BearSSLClient: allow configuration after object creation

pennam · pennam · commit bbbbd604104c · 2024-05-17T11:04:30.000+02:00
diff --git a/src/tls/BearSSLClient.cpp b/src/tls/BearSSLClient.cpp
@@ -34,18 +34,30 @@
 
 #include "BearSSLClient.h"
 
-extern "C" void aiotc_client_profile_init(br_ssl_client_context *cc, br_x509_minimal_context *xc, const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num);
+bool BearSSLClient::_sslio_closing = false;
 
+extern "C" void aiotc_client_profile_init(br_ssl_client_context *cc, br_x509_minimal_context *xc, const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num);
 
-bool BearSSLClient::_sslio_closing = false;
+BearSSLClient::BearSSLClient() :
+  _noSNI(false),
+  _get_time_func(nullptr)
+{
+  _ecKey.curve = 0;
+  _ecKey.x = NULL;
+  _ecKey.xlen = 0;
 
+  _ecCert.data = NULL;
+  _ecCert.data_len = 0;
+  _ecCertDynamic = false;
+}
 
 BearSSLClient::BearSSLClient(Client* client, const br_x509_trust_anchor* myTAs, int myNumTAs, GetTimeCallbackFunc func) :
   _client(client),
   _TAs(myTAs),
   _numTAs(myNumTAs),
   _noSNI(false),
-  _get_time_func(func)
+  _get_time_func(func),
+  _br_ssl_client_init_function(aiotc_client_profile_init)
 {
   assert(_get_time_func != nullptr);
 
@@ -266,8 +278,8 @@ int BearSSLClient::connectSSL(const char* host)
   /* Ensure this flag is cleared so we don't terminate a just starting connection. */
   _sslio_closing = false;
 
-  // initialize client context with all necessary algorithms and hardcoded trust anchors.
-  aiotc_client_profile_init(&_sc, &_xc, _TAs, _numTAs);
+  // initialize client context with enabled algorithms and trust anchors
+  _br_ssl_client_init_function(&_sc, &_xc, _TAs, _numTAs);
 
   br_ssl_engine_set_buffers_bidi(&_sc.eng, _ibuf, sizeof(_ibuf), _obuf, sizeof(_obuf));
 
@@ -278,7 +290,7 @@ int BearSSLClient::connectSSL(const char* host)
     // ECC508 random success, add custom ECDSA vfry and EC sign
     br_ssl_engine_set_ecdsa(&_sc.eng, eccX08_vrfy_asn1);
     br_x509_minimal_set_ecdsa(&_xc, br_ssl_engine_get_ec(&_sc.eng), br_ssl_engine_get_ecdsa(&_sc.eng));
-    
+
     // enable client auth using the ECCX08
     if (_ecCert.data_len && _ecKey.xlen) {
       br_ssl_client_set_single_ec(&_sc, &_ecCert, 1, &_ecKey, BR_KEYTYPE_KEYX | BR_KEYTYPE_SIGN, BR_KEYTYPE_EC, br_ec_get_default(), eccX08_sign_asn1);
diff --git a/src/tls/BearSSLClient.h b/src/tls/BearSSLClient.h
@@ -48,11 +48,14 @@ class BearSSLClient : public Client {
 public:
 
   BearSSLClient(Client* client, const br_x509_trust_anchor* myTAs, int myNumTAs, GetTimeCallbackFunc func);
+  BearSSLClient();
   virtual ~BearSSLClient();
 
 
   inline void setClient(Client& client) { _client = &client; }
-
+  inline void setProfile(void(*client_init_function)(br_ssl_client_context *cc, br_x509_minimal_context *xc, const br_x509_trust_anchor *trust_anchors, size_t trustrust_anchorst_anchors_num)) { _br_ssl_client_init_function = client_init_function; }
+  inline void setTrustAnchors(const br_x509_trust_anchor* myTAs, int myNumTAs) { _TAs = myTAs; _numTAs = myNumTAs; }
+  inline void onGetTime(GetTimeCallbackFunc callback) { _get_time_func = callback;}
 
   virtual int connect(IPAddress ip, uint16_t port);
   virtual int connect(const char* host, uint16_t port);
@@ -103,6 +106,8 @@ class BearSSLClient : public Client {
   unsigned char _ibuf[BEAR_SSL_CLIENT_IBUF_SIZE];
   unsigned char _obuf[BEAR_SSL_CLIENT_OBUF_SIZE];
   br_sslio_context _ioc;
+
+  void (*_br_ssl_client_init_function)(br_ssl_client_context *cc, br_x509_minimal_context *xc, const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num);
 };
 
 #endif /* #ifdef BOARD_HAS_ECCX08 */
