlYpNRhcL0EYWoSihfVCr3FvDB81ukMJY2GQE/szKN+OMY3EU/t3Wgx\n" | ||
"jkzSswF07r51XgdIGn9w/xZchMB5hbgF/X++ZRGjD8ACtPhSNzkE1akxehi/oCr0\n" | ||
"Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67G7fyUIhz\n" | ||
"ksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS\n" | ||
"R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp\n" | ||
"-----END CERTIFICATE-----\n"; | ||
|
||
ESP_SSLClient ssl_client; | ||
|
||
// EthernetClient basic_client; | ||
// GSMClient basic_client; | ||
WiFiClient basic_client; | ||
|
||
#if defined(ARDUINO_RASPBERRY_PI_PICO_W) | ||
WiFiMulti multi; | ||
#endif | ||
|
||
void setup() | ||
{ | ||
Serial.begin(115200); | ||
|
||
#if defined(ARDUINO_RASPBERRY_PI_PICO_W) | ||
multi.addAP(WIFI_SSID, WIFI_PASSWORD); | ||
multi.run(); | ||
#else | ||
WiFi.begin(WIFI_SSID, WIFI_PASSWORD); | ||
#endif | ||
|
||
Serial.print("Connecting to Wi-Fi"); | ||
unsigned long ms = millis(); | ||
while (WiFi.status() != WL_CONNECTED) | ||
{ | ||
Serial.print("."); | ||
delay(300); | ||
#if defined(ARDUINO_RASPBERRY_PI_PICO_W) | ||
if (millis() - ms > 10000) | ||
break; | ||
#endif | ||
} | ||
Serial.println(); | ||
Serial.print("Connected with IP: "); | ||
Serial.println(WiFi.localIP()); | ||
Serial.println(); | ||
|
||
// The valid time is required for server certificate verification. | ||
#if defined(ESP8266) || defined(ESP32) && !defined(ARDUINO_NANO_RP2040_CONNECT) | ||
|
||
configTime(0, 0, "pool.ntp.org", "time.nist.gov"); | ||
while (time(nullptr) < ESP_SSLCLIENT_VALID_TIMESTAMP) | ||
{ | ||
delay(100); | ||
} | ||
|
||
// If verification time was not set via this function, the device system time will be used | ||
// ssl_client.setX509Time(time(nullptr)); | ||
|
||
#elif defined(ARDUINO_ARCH_RP2040) && !defined(ARDUINO_NANO_RP2040_CONNECT) | ||
|
||
configTime(10000, 0, "pool.ntp.org", "time.nist.gov"); | ||
while (time(nullptr) < ESP_SSLCLIENT_VALID_TIMESTAMP) | ||
{ | ||
delay(100); | ||
} | ||
|
||
// If verification time was not set via this function, the device system time will be used | ||
// ssl_client.setX509Time(time(nullptr)); | ||
|
||
#elif __has_include(<WiFiNINA.h>) || __has_include(<WiFi101.h>) | ||
time_t ts = WiFi.getTime(); | ||
|
||
// The verification time setting is required because the device system time i.e. time(nullptr) is not available in this case. | ||
ssl_client.setX509Time(ts); | ||
#endif | ||
|
||
// Set the server certificate, intermediate cerificate or root certificate | ||
ssl_client.setCACert(rootCA); | ||
|
||
// Set the receive and transmit buffers size in bytes for memory allocation (512 to 16384). | ||
ssl_client.setBufferSizes(1024 /* rx */, 512 /* tx */); | ||
|
||
/** Call setDebugLevel(level) to set the debug | ||
* esp_ssl_debug_none = 0 | ||
* esp_ssl_debug_error = 1 | ||
* esp_ssl_debug_warn = 2 | ||
* esp_ssl_debug_info = 3 | ||
* esp_ssl_debug_dump = 4 | ||
*/ | ||
ssl_client.setDebugLevel(1); | ||
|
||
// assign the basic client | ||
ssl_client.setClient(&basic_client); | ||
} | ||
|
||
void loop() | ||
{ | ||
Serial.println("---------------------------------"); | ||
Serial.print("Connecting to server..."); | ||
|
||
String payload = "{\"title\":\"hello\"}"; | ||
|
||
if (ssl_client.connect("reqres.in", 443)) | ||
{ | ||
Serial.println(" ok"); | ||
Serial.println("Send POST request..."); | ||
ssl_client.print("POST /api/users HTTP/1.1\n"); | ||
ssl_client.print("Host: reqres.in\n"); | ||
ssl_client.print("Content-Type: application/json\n"); | ||
ssl_client.print("Content-Length: "); | ||
ssl_client.print(payload.length()); | ||
ssl_client.print("\n\n"); | ||
ssl_client.print(payload); | ||
|
||
Serial.print("Read response..."); | ||
|
||
unsigned long ms = millis(); | ||
while (!ssl_client.available() && millis() - ms < 3000) | ||
{ | ||
delay(0); | ||
} | ||
Serial.println(); | ||
while (ssl_client.available()) | ||
{ | ||
Serial.print((char)ssl_client.read()); | ||
} | ||
Serial.println(); | ||
} | ||
else | ||
Serial.println(" failed\n"); | ||
|
||
ssl_client.stop(); | ||
|
||
Serial.println(); | ||
|
||
delay(5000); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,138 @@ | ||
/** | ||
* This example shows how to connect to server using W5500, ESP32 and SSL Client. | ||
* | ||
* This example works on the Arduino-Pico SDK from Earle F. Philhower. | ||
* https://github.com/earlephilhower/arduino-pico | ||
* | ||
* Email: [email protected] | ||
* | ||
* Github: https://github.com/mobizt/ESP_SSLSClient | ||
* | ||
* Copyright (c) 2023 mobizt | ||
* | ||
*/ | ||
|
||
#include <Arduino.h> | ||
#include <Ethernet.h> | ||
|
||
#include <ESP_SSLClient.h> | ||
|
||
#define WIZNET_RESET_PIN 26 // Connect W5500 Reset pin to GPIO 26 of ESP32 | ||
#define WIZNET_CS_PIN 5 // Connect W5500 CS pin to GPIO 5 of ESP32 | ||
#define WIZNET_MISO_PIN 19 // Connect W5500 MISO pin to GPIO 19 of ESP32 | ||
#define WIZNET_MOSI_PIN 23 // Connect W5500 MOSI pin to GPIO 23 of ESP32 | ||
#define WIZNET_SCLK_PIN 18 // Connect W5500 SCLK pin to GPIO 18 of ESP32 | ||
|
||
ESP_SSLClient ssl_client; | ||
|
||
EthernetClient basic_client; | ||
|
||
uint8_t Eth_MAC[] = {0x02, 0xF0, 0x0D, 0xBE, 0xEF, 0x01}; | ||
|
||
void ResetEthernet() | ||
{ | ||
Serial.println("Resetting WIZnet W5500 Ethernet Board... "); | ||
pinMode(WIZNET_RESET_PIN, OUTPUT); | ||
digitalWrite(WIZNET_RESET_PIN, HIGH); | ||
delay(200); | ||
digitalWrite(WIZNET_RESET_PIN, LOW); | ||
delay(50); | ||
digitalWrite(WIZNET_RESET_PIN, HIGH); | ||
delay(200); | ||
} | ||
|
||
void networkConnection() | ||
{ | ||
|
||
Ethernet.init(WIZNET_CS_PIN); | ||
|
||
ResetEthernet(); | ||
|
||
Serial.println("Starting Ethernet connection..."); | ||
Ethernet.begin(Eth_MAC); | ||
|
||
unsigned long to = millis(); | ||
|
||
while (Ethernet.linkStatus() == LinkOFF || millis() - to < 2000) | ||
{ | ||
delay(100); | ||
} | ||
|
||
if (Ethernet.linkStatus() == LinkON) | ||
{ | ||
Serial.print("Connected with IP "); | ||
Serial.println(Ethernet.localIP()); | ||
} | ||
else | ||
{ | ||
Serial.println("Can't connect"); | ||
} | ||
} | ||
|
||
void setup() | ||
{ | ||
Serial.begin(115200); | ||
|
||
networkConnection(); | ||
|
||
// ignore server ssl certificate verification | ||
ssl_client.setInsecure(); | ||
|
||
// Set the receive and transmit buffers size in bytes for memory allocation (512 to 16384). | ||
ssl_client.setBufferSizes(1024 /* rx */, 512 /* tx */); | ||
|
||
/** Call setDebugLevel(level) to set the debug | ||
* esp_ssl_debug_none = 0 | ||
* esp_ssl_debug_error = 1 | ||
* esp_ssl_debug_warn = 2 | ||
* esp_ssl_debug_info = 3 | ||
* esp_ssl_debug_dump = 4 | ||
*/ | ||
ssl_client.setDebugLevel(1); | ||
|
||
// assign the basic client | ||
ssl_client.setClient(&basic_client); | ||
} | ||
|
||
void loop() | ||
{ | ||
Serial.println("---------------------------------"); | ||
Serial.print("Connecting to server..."); | ||
|
||
String payload = "{\"title\":\"hello\"}"; | ||
|
||
if (ssl_client.connect("reqres.in", 443)) | ||
{ | ||
Serial.println(" ok"); | ||
Serial.println("Send POST request..."); | ||
ssl_client.print("POST /api/users HTTP/1.1\n"); | ||
ssl_client.print("Host: reqres.in\n"); | ||
ssl_client.print("Content-Type: application/json\n"); | ||
ssl_client.print("Content-Length: "); | ||
ssl_client.print(payload.length()); | ||
ssl_client.print("\n\n"); | ||
ssl_client.print(payload); | ||
|
||
Serial.print("Read response..."); | ||
|
||
unsigned long ms = millis(); | ||
while (!ssl_client.available() && millis() - ms < 3000) | ||
{ | ||
delay(0); | ||
} | ||
Serial.println(); | ||
while (ssl_client.available()) | ||
{ | ||
Serial.print((char)ssl_client.read()); | ||
} | ||
Serial.println(); | ||
} | ||
else | ||
Serial.println(" failed\n"); | ||
|
||
ssl_client.stop(); | ||
|
||
Serial.println(); | ||
|
||
delay(5000); | ||
} |
Oops, something went wrong.