Commit 46257c03 authored by A C SREEDHAR REDDY's avatar A C SREEDHAR REDDY Committed by Me No Dev

handshake in ssl_client.cpp (#2044)

* issue #2041

* handshake timeout

* seconds to milliseconds
parent 06409648
...@@ -35,7 +35,7 @@ WiFiClientSecure::WiFiClientSecure() ...@@ -35,7 +35,7 @@ WiFiClientSecure::WiFiClientSecure()
sslclient = new sslclient_context; sslclient = new sslclient_context;
ssl_init(sslclient); ssl_init(sslclient);
sslclient->socket = -1; sslclient->socket = -1;
sslclient->handshake_timeout = 120000;
_CA_cert = NULL; _CA_cert = NULL;
_cert = NULL; _cert = NULL;
_private_key = NULL; _private_key = NULL;
...@@ -50,6 +50,7 @@ WiFiClientSecure::WiFiClientSecure(int sock) ...@@ -50,6 +50,7 @@ WiFiClientSecure::WiFiClientSecure(int sock)
sslclient = new sslclient_context; sslclient = new sslclient_context;
ssl_init(sslclient); ssl_init(sslclient);
sslclient->socket = sock; sslclient->socket = sock;
sslclient->handshake_timeout = 120000;
if (sock >= 0) { if (sock >= 0) {
_connected = true; _connected = true;
...@@ -285,3 +286,8 @@ int WiFiClientSecure::lastError(char *buf, const size_t size) ...@@ -285,3 +286,8 @@ int WiFiClientSecure::lastError(char *buf, const size_t size)
snprintf(buf, size, "%s", error_buf); snprintf(buf, size, "%s", error_buf);
return _lastError; return _lastError;
} }
void WiFiClientSecure::setHandshakeTimeout(unsigned long handshake_timeout)
{
sslclient->handshake_timeout = handshake_timeout * 1000;
}
\ No newline at end of file
...@@ -62,6 +62,7 @@ public: ...@@ -62,6 +62,7 @@ public:
bool loadCertificate(Stream& stream, size_t size); bool loadCertificate(Stream& stream, size_t size);
bool loadPrivateKey(Stream& stream, size_t size); bool loadPrivateKey(Stream& stream, size_t size);
bool verify(const char* fingerprint, const char* domain_name); bool verify(const char* fingerprint, const char* domain_name);
void setHandshakeTimeout(unsigned long handshake_timeout);
operator bool() operator bool()
{ {
......
...@@ -158,11 +158,13 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p ...@@ -158,11 +158,13 @@ int start_ssl_client(sslclient_context *ssl_client, const char *host, uint32_t p
mbedtls_ssl_set_bio(&ssl_client->ssl_ctx, &ssl_client->socket, mbedtls_net_send, mbedtls_net_recv, NULL ); mbedtls_ssl_set_bio(&ssl_client->ssl_ctx, &ssl_client->socket, mbedtls_net_send, mbedtls_net_recv, NULL );
log_v("Performing the SSL/TLS handshake..."); log_v("Performing the SSL/TLS handshake...");
unsigned long handshake_start_time=millis();
while ((ret = mbedtls_ssl_handshake(&ssl_client->ssl_ctx)) != 0) { while ((ret = mbedtls_ssl_handshake(&ssl_client->ssl_ctx)) != 0) {
if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
return handle_error(ret); return handle_error(ret);
} }
if((millis()-handshake_start_time)>ssl_client->handshake_timeout)
return -1;
vTaskDelay(10 / portTICK_PERIOD_MS); vTaskDelay(10 / portTICK_PERIOD_MS);
} }
......
...@@ -23,6 +23,8 @@ typedef struct sslclient_context { ...@@ -23,6 +23,8 @@ typedef struct sslclient_context {
mbedtls_x509_crt ca_cert; mbedtls_x509_crt ca_cert;
mbedtls_x509_crt client_cert; mbedtls_x509_crt client_cert;
mbedtls_pk_context client_key; mbedtls_pk_context client_key;
unsigned long handshake_timeout;
} sslclient_context; } sslclient_context;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment