lmoskala/SSLClient
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

update doxy

Browse source
This commit is contained in:
Noah Laptop 2019-08-05 21:47:12 -07:00
parent 81cb0db897
commit d4e988f6f1
56 changed files with 1299 additions and 292 deletions
Download patch file Download diff file Expand all files Collapse all files

8
docs/html/index.html
View file

@ -91,13 +91,15 @@ $(document).ready(function(){initNavTree('index.html','');});
<div class="title"><a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> - Arduino Library For SSL </div> </div>
</div><!--header-->
<div class="contents">
<div class="textblock"><p><b><a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> requires at least 110kb flash and 8kb RAM, and will not compile otherwise. This means that most Arduino boards are not supported. Check your board's specifications before attempting to use this library.</b></p>
<div class="textblock"><p><a href="https://travis-ci.org/OPEnSLab-OSU/SSLClient"><img src="https://travis-ci.org/OPEnSLab-OSU/SSLClient.svg?branch=master" alt="Build Status" class="inline"/>
</a></p>
<p><b><a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> requires at least 110kb flash and 7kb RAM, and will not compile otherwise. This means that most Arduino boards are not supported. Check your board's specifications before attempting to use this library.</b></p>
<p>You can also view this README in <a href="https://openslab-osu.github.io/SSLClient/html/index.html">doxygen</a>.</p>
<p><a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> is a simple library to add <a href="https://www.websecurity.symantec.com/security-topics/what-is-ssl-tls-https">TLS 1.2</a> functionality to any network library implementing the <a href="https://www.arduino.cc/en/Reference/ClientConstructor">Arduino Client interface</a>, including the Arduino <a href="https://www.arduino.cc/en/Reference/EthernetClient">EthernetClient</a> and <a href="https://www.arduino.cc/en/Reference/WiFiClient">WiFiClient</a> classes (though it is better to prefer WiFClient.connectSSL if implemented). In other words, <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> implements encrypted communication through SSL on devices that do not otherwise support it.</p>
<h2>Overview</h2>
<p>Using <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> should be similar to using any other Arduino-based Client class, since this library was developed around compatibility with <a href="https://www.arduino.cc/en/Reference/EthernetClient">EthernetClient</a>. There are a few extra things, however, that you will need to get started:</p>
<ol type="1">
<li>A board with a lot of resources (&gt;110kb flash and &gt;8kb RAM), and a network peripheral with a large internal buffer (&gt;8kb). This library was tested with the <a href="https://www.adafruit.com/product/2772">Adafruit Feather M0</a> (256K flash, 32K RAM) and the <a href="https://www.adafruit.com/product/3201">Adafruit Ethernet Featherwing</a> (16kb Buffer), and we still had to modify the Arduino Ethernet library to support larger internal buffers per socket (see the <a href="#sslclient-with-ethernet">Implementation Gotchas</a>).</li>
<li>A board with a lot of resources (&gt;110kb flash and &gt;7kb RAM), and a network peripheral with a large internal buffer (&gt;7kb). This library was tested with the <a href="https://www.adafruit.com/product/2772">Adafruit Feather M0</a> (256K flash, 32K RAM) and the <a href="https://www.adafruit.com/product/3201">Adafruit Ethernet Featherwing</a> (16kb Buffer), and we still had to modify the Arduino Ethernet library to support larger internal buffers per socket (see the <a href="#sslclient-with-ethernet">Implementation Gotchas</a>).</li>
<li>A header containing array of trust anchors, which will look like <a href="./readme/cert.h">this file</a>. These are used to verify the SSL connection later on, and without them you will be unable to use this library. Check out <a class="el" href="_trust_anchors_8md.html">this document</a> on how to generate this file for your project, and for more information about what a trust anchor is.</li>
<li>A Client class associated with a network interface. We tested this library using <a href="https://www.arduino.cc/en/Reference/EthernetClient">EthernetClient</a>, however in theory it will work for any class implementing Client.</li>
<li>An analog pin, used for generating random data at the start of the connection (see the <a href="#implementation-gotchas">Implementation Gotchas</a>).</li>
@ -159,7 +161,7 @@ $(document).ready(function(){initNavTree('index.html','');});
<li>If none of the above are viable, it is possible to implement your own Client class which has an internal buffer much larger than both the driver and BearSSL. This would require in-depth knowledge of programming and the communication shield you are working with, as well as a microcontroller with a significant amount of RAM.</li>
</ul>
<h3>Cipher Support</h3>
<p>By default, <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> supports only TLS1.2 and the ciphers listed in <a href="./src/TLS12_only_profile.c">this file</a> under <code>suites[]</code>, and the list is relatively small to keep the connection secure and the flash footprint down. These ciphers should work for most applications, however if for some reason you would like to use an older version of TLS or a different cipher, you can change the BearSSL profile being used by <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> to an <a href="./src/bearssl/src/ssl">alternate one with support for older protocols</a>. To do this, edit <code><a class="el" href="class_s_s_l_client_impl.html#a2b0b9043c8252871272bf6ba199ab67b">SSLClientImpl::SSLClientImpl</a></code> to change these lines: </p><div class="fragment"><div class="line"> {C++}</div><div class="line">br_client_init_TLS12_only(&amp;m_sslctx, &amp;m_x509ctx, m_trust_anchors, m_trust_anchors_num);</div><div class="line">// comment the above line and uncomment the line below if you&#39;re having trouble connecting over SSL</div><div class="line">// br_ssl_client_init_full(&amp;m_sslctx, &amp;m_x509ctx, m_trust_anchors, m_trust_anchors_num);</div></div><!-- fragment --><p> to this: </p><div class="fragment"><div class="line"> {C++}</div><div class="line">// br_client_init_TLS12_only(&amp;m_sslctx, &amp;m_x509ctx, m_trust_anchors, m_trust_anchors_num);</div><div class="line">// comment the above line and uncomment the line below if you&#39;re having trouble connecting over SSL</div><div class="line">br_ssl_client_init_full(&amp;m_sslctx, &amp;m_x509ctx, m_trust_anchors, m_trust_anchors_num);</div></div><!-- fragment --><p> If for some unfortunate reason you need SSL 3.0 or SSL 2.0, you will need to modify the BearSSL profile to enable support. Check out the <a href="https://bearssl.org/api1.html#profiles">BearSSL profiles documentation</a> and I wish you the best of luck. </p>
<p>By default, <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> supports only TLS1.2 and the ciphers listed in <a href="./src/TLS12_only_profile.c">this file</a> under <code>suites[]</code>, and the list is relatively small to keep the connection secure and the flash footprint down. These ciphers should work for most applications, however if for some reason you would like to use an older version of TLS or a different cipher, you can change the BearSSL profile being used by <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out README.md for more info.">SSLClient</a> to an <a href="./src/bearssl/src/ssl/ssl_client_full.c">alternate one with support for older protocols</a>. To do this, edit <code><a class="el" href="class_s_s_l_client_impl.html#a2b0b9043c8252871272bf6ba199ab67b">SSLClientImpl::SSLClientImpl</a></code> to change these lines: </p><div class="fragment"><div class="line"> {C++}</div><div class="line">br_client_init_TLS12_only(&amp;m_sslctx, &amp;m_x509ctx, m_trust_anchors, m_trust_anchors_num);</div><div class="line">// comment the above line and uncomment the line below if you&#39;re having trouble connecting over SSL</div><div class="line">// br_ssl_client_init_full(&amp;m_sslctx, &amp;m_x509ctx, m_trust_anchors, m_trust_anchors_num);</div></div><!-- fragment --><p> to this: </p><div class="fragment"><div class="line"> {C++}</div><div class="line">// br_client_init_TLS12_only(&amp;m_sslctx, &amp;m_x509ctx, m_trust_anchors, m_trust_anchors_num);</div><div class="line">// comment the above line and uncomment the line below if you&#39;re having trouble connecting over SSL</div><div class="line">br_ssl_client_init_full(&amp;m_sslctx, &amp;m_x509ctx, m_trust_anchors, m_trust_anchors_num);</div></div><!-- fragment --><p> If for some unfortunate reason you need SSL 3.0 or SSL 2.0, you will need to modify the BearSSL profile to enable support. Check out the <a href="https://bearssl.org/api1.html#profiles">BearSSL profiles documentation</a> and I wish you the best of luck. </p>
</div></div><!-- PageDoc -->
</div><!-- contents -->
</div><!-- doc-content -->