Jon Bloom
reverted HTTPCLient debug back to defaulted off
Fork of
HTTPClient-SSL
by 
Keith Ruenheck
Revision 39:d7c5541a9124, committed 2015-01-19
- Comitter:
- Vanger
- Date:
- Mon Jan 19 21:55:15 2015 +0000
- Parent:
- 38:a4ccad70be9d
- Child:
- 40:6d9725c3eb6f
- Commit message:
- Pulling in the newest CyaSSL lib (3.3.0).; Tweaked code to be more robust.
Changed in this revision
--- a/CyaSSL.lib Wed Jan 14 22:39:59 2015 +0000 +++ b/CyaSSL.lib Mon Jan 19 21:55:15 2015 +0000 @@ -1,1 +1,1 @@ -http://developer.mbed.org/users/Vanger/code/CyaSSL/#e505054279ed +http://developer.mbed.org/teams/Multi-Hackers/code/CyaSSL_3_3_0/#b86d15c6ba29
--- a/HTTPClient.cpp Wed Jan 14 22:39:59 2015 +0000
+++ b/HTTPClient.cpp Mon Jan 19 21:55:15 2015 +0000
@@ -22,7 +22,7 @@
#define MAX_URL_PATH_LENGTH 128
//Debug is disabled by default
-#if 0
+#if 1
//Enable debug
#include <cstdio>
#define DBG(x, ...) std::printf("[HTTPClient : DBG]"x"\r\n", ##__VA_ARGS__);
@@ -118,9 +118,9 @@
CyaSSL_Init(); //Initialize CyaSSL
m_sock = &_m_sock;
- /* CyaSSL_Debugging_ON() ; */ //Turn on if the CyaSSL library isn't working for debug printf's
+ // CyaSSL_Debugging_ON() ; //Turn on if the CyaSSL library isn't working, for debug printf's
- peerMethod = VERIFY_FAIL_IF_NO_PEER_CERT;
+ peerMethod = VERIFY_PEER;
ctx = 0 ;
ssl = 0 ;
SSLver = 3 ;
@@ -244,7 +244,11 @@
}
void HTTPClient::setPeerVerification(SSLMethod method) {
- peerMethod = method;
+ if(method != VERIFY_NONE && method != VERIFY_PEER) {
+ ERR("That is not an acceptable verification choice");
+ } else {
+ peerMethod = method;
+ }
}
@@ -357,25 +361,26 @@
return HTTP_PROCESSING;
}
+ //SSL setup if being used
{ //Localize pMethod array for less overall memory time-use
std::string pMethod;
if(peerMethod == VERIFY_NONE) {
pMethod = "not verify peer";
} else if (peerMethod == VERIFY_PEER) {
pMethod = "verify peer if certificates available";
- } else if (peerMethod == VERIFY_FAIL_IF_NO_PEER_CERT) {
- pMethod = "verify peer and fail if no peer certificates available";
+ //Load the CA certificate(s) (If using multiple, concatenate them in the buffer being passed)
+ if(certificates != NULL) {
+ if (SSL_SUCCESS != CyaSSL_CTX_load_verify_buffer(ctx, (const unsigned char*)certificates, strlen(certificates), SSL_FILETYPE_PEM)) {
+ ERR("unable to load root certificates");
+ return HTTP_CONN;
+ }
+ }
}
DBG("SSL connection set to %s", pMethod.c_str());
}
CyaSSL_CTX_set_verify(ctx, peerMethod, 0); //SSL_VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_NONE, SSL_VERIFY_PEER
- //Load the CA certificate(s) (If using multiple, concatenate them in the buffer being passed)
- if (SSL_SUCCESS != CyaSSL_CTX_load_verify_buffer(ctx, (const unsigned char*)certificates, strlen(certificates), SSL_FILETYPE_PEM)) {
- ERR("unable to load root certificates");
- return HTTP_CONN;
- }
CyaSSL_SetIORecv(ctx, SocketReceive) ;
CyaSSL_SetIOSend(ctx, SocketSend) ;
}
@@ -694,8 +699,13 @@
}
}
+
+ if(m_sock->is_connected()) {
+ m_sock->close();
+ }
+
+ m_sock->close(true);
cyassl_free() ;
- m_sock->close(true);
DBG("Completed HTTP transaction");
if(redirect)return HTTP_REDIRECT ;
else return HTTP_OK;
--- a/HTTPClient.h Wed Jan 14 22:39:59 2015 +0000
+++ b/HTTPClient.h Mon Jan 19 21:55:15 2015 +0000
@@ -36,7 +36,6 @@
enum SSLMethod {
VERIFY_NONE = 0, ///Don't check peer certificate
VERIFY_PEER = 1, ///Check peer certificate and skip if none available (insecure)
- VERIFY_FAIL_IF_NO_PEER_CERT = 2, ///Check peer certificate and fail if unavailable
};
///HTTP client results