Feasibility of implementing WiFiServerSecure in v2.* using esp-tls ESP-IDF component?

[michkot]

Related area

WiFi, TCP server, TLS, mbedlts

Hardware specification

Is your feature request related to a problem?

(Hi folks, )

I am missing WiFiSecureServer which I'd like to make secure-websokcets work (https://github.com/Links2004/arduinoWebSockets can be modified to work as WSS server, simply swapping WiFiServer with WifiServerSecure on ESP8266)

I read through this issue #3902 about WebServerSecure & its related issues

Describe the solution you'd like

I think about writing the missing "core library class" WifFiServerSecure myself and if at least partially successful, making a pull request (I already have some practice hacking libraries for Arduino ESP8266 & STM32s)
Specifically it seems that I could use esp-tls component do to this without writing too much new logic - https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/protocols/esp_tls.html. It implements TLS client & server related logic. However the fact that the current implementation of WiFiClientSecure does not use esp-tls and instead uses mbedlts directly alarms me that it might not be that straightforward:
https://github.com/espressif/arduino-esp32/blob/2.0.5/libraries/WiFiClientSecure/src/WiFiClientSecure.cpp
https://github.com/espressif/arduino-esp32/blob/2.0.5/libraries/WiFiClientSecure/src/ssl_client.cpp (claims to be adapted ssl_client1 from mbedlts examples).

Given that #7447 (comment) is "sort of promising" HTTPS server example, I assume that WebServerSecure itself is scheduled for 3.* and there might be some relevant work already laid and/oror there are people who might know about the reason why esp-tls is not used for WiFiClientSecure (did not exists at that time?) and if there would be anything bad with implementing WifFiServerSecure on top of it?

@VojtechBartoska seems to be a good first contact (🙏)
I can see from blame of the client-related files that @ me-no-dev , @ vlastahajek , @ dirkx, @ chemicstry would be relevant.

Describe alternatives you've considered

No response

Additional context

No response

I have checked existing list of Feature requests and the Contribution Guide

• I confirm I have checked existing list of Feature requests and Contribution Guide.

[VojtechBartoska]

Hello @michkot, thanks for opening new feature request and your suggestion.

Your are right on our plans, we want to investigate this for next major release 3.0.0.

Due to the fact, you are willing to help with this directly, we will take a look on your proposal and share are opinion if we will be able to decide it now.

@me-no-dev & @SuGlider, feel free to share your comments to this if you have any. Thank you.

[SuGlider]

Yes, sure.
I just think that implementing it would require some time and also it would be good to to study possible solutions.
We can consider it for 3.0.0.

[michkot]

I've created a very, very raw version that compiles, but have not tried it using it yet. I also added comments about some suspicious logic/semantics of copy-ctor and connect() in the WiFiClientSecure.
commit to see -> michkot@d1e08d1
Linking in esp-tls (well whatever get's linked when I add dependency on esp_tls_server_session_create and the like) adds ~7kB of used flash.

[michkot]

I have been able to bring the code to a working condition! (but it's not in a state where I would attempt a PRequest against this repo yet I think)
michkot#1

[Parsaabasi]

Hello,

Due to the overwhelming volume of issues currently being addressed, we have decided to close the previously received tickets. If you still require assistance or if the issue persists, please don't hesitate to reopen the ticket.

Thanks.