WiFiClientSecure: initialize ssl_ctx when loading certificate

igrr · igrr · commit 79cfad5d4615 · 2017-05-21T22:00:33.000-05:00
Fixes #2470
diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp
@@ -94,6 +94,9 @@ class SSLContext
         ssl_ext_set_host_name(ext, hostName);
         ssl_ext_set_max_fragment_size(ext, 4096);
         s_io_ctx = ctx;
+        if (_ssl) {
+            ssl_free(_ssl);
+        }
         _ssl = ssl_client_new(_ssl_ctx, 0, nullptr, 0, ext);
         uint32_t t = millis();
 
@@ -239,7 +242,7 @@ class SSLContext
             }
             return 0;
         }
-        DEBUGV(":wcs ra %d", rc);
+        DEBUGV(":wcs ra %d\r\n", rc);
         _read_ptr = data;
         _available = rc;
         return _available;
@@ -311,13 +314,10 @@ int WiFiClientSecure::connect(const char* name, uint16_t port)
 
 int WiFiClientSecure::_connectSSL(const char* hostName)
 {
-    if (_ssl) {
-        _ssl->unref();
-        _ssl = nullptr;
+    if (!_ssl) {
+        _ssl = new SSLContext;
+        _ssl->ref();
     }
-
-    _ssl = new SSLContext;
-    _ssl->ref();
     _ssl->connect(_client, hostName, 5000);
 
     auto status = ssl_handshake_status(*_ssl);
@@ -553,47 +553,53 @@ bool WiFiClientSecure::verifyCertChain(const char* domain_name)
 bool WiFiClientSecure::setCACert(const uint8_t* pk, size_t size)
 {
     if (!_ssl) {
-        return false;
+        _ssl = new SSLContext;
+        _ssl->ref();
     }
     return _ssl->loadObject(SSL_OBJ_X509_CACERT, pk, size);
 }
 
 bool WiFiClientSecure::setCertificate(const uint8_t* pk, size_t size)
 {
     if (!_ssl) {
-        return false;
+        _ssl = new SSLContext;
+        _ssl->ref();
     }
     return _ssl->loadObject(SSL_OBJ_X509_CERT, pk, size);
 }
 
 bool WiFiClientSecure::setPrivateKey(const uint8_t* pk, size_t size)
 {
     if (!_ssl) {
-        return false;
+        _ssl = new SSLContext;
+        _ssl->ref();
     }
     return _ssl->loadObject(SSL_OBJ_RSA_KEY, pk, size);
 }
 
 bool WiFiClientSecure::loadCACert(Stream& stream, size_t size)
 {
     if (!_ssl) {
-        return false;
+        _ssl = new SSLContext;
+        _ssl->ref();
     }
     return _ssl->loadObject(SSL_OBJ_X509_CACERT, stream, size);
 }
 
 bool WiFiClientSecure::loadCertificate(Stream& stream, size_t size)
 {
     if (!_ssl) {
-        return false;
+        _ssl = new SSLContext;
+        _ssl->ref();
     }
     return _ssl->loadObject(SSL_OBJ_X509_CERT, stream, size);
 }
 
 bool WiFiClientSecure::loadPrivateKey(Stream& stream, size_t size)
 {
     if (!_ssl) {
-        return false;
+        _ssl = new SSLContext;
+        _ssl->ref();
     }
     return _ssl->loadObject(SSL_OBJ_RSA_KEY, stream, size);
 }

Original file line number	Diff line number	Diff line change
`@@ -94,6 +94,9 @@ class SSLContext`
`94`	`94`	`ssl_ext_set_host_name(ext, hostName);`
`95`	`95`	`ssl_ext_set_max_fragment_size(ext, 4096);`
`96`	`96`	`s_io_ctx = ctx;`
	`97`	`+ if (_ssl) {`
	`98`	`+ ssl_free(_ssl);`
	`99`	`+ }`
`97`	`100`	`_ssl = ssl_client_new(_ssl_ctx, 0, nullptr, 0, ext);`
`98`	`101`	`uint32_t t = millis();`
`99`	`102`
`@@ -239,7 +242,7 @@ class SSLContext`
`239`	`242`	`}`
`240`	`243`	`return 0;`
`241`	`244`	`}`
`242`		`- DEBUGV(":wcs ra %d", rc);`
	`245`	`+ DEBUGV(":wcs ra %d\r\n", rc);`
`243`	`246`	`_read_ptr = data;`
`244`	`247`	`_available = rc;`
`245`	`248`	`return _available;`
`@@ -311,13 +314,10 @@ int WiFiClientSecure::connect(const char* name, uint16_t port)`
`311`	`314`
`312`	`315`	`int WiFiClientSecure::_connectSSL(const char* hostName)`
`313`	`316`	`{`
`314`		`- if (_ssl) {`
`315`		`- _ssl->unref();`
`316`		`- _ssl = nullptr;`
	`317`	`+ if (!_ssl) {`
	`318`	`+ _ssl = new SSLContext;`
	`319`	`+ _ssl->ref();`
`317`	`320`	`}`
`318`		`-`
`319`		`- _ssl = new SSLContext;`
`320`		`- _ssl->ref();`
`321`	`321`	`_ssl->connect(_client, hostName, 5000);`
`322`	`322`
`323`	`323`	`auto status = ssl_handshake_status(*_ssl);`
`@@ -553,47 +553,53 @@ bool WiFiClientSecure::verifyCertChain(const char* domain_name)`
`553`	`553`	`bool WiFiClientSecure::setCACert(const uint8_t* pk, size_t size)`
`554`	`554`	`{`
`555`	`555`	`if (!_ssl) {`
`556`		`- return false;`
	`556`	`+ _ssl = new SSLContext;`
	`557`	`+ _ssl->ref();`
`557`	`558`	`}`
`558`	`559`	`return _ssl->loadObject(SSL_OBJ_X509_CACERT, pk, size);`
`559`	`560`	`}`
`560`	`561`
`561`	`562`	`bool WiFiClientSecure::setCertificate(const uint8_t* pk, size_t size)`
`562`	`563`	`{`
`563`	`564`	`if (!_ssl) {`
`564`		`- return false;`
	`565`	`+ _ssl = new SSLContext;`
	`566`	`+ _ssl->ref();`
`565`	`567`	`}`
`566`	`568`	`return _ssl->loadObject(SSL_OBJ_X509_CERT, pk, size);`
`567`	`569`	`}`
`568`	`570`
`569`	`571`	`bool WiFiClientSecure::setPrivateKey(const uint8_t* pk, size_t size)`
`570`	`572`	`{`
`571`	`573`	`if (!_ssl) {`
`572`		`- return false;`
	`574`	`+ _ssl = new SSLContext;`
	`575`	`+ _ssl->ref();`
`573`	`576`	`}`
`574`	`577`	`return _ssl->loadObject(SSL_OBJ_RSA_KEY, pk, size);`
`575`	`578`	`}`
`576`	`579`
`577`	`580`	`bool WiFiClientSecure::loadCACert(Stream& stream, size_t size)`
`578`	`581`	`{`
`579`	`582`	`if (!_ssl) {`
`580`		`- return false;`
	`583`	`+ _ssl = new SSLContext;`
	`584`	`+ _ssl->ref();`
`581`	`585`	`}`
`582`	`586`	`return _ssl->loadObject(SSL_OBJ_X509_CACERT, stream, size);`
`583`	`587`	`}`
`584`	`588`
`585`	`589`	`bool WiFiClientSecure::loadCertificate(Stream& stream, size_t size)`
`586`	`590`	`{`
`587`	`591`	`if (!_ssl) {`
`588`		`- return false;`
	`592`	`+ _ssl = new SSLContext;`
	`593`	`+ _ssl->ref();`
`589`	`594`	`}`
`590`	`595`	`return _ssl->loadObject(SSL_OBJ_X509_CERT, stream, size);`
`591`	`596`	`}`
`592`	`597`
`593`	`598`	`bool WiFiClientSecure::loadPrivateKey(Stream& stream, size_t size)`
`594`	`599`	`{`
`595`	`600`	`if (!_ssl) {`
`596`		`- return false;`
	`601`	`+ _ssl = new SSLContext;`
	`602`	`+ _ssl->ref();`
`597`	`603`	`}`
`598`	`604`	`return _ssl->loadObject(SSL_OBJ_RSA_KEY, stream, size);`
`599`	`605`	`}`