JSD/TinyGSM_Senseright
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Refined SSL implementation.

Browse Source
This commit is contained in:
Michael Krumpus
2019-02-03 11:19:59 -06:00
parent d2dde3569c
commit afd96430e3
1 changed files with 37 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
src/TinyGsmClientSequansMonarch.h
View File

@@ -204,14 +204,40 @@ public:
: GsmClient(modem, mux) : GsmClient(modem, mux)
{} {}
protected:
bool strictSSL = false;
public: public:
virtual int connect(const char *host, uint16_t port) { virtual int connect(const char *host, uint16_t port) {
if (sock_connected) stop(); if (sock_connected) stop();
TINY_GSM_YIELD(); TINY_GSM_YIELD();
rx.clear(); rx.clear();
// configure security profile 1 with parameters:
if (strictSSL) {
// require minimum of TLS 1.2 (3)
// only support cipher suite 0x3D: TLS_RSA_WITH_AES_256_CBC_SHA256
// verify server certificate against imported CA certs 0 and enforce validity period (3)
at->sendAT(GF("+SQNSPCFG=1,3,\"0x3D\",3,0,,,\"\",\"\""));
} else {
// use TLS 1.0 or higher (1)
// support wider variety of cipher suites
// do not verify server certificate (0)
at->sendAT(GF("+SQNSPCFG=1,1,\"0x2F;0x35;0x3C;0x3D\",0,,,,\"\",\"\""));
}
if (at->waitResponse() != 1) {
DBG("failed to configure security profile");
return false;
}
sock_connected = at->modemConnect(host, port, mux, true); sock_connected = at->modemConnect(host, port, mux, true);
return sock_connected; return sock_connected;
} }
void setStrictSSL(bool strict) {
strictSSL = strict;
}
}; };
public: public:
@@ -299,11 +325,7 @@ public:
} }
bool hasSSL() { bool hasSSL() {
sendAT(GF("+SQNSPCFG=1")); return true;
if (waitResponse(GFP(GSM_OK), GF(GSM_NL "+SQNSPCFG:")) != 2) {
return false;
}
return waitResponse() == 1;
} }
/* /*
@@ -559,57 +581,27 @@ public:
/* /*
* Location functions * Location functions
*/ */
String getGsmLocation() TINY_GSM_ATTR_NOT_AVAILABLE;
// TODO
String getGsmLocation() {
sendAT(GF("+CIPGSMLOC=1,1"));
if (waitResponse(10000L, GF(GSM_NL "+CIPGSMLOC:")) != 1) {
return "";
}
String res = stream.readStringUntil('\n');
waitResponse();
res.trim();
return res;
}
/* /*
* Battery functions * Battery functions
*/ */
// Use: float vBatt = modem.getBattVoltage() / 1000.0; uint16_t getBattVoltage() TINY_GSM_ATTR_NOT_AVAILABLE;
// TODO
uint16_t getBattVoltage() {
sendAT(GF("+CBC"));
if (waitResponse(GF(GSM_NL "+CBC:")) != 1) {
return 0;
}
streamSkipUntil(','); // Skip
streamSkipUntil(','); // Skip
uint16_t res = stream.readStringUntil(',').toInt(); int getBattPercent() TINY_GSM_ATTR_NOT_AVAILABLE;
waitResponse();
return res;
}
// TODO
int getBattPercent() {
sendAT(GF("+CBC"));
if (waitResponse(GF(GSM_NL "+CBC:")) != 1) {
return false;
}
stream.readStringUntil(',');
int res = stream.readStringUntil(',').toInt();
waitResponse();
return res;
}
protected: protected:
bool modemConnect(const char* host, uint16_t port, uint8_t mux, bool ssl = false) { bool modemConnect(const char* host, uint16_t port, uint8_t mux, bool ssl = false) {
int rsp; int rsp;
if ((ssl) && (!hasSSL())) { if (ssl) {
DBG("SSL not configured. Use AT+SQNSPCFG to configure security profile 1"); // enable SSl and use security profile 1
return false; sendAT(GF("+SQNSSCFG="), mux, GF(",1,1"));
if (waitResponse() != 1) {
DBG("failed to configure secure socket");
return false;
}
} }
sendAT(GF("+SQNSCFG="), mux, GF(",3,300,90,600,50")); sendAT(GF("+SQNSCFG="), mux, GF(",3,300,90,600,50"));
@@ -618,14 +610,6 @@ protected:
sendAT(GF("+SQNSCFGEXT="), mux, GF(",1,0,0,0,0")); sendAT(GF("+SQNSCFGEXT="), mux, GF(",1,0,0,0,0"));
waitResponse(); waitResponse();
if (ssl) {
// enable SSl and use security profile 1
sendAT(GF("+SQNSSCFG="), mux, GF(",1,1"));
if (waitResponse() != 1) {
return false;
}
}
sendAT(GF("+SQNSD="), mux, ",0,", port, ',', GF("\""), host, GF("\""), ",0,0,1"); sendAT(GF("+SQNSD="), mux, ",0,", port, ',', GF("\""), host, GF("\""), ",0,0,1");
rsp = waitResponse(75000L, rsp = waitResponse(75000L,
GF("OK" GSM_NL), GF("OK" GSM_NL),