stop some more debug and add test server cert+key

me-no-dev · Aug 24, 2016 · dedc3c4 · dedc3c4
1 parent df44ce9
commit dedc3c4
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 150 deletions.
diff --git a/src/ESPAsyncTCP.cpp b/src/ESPAsyncTCP.cpp
@@ -343,7 +343,7 @@ void AsyncClient::_ssl_error(int8_t err){
 
 int8_t AsyncClient::_sent(tcp_pcb* pcb, uint16_t len) {
   _rx_last_packet = millis();
-  ets_printf("ack: %u\n", len);
+  //ets_printf("ack: %u\n", len);
   _pcb_busy = false;
   if(_sent_cb)
     _sent_cb(_sent_cb_arg, this, len, (millis() - _pcb_sent_at));
@@ -354,7 +354,7 @@ int8_t AsyncClient::_recv(tcp_pcb* pcb, pbuf* pb, int8_t err) {
   if(pb == 0){
     //ets_printf("_pb null! %d\n", err);
     return _close();
-  } else ets_printf("_recv: %d\n", pb->tot_len);
+  } //else ets_printf("_recv: %d\n", pb->tot_len);
 
   _rx_last_packet = millis();
   if(_pcb_secure){

diff --git a/src/include/ssl_config.h b/src/include/ssl_config.h
diff --git a/src/tcp_axtls.c b/src/tcp_axtls.c
@@ -124,7 +124,7 @@ tcp_ssl_t * tcp_ssl_new(struct tcp_pcb *tcp) {
     item->next = new_item;
   }
 
-  TCP_SSL_DEBUG("tcp_ssl_new: %d\n", new_item->fd);
+  //TCP_SSL_DEBUG("tcp_ssl_new: %d\n", new_item->fd);
   return new_item;
 }
 
@@ -223,7 +223,7 @@ int tcp_ssl_free(struct tcp_pcb *tcp) {
     if(item->tcp_pbuf != NULL){
       pbuf_free(item->tcp_pbuf);
     }
-    TCP_SSL_DEBUG("tcp_ssl_free: %d\n", item->fd);
+    //TCP_SSL_DEBUG("tcp_ssl_free: %d\n", item->fd);
     if(item->ssl)
       ssl_free(item->ssl);
     if(item->type == TCP_SSL_TYPE_CLIENT && item->ssl_ctx)
@@ -244,7 +244,7 @@ int tcp_ssl_free(struct tcp_pcb *tcp) {
   if(i->tcp_pbuf != NULL){
     pbuf_free(i->tcp_pbuf);
   }
-  TCP_SSL_DEBUG("tcp_ssl_free: %d\n", i->fd);
+  //TCP_SSL_DEBUG("tcp_ssl_free: %d\n", i->fd);
   if(i->ssl)
     ssl_free(i->ssl);
   if(i->type == TCP_SSL_TYPE_CLIENT && i->ssl_ctx)
@@ -274,7 +274,7 @@ int tcp_ssl_write(struct tcp_pcb *tcp, uint8_t *data, size_t len) {
     return rc;
   }
 
-  TCP_SSL_DEBUG("tcp_ssl_write: %u -> %d\r\n", len, axl->last_wr);
+  //TCP_SSL_DEBUG("tcp_ssl_write: %u -> %d\r\n", len, axl->last_wr);
 
   return axl->last_wr;
 }
@@ -333,7 +333,7 @@ int tcp_ssl_read(struct tcp_pcb *tcp, struct pbuf *p) {
       if(fd_data->handshake != SSL_OK) {
         fd_data->handshake = ssl_handshake_status(fd_data->ssl);
         if(fd_data->handshake == SSL_OK){
-          TCP_SSL_DEBUG("tcp_ssl_read: handshake OK\n");
+          //TCP_SSL_DEBUG("tcp_ssl_read: handshake OK\n");
           if(fd_data->on_handshake)
             fd_data->on_handshake(fd_data->arg, fd_data->tcp, fd_data->ssl);
         } else if(fd_data->handshake != SSL_NOT_OK){
@@ -470,7 +470,7 @@ int ax_port_write(int fd, uint8_t *data, uint16_t len) {
 
 
   if (err == ERR_OK) {
-    TCP_SSL_DEBUG("ax_port_write: tcp_output length %d / %d\n", tcp_len, len);
+    //TCP_SSL_DEBUG("ax_port_write: tcp_output length %d / %d\n", tcp_len, len);
     err = tcp_output(fd_data->tcp);
     if(err != ERR_OK) {
       TCP_SSL_DEBUG("ax_port_write: tcp_output err: %d\n", err);
@@ -492,7 +492,7 @@ int ax_port_read(int fd, uint8_t *data, int len) {
   uint8_t *pread_buf = NULL;
   u16_t recv_len = 0;
 
-  TCP_SSL_DEBUG("ax_port_read: %d, %d\n", fd, len);
+  //TCP_SSL_DEBUG("ax_port_read: %d, %d\n", fd, len);
 
   fd_data = tcp_ssl_get_by_fd(fd);
   if (fd_data == NULL) {

diff --git a/src/tcp_axtls.h b/src/tcp_axtls.h
@@ -37,7 +37,6 @@ extern "C" {
 #endif
 
 #include "include/ssl.h"
-#include "include/ssl_config.h"
 
 #define ERR_TCP_SSL_INVALID_SSL           -101
 #define ERR_TCP_SSL_INVALID_TCP           -102

diff --git a/ssl/gen_server_cert.sh b/ssl/gen_server_cert.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+cat > ca_cert.conf << EOF  
+[ req ]
+distinguished_name     = req_distinguished_name
+prompt                 = no
+
+[ req_distinguished_name ]
+ O                      = Espressif Systems
+EOF
+
+openssl genrsa -out axTLS.ca_key.pem 2048
+openssl req -new -config ./ca_cert.conf -key axTLS.ca_key.pem -out axTLS.ca_x509.req
+openssl x509 -req -sha1 -days 5000 -signkey axTLS.ca_key.pem -CAkey axTLS.ca_key.pem -in axTLS.ca_x509.req -out axTLS.ca_x509.pem
+
+cat > certs.conf << EOF  
+[ req ]
+distinguished_name     = req_distinguished_name
+prompt                 = no
+
+[ req_distinguished_name ]
+ O                      = axTLS on ESP8266
+ CN                     = esp8266.local
+EOF
+
+openssl genrsa -out axTLS.key_1024.pem 1024
+openssl req -new -config ./certs.conf -key axTLS.key_1024.pem -out axTLS.x509_1024.req
+openssl x509 -req -sha1 -CAcreateserial -days 5000 -CA axTLS.ca_x509.pem -CAkey axTLS.ca_key.pem -in axTLS.x509_1024.req -out axTLS.x509_1024.pem
+
+openssl rsa -outform DER -in axTLS.key_1024.pem -out axTLS.key_1024
+openssl x509 -outform DER -in axTLS.x509_1024.pem -out axTLS.x509_1024.cer
+
+cat axTLS.key_1024 > server.key
+cat axTLS.x509_1024.cer > server.cer
+
+rm axTLS.* ca_cert.conf certs.conf
diff --git a/ssl/server.cer b/ssl/server.cer
diff --git a/ssl/server.key b/ssl/server.key