fixed bug where SSLclient would self-corrupt if connected() was called before the first connection
This commit is contained in:
Noah Laptop
parent
f4561d0415
commit
f3509c9875
2 changed files with 9 additions and 2 deletions
|
|
@ -57,6 +57,7 @@ SSLClientImpl::SSLClientImpl(const br_x509_trust_anchor *trust_anchors,
|
||||||
, m_analog_pin(analog_pin)
|
, m_analog_pin(analog_pin)
|
||||||
, m_session_index(0)
|
, m_session_index(0)
|
||||||
, m_debug(debug)
|
, m_debug(debug)
|
||||||
|
, m_is_connected(false)
|
||||||
, m_write_idx(0) {
|
, m_write_idx(0) {
|
||||||
|
|
||||||
// zero the iobuf just in case it's still garbage
|
// zero the iobuf just in case it's still garbage
|
||||||
|
|
@ -101,6 +102,7 @@ int SSLClientImpl::connect_impl(const char *host, uint16_t port) {
|
||||||
m_error("Cannot have two connections at the same time! Please create another SSLClient instance.", func_name);
|
m_error("Cannot have two connections at the same time! Please create another SSLClient instance.", func_name);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
m_info("Client not connected, continuing...", func_name);
|
||||||
// reset indexs for saftey
|
// reset indexs for saftey
|
||||||
m_write_idx = 0;
|
m_write_idx = 0;
|
||||||
// first, if we have a session, check if we're trying to resolve the same host
|
// first, if we have a session, check if we're trying to resolve the same host
|
||||||
|
|
@ -244,6 +246,8 @@ void SSLClientImpl::stop_impl() {
|
||||||
}
|
}
|
||||||
// close the ethernet socket
|
// close the ethernet socket
|
||||||
get_arduino_client().stop();
|
get_arduino_client().stop();
|
||||||
|
// we are no longer connected
|
||||||
|
m_is_connected = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* see SSLClientImpl.h */
|
/* see SSLClientImpl.h */
|
||||||
|
|
@ -251,7 +255,7 @@ uint8_t SSLClientImpl::connected_impl() {
|
||||||
const char* func_name = __func__;
|
const char* func_name = __func__;
|
||||||
// check all of the error cases
|
// check all of the error cases
|
||||||
const auto c_con = get_arduino_client().connected();
|
const auto c_con = get_arduino_client().connected();
|
||||||
const auto br_con = br_ssl_engine_current_state(&m_sslctx.eng) != BR_SSL_CLOSED;
|
const auto br_con = br_ssl_engine_current_state(&m_sslctx.eng) != BR_SSL_CLOSED && m_is_connected;
|
||||||
const auto wr_ok = getWriteError() == 0;
|
const auto wr_ok = getWriteError() == 0;
|
||||||
// if we're in an error state, close the connection and set a write error
|
// if we're in an error state, close the connection and set a write error
|
||||||
if (br_con && !c_con) {
|
if (br_con && !c_con) {
|
||||||
|
|
@ -310,7 +314,7 @@ bool SSLClientImpl::m_soft_connected(const char* func_name) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
// check if the ssl engine is still open
|
// check if the ssl engine is still open
|
||||||
if(br_ssl_engine_current_state(&m_sslctx.eng) == BR_SSL_CLOSED) {
|
if(!m_is_connected || br_ssl_engine_current_state(&m_sslctx.eng) == BR_SSL_CLOSED) {
|
||||||
m_error("Cannot operate on a closed SSL connection.", func_name);
|
m_error("Cannot operate on a closed SSL connection.", func_name);
|
||||||
int error = br_ssl_engine_last_error(&m_sslctx.eng);
|
int error = br_ssl_engine_last_error(&m_sslctx.eng);
|
||||||
if(error != BR_ERR_OK) m_print_br_error(error, SSL_ERROR);
|
if(error != BR_ERR_OK) m_print_br_error(error, SSL_ERROR);
|
||||||
|
|
@ -352,6 +356,7 @@ int SSLClientImpl::m_start_ssl(const char* host, SSLSession& ssl_ses) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
m_info("Connection successful!", func_name);
|
m_info("Connection successful!", func_name);
|
||||||
|
m_is_connected = true;
|
||||||
// all good to go! the SSL socket should be up and running
|
// all good to go! the SSL socket should be up and running
|
||||||
// overwrite the session we got with new parameters
|
// overwrite the session we got with new parameters
|
||||||
br_ssl_engine_get_session_parameters(&m_sslctx.eng, ssl_ses.to_br_session());
|
br_ssl_engine_get_session_parameters(&m_sslctx.eng, ssl_ses.to_br_session());
|
||||||
|
|
|
||||||
|
|
@ -181,6 +181,8 @@ private:
|
||||||
size_t m_session_index;
|
size_t m_session_index;
|
||||||
// store whether to enable debug logging
|
// store whether to enable debug logging
|
||||||
const DebugLevel m_debug;
|
const DebugLevel m_debug;
|
||||||
|
// store if we are connected in bearssl or not
|
||||||
|
bool m_is_connected;
|
||||||
// store the context values required for SSL
|
// store the context values required for SSL
|
||||||
br_ssl_client_context m_sslctx;
|
br_ssl_client_context m_sslctx;
|
||||||
br_x509_minimal_context m_x509ctx;
|
br_x509_minimal_context m_x509ctx;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue