Kentaro Sekimoto / HTTPClient-SSL

Change buffer sizes to support GR-PEACH

Dependencies:   CyaSSL

Dependents:   GR-PEACH_Azure_Speech

Fork of HTTPClient-SSL by MultiTech

Diff: HTTPClient.cpp

Revision:
39:d7c5541a9124
Parent:
38:a4ccad70be9d
Child:
40:6d9725c3eb6f
--- a/HTTPClient.cpp	Wed Jan 14 22:39:59 2015 +0000
+++ b/HTTPClient.cpp	Mon Jan 19 21:55:15 2015 +0000
@@ -22,7 +22,7 @@
 #define MAX_URL_PATH_LENGTH     128
 
 //Debug is disabled by default
-#if 0
+#if 1
 //Enable debug
 #include <cstdio>
 #define DBG(x, ...) std::printf("[HTTPClient : DBG]"x"\r\n", ##__VA_ARGS__);
@@ -118,9 +118,9 @@
     CyaSSL_Init(); //Initialize CyaSSL
 
     m_sock = &_m_sock;
-    /* CyaSSL_Debugging_ON() ; */  //Turn on if the CyaSSL library isn't working for debug printf's
+    // CyaSSL_Debugging_ON() ;   //Turn on if the CyaSSL library isn't working, for debug printf's
     
-    peerMethod = VERIFY_FAIL_IF_NO_PEER_CERT;
+    peerMethod = VERIFY_PEER;
     ctx = 0 ;
     ssl = 0 ;
     SSLver = 3 ; 
@@ -244,7 +244,11 @@
 }
 
 void HTTPClient::setPeerVerification(SSLMethod method) {
-    peerMethod = method;
+    if(method != VERIFY_NONE && method != VERIFY_PEER) {
+        ERR("That is not an acceptable verification choice");
+    } else {
+        peerMethod = method;
+    }
 }
 
 
@@ -357,25 +361,26 @@
                 return HTTP_PROCESSING;
             }
             
+            //SSL setup if being used
             { //Localize pMethod array for less overall memory time-use
                 std::string pMethod;
                 if(peerMethod == VERIFY_NONE) {
                     pMethod = "not verify peer";
                 } else if (peerMethod == VERIFY_PEER) {
                     pMethod = "verify peer if certificates available";
-                } else if (peerMethod == VERIFY_FAIL_IF_NO_PEER_CERT) {
-                    pMethod = "verify peer and fail if no peer certificates available";
+                    //Load the CA certificate(s) (If using multiple, concatenate them in the buffer being passed)
+                    if(certificates != NULL) {
+                        if (SSL_SUCCESS != CyaSSL_CTX_load_verify_buffer(ctx, (const unsigned char*)certificates, strlen(certificates), SSL_FILETYPE_PEM)) {
+                            ERR("unable to load root certificates");
+                            return HTTP_CONN;
+                        }
+                    }
                 }
                 DBG("SSL connection set to %s", pMethod.c_str());
             }
             
             CyaSSL_CTX_set_verify(ctx, peerMethod, 0); //SSL_VERIFY_FAIL_IF_NO_PEER_CERT, VERIFY_NONE, SSL_VERIFY_PEER
             
-            //Load the CA certificate(s) (If using multiple, concatenate them in the buffer being passed)
-            if (SSL_SUCCESS != CyaSSL_CTX_load_verify_buffer(ctx, (const unsigned char*)certificates, strlen(certificates), SSL_FILETYPE_PEM)) {
-                ERR("unable to load root certificates");
-                return HTTP_CONN;
-            }
             CyaSSL_SetIORecv(ctx, SocketReceive) ;
             CyaSSL_SetIOSend(ctx, SocketSend) ;
         }
@@ -694,8 +699,13 @@
         }
 
     }
+    
+    if(m_sock->is_connected()) {
+        m_sock->close();
+    }
+    
+    m_sock->close(true);
     cyassl_free() ;
-    m_sock->close(true);
     DBG("Completed HTTP transaction");
     if(redirect)return HTTP_REDIRECT ;
     else        return HTTP_OK;