name: Documentation
- master
name: Documentation
runs-on: ubuntu-latest
- name: Checkout
uses: actions/checkout@v2
persist-credentials: false
- name: Build Documentation
uses: mattnotmitt/doxygen-action@v1
- name: Deploy to GitHub Pages
uses: JamesIves/github-pages-deploy-action@3.7.1
BRANCH: gh-pages # The branch the action should deploy to.
FOLDER: docs # The folder the action should deploy.
CLEAN: true # Automatically remove deleted files from the deploy branch
@ -1,37 +0,0 @@
# Prerequisites
# Compiled Object files
# Precompiled Headers
# Compiled Dynamic libraries
# Fortran module files
# Compiled Static libraries
# Executables
# vscode IDE settings
@ -1,76 +0,0 @@
# Contributor Covenant Code of Conduct
## Our Pledge
In the interest of fostering an open and welcoming environment, we as
contributors and maintainers pledge to making participation in our project and
our community a harassment-free experience for everyone, regardless of age, body
size, disability, ethnicity, sex characteristics, gender identity and expression,
level of experience, education, socio-economic status, nationality, personal
appearance, race, religion, or sexual identity and orientation.
## Our Standards
Examples of behavior that contributes to creating a positive environment
* Using welcoming and inclusive language
* Being respectful of differing viewpoints and experiences
* Gracefully accepting constructive criticism
* Focusing on what is best for the community
* Showing empathy towards other community members
Examples of unacceptable behavior by participants include:
* The use of sexualized language or imagery and unwelcome sexual attention or
* Trolling, insulting/derogatory comments, and personal or political attacks
* Public or private harassment
* Publishing others' private information, such as a physical or electronic
address, without explicit permission
* Other conduct which could reasonably be considered inappropriate in a
professional setting
## Our Responsibilities
Project maintainers are responsible for clarifying the standards of acceptable
behavior and are expected to take appropriate and fair corrective action in
response to any instances of unacceptable behavior.
Project maintainers have the right and responsibility to remove, edit, or
reject comments, commits, code, wiki edits, issues, and other contributions
that are not aligned to this Code of Conduct, or to ban temporarily or
permanently any contributor for other behaviors that they deem inappropriate,
threatening, offensive, or harmful.
## Scope
This Code of Conduct applies both within project spaces and in public spaces
when an individual is representing the project or its community. Examples of
representing a project or community include using an official project e-mail
address, posting via an official social media account, or acting as an appointed
representative at an online or offline event. Representation of a project may be
further defined and clarified by project maintainers.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be
reported by contacting the project team at All
complaints will be reviewed and investigated and will result in a response that
is deemed necessary and appropriate to the circumstances. The project team is
obligated to maintain confidentiality with regard to the reporter of an incident.
Further details of specific enforcement policies may be posted separately.
Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
members of the project's leadership.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
available at
For answers to common questions about this code of conduct, see
@ -1,292 +0,0 @@
# SSLClient

SSLClient adds [TLS 1.2]( functionality to any network library implementing the [Arduino Client interface](, including the Arduino [EthernetClient]( and [WiFiClient]( classes. SSLClient was created to integrate TLS seamlessly with the Arduino infrastructure using [BearSSL]( as an underlying TLS engine. Unlike [ArduinoBearSSL](, SSLClient is completly self-contained, and does not require any additional hardware (other than a network connection).
SSLClient officially supports SAMD21, SAM3X, ESP32, TIVA C, STM32F7, and Teensy >= 3.0; but it should work on any board with at least 110kB flash and 7kB RAM. SSClient does not currently support ESP8266 (see [this issue]( or AVR due to memory constraints on both platforms.
You can also view this README in [doxygen](
## Overview
Using SSLClient is similar to using any other Arduino-based Client class, as this library was developed around compatibility with [EthernetClient]( There are a few extra things, however, that you will need to get started:
1. **Board and Network Peripheral** - Your board should have a lot of resources (>110kB flash and >7kB RAM), and your network peripheral should have a large internal buffer (>7kB). This library was tested with the [Adafruit Feather M0]( (256K flash, 32K RAM) and the [Adafruit Ethernet Featherwing]( (16kB Buffer), and we still had to modify the Arduino Ethernet library to support larger internal buffers per socket (see the [Implementation Gotchas](#sslclient-with-ethernet)).
2. **Trust Anchors** - You will need a header containing array of trust anchors ([example](./readme/cert.h)), which are used to verify the SSL connection later on. **This file must generated for every project.** Check out [](./ on how to generate this file for your project, and for more information about what a trust anchor is.
3. **Network Peripheral Driver Implementing `Client`** - Examples include `EthernetClient`, `WiFiClient`, and so on—SSLClient will run on top of any network driver exposing the `Client` interface.
4. **Analog Pin** - Used for generating random data at the start of the connection (see the [Implementation Gotchas](#implementation-gotchas)).
Once all those are ready, you can create an SSLClient object like this:
BaseClientType baseClientInstance;
SSLClient client(baseClientInstance, TAs, (size_t)TAs_NUM, AnalogPin);
* BaseClientType - The type of baseClientInstance
* BaseClientInstance - An instance of the class you are using for SSLClient (the class associated with the network interface, from step 3). It is important that this instance be stored *outside* the SSLClient declaration (for instance, `SSLClient(BaseClientType() ...)` wouldn't work).
* TAs - The name of the trust anchor array created in step 2. If you generated a header using the tutorial this will probably be `TAs`.
* TAs_NUM - The number of trust anchors in TAs. If you generated a header using the tutorial this will probably be `TAs_NUM`.
* AnalogPin - The analog pin to pull random data from (step 4).
For example, if I am using EthernetClient, a generated array of 2 trust anchors, and the analog pin A7, I would declare an SSLClient instance using:
EthernetClient baseClient;
SSLClient client(baseClient, TAs, 2, A7);
Given this client, simply use SSLClient as you would the base client class:
// connect to over ssl (port 443 for websites)
client.connect("", 443);
// Make a HTTP request
client.println("GET /asciilogo.txt HTTP/1.1");
client.println("User-Agent: AdafruitFeatherM0WiFi");
client.print("Host: ");
client.println("Connection: close");
// read and print the data
**Note**: `client.connect("", 443)` can take 5-15 seconds to finish on some low-power devices. This an unavoidable consequence of the SSL protocol, and is detailed more in [Implementation Gotchas](#resources).
For more information on SSLClient, check out the [examples](./examples), [API documentation](, or the rest of this README.
## Other Features
### Logging
SSLClient also allows for changing the debugging level by adding an additional parameter to the constructor:
EthernetClient baseClient;
SSLClient client(baseClient, TAs, (size_t)2, A7, 1, SSLClient::SSL_INFO);
Logging is always outputted through the [Arduino Serial interface](, so you'll need to setup Serial before you can view the SSL logs. Log levels are enumerated in ::DebugLevel. The log level is set to `SSL_WARN` by default.
### Errors
When SSLClient encounters an error, it will attempt to terminate the SSL session gracefully if possible, and then close the socket. Simple error information can be found from SSLClient::getWriteError, which will return a value from the ::Error enum. For more detailed diagnostics, you can look at the serial logs, which will be displayed if the log level is at `SSL_ERROR` or lower.
### Write Buffering
As you may have noticed in the documentation for SSLClient::write, calling this function does not actually write to the network. Instead, you must call SSLClient::available or SSLClient::flush, which will detect that the buffer is ready and write to the network (see SSLClient::write for details).
This was implemented as a buffered function because examples in Arduino libraries will often write to the network like so:
EthernetClient client;
// ...
// connect to over ssl (port 443 for websites)
client.connect("", 443);
// ...
// write an http request to the network
client.write("GET /asciilogo.txt HTTP/1.1\r\n");
client.write("Connection: close\r\n");
// wait for response
while (!client.available()) { /* ... */ }
// ...
Notice that every single `client.write()` call immediately writes to the network. This behavior is fine for most network clients; with SSL, however, it results in many small encryption tasks that consume resources. To reduce the overhead of an SSL connection, SSLClient::write implicitly buffers until the developer states that they are waiting for data to be received with SSLClient::available. A simple example can be found below:
EthernetClient baseClient;
SSLClient client(baseClient, TAs, (size_t)2, A7);
// ...
// connect to over ssl (port 443 for websites)
client.connect("", 443);
// ...
// add http request to the buffer
client.write("GET /asciilogo.txt HTTP/1.1\r\n");
client.write("Connection: close\r\n");
// write the bytes to the network, then wait for response
while (!client.available()) { /* ... */ }
// ...
If you would like to trigger a network write manually without using the SSLClient::available, you can also call SSLClient::flush, which will write all data and return when finished.
### Session Caching
As detailed in the [resources section](#resources), SSL handshakes take an extended period (1-4sec) to negotiate. BearSSL is able to keep a [SSL session cache]( of the clients it has connected to which can drastically reduce this time: if BearSSL successfully resumes an SSL session, connection time is typically 100-500ms.
In order to use SSL session resumption:
* The website you are connecting to must support it. Support is widespread, and you can verify it using [SSLLabs](
* You must reuse the same SSLClient object (SSL Sessions are stored in the object itself).
* You must reconnect to the exact same server (detailed below).
> NOTE: SSLClient automatically stores an IP address and hostname in each session, ensuring that if you call `connect("")` SSLClient will use the same SSL session for that hostname. Unfortunately some websites have multiple servers on a single IP address ( being an example), so you may find that even if you are connecting to the same host the connection will not resume. This is a flaw in the SSL session protocol—though it has been resolved in TLS 1.3, the lack of widespread adoption of the new protocol prevents it from being resolved here.
> SSL sessions can also expire based on server criteria (ex. timeout), which will result in a standard 4-10 second connection.
SSL sessions take memory to store, so by default SSLClient will only store one at a time. You can change this behavior by adding the following to your SSLClient declaration:
EthernetClient baseClient;
SSLClient client(baseClient, TAs, (size_t)2, A7, SomeNumber);
Where `SomeNumber` is the number of sessions you would like to store. For example this declaration can store 3 sessions:
EthernetClient baseClient;
SSLClient client(baseClient, TAs, (size_t)2, A7, 3);
Sessions are managed internally using the SSLSession::getSession function. This function will cycle through sessions in a rotating order, allowing the session cache to continually overwrite old sessions. In general, it is a good idea to use a SessionCache size equal to the number of domains you plan on connecting to.
If you need to clear a session, you can do so using the SSLSession::removeSession function.
### mTLS
As of `v1.6.0`, SSLClient supports [mutual TLS authentication]( mTLS is a varient of TLS that verifies both the server and device identities before a connection, and is commonly used in IoT protocols as a secure layer (MQTT over TLS, HTTP over TLS, etc.).
To use mTLS with SSLClient you will need to a client certificate and client private key associated with the server you are attempting to connect to. Depending on your use case, you will either generate these yourself (ex. [Mosquito MQTT setup](, or have them generated for you (ex. [AWS IoT Certificate Generation]( Given this cryptographic information, you can modify the standard SSLClient connection sketch to enable mTLS authentication:
/* Somewhere above setup() */
// The client certificate, can be PEM or DER format
// DER format will be an array of raw bytes, and PEM format will be a string
// PEM format is shown below
const char my_cert[] =
"-----END CERTIFICATE-----\n";
// The client private key, must be the same format as the client certificate
// Both RSA and ECC are supported, ECC is shown below
const char my_key[] =
"-----BEGIN EC PRIVATE KEY-----\n"
"-----END EC PRIVATE KEY-----\n";
// This line will parse and store the above information so SSLClient can use it later
// Replace `fromPEM` with `fromDER` if you are using DER formatted certificates.
SSLClientParameters mTLS = SSLClientParameters::fromPEM(my_cert, sizeof(cert), my_key, sizeof(key));
SSLClient my_client(...);
void setup() {
/* Before SSLClient connects */
> NOTE: Certificates are finicky, and it is easy to make mistakes when generating a certificate chain yourself. If SSLClient raises an error that says `Expected server name not found in chain`, double check that the common name, distinguished name, and issuer name are being set correctly (check out [this article]( for how to do that).
The client certificate must be formatted correctly (according to [BearSSL's specification]( in order for mTLS to work. If the certificate is improperly formatted, SSLClient will attempt to make a regular TLS connection instead of an mTLS one, and fail to connect as a result. Because of this, if you are seeing errors similar to `"peer did not send certificate chain"` on your server, check that your certificate and key are formatted correctly (see For more information on SSLClient's mTLS functionality, please see the [SSLClientParameters documentation](
Note that both the above client certificate information *as well as* the correct trust anchors associated with the server are needed for the connection to succeed. Trust anchors will typically be generated from the CA used to generate the server certificate. More information on generating trust anchors can be found in [](./
## Implementation Gotchas
Some ideas that didn't quite fit in the API documentation.
### SSLClient with Ethernet
If you are using the [Arduino Ethernet library]( you will need to modify the library to support the large buffer sizes required by SSL (detailed in [resources](#resources)). You can either modify the library yourself, or use [this fork of the Ethernet library with the modification]( To use the fork: download a zipped copy of the fork through GiThub, use the "add a .zip library" button in Arduino to install the library, and replace `#include "Ethernet.h"` with `#include "EthernetLarge.h"` in your sketch. Alternatively if for some reason this solution does not work, you can apply the modification manually using the instructions below.
#### Manual Modification
First find the location of the library in the directory where Arduino is installed (`C:\Program Files (x86)\Arduino` on Windows). Inside of this directory, navigate to `libraries\Ethernet\src` (`C:\Program Files (x86)\Arduino\libraries\Ethernet\src` on Windows). Modify `Ethernet.h` to replace these lines:
// Configure the maximum number of sockets to support. W5100 chips can have
// up to 4 sockets. W5200 & W5500 can have up to 8 sockets. Several bytes
// of RAM are used for each socket. Reducing the maximum can save RAM, but
// you are limited to fewer simultaneous connections.
#if defined(RAMEND) && defined(RAMSTART) && ((RAMEND - RAMSTART) <= 2048)
#define MAX_SOCK_NUM 4
#define MAX_SOCK_NUM 8
// By default, each socket uses 2K buffers inside the Wiznet chip. If
// MAX_SOCK_NUM is set to fewer than the chip's maximum, uncommenting
// this will use larger buffers within the Wiznet chip. Large buffers
// can really help with UDP protocols like Artnet. In theory larger
// buffers should allow faster TCP over high-latency links, but this
// does not always seem to work in practice (maybe Wiznet bugs?)
With this:
// Configure the maximum number of sockets to support. W5100 chips can have
// up to 4 sockets. W5200 & W5500 can have up to 8 sockets. Several bytes
// of RAM are used for each socket. Reducing the maximum can save RAM, but
// you are limited to fewer simultaneous connections.
#define MAX_SOCK_NUM 2
// By default, each socket uses 2K buffers inside the Wiznet chip. If
// MAX_SOCK_NUM is set to fewer than the chip's maximum, uncommenting
// this will use larger buffers within the Wiznet chip. Large buffers
// can really help with UDP protocols like Artnet. In theory larger
// buffers should allow faster TCP over high-latency links, but this
// does not always seem to work in practice (maybe Wiznet bugs?)
You may need to use `sudo` or administrator permissions to make this modification. We change `MAX_SOCK_NUM` and `ETHERNET_LARGE_BUFFERS` so the Ethernet hardware can allocate a larger space for SSLClient, however a downside of this modification is we are now only able to have two sockets concurrently. As most microprocessors barely have enough memory for one SSL connection, this limitation will rarely be encountered in practice.
### Seeding Random Data
The SSL protocol requires that SSLClient generate some random bits before connecting with a server. BearSSL provides a random number generator but requires a [some entropy for a seed]( Normally this seed is generated by taking the microsecond time using the internal clock, however since most microcontrollers are not build with this feature another source must be found. As a simple solution, SSLClient uses a floating analog pin as an external source of random data, passed through to the constructor in the `analog_pin` argument. Before every connection, SSLClient will take the bottom byte from 16 analog reads on `analog_pin`, and combine these bytes into a 16 byte random number, which is used as a seed for BearSSL. To ensure the most random data, it is recommended that this analog pin be either floating or connected to a location not modifiable by the microcontroller (i.e. a battery voltage readout).
### Certificate Verification
SSLClient uses BearSSL's [minimal x509 verification engine]( to verify the certificate of an SSL connection. This engine requires the developer create a trust anchor array using values stored in trusted root certificates. Check out [this document](./ for more details on this component of SSLClient.
BearSSL also features a [known certificate validation engine](, which only allows for a single domain in exchange for a significantly reduced resource usage (flash and CPU time). This functionality is planned to be implemented in the future.
#### Time
The minimal x509 verification engine requires an accurate source of time to properly verify the creation and expiration dates of a certificate. As most embedded devices do not have a reliable source of time, by default SSLClient opts to use the compilation timestamp ([`__DATE__` and `__TIME__`]( as the "current time" during the verification process. While this approach reduces the complexity of using SSLClient, it is inherently insecure, and can cause errors if certificates are redeployed (see [#27]( to accommodate these edge cases, SSLClient::setVerificationTime can be used to update the timestamp before connecting, resolving the above issues.
### Resources
The SSL/TLS protocol recommends a device support many different encryption and handshake algorithms. The complexity of these components results in many medium-footprint algorithms forming an extremely large whole. Compilation size of the [EthernetHTTPS](examples/EthernetHTTPS/EthernetHTTPS.ino) example in SSLClient `v1.6.11` for various boards is shown below:
| Board | Size
| :--- | :--- |
| Arduino Zero | <pre>`RAM: [=== ] 33.7% (used 11052 bytes from 32768 bytes)`<br/>`Flash: [=== ] 34.7% (used 90988 bytes from 262144 bytes)`</pre> |
| Arduino Due | <pre>`RAM: [= ] 11.7% (used 11548 bytes from 98304 bytes)`<br/>`Flash: [== ] 16.7% (used 87572 bytes from 524288 bytes)`</pre> |
| Adafruit Feather M0 | <pre>`RAM: [==== ] 40.4% (used 13240 bytes from 32768 bytes)`<br/>`Flash: [==== ] 40.0% (used 104800 bytes from 262144 bytes)`</pre> |
| ESP32 (Lolin32) | <pre>`RAM: [= ] 6.9% (used 22476 bytes from 327680 bytes)`<br/>`Flash: [== ] 24.0% (used 314956 bytes from 1310720 bytes)`</pre> |
| Teensy 3.0 | <pre>`RAM: [======== ] 78.2% (used 12812 bytes from 16384 bytes)`<br/>`Flash: [======== ] 79.8% (used 104532 bytes from 131072 bytes)`</pre> |
| Teensy 3.1 | <pre>`RAM: [== ] 19.9% (used 13020 bytes from 65536 bytes)`<br/>`Flash: [==== ] 40.6% (used 106332 bytes from 262144 bytes)`</pre> |
| Teensy 3.5 | <pre>`RAM: [ ] 5.0% (used 12996 bytes from 262136 bytes)`<br/>`Flash: [== ] 20.1% (used 105476 bytes from 524288 bytes)`</pre>
| Teensy 3.6 | <pre>`RAM: [ ] 5.0% (used 13060 bytes from 262144 bytes)`<br/>`Flash: [= ] 10.2% (used 106828 bytes from 1048576 bytes)`</pre> |
| Teensy 4.0 | <pre>`RAM: [=== ] 25.9% (used 135860 bytes from 524288 bytes)`<br/>`Flash: [= ] 5.7% (used 115344 bytes from 2031616 bytes)`</pre> |
In addition to the above, most embedded processors lack the sophisticated math hardware commonly found in a modern CPU, which results in slow and memory intensive execution of these algorithms. Because of this, it is recommended that SSLClient have 8kb of memory available on the stack during a connection, and 4-10 seconds should be allowed for the connection to complete. Note that this requirement is based on the SAMD21—more powerful processors (such as the ESP32) will see faster connection times.
> NOTE: If flash footprint is becoming a problem, there are numerous debugging strings (~3kB estimated) that can be removed from `SSLClient.h`, `SSLClientImpl.h`, and `SSLClientImpl.cpp`. Unfortunately I have not figured out a way to configure compilation of these strings, so you will need to modify the library to remove them yourself.
### Read Buffer Overflow
SSL is a buffered protocol, and since most microcontrollers have limited resources (see [Resources](#resources)), SSLClient is limited in the size of its buffers. A common problem I encountered with SSL connections is buffer overflow caused by the server sending too much data at once. This problem is caused by the microcontroller being unable to copy and decrypt data faster than it is being received—forcing some data to be discarded. This usually puts BearSSL in an unrecoverable state, forcing SSLClient to close the connection with a write error. If you are experiencing frequent timeout problems this could be the reason why.
In order to remedy this problem, the device must be able to read the data faster than it is being received or have a cache large enough to store the entire payload. Since the device is typically already reading as fast as it can, we must increase the cache size in order to resolve this issue. Depending on your platform there are a number of ways this can be done:
* Sometimes your communication shield will have an internal buffer which can be expanded through the driver code: this is the case with the Arduino Ethernet library (in the form of the `MAX_SOCK_NUM` and `ETHERNET_LARGE_BUFFERS` macros show [here](#manual-modification)), but mileage may vary with other drivers.
* SSLClient has an internal buffer SSLClient::m_iobuf which can be expanded. Unfortunately, BearSSL limits the amount of data that can be put into the buffer based on the stage in the SSL handshake, and so increasing the buffer will have limited usefulness.
* In some cases, a website will send so much data that even with the above solutions SSLClient will be unable to keep up. In these cases you will have to find another method of retrieving the data you need.
* If none of the above are viable, it is possible to implement your own Client class which has an internal buffer much larger than both the driver and BearSSL. This implementation would require in-depth knowledge of communication shield you are working with and a microcontroller with a significant amount of RAM, but would be the most robust solution available.
### Cipher Support
By default, SSLClient supports only TLS1.2 and the ciphers listed in [this file](./src/TLS12_only_profile.c) under `suites[]`, and the list is relatively small to keep the connection secure and the flash footprint down. These ciphers should work for most applications, however if for some reason you would like to use an older version of TLS or a different cipher you can change the BearSSL profile being used by SSLClient to an [alternate one with support for older protocols](./src/bearssl/src/ssl/ssl_client_full.c). To do this, edit `SSLClientImpl::SSLClientImpl` to change these lines:
br_client_init_TLS12_only(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num);
// comment the above line and uncomment the line below if you're having trouble connecting over SSL
// br_ssl_client_init_full(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num);
to this:
// br_client_init_TLS12_only(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num);
// comment the above line and uncomment the line below if you're having trouble connecting over SSL
br_ssl_client_init_full(&m_sslctx, &m_x509ctx, m_trust_anchors, m_trust_anchors_num);
If for some unfortunate reason you need SSL 3.0 or SSL 2.0, you will need to modify the BearSSL profile to enable support. Check out the [BearSSL profiles documentation]( and I wish you the best of luck.
### Security
Unlike BearSSL, SSLClient is not rigorously vetted to be secure. If your project has security requirements I recommend you utilize BearSSL directly.
### Known Issues
* In some drivers (Ethernet), calls to `Client::flush` will hang if internet is available but there is no route to the destination. Unfortunately SSLClient cannot correct for this without modifying the driver itself, and as a result the recommended solution is ensuring you choose a driver with built-in timeouts to prevent freezing. [More information here](
* Previous to SSLClient `v1.6.11`, `SSLClient::write` would sometimes call `br_ssl_engine_sendapp_ack` with zero bytes, which resulted in a variety of issues including (but not limited to) and infinite recursion loop on the esp32 ([#9](, [#30](
* Previous to SSLClient `v1.6.7`, calls to `SSLClient::stop` would sometimes hang the device. More information in issue
* Previous to SSLClient `v1.6.6`, calls to `SSLClient::connect` would fail if the driver indicated that a socket was already opened (`Client::connected` returned true). This behavior created unintentional permanent failures when `Client::stop` would fail to close the socket, and as a result was downgraded to a warning in v1.6.6.
* Previous to SSLClient `v1.6.3`, calling `SSLClient::write` with more than 2kB of total data before flushing the write buffer would cause a buffer overflow.
@ -1,68 +0,0 @@
# Trust Anchors
## Background
SSLClient uses BearSSL's [minimal x509 verification engine]( to verify the certificate of an SSL connection. This engine requires the developer create a trust anchor array using values stored in trusted root certificates. In short, these trust anchor arrays allow BearSSL to verify that the server being connected to is who they say they are, and not someone malicious. You can read more about certificates and why they are important [here](
SSLClient stores trust anchors in hardcoded constant variables, passed into `SSLClient::SSLClient` during setup. These constants are generally stored in their own header file as found in [the BearSSL docs]( This header file will look something like:
#define TAs_NUM 1
static const unsigned char TA_DN0[] = {
// lots of raw bytes here
// ...
static const unsigned char TA_RSA_N0[] = {
// lots of raw bytes here
static const unsigned char TA_RSA_E0[] = {
// 1-3 bytes here
static const br_x509_trust_anchor TAs[] = {
{ (unsigned char *)TA_DN0, sizeof TA_DN0 },
{ .rsa = {
(unsigned char *)TA_RSA_N0, sizeof TA_RSA_N0,
(unsigned char *)TA_RSA_E0, sizeof TA_RSA_E0,
} }
A full example of a trust anchor header can be found in [this file](./readme/cert.h). Full documentation for the format of these variables can be found in the [BearSSL documentation for br_x509_trust_anchor](
## Generating Trust Anchors
Typically a trust anchor header file is generated using [brssl](;a=tree;f=tools;h=0fa053e41d6bf88a28472f3b22dde41b21f14292;hb=dda1f8a0c46e15b4a235163470ff700b2f13dcc5), a command-line utility included in BearSSL. As it is a fairly involded process to get brssl working, SSLClient provides a number of alternative tools to make the generation process a bit easier.
**Note:** When working with certificates (particularly in complicated mTLS setups), it can easily become confusing which certificate does what. If you aren't sure what certificate to put into the Trust Anchor tool, remember that Trust Anchors *only care about the verifying the server*: in other words, the certificate that goes into a Trust Anchor generation tool should be the certificate used to generate the server's certificate (usually a CA). Trust Anchors will never contain any information about client certificates, which should be passed into [SSLClientParams]( instead.
For HTTPS, there a couple of tools you can use. Ordered from easiest to hardest:
* This website, written to simplify the creation of trust anchor headers: Simply plug and play.
* [pycert_bearssl](./tools/pycert_bearssl/, a command line utility based on a [pycert]( You will need to install Python 3, and follow the instructions in the [ file](./tools/pycert_bearssl/ You'll want to use the ` download` command once the utility is set up.
* The `brssl` command line utility, included in the [BearSSL source](;a=blob_plain;f=tools/brssl.h;hb=HEAD). You will need to compile this file yourself.
### Other Connections
For other kinds of SSL connections, you will need to find the root certificate being used by your host. You can check out [this StackExchange post]( for numerous methods of acquiring this certificate from a server. If these methods are not sufficient, you may need to request this certificate from your network administrator. Once you have the certificate, convert it to PEM format if needed (I use [this website](, and use the ` convert --no-search` command to convert the certificate into a trust anchor header.
## Using Trust Anchors
Once you've generated a trust anchor array, add it to your Arduino sketch using the `Sketch->Add File` button in the Arduino IDE, and link it to your SSLClient like so:
#include "yourtrustanchorfile.h"
// ...
SSLClient client(SomeClient, TAs, (size_t)TAs_NUM, SomePin);
// ...
Where `yourtrustanchorfile.h` contains a generated trust anchor array names `TAs`, with length `TAs_NUM`. BearSSL will now automatically use these trust anchors when `SSLClient::connect` is called.
Normal file
@ -0,0 +1,5 @@
var _s_s_l_client_parameters_8cpp =
[ "ssl_pem_decode_state", "structssl__pem__decode__state.html", "structssl__pem__decode__state" ],
[ "__attribute__", "_s_s_l_client_parameters_8cpp.html#a39074ff6e8f24ae9df1cabe6767f8a4d", null ]
Normal file
@ -0,0 +1,112 @@
<!-- end header part -->
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0"
name="MSearchResults" id="MSearchResults">
<div class="header">
<div class="summary">
<a href="#nested-classes">Classes</a> </div>
<div class="headertitle">
<div class="title">SSLClientParameters.h File Reference</div> </div>
<div class="contents">
<div class="textblock"><code>#include "bearssl.h"</code><br />
<code>#include <vector></code><br />
<p><a href="_s_s_l_client_parameters_8h_source.html">Go to the source code of this file.</a></p>
<table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="nested-classes"></a>
<tr class="memitem:"><td class="memItemLeft" align="right" valign="top">class  </td><td class="memItemRight" valign="bottom"><a class="el" href="class_s_s_l_client_parameters.html">SSLClientParameters</a></td></tr>
<tr class="memdesc:"><td class="mdescLeft"> </td><td class="mdescRight">This class stores data required for <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a> to use mutual authentication. <a href="class_s_s_l_client_parameters.html#details">More...</a><br /></td></tr>
<tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr>
</div><!-- contents -->
</div><!-- doc-content -->
<!-- start footer part -->
<div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
<li class="navelem"><a class="el" href="dir_68267d1309a1af8e8297ef4c3efbcdba.html">src</a></li><li class="navelem"><a class="el" href="_s_s_l_client_parameters_8h.html">SSLClientParameters.h</a></li>
<li class="footer">Generated by <a href=""><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.9.1 </li>
Normal file
@ -0,0 +1,159 @@
<!-- end header part -->
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0"
name="MSearchResults" id="MSearchResults">
<div class="header">
<div class="headertitle">
<div class="title">SSLClientParameters.h</div> </div>
<div class="contents">
<a href="_s_s_l_client_parameters_8h.html">Go to the documentation of this file.</a><div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno"> 1</span> <span class="comment">/* Copyright 2019 OSU OPEnS Lab</span></div>
<div class="line"><a name="l00002"></a><span class="lineno"> 2</span> <span class="comment"> *</span></div>
<div class="line"><a name="l00003"></a><span class="lineno"> 3</span> <span class="comment"> * Permission is hereby granted, free of charge, to any person obtaining a copy of this</span></div>
<div class="line"><a name="l00004"></a><span class="lineno"> 4</span> <span class="comment"> * software and associated documentation files (the "Software"), to deal in the Software</span></div>
<div class="line"><a name="l00005"></a><span class="lineno"> 5</span> <span class="comment"> * without restriction, including without limitation the rights to use, copy, modify,</span></div>
<div class="line"><a name="l00006"></a><span class="lineno"> 6</span> <span class="comment"> * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to</span></div>
<div class="line"><a name="l00007"></a><span class="lineno"> 7</span> <span class="comment"> * permit persons to whom the Software is furnished to do so, subject to the following</span></div>
<div class="line"><a name="l00008"></a><span class="lineno"> 8</span> <span class="comment"> * conditions:</span></div>
<div class="line"><a name="l00009"></a><span class="lineno"> 9</span> <span class="comment"> *</span></div>
<div class="line"><a name="l00010"></a><span class="lineno"> 10</span> <span class="comment"> * The above copyright notice and this permission notice shall be included in all</span></div>
<div class="line"><a name="l00011"></a><span class="lineno"> 11</span> <span class="comment"> * copies or substantial portions of the Software.</span></div>
<div class="line"><a name="l00012"></a><span class="lineno"> 12</span> <span class="comment"> *</span></div>
<div class="line"><a name="l00013"></a><span class="lineno"> 13</span> <span class="comment"> * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,</span></div>
<div class="line"><a name="l00014"></a><span class="lineno"> 14</span> <span class="comment"> * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A</span></div>
<div class="line"><a name="l00015"></a><span class="lineno"> 15</span> <span class="comment"> * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT</span></div>
<div class="line"><a name="l00016"></a><span class="lineno"> 16</span> <span class="comment"> * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION</span></div>
<div class="line"><a name="l00017"></a><span class="lineno"> 17</span> <span class="comment"> * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE</span></div>
<div class="line"><a name="l00018"></a><span class="lineno"> 18</span> <span class="comment"> * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.</span></div>
<div class="line"><a name="l00019"></a><span class="lineno"> 19</span> <span class="comment"> */</span></div>
<div class="line"><a name="l00020"></a><span class="lineno"> 20</span>  </div>
<div class="line"><a name="l00028"></a><span class="lineno"> 28</span> <span class="preprocessor">#include "bearssl.h"</span></div>
<div class="line"><a name="l00029"></a><span class="lineno"> 29</span> <span class="preprocessor">#undef min</span></div>
<div class="line"><a name="l00030"></a><span class="lineno"> 30</span> <span class="preprocessor">#undef max</span></div>
<div class="line"><a name="l00031"></a><span class="lineno"> 31</span> <span class="preprocessor">#include <vector></span></div>
<div class="line"><a name="l00032"></a><span class="lineno"> 32</span>  </div>
<div class="line"><a name="l00033"></a><span class="lineno"> 33</span> <span class="preprocessor">#ifndef SSLClientParameters_H_</span></div>
<div class="line"><a name="l00034"></a><span class="lineno"> 34</span> <span class="preprocessor">#define SSLClientParameters_H_</span></div>
<div class="line"><a name="l00035"></a><span class="lineno"> 35</span>  </div>
<div class="line"><a name="l00052"></a><span class="lineno"><a class="line" href="class_s_s_l_client_parameters.html"> 52</a></span> <span class="keyword">class </span><a class="code" href="class_s_s_l_client_parameters.html">SSLClientParameters</a> {</div>
<div class="line"><a name="l00053"></a><span class="lineno"> 53</span> <span class="keyword">public</span>:</div>
<div class="line"><a name="l00084"></a><span class="lineno"> 84</span>  <span class="keyword">static</span> <a class="code" href="class_s_s_l_client_parameters.html">SSLClientParameters</a> <a class="code" href="class_s_s_l_client_parameters.html#ac5ddf993f7d560581297471593051ea6">fromPEM</a>(<span class="keyword">const</span> <span class="keywordtype">char</span>* cert_pem, <span class="keyword">const</span> <span class="keywordtype">size_t</span> cert_len, <span class="keyword">const</span> <span class="keywordtype">char</span>* key_pem, <span class="keyword">const</span> <span class="keywordtype">size_t</span> key_len);</div>
<div class="line"><a name="l00085"></a><span class="lineno"> 85</span>  </div>
<div class="line"><a name="l00112"></a><span class="lineno"> 112</span>  <span class="keyword">static</span> <a class="code" href="class_s_s_l_client_parameters.html">SSLClientParameters</a> <a class="code" href="class_s_s_l_client_parameters.html#a12e44f4b8340ef7f1dcbbed7649e4bef">fromDER</a>(<span class="keyword">const</span> <span class="keywordtype">char</span>* cert_der, <span class="keyword">const</span> <span class="keywordtype">size_t</span> cert_len, <span class="keyword">const</span> <span class="keywordtype">char</span>* key_der, <span class="keyword">const</span> <span class="keywordtype">size_t</span> key_len);</div>
<div class="line"><a name="l00113"></a><span class="lineno"> 113</span>  </div>
<div class="line"><a name="l00115"></a><span class="lineno"><a class="line" href="class_s_s_l_client_parameters.html#af5686b2c601812f55477a7089b3b2c2d"> 115</a></span>  <span class="keyword">const</span> br_x509_certificate* <a class="code" href="class_s_s_l_client_parameters.html#af5686b2c601812f55477a7089b3b2c2d">getCertChain</a>()<span class="keyword"> const </span>{ <span class="keywordflow">return</span> &m_cert_struct; }</div>
<div class="line"><a name="l00116"></a><span class="lineno"> 116</span>  </div>
<div class="line"><a name="l00118"></a><span class="lineno"><a class="line" href="class_s_s_l_client_parameters.html#a90d581703308881714d64d1ada785ad2"> 118</a></span>  <span class="keywordtype">int</span> <a class="code" href="class_s_s_l_client_parameters.html#a90d581703308881714d64d1ada785ad2">getCertType</a>()<span class="keyword"> const </span>{ <span class="keywordflow">return</span> br_skey_decoder_key_type(&m_key_struct); }</div>
<div class="line"><a name="l00119"></a><span class="lineno"> 119</span>  </div>
<div class="line"><a name="l00121"></a><span class="lineno"><a class="line" href="class_s_s_l_client_parameters.html#ad9beb80ce98ed9aa34db28783f0264c5"> 121</a></span>  <span class="keyword">const</span> br_ec_private_key* <a class="code" href="class_s_s_l_client_parameters.html#ad9beb80ce98ed9aa34db28783f0264c5">getECKey</a>()<span class="keyword"> const </span>{ <span class="keywordflow">return</span> br_skey_decoder_get_ec(&m_key_struct); }</div>
<div class="line"><a name="l00122"></a><span class="lineno"> 122</span>  </div>
<div class="line"><a name="l00124"></a><span class="lineno"><a class="line" href="class_s_s_l_client_parameters.html#a82c21b0ae4690a6b7842a0d74b12f67f"> 124</a></span>  <span class="keyword">const</span> br_rsa_private_key* <a class="code" href="class_s_s_l_client_parameters.html#a82c21b0ae4690a6b7842a0d74b12f67f">getRSAKey</a>()<span class="keyword"> const </span>{ <span class="keywordflow">return</span> br_skey_decoder_get_rsa(&m_key_struct); }</div>
<div class="line"><a name="l00125"></a><span class="lineno"> 125</span>  </div>
<div class="line"><a name="l00126"></a><span class="lineno"> 126</span> <span class="keyword">protected</span>:</div>
<div class="line"><a name="l00127"></a><span class="lineno"> 127</span>  <a class="code" href="class_s_s_l_client_parameters.html#a97213b5554e90908fbf284669b5f22f3">SSLClientParameters</a>(<span class="keyword">const</span> <span class="keywordtype">char</span>* cert, <span class="keyword">const</span> <span class="keywordtype">size_t</span> cert_len, <span class="keyword">const</span> <span class="keywordtype">char</span>* key, <span class="keyword">const</span> <span class="keywordtype">size_t</span> key_len, <span class="keywordtype">bool</span> is_der);</div>
<div class="line"><a name="l00128"></a><span class="lineno"> 128</span>  </div>
<div class="line"><a name="l00129"></a><span class="lineno"> 129</span> <span class="keyword">private</span>:</div>
<div class="line"><a name="l00130"></a><span class="lineno"> 130</span>  <span class="keyword">const</span> std::vector<char> m_cert;</div>
<div class="line"><a name="l00131"></a><span class="lineno"> 131</span>  <span class="keyword">const</span> br_x509_certificate m_cert_struct;</div>
<div class="line"><a name="l00132"></a><span class="lineno"> 132</span>  <span class="keyword">const</span> br_skey_decoder_context m_key_struct;</div>
<div class="line"><a name="l00133"></a><span class="lineno"> 133</span> };</div>
<div class="line"><a name="l00134"></a><span class="lineno"> 134</span>  </div>
<div class="line"><a name="l00135"></a><span class="lineno"> 135</span> <span class="preprocessor">#endif</span></div>
<div class="ttc" id="aclass_s_s_l_client_parameters_html"><div class="ttname"><a href="class_s_s_l_client_parameters.html">SSLClientParameters</a></div><div class="ttdoc">This class stores data required for SSLClient to use mutual authentication.</div><div class="ttdef"><b>Definition:</b> SSLClientParameters.h:52</div></div>
<div class="ttc" id="aclass_s_s_l_client_parameters_html_a12e44f4b8340ef7f1dcbbed7649e4bef"><div class="ttname"><a href="class_s_s_l_client_parameters.html#a12e44f4b8340ef7f1dcbbed7649e4bef">SSLClientParameters::fromDER</a></div><div class="ttdeci">static SSLClientParameters fromDER(const char *cert_der, const size_t cert_len, const char *key_der, const size_t key_len)</div><div class="ttdoc">Create mutual authentication parameters from a DER certificate and private key.</div><div class="ttdef"><b>Definition:</b> SSLClientParameters.cpp:91</div></div>
<div class="ttc" id="aclass_s_s_l_client_parameters_html_a82c21b0ae4690a6b7842a0d74b12f67f"><div class="ttname"><a href="class_s_s_l_client_parameters.html#a82c21b0ae4690a6b7842a0d74b12f67f">SSLClientParameters::getRSAKey</a></div><div class="ttdeci">const br_rsa_private_key * getRSAKey() const</div><div class="ttdef"><b>Definition:</b> SSLClientParameters.h:124</div></div>
<div class="ttc" id="aclass_s_s_l_client_parameters_html_a90d581703308881714d64d1ada785ad2"><div class="ttname"><a href="class_s_s_l_client_parameters.html#a90d581703308881714d64d1ada785ad2">SSLClientParameters::getCertType</a></div><div class="ttdeci">int getCertType() const</div><div class="ttdef"><b>Definition:</b> SSLClientParameters.h:118</div></div>
<div class="ttc" id="aclass_s_s_l_client_parameters_html_a97213b5554e90908fbf284669b5f22f3"><div class="ttname"><a href="class_s_s_l_client_parameters.html#a97213b5554e90908fbf284669b5f22f3">SSLClientParameters::SSLClientParameters</a></div><div class="ttdeci">SSLClientParameters(const char *cert, const size_t cert_len, const char *key, const size_t key_len, bool is_der)</div><div class="ttdef"><b>Definition:</b> SSLClientParameters.cpp:80</div></div>
<div class="ttc" id="aclass_s_s_l_client_parameters_html_ac5ddf993f7d560581297471593051ea6"><div class="ttname"><a href="class_s_s_l_client_parameters.html#ac5ddf993f7d560581297471593051ea6">SSLClientParameters::fromPEM</a></div><div class="ttdeci">static SSLClientParameters fromPEM(const char *cert_pem, const size_t cert_len, const char *key_pem, const size_t key_len)</div><div class="ttdoc">Create mutual authentication parameters from a PEM certificate and private key.</div><div class="ttdef"><b>Definition:</b> SSLClientParameters.cpp:86</div></div>
<div class="ttc" id="aclass_s_s_l_client_parameters_html_ad9beb80ce98ed9aa34db28783f0264c5"><div class="ttname"><a href="class_s_s_l_client_parameters.html#ad9beb80ce98ed9aa34db28783f0264c5">SSLClientParameters::getECKey</a></div><div class="ttdeci">const br_ec_private_key * getECKey() const</div><div class="ttdef"><b>Definition:</b> SSLClientParameters.h:121</div></div>
<div class="ttc" id="aclass_s_s_l_client_parameters_html_af5686b2c601812f55477a7089b3b2c2d"><div class="ttname"><a href="class_s_s_l_client_parameters.html#af5686b2c601812f55477a7089b3b2c2d">SSLClientParameters::getCertChain</a></div><div class="ttdeci">const br_x509_certificate * getCertChain() const</div><div class="ttdef"><b>Definition:</b> SSLClientParameters.h:115</div></div>
</div><!-- fragment --></div><!-- contents -->
</div><!-- doc-content -->
<!-- start footer part -->
<div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
<li class="navelem"><a class="el" href="dir_68267d1309a1af8e8297ef4c3efbcdba.html">src</a></li><li class="navelem"><a class="el" href="_s_s_l_client_parameters_8h.html">SSLClientParameters.h</a></li>
<li class="footer">Generated by <a href=""><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.9.1 </li>
Normal file
@ -0,0 +1,112 @@
<!-- end header part -->
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0"
name="MSearchResults" id="MSearchResults">
<div class="header">
<div class="summary">
<a href="#nested-classes">Classes</a> </div>
<div class="headertitle">
<div class="title">SSLSession.h File Reference</div> </div>
<div class="contents">
<div class="textblock"><code>#include "bearssl.h"</code><br />
<code>#include "Arduino.h"</code><br />
<p><a href="_s_s_l_session_8h_source.html">Go to the source code of this file.</a></p>
<table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="nested-classes"></a>
<tr class="memitem:"><td class="memItemLeft" align="right" valign="top">class  </td><td class="memItemRight" valign="bottom"><a class="el" href="class_s_s_l_session.html">SSLSession</a></td></tr>
<tr class="memdesc:"><td class="mdescLeft"> </td><td class="mdescRight">This class stores values which allow <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a> to save and resume SSL sessions. <a href="class_s_s_l_session.html#details">More...</a><br /></td></tr>
<tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr>
</div><!-- contents -->
</div><!-- doc-content -->
<!-- start footer part -->
<div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
<li class="navelem"><a class="el" href="dir_68267d1309a1af8e8297ef4c3efbcdba.html">src</a></li><li class="navelem"><a class="el" href="_s_s_l_session_8h.html">SSLSession.h</a></li>
<li class="footer">Generated by <a href=""><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.9.1 </li>
Normal file
@ -0,0 +1,147 @@
<!-- end header part -->
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0"
name="MSearchResults" id="MSearchResults">
<div class="header">
<div class="headertitle">
<div class="title">SSLSession.h</div> </div>
<div class="contents">
<a href="_s_s_l_session_8h.html">Go to the documentation of this file.</a><div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno"> 1</span> <span class="comment">/* Copyright 2019 OSU OPEnS Lab</span></div>
<div class="line"><a name="l00002"></a><span class="lineno"> 2</span> <span class="comment"> *</span></div>
<div class="line"><a name="l00003"></a><span class="lineno"> 3</span> <span class="comment"> * Permission is hereby granted, free of charge, to any person obtaining a copy of this</span></div>
<div class="line"><a name="l00004"></a><span class="lineno"> 4</span> <span class="comment"> * software and associated documentation files (the "Software"), to deal in the Software</span></div>
<div class="line"><a name="l00005"></a><span class="lineno"> 5</span> <span class="comment"> * without restriction, including without limitation the rights to use, copy, modify,</span></div>
<div class="line"><a name="l00006"></a><span class="lineno"> 6</span> <span class="comment"> * merge, publish, distribute, sublicense, and/or sell copies of the Software, and to</span></div>
<div class="line"><a name="l00007"></a><span class="lineno"> 7</span> <span class="comment"> * permit persons to whom the Software is furnished to do so, subject to the following</span></div>
<div class="line"><a name="l00008"></a><span class="lineno"> 8</span> <span class="comment"> * conditions:</span></div>
<div class="line"><a name="l00009"></a><span class="lineno"> 9</span> <span class="comment"> *</span></div>
<div class="line"><a name="l00010"></a><span class="lineno"> 10</span> <span class="comment"> * The above copyright notice and this permission notice shall be included in all</span></div>
<div class="line"><a name="l00011"></a><span class="lineno"> 11</span> <span class="comment"> * copies or substantial portions of the Software.</span></div>
<div class="line"><a name="l00012"></a><span class="lineno"> 12</span> <span class="comment"> *</span></div>
<div class="line"><a name="l00013"></a><span class="lineno"> 13</span> <span class="comment"> * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,</span></div>
<div class="line"><a name="l00014"></a><span class="lineno"> 14</span> <span class="comment"> * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A</span></div>
<div class="line"><a name="l00015"></a><span class="lineno"> 15</span> <span class="comment"> * PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT</span></div>
<div class="line"><a name="l00016"></a><span class="lineno"> 16</span> <span class="comment"> * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION</span></div>
<div class="line"><a name="l00017"></a><span class="lineno"> 17</span> <span class="comment"> * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE</span></div>
<div class="line"><a name="l00018"></a><span class="lineno"> 18</span> <span class="comment"> * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.</span></div>
<div class="line"><a name="l00019"></a><span class="lineno"> 19</span> <span class="comment"> */</span></div>
<div class="line"><a name="l00020"></a><span class="lineno"> 20</span>  </div>
<div class="line"><a name="l00028"></a><span class="lineno"> 28</span> <span class="preprocessor">#include "bearssl.h"</span></div>
<div class="line"><a name="l00029"></a><span class="lineno"> 29</span> <span class="preprocessor">#include "Arduino.h"</span></div>
<div class="line"><a name="l00030"></a><span class="lineno"> 30</span>  </div>
<div class="line"><a name="l00031"></a><span class="lineno"> 31</span> <span class="preprocessor">#ifndef SSLSession_H_</span></div>
<div class="line"><a name="l00032"></a><span class="lineno"> 32</span> <span class="preprocessor">#define SSLSession_H_</span></div>
<div class="line"><a name="l00033"></a><span class="lineno"> 33</span>  </div>
<div class="line"><a name="l00051"></a><span class="lineno"><a class="line" href="class_s_s_l_session.html"> 51</a></span> <span class="keyword">class </span><a class="code" href="class_s_s_l_session.html">SSLSession</a> : <span class="keyword">public</span> br_ssl_session_parameters {</div>
<div class="line"><a name="l00052"></a><span class="lineno"> 52</span>  </div>
<div class="line"><a name="l00053"></a><span class="lineno"> 53</span> <span class="keyword">public</span>:</div>
<div class="line"><a name="l00059"></a><span class="lineno"><a class="line" href="class_s_s_l_session.html#a0c8e01b0944c1f4b0ec6d4c423c95b74"> 59</a></span>  <a class="code" href="class_s_s_l_session.html#a0c8e01b0944c1f4b0ec6d4c423c95b74">SSLSession</a>(<span class="keyword">const</span> <span class="keywordtype">char</span>* hostname)</div>
<div class="line"><a name="l00060"></a><span class="lineno"> 60</span>  : m_hostname(hostname) {}</div>
<div class="line"><a name="l00061"></a><span class="lineno"> 61</span>  </div>
<div class="line"><a name="l00070"></a><span class="lineno"><a class="line" href="class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820"> 70</a></span>  <span class="keyword">const</span> String& <a class="code" href="class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820">get_hostname</a>()<span class="keyword"> const </span>{ <span class="keywordflow">return</span> m_hostname; }</div>
<div class="line"><a name="l00071"></a><span class="lineno"> 71</span>  </div>
<div class="line"><a name="l00073"></a><span class="lineno"><a class="line" href="class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc"> 73</a></span>  br_ssl_session_parameters* <a class="code" href="class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc">to_br_session</a>() { <span class="keywordflow">return</span> (br_ssl_session_parameters *)<span class="keyword">this</span>; }</div>
<div class="line"><a name="l00074"></a><span class="lineno"> 74</span>  </div>
<div class="line"><a name="l00075"></a><span class="lineno"> 75</span> <span class="keyword">private</span>:</div>
<div class="line"><a name="l00076"></a><span class="lineno"> 76</span>  <span class="comment">// aparently a hostname has a max length of 256 chars. Go figure.</span></div>
<div class="line"><a name="l00077"></a><span class="lineno"> 77</span>  String m_hostname;</div>
<div class="line"><a name="l00078"></a><span class="lineno"> 78</span> };</div>
<div class="line"><a name="l00079"></a><span class="lineno"> 79</span>  </div>
<div class="line"><a name="l00080"></a><span class="lineno"> 80</span>  </div>
<div class="line"><a name="l00081"></a><span class="lineno"> 81</span>  </div>
<div class="line"><a name="l00082"></a><span class="lineno"> 82</span> <span class="preprocessor">#endif </span><span class="comment">/* SSLSession_H_ */</span><span class="preprocessor"></span></div>
<div class="ttc" id="aclass_s_s_l_session_html"><div class="ttname"><a href="class_s_s_l_session.html">SSLSession</a></div><div class="ttdoc">This class stores values which allow SSLClient to save and resume SSL sessions.</div><div class="ttdef"><b>Definition:</b> SSLSession.h:51</div></div>
<div class="ttc" id="aclass_s_s_l_session_html_a0c8e01b0944c1f4b0ec6d4c423c95b74"><div class="ttname"><a href="class_s_s_l_session.html#a0c8e01b0944c1f4b0ec6d4c423c95b74">SSLSession::SSLSession</a></div><div class="ttdeci">SSLSession(const char *hostname)</div><div class="ttdoc">SSLSession constructor.</div><div class="ttdef"><b>Definition:</b> SSLSession.h:59</div></div>
<div class="ttc" id="aclass_s_s_l_session_html_a825373c5ba1aa6c45e74dc8a72b21820"><div class="ttname"><a href="class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820">SSLSession::get_hostname</a></div><div class="ttdeci">const String & get_hostname() const</div><div class="ttdoc">Get the hostname string associated with this session.</div><div class="ttdef"><b>Definition:</b> SSLSession.h:70</div></div>
<div class="ttc" id="aclass_s_s_l_session_html_acbe6549b55d50541d09a16f770e65afc"><div class="ttname"><a href="class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc">SSLSession::to_br_session</a></div><div class="ttdeci">br_ssl_session_parameters * to_br_session()</div><div class="ttdoc">Returns a pointer to the ::br_ssl_session_parameters component of this class.</div><div class="ttdef"><b>Definition:</b> SSLSession.h:73</div></div>
</div><!-- fragment --></div><!-- contents -->
</div><!-- doc-content -->
<!-- start footer part -->
<div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
<li class="navelem"><a class="el" href="dir_68267d1309a1af8e8297ef4c3efbcdba.html">src</a></li><li class="navelem"><a class="el" href="_s_s_l_session_8h.html">SSLSession.h</a></li>
<li class="footer">Generated by <a href=""><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.9.1 </li>
Normal file
@ -0,0 +1,99 @@
<!-- end header part -->
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0"
name="MSearchResults" id="MSearchResults">
<div class="header">
<div class="headertitle">
<div class="title"> File Reference</div> </div>
<div class="contents">
</div><!-- contents -->
</div><!-- doc-content -->
<!-- start footer part -->
<div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
<li class="navelem"><a class="el" href="_trust_anchors_8md.html"></a></li>
<li class="footer">Generated by <a href=""><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.9.1 </li>
Normal file
@ -0,0 +1,106 @@
<!-- end header part -->
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0"
name="MSearchResults" id="MSearchResults">
<div class="header">
<div class="headertitle">
<div class="title">Class List</div> </div>
<div class="contents">
<div class="textblock">Here are the classes, structs, unions and interfaces with brief descriptions:</div><div class="directory">
<table class="directory">
<tr id="row_0_" class="even"><td class="entry"><span style="width:16px;display:inline-block;"> </span><span class="icona"><span class="icon">C</span></span><a class="el" href="structssl__pem__decode__state.html" target="_self">ssl_pem_decode_state</a></td><td class="desc"></td></tr>
<tr id="row_1_"><td class="entry"><span style="width:16px;display:inline-block;"> </span><span class="icona"><span class="icon">C</span></span><a class="el" href="class_s_s_l_client.html" target="_self">SSLClient</a></td><td class="desc">The main <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a> class. Check out <a class="el" href="_r_e_a_d_m_e_8md.html"></a> for more info </td></tr>
<tr id="row_2_" class="even"><td class="entry"><span style="width:16px;display:inline-block;"> </span><span class="icona"><span class="icon">C</span></span><a class="el" href="class_s_s_l_client_parameters.html" target="_self">SSLClientParameters</a></td><td class="desc">This class stores data required for <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a> to use mutual authentication </td></tr>
<tr id="row_3_"><td class="entry"><span style="width:16px;display:inline-block;"> </span><span class="icona"><span class="icon">C</span></span><a class="el" href="class_s_s_l_session.html" target="_self">SSLSession</a></td><td class="desc">This class stores values which allow <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a> to save and resume SSL sessions </td></tr>
</div><!-- directory -->
</div><!-- contents -->
</div><!-- doc-content -->
<div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
<li class="footer">Generated by <a href=""><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.9.1 </li>
@ -0,0 +1,136 @@
<!-- end header part -->
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0"
name="MSearchResults" id="MSearchResults">
<div class="header">
<div class="headertitle">
<div class="title">SSLClient Member List</div> </div>
<div class="contents">
<p>This is the complete list of members for <a class="el" href="class_s_s_l_client.html">SSLClient</a>, including all inherited members.</p>
<table class="directory">
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client.html#a0e775669b4a040fbd3f281dcbcd2de78">available</a>() override</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr><td class="entry"><a class="el" href="class_s_s_l_client.html#ab97c0745f65a6c6009ac938b3b9912c3">connect</a>(IPAddress ip, uint16_t port) override</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client.html#a248a5152cc3c3e7666bf5443bfd57c90">connect</a>(const char *host, uint16_t port) override</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr><td class="entry"><a class="el" href="class_s_s_l_client.html#a5488f01ccfddfd9e41f54dfbda48bcae">connected</a>() override</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1">DebugLevel</a> enum name</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr><td class="entry"><a class="el" href="class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6cea">Error</a> enum name</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client.html#aaf2192a6621fdf2f89cc26a9a1584f8c">flush</a>() override</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr><td class="entry"><a class="el" href="class_s_s_l_client.html#a9a4e9c9877ab73cf7e82d6942cc7db21">getClient</a>()</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"><span class="mlabel">inline</span></td></tr>
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client.html#a2bd012ef6f01df9694ba9fd0a3c227c3">getSession</a>(const char *host)</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr><td class="entry"><a class="el" href="class_s_s_l_client.html#ae3f9e6f8e8a50e520c936239abecfd22">getSessionCount</a>() const</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"><span class="mlabel">inline</span></td></tr>
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client.html#a2a178251978e0622f7e241da702ae498">getTimeout</a>() const</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"><span class="mlabel">inline</span></td></tr>
<tr><td class="entry"><a class="el" href="class_s_s_l_client.html#a4192ee3562c4806d4a6829356ca2636b">operator bool</a>()</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"><span class="mlabel">inline</span></td></tr>
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client.html#a0c0b6f2ad25701d1e45adb613d072d86">peek</a>() override</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr><td class="entry"><a class="el" href="class_s_s_l_client.html#a4c5420541a06213133ae308a3bca1c95">read</a>(uint8_t *buf, size_t size) override</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client.html#aef1b52f4ad9633126cb68739175920eb">read</a>() override</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"><span class="mlabel">inline</span></td></tr>
<tr><td class="entry"><a class="el" href="class_s_s_l_client.html#ad5d9d8a4187a3f8918bf66af83e733c4">removeSession</a>(const char *host)</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client.html#aeee217b5558dfb0724f2319888a77256">setMutualAuthParams</a>(const SSLClientParameters &params)</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr><td class="entry"><a class="el" href="class_s_s_l_client.html#a8da354f30537c1064d554921937a73ae">setTimeout</a>(unsigned int t)</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"><span class="mlabel">inline</span></td></tr>
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client.html#ab285c2f5a03124558ef7f74b9f3d12ad">setVerificationTime</a>(uint32_t days, uint32_t seconds)</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr><td class="entry"><a class="el" href="class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa6a9cc2412a53b5981e937a41523eece5">SSL_BR_CONNECT_FAIL</a> enum value</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa37bef298be71b84a57e59fadbfbd9016">SSL_BR_WRITE_ERROR</a> enum value</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr><td class="entry"><a class="el" href="class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa7510402478ffbecd6e1aa3811b175cfd">SSL_CLIENT_CONNECT_FAIL</a> enum value</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaab8581e1172fbf15067d435706d3a03a8">SSL_CLIENT_WRTIE_ERROR</a> enum value</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr><td class="entry"><a class="el" href="class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1ad1cf0d4d876daa655edb8331bfe2ce39">SSL_DUMP</a> enum value</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a199742ec5c99c72d9cede1fda0f125c5">SSL_ERROR</a> enum value</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr><td class="entry"><a class="el" href="class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a8d5f7561f9cc0a2f3e5f362b02f4a5b2">SSL_INFO</a> enum value</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaaf66f8d5f6601f9e7607b78bf7a07fc84">SSL_INTERNAL_ERROR</a> enum value</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr><td class="entry"><a class="el" href="class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a24122d1e1bb724237f305a0b4a21ff75">SSL_NONE</a> enum value</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa18dbddc0a3d4a94ee0f298fe55a06a94">SSL_OK</a> enum value</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr><td class="entry"><a class="el" href="class_s_s_l_client.html#a48239f60f1b4318cc112706fc40c6ceaa0a4f8af0226cf29ede8f6fe4a9047b08">SSL_OUT_OF_MEMORY</a> enum value</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client.html#af632625f8d247f3885c81e1f05043ad1a26f3e5f1481f3ea22ea4ab5370b0fa97">SSL_WARN</a> enum value</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr><td class="entry"><a class="el" href="class_s_s_l_client.html#a68f026a625ca1ccd1aba87bb6e670376">SSLClient</a>(Client &client, const br_x509_trust_anchor *trust_anchors, const size_t trust_anchors_num, const int analog_pin, const size_t max_sessions=1, const DebugLevel debug=SSL_WARN)</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"><span class="mlabel">explicit</span></td></tr>
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client.html#ad8ed697371748e31e01c3f697bc36cbe">stop</a>() override</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr><td class="entry"><a class="el" href="class_s_s_l_client.html#a03c7926938acd57cfc3b982edf725a86">write</a>(const uint8_t *buf, size_t size) override</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"></td></tr>
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client.html#a7343a58457b4659f83b61cac1f442c3d">write</a>(uint8_t b) override</td><td class="entry"><a class="el" href="class_s_s_l_client.html">SSLClient</a></td><td class="entry"><span class="mlabel">inline</span></td></tr>
</table></div><!-- contents -->
</div><!-- doc-content -->
<div id="side-nav" class="ui-resizable side-nav-resizable">
<div id="nav-tree">
<div id="nav-tree-contents">
<div id="nav-sync" class="sync"></div>
<div id="splitbar" style="-moz-user-select:none;"
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */
$(document).ready(function(){initNavTree('class_s_s_l_client_parameters.html',''); initResizable(); });
/* @license-end */
<div id="doc-content">
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0"
name="MSearchResults" id="MSearchResults">
<div class="header">
<div class="headertitle">
<div class="title">SSLClientParameters Member List</div> </div>
<div class="contents">
<p>This is the complete list of members for <a class="el" href="class_s_s_l_client_parameters.html">SSLClientParameters</a>, including all inherited members.</p>
<table class="directory">
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client_parameters.html#a12e44f4b8340ef7f1dcbbed7649e4bef">fromDER</a>(const char *cert_der, const size_t cert_len, const char *key_der, const size_t key_len)</td><td class="entry"><a class="el" href="class_s_s_l_client_parameters.html">SSLClientParameters</a></td><td class="entry"><span class="mlabel">static</span></td></tr>
<tr><td class="entry"><a class="el" href="class_s_s_l_client_parameters.html#ac5ddf993f7d560581297471593051ea6">fromPEM</a>(const char *cert_pem, const size_t cert_len, const char *key_pem, const size_t key_len)</td><td class="entry"><a class="el" href="class_s_s_l_client_parameters.html">SSLClientParameters</a></td><td class="entry"><span class="mlabel">static</span></td></tr>
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client_parameters.html#af5686b2c601812f55477a7089b3b2c2d">getCertChain</a>() const</td><td class="entry"><a class="el" href="class_s_s_l_client_parameters.html">SSLClientParameters</a></td><td class="entry"><span class="mlabel">inline</span></td></tr>
<tr><td class="entry"><a class="el" href="class_s_s_l_client_parameters.html#a90d581703308881714d64d1ada785ad2">getCertType</a>() const</td><td class="entry"><a class="el" href="class_s_s_l_client_parameters.html">SSLClientParameters</a></td><td class="entry"><span class="mlabel">inline</span></td></tr>
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client_parameters.html#ad9beb80ce98ed9aa34db28783f0264c5">getECKey</a>() const</td><td class="entry"><a class="el" href="class_s_s_l_client_parameters.html">SSLClientParameters</a></td><td class="entry"><span class="mlabel">inline</span></td></tr>
<tr><td class="entry"><a class="el" href="class_s_s_l_client_parameters.html#a82c21b0ae4690a6b7842a0d74b12f67f">getRSAKey</a>() const</td><td class="entry"><a class="el" href="class_s_s_l_client_parameters.html">SSLClientParameters</a></td><td class="entry"><span class="mlabel">inline</span></td></tr>
<tr class="even"><td class="entry"><a class="el" href="class_s_s_l_client_parameters.html#a97213b5554e90908fbf284669b5f22f3">SSLClientParameters</a>(const char *cert, const size_t cert_len, const char *key, const size_t key_len, bool is_der)</td><td class="entry"><a class="el" href="class_s_s_l_client_parameters.html">SSLClientParameters</a></td><td class="entry"><span class="mlabel">protected</span></td></tr>
</table></div><!-- contents -->
<div id="titlearea">
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0"
name="MSearchResults" id="MSearchResults">
<div class="header">
<div class="summary">
<a href="#pub-methods">Public Member Functions</a> |
<a href="#pub-static-methods">Static Public Member Functions</a> |
<a href="#pro-methods">Protected Member Functions</a> |
<a href="class_s_s_l_client_parameters-members.html">List of all members</a> </div>
<div class="headertitle">
<div class="title">SSLClientParameters Class Reference</div> </div>
<div class="contents">
<p>This class stores data required for <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a> to use mutual authentication.
<a href="class_s_s_l_client_parameters.html#details">More...</a></p>
<p><code>#include <<a class="el" href="_s_s_l_client_parameters_8h_source.html">SSLClientParameters.h</a>></code></p>
<table class="memberdecls">
<tr class="memitem:af5686b2c601812f55477a7089b3b2c2d"><td class="memItemLeft" align="right" valign="top">const br_x509_certificate * </td><td class="memItemRight" valign="bottom"><a class="el" href="class_s_s_l_client_parameters.html#af5686b2c601812f55477a7089b3b2c2d">getCertChain</a> () const</td></tr>
<tr class="separator:af5686b2c601812f55477a7089b3b2c2d"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:a90d581703308881714d64d1ada785ad2"><td class="memItemLeft" align="right" valign="top">int </td><td class="memItemRight" valign="bottom"><a class="el" href="class_s_s_l_client_parameters.html#a90d581703308881714d64d1ada785ad2">getCertType</a> () const</td></tr>
<tr class="separator:a90d581703308881714d64d1ada785ad2"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:ad9beb80ce98ed9aa34db28783f0264c5"><td class="memItemLeft" align="right" valign="top">const br_ec_private_key * </td><td class="memItemRight" valign="bottom"><a class="el" href="class_s_s_l_client_parameters.html#ad9beb80ce98ed9aa34db28783f0264c5">getECKey</a> () const</td></tr>
<tr class="separator:ad9beb80ce98ed9aa34db28783f0264c5"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:a82c21b0ae4690a6b7842a0d74b12f67f"><td class="memItemLeft" align="right" valign="top">const br_rsa_private_key * </td><td class="memItemRight" valign="bottom"><a class="el" href="class_s_s_l_client_parameters.html#a82c21b0ae4690a6b7842a0d74b12f67f">getRSAKey</a> () const</td></tr>
<tr class="separator:a82c21b0ae4690a6b7842a0d74b12f67f"><td class="memSeparator" colspan="2"> </td></tr>
</table><table class="memberdecls">
<tr class="memitem:ac5ddf993f7d560581297471593051ea6"><td class="memItemLeft" align="right" valign="top">static <a class="el" href="class_s_s_l_client_parameters.html">SSLClientParameters</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="class_s_s_l_client_parameters.html#ac5ddf993f7d560581297471593051ea6">fromPEM</a> (const char *cert_pem, const size_t cert_len, const char *key_pem, const size_t key_len)</td></tr>
<tr class="memdesc:ac5ddf993f7d560581297471593051ea6"><td class="mdescLeft"> </td><td class="mdescRight">Create mutual authentication parameters from a PEM certificate and private key. <a href="class_s_s_l_client_parameters.html#ac5ddf993f7d560581297471593051ea6">More...</a><br /></td></tr>
<tr class="separator:ac5ddf993f7d560581297471593051ea6"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:a12e44f4b8340ef7f1dcbbed7649e4bef"><td class="memItemLeft" align="right" valign="top">static <a class="el" href="class_s_s_l_client_parameters.html">SSLClientParameters</a> </td><td class="memItemRight" valign="bottom"><a class="el" href="class_s_s_l_client_parameters.html#a12e44f4b8340ef7f1dcbbed7649e4bef">fromDER</a> (const char *cert_der, const size_t cert_len, const char *key_der, const size_t key_len)</td></tr>
<tr class="memdesc:a12e44f4b8340ef7f1dcbbed7649e4bef"><td class="mdescLeft"> </td><td class="mdescRight">Create mutual authentication parameters from a DER certificate and private key. <a href="class_s_s_l_client_parameters.html#a12e44f4b8340ef7f1dcbbed7649e4bef">More...</a><br /></td></tr>
<tr class="separator:a12e44f4b8340ef7f1dcbbed7649e4bef"><td class="memSeparator" colspan="2"> </td></tr>
</table><table class="memberdecls">
<tr class="memitem:a97213b5554e90908fbf284669b5f22f3"><td class="memItemLeft" align="right" valign="top"> </td><td class="memItemRight" valign="bottom"><a class="el" href="class_s_s_l_client_parameters.html#a97213b5554e90908fbf284669b5f22f3">SSLClientParameters</a> (const char *cert, const size_t cert_len, const char *key, const size_t key_len, bool is_der)</td></tr>
<tr class="separator:a97213b5554e90908fbf284669b5f22f3"><td class="memSeparator" colspan="2"> </td></tr>
<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
<div class="textblock"><p>This class stores data required for <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a> to use mutual authentication. </p>
<p><a class="el" href="_s_s_l_client_parameters_8h.html">SSLClientParameters.h</a></p>
<p>This file contains a simple utility class to store parameters about an SSL Session for reuse later.</p>
<p>TLS mutual authentication is a process in which both the server and client perform cryptographic operations to verify the authenticity of eachother, for more information check out this article: <a href=""></a> . If this struct is provided to <a class="el" href="class_s_s_l_client.html#a68f026a625ca1ccd1aba87bb6e670376" title="Initialize SSLClient with all of the prerequisites needed.">SSLClient::SSLClient</a> via <a class="el" href="class_s_s_l_client.html#aeee217b5558dfb0724f2319888a77256" title="Add a client certificate and enable support for mutual auth.">SSLClient::setMutualAuthParams</a>, <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a> will automatically send a client certificate if one is requested by the server. This will happen for all <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a> connections, and may cause issues for websites that do not need mutual authentication—as a result, please only turn on mutual authentication if you are sure it is neccesary.</p>
<p><a class="el" href="class_s_s_l_client_parameters.html" title="This class stores data required for SSLClient to use mutual authentication.">SSLClientParameters</a> supports both ECC and RSA client certificates. I recommend using ECC certificates if possible, as <a class="el" href="class_s_s_l_client_parameters.html" title="This class stores data required for SSLClient to use mutual authentication.">SSLClientParameters</a> will make a copy of both the certificate and the private key in memory, and ECC keys tend to be smaller than RSA ones. </p>
</div><h2 class="groupheader">Constructor & Destructor Documentation</h2>
<a id="a97213b5554e90908fbf284669b5f22f3"></a>
<h2 class="memtitle"><span class="permalink"><a href="#a97213b5554e90908fbf284669b5f22f3">◆ </a></span>SSLClientParameters()</h2>
<div class="memitem">
<div class="memproto">
<table class="mlabels">
<td class="mlabels-left">
<table class="memname">
<td class="memname">SSLClientParameters::SSLClientParameters </td>
<td class="paramtype">const char * </td>
<td class="paramname"><em>cert</em>, </td>
<td class="paramkey"></td>
<td class="paramtype">const size_t </td>
<td class="paramname"><em>cert_len</em>, </td>
<td class="paramkey"></td>
<td class="paramtype">const char * </td>
<td class="paramname"><em>key</em>, </td>
<td class="paramkey"></td>
<td class="paramtype">const size_t </td>
<td class="paramname"><em>key_len</em>, </td>
<td class="paramkey"></td>
<td class="paramtype">bool </td>
<td class="paramname"><em>is_der</em> </td>
<td class="mlabels-right">
<span class="mlabels"><span class="mlabel">protected</span></span> </td>
</div><div class="memdoc">
<h2 class="groupheader">Member Function Documentation</h2>
<a id="a12e44f4b8340ef7f1dcbbed7649e4bef"></a>
<h2 class="memtitle"><span class="permalink"><a href="#a12e44f4b8340ef7f1dcbbed7649e4bef">◆ </a></span>fromDER()</h2>
<div class="memitem">
<div class="memproto">
<table class="mlabels">
<td class="mlabels-left">
<table class="memname">
<td class="memname"><a class="el" href="class_s_s_l_client_parameters.html">SSLClientParameters</a> SSLClientParameters::fromDER </td>
<td class="paramtype">const char * </td>
<td class="paramname"><em>cert_der</em>, </td>
<td class="paramkey"></td>
<td class="paramtype">const size_t </td>
<td class="paramname"><em>cert_len</em>, </td>
<td class="paramkey"></td>
<td class="paramtype">const char * </td>
<td class="paramname"><em>key_der</em>, </td>
<td class="paramkey"></td>
<td class="paramtype">const size_t </td>
<td class="paramname"><em>key_len</em> </td>
<td class="mlabels-right">
<span class="mlabels"><span class="mlabel">static</span></span> </td>
</div><div class="memdoc">
<p>Create mutual authentication parameters from a DER certificate and private key. </p>
<p>Use this function to create a mutual tls context from a DER client certificate and DER private key. This function will copy the certificate and private key, extract the needed information from the private key, and store both that information and the copied cert into a <a class="el" href="class_s_s_l_client_parameters.html" title="This class stores data required for SSLClient to use mutual authentication.">SSLClientParameters</a> object. Given the key parsed correctly, you can then use <a class="el" href="class_s_s_l_client.html#aeee217b5558dfb0724f2319888a77256" title="Add a client certificate and enable support for mutual auth.">SSLClient::setMutualAuthParams</a> at the begining of your sketch to enable mTLS with <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a>. This function supports both ECC and RSA certificate/private keys (use EC keys wherever possible, as they are signifigantly smaller and faster), however <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a> only supports the p256, p384, and p512 curves for ECC.</p>
<p>Because <a class="el" href="class_s_s_l_client_parameters.html" title="This class stores data required for SSLClient to use mutual authentication.">SSLClientParameters</a> creates a copy of both the certificate and key, you do not need to ensure that the data pointed to by cert_der or key_der is accessible after this function (i.e. you can free them afterwards).</p>
<p>Please note that if the private key is incorrect, this function will not report an error, and instead <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a> will fall back to regular TLS when making a connection.</p>
<dl class="params"><dt>Parameters</dt><dd>
<table class="params">
<tr><td class="paramname">cert_der</td><td>A DER encoded certificate, can be ECC or RSA. </td></tr>
<tr><td class="paramname">cert_len</td><td>The number of bytes in cert_der. </td></tr>
<tr><td class="paramname">key_der</td><td>A DER encoded private key, can be ECC or RSA. </td></tr>
<tr><td class="paramname">key_len</td><td>The number of bytes in key_ders </td></tr>
<dl class="section return"><dt>Returns</dt><dd>An <a class="el" href="class_s_s_l_client_parameters.html" title="This class stores data required for SSLClient to use mutual authentication.">SSLClientParameters</a> context, to be used with <a class="el" href="class_s_s_l_client.html#aeee217b5558dfb0724f2319888a77256" title="Add a client certificate and enable support for mutual auth.">SSLClient::setMutualAuthParams</a>. </dd></dl>
<a id="ac5ddf993f7d560581297471593051ea6"></a>
<h2 class="memtitle"><span class="permalink"><a href="#ac5ddf993f7d560581297471593051ea6">◆ </a></span>fromPEM()</h2>
<div class="memitem">
<div class="memproto">
<table class="mlabels">
<td class="mlabels-left">
<table class="memname">
<td class="memname"><a class="el" href="class_s_s_l_client_parameters.html">SSLClientParameters</a> SSLClientParameters::fromPEM </td>
<td class="paramtype">const char * </td>
<td class="paramname"><em>cert_pem</em>, </td>
<td class="paramkey"></td>
<td class="paramtype">const size_t </td>
<td class="paramname"><em>cert_len</em>, </td>
<td class="paramkey"></td>
<td class="paramtype">const char * </td>
<td class="paramname"><em>key_pem</em>, </td>
<td class="paramkey"></td>
<td class="paramtype">const size_t </td>
<td class="paramname"><em>key_len</em> </td>
<td class="mlabels-right">
<span class="mlabels"><span class="mlabel">static</span></span> </td>
</div><div class="memdoc">
<p>Create mutual authentication parameters from a PEM certificate and private key. </p>
<p>Use this function to create a mutual tls context from a PEM client certificate and PEM private key. This function will convert the PEM certificates into DER format (creating a copy in the process), extract the needed information from the private key, and store that information into a <a class="el" href="class_s_s_l_client_parameters.html" title="This class stores data required for SSLClient to use mutual authentication.">SSLClientParameters</a> object. Given the certifiate and key parsed correctly, you can then use <a class="el" href="class_s_s_l_client.html#aeee217b5558dfb0724f2319888a77256" title="Add a client certificate and enable support for mutual auth.">SSLClient::setMutualAuthParams</a> at the begining of your sketch to enable mTLS with <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a>. This function supports both ECC and RSA certificate/private keys (use EC keys wherever possible, as they are signifigantly smaller and faster), however <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a> only supports the p256, p384, and p512 curves for ECC.</p>
<p>Because <a class="el" href="class_s_s_l_client_parameters.html" title="This class stores data required for SSLClient to use mutual authentication.">SSLClientParameters</a> creates a copy of both the certificate and key, you do not need to ensure that the data pointed to by cert_pem or key_pem is accessible after this function (i.e. you can free them afterwards).</p>
<p>Please note that if the certificate or private key are incorrect, this function will not report an error, and instead <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a> will fall back to regular TLS when making a connection.</p>
<dl class="params"><dt>Parameters</dt><dd>
<table class="params">
<tr><td class="paramname">cert_pem</td><td>A PEM formatted certificate, including the "BEGIN" and "END" header/footers. Can be ECC or RSA. cert_pem supports both LF and CRLF for endlines, but all other constraints on a valid PEM file apply. </td></tr>
<tr><td class="paramname">cert_len</td><td>The number of bytes in cert_pem. </td></tr>
<tr><td class="paramname">key_pem</td><td>A PEM formatted private key, including the "BEGIN" and "END" header/footers. Can be ECC or RSA. key_pem supports both LF and CRLF for endlines, but all other constraints \ on a valid PEM file apply. </td></tr>
<tr><td class="paramname">key_len</td><td>The number of bytes in key_pem </td></tr>
<dl class="section return"><dt>Returns</dt><dd>An <a class="el" href="class_s_s_l_client_parameters.html" title="This class stores data required for SSLClient to use mutual authentication.">SSLClientParameters</a> context, to be used with <a class="el" href="class_s_s_l_client.html#aeee217b5558dfb0724f2319888a77256" title="Add a client certificate and enable support for mutual auth.">SSLClient::setMutualAuthParams</a>. </dd></dl>
<a id="af5686b2c601812f55477a7089b3b2c2d"></a>
<h2 class="memtitle"><span class="permalink"><a href="#af5686b2c601812f55477a7089b3b2c2d">◆ </a></span>getCertChain()</h2>
<div class="memitem">
<div class="memproto">
<table class="mlabels">
<td class="mlabels-left">
<table class="memname">
<td class="memname">const br_x509_certificate* SSLClientParameters::getCertChain </td>
<td class="paramname"></td><td>)</td>
<td> const</td>
<td class="mlabels-right">
<span class="mlabels"><span class="mlabel">inline</span></span> </td>
</div><div class="memdoc">
<p>mTLS information used by <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a> during authentication </p>
<a id="a90d581703308881714d64d1ada785ad2"></a>
<h2 class="memtitle"><span class="permalink"><a href="#a90d581703308881714d64d1ada785ad2">◆ </a></span>getCertType()</h2>
<div class="memitem">
<div class="memproto">
<table class="mlabels">
<td class="mlabels-left">
<table class="memname">
<td class="memname">int SSLClientParameters::getCertType </td>
<td class="paramname"></td><td>)</td>
<td> const</td>
<td class="mlabels-right">
<span class="mlabels"><span class="mlabel">inline</span></span> </td>
</div><div class="memdoc">
<p>mTLS information used by <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a> during authentication </p>
<a id="ad9beb80ce98ed9aa34db28783f0264c5"></a>
<h2 class="memtitle"><span class="permalink"><a href="#ad9beb80ce98ed9aa34db28783f0264c5">◆ </a></span>getECKey()</h2>
<div class="memitem">
<div class="memproto">
<table class="mlabels">
<td class="mlabels-left">
<table class="memname">
<td class="memname">const br_ec_private_key* SSLClientParameters::getECKey </td>
<td class="paramname"></td><td>)</td>
<td> const</td>
<td class="mlabels-right">
<span class="mlabels"><span class="mlabel">inline</span></span> </td>
</div><div class="memdoc">
<p>mTLS information used by <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a> during authentication </p>
<a id="a82c21b0ae4690a6b7842a0d74b12f67f"></a>
<h2 class="memtitle"><span class="permalink"><a href="#a82c21b0ae4690a6b7842a0d74b12f67f">◆ </a></span>getRSAKey()</h2>
<div class="memitem">
<div class="memproto">
<table class="mlabels">
<td class="mlabels-left">
<table class="memname">
<td class="memname">const br_rsa_private_key* SSLClientParameters::getRSAKey </td>
<td class="paramname"></td><td>)</td>
<td> const</td>
<td class="mlabels-right">
<span class="mlabels"><span class="mlabel">inline</span></span> </td>
</div><div class="memdoc">
<p>mTLS information used by <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a> during authentication </p>
<hr/>The documentation for this class was generated from the following files:<ul>
<li>src/<a class="el" href="_s_s_l_client_parameters_8h_source.html">SSLClientParameters.h</a></li>
<li>src/<a class="el" href="_s_s_l_client_parameters_8cpp.html">SSLClientParameters.cpp</a></li>
</div><!-- contents -->
@ -0,0 +1,8 @@
var class_s_s_l_client_parameters =
[ "SSLClientParameters", "class_s_s_l_client_parameters.html#a97213b5554e90908fbf284669b5f22f3", null ],
[ "getCertChain", "class_s_s_l_client_parameters.html#af5686b2c601812f55477a7089b3b2c2d", null ],
[ "getCertType", "class_s_s_l_client_parameters.html#a90d581703308881714d64d1ada785ad2", null ],
[ "getECKey", "class_s_s_l_client_parameters.html#ad9beb80ce98ed9aa34db28783f0264c5", null ],
[ "getRSAKey", "class_s_s_l_client_parameters.html#a82c21b0ae4690a6b7842a0d74b12f67f", null ]
Normal file
@ -0,0 +1,222 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">
<html xmlns="">
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="generator" content="Doxygen 1.9.1"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title>SSLClient: SSLSession Class Reference</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="dynsections.js"></script>
<link href="navtree.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="resize.js"></script>
<script type="text/javascript" src="navtreedata.js"></script>
<script type="text/javascript" src="navtree.js"></script>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="search/searchdata.js"></script>
<script type="text/javascript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css" />
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
<tr style="height: 56px;">
<td id="projectalign" style="padding-left: 0.5em;">
<div id="projectname">SSLClient
 <span id="projectnumber">v1.6.11</span>
<!-- end header part -->
<!-- Generated by Doxygen 1.9.1 -->
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */
var searchBox = new SearchBox("searchBox", "search",false,'Search','.html');
/* @license-end */
<script type="text/javascript" src="menudata.js"></script>
<script type="text/javascript" src="menu.js"></script>
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */
$(function() {
$(document).ready(function() { init_search(); });
/* @license-end */</script>
<div id="main-nav"></div>
</div><!-- top -->
<div id="side-nav" class="ui-resizable side-nav-resizable">
<div id="nav-tree">
<div id="nav-tree-contents">
<div id="nav-sync" class="sync"></div>
<div id="splitbar" style="-moz-user-select:none;"
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */
$(document).ready(function(){initNavTree('class_s_s_l_session.html',''); initResizable(); });
/* @license-end */
<div id="doc-content">
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0"
name="MSearchResults" id="MSearchResults">
<div class="header">
<div class="summary">
<a href="#pub-methods">Public Member Functions</a> |
<a href="class_s_s_l_session-members.html">List of all members</a> </div>
<div class="headertitle">
<div class="title">SSLSession Class Reference</div> </div>
<div class="contents">
<p>This class stores values which allow <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a> to save and resume SSL sessions.
<a href="class_s_s_l_session.html#details">More...</a></p>
<p><code>#include <<a class="el" href="_s_s_l_session_8h_source.html">SSLSession.h</a>></code></p>
<div class="dynheader">
Inheritance diagram for SSLSession:</div>
<div class="dyncontent">
<div class="center">
<img src="class_s_s_l_session.png" alt=""/>
<table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="pub-methods"></a>
Public Member Functions</h2></td></tr>
<tr class="memitem:a0c8e01b0944c1f4b0ec6d4c423c95b74"><td class="memItemLeft" align="right" valign="top"> </td><td class="memItemRight" valign="bottom"><a class="el" href="class_s_s_l_session.html#a0c8e01b0944c1f4b0ec6d4c423c95b74">SSLSession</a> (const char *hostname)</td></tr>
<tr class="memdesc:a0c8e01b0944c1f4b0ec6d4c423c95b74"><td class="mdescLeft"> </td><td class="mdescRight"><a class="el" href="class_s_s_l_session.html" title="This class stores values which allow SSLClient to save and resume SSL sessions.">SSLSession</a> constructor. <a href="class_s_s_l_session.html#a0c8e01b0944c1f4b0ec6d4c423c95b74">More...</a><br /></td></tr>
<tr class="separator:a0c8e01b0944c1f4b0ec6d4c423c95b74"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:a825373c5ba1aa6c45e74dc8a72b21820"><td class="memItemLeft" align="right" valign="top">const String & </td><td class="memItemRight" valign="bottom"><a class="el" href="class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820">get_hostname</a> () const</td></tr>
<tr class="memdesc:a825373c5ba1aa6c45e74dc8a72b21820"><td class="mdescLeft"> </td><td class="mdescRight">Get the hostname string associated with this session. <a href="class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820">More...</a><br /></td></tr>
<tr class="separator:a825373c5ba1aa6c45e74dc8a72b21820"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:acbe6549b55d50541d09a16f770e65afc"><td class="memItemLeft" align="right" valign="top">br_ssl_session_parameters * </td><td class="memItemRight" valign="bottom"><a class="el" href="class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc">to_br_session</a> ()</td></tr>
<tr class="memdesc:acbe6549b55d50541d09a16f770e65afc"><td class="mdescLeft"> </td><td class="mdescRight">Returns a pointer to the ::br_ssl_session_parameters component of this class. <a href="class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc">More...</a><br /></td></tr>
<tr class="separator:acbe6549b55d50541d09a16f770e65afc"><td class="memSeparator" colspan="2"> </td></tr>
<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
<div class="textblock"><p>This class stores values which allow <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a> to save and resume SSL sessions. </p>
<p><a class="el" href="_s_s_l_session_8h.html">SSLSession.h</a></p>
<p>This file contains a simple utility class to store parameters about an SSL Session for reuse later.</p>
<p>This class was created to extend the values stored in br_ssl_session_parameters, which allow BearSSL to resume an SSL session. When testing BearSSL's session resumption feature, it was observed that BearSSL can only resume a session that was was started with the same server. This becomes an issue when using repeated requests to a domain name which can resolve to multiple IP addresses (""), as the device will switch between two or three servers. Since BearSSL only stores one session at a time, this results in session resumption being few and far between.</p>
<p>To remedy this problem, an <a class="el" href="class_s_s_l_session.html" title="This class stores values which allow SSLClient to save and resume SSL sessions.">SSLSession</a> stores the IPAddress and hostname, along with the parameters in br_ssl_session_parameters struct. Using this data, <a class="el" href="class_s_s_l_client.html" title="The main SSLClient class. Check out for more info.">SSLClient</a> is able to remember which IPAddress is associated with which session, allowing it to reconnect to the last IPAddress, as opposed to any associated with the domain. </p>
</div><h2 class="groupheader">Constructor & Destructor Documentation</h2>
<a id="a0c8e01b0944c1f4b0ec6d4c423c95b74"></a>
<h2 class="memtitle"><span class="permalink"><a href="#a0c8e01b0944c1f4b0ec6d4c423c95b74">◆ </a></span>SSLSession()</h2>
<div class="memitem">
<div class="memproto">
<table class="mlabels">
<td class="mlabels-left">
<table class="memname">
<td class="memname">SSLSession::SSLSession </td>
<td class="paramtype">const char * </td>
<td class="paramname"><em>hostname</em></td><td>)</td>
<td class="mlabels-right">
<span class="mlabels"><span class="mlabel">inline</span></span> </td>
</div><div class="memdoc">
<p><a class="el" href="class_s_s_l_session.html" title="This class stores values which allow SSLClient to save and resume SSL sessions.">SSLSession</a> constructor. </p>
<p>Sets all parameters to zero, and invalidates the session </p>
<h2 class="groupheader">Member Function Documentation</h2>
<a id="a825373c5ba1aa6c45e74dc8a72b21820"></a>
<h2 class="memtitle"><span class="permalink"><a href="#a825373c5ba1aa6c45e74dc8a72b21820">◆ </a></span>get_hostname()</h2>
<div class="memitem">
<div class="memproto">
<table class="mlabels">
<td class="mlabels-left">
<table class="memname">
<td class="memname">const String& SSLSession::get_hostname </td>
<td class="paramname"></td><td>)</td>
<td> const</td>
<td class="mlabels-right">
<span class="mlabels"><span class="mlabel">inline</span></span> </td>
</div><div class="memdoc">
<p>Get the hostname string associated with this session. </p>
<dl class="section return"><dt>Returns</dt><dd>A String object or "" if there is no hostname </dd></dl>
<dl class="section pre"><dt>Precondition</dt><dd>must check isValidSession before getting this value, as if this session in invalid this value is not guarenteed to be reset to "". </dd></dl>
<a id="acbe6549b55d50541d09a16f770e65afc"></a>
<h2 class="memtitle"><span class="permalink"><a href="#acbe6549b55d50541d09a16f770e65afc">◆ </a></span>to_br_session()</h2>
<div class="memitem">
<div class="memproto">
<table class="mlabels">
<td class="mlabels-left">
<table class="memname">
<td class="memname">br_ssl_session_parameters* SSLSession::to_br_session </td>
<td class="paramname"></td><td>)</td>
<td class="mlabels-right">
<span class="mlabels"><span class="mlabel">inline</span></span> </td>
</div><div class="memdoc">
<p>Returns a pointer to the ::br_ssl_session_parameters component of this class. </p>
<hr/>The documentation for this class was generated from the following file:<ul>
<li>src/<a class="el" href="_s_s_l_session_8h_source.html">SSLSession.h</a></li>
</div><!-- contents -->
</div><!-- doc-content -->
<!-- start footer part -->
<div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
<li class="navelem"><a class="el" href="class_s_s_l_session.html">SSLSession</a></li>
<li class="footer">Generated by <a href=""><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.9.1 </li>
Normal file
@ -0,0 +1,6 @@
var class_s_s_l_session =
[ "SSLSession", "class_s_s_l_session.html#a0c8e01b0944c1f4b0ec6d4c423c95b74", null ],
[ "get_hostname", "class_s_s_l_session.html#a825373c5ba1aa6c45e74dc8a72b21820", null ],
[ "to_br_session", "class_s_s_l_session.html#acbe6549b55d50541d09a16f770e65afc", null ]
Normal file
After Width: | Height: | Size: 609 B |
Normal file
@ -0,0 +1,104 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">
<html xmlns="">
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="generator" content="Doxygen 1.9.1"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title>SSLClient: Class Index</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="dynsections.js"></script>
<link href="navtree.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="resize.js"></script>
<script type="text/javascript" src="navtreedata.js"></script>
<script type="text/javascript" src="navtree.js"></script>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="search/searchdata.js"></script>
<script type="text/javascript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css" />
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
<tr style="height: 56px;">
<td id="projectalign" style="padding-left: 0.5em;">
<div id="projectname">SSLClient
 <span id="projectnumber">v1.6.11</span>
<!-- end header part -->
<!-- Generated by Doxygen 1.9.1 -->
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */
var searchBox = new SearchBox("searchBox", "search",false,'Search','.html');
/* @license-end */
<script type="text/javascript" src="menudata.js"></script>
<script type="text/javascript" src="menu.js"></script>
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */
$(function() {
$(document).ready(function() { init_search(); });
/* @license-end */</script>
<div id="main-nav"></div>
</div><!-- top -->
<div id="side-nav" class="ui-resizable side-nav-resizable">
<div id="nav-tree">
<div id="nav-tree-contents">
<div id="nav-sync" class="sync"></div>
<div id="splitbar" style="-moz-user-select:none;"
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */
$(document).ready(function(){initNavTree('classes.html',''); initResizable(); });
/* @license-end */
<div id="doc-content">
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0"
name="MSearchResults" id="MSearchResults">
<div class="header">
<div class="headertitle">
<div class="title">Class Index</div> </div>
<div class="contents">
<div class="qindex"><a class="qindex" href="#letter_S">S</a></div>
<div class="classindex">
<dl class="classindex even">
<dt class="alphachar"><a name="letter_S">S</a></dt>
<dd><a class="el" href="structssl__pem__decode__state.html">ssl_pem_decode_state</a></dd><dd><a class="el" href="class_s_s_l_client.html">SSLClient</a></dd><dd><a class="el" href="class_s_s_l_client_parameters.html">SSLClientParameters</a></dd><dd><a class="el" href="class_s_s_l_session.html">SSLSession</a></dd></dl>
</div><!-- contents -->
</div><!-- doc-content -->
<!-- start footer part -->
<div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
<li class="footer">Generated by <a href=""><img class="footer" src="doxygen.svg" width="104" height="31" alt="doxygen"/></a> 1.9.1 </li>
Normal file
After Width: | Height: | Size: 132 B |
Normal file
@ -0,0 +1,115 @@
<!-- end header part -->
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0"
name="MSearchResults" id="MSearchResults">
<div class="header">
<div class="headertitle">
<div class="title">src Directory Reference</div> </div>
<div class="contents">
<table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="files"></a>
<tr class="memitem:_s_s_l_client_8cpp"><td class="memItemLeft" align="right" valign="top">file  </td><td class="memItemRight" valign="bottom"><a class="el" href="_s_s_l_client_8cpp.html">SSLClient.cpp</a></td></tr>
<tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:_s_s_l_client_8h"><td class="memItemLeft" align="right" valign="top">file  </td><td class="memItemRight" valign="bottom"><a class="el" href="_s_s_l_client_8h.html">SSLClient.h</a> <a href="_s_s_l_client_8h_source.html">[code]</a></td></tr>
<tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:_s_s_l_client_parameters_8cpp"><td class="memItemLeft" align="right" valign="top">file  </td><td class="memItemRight" valign="bottom"><a class="el" href="_s_s_l_client_parameters_8cpp.html">SSLClientParameters.cpp</a></td></tr>
<tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:_s_s_l_client_parameters_8h"><td class="memItemLeft" align="right" valign="top">file  </td><td class="memItemRight" valign="bottom"><a class="el" href="_s_s_l_client_parameters_8h.html">SSLClientParameters.h</a> <a href="_s_s_l_client_parameters_8h_source.html">[code]</a></td></tr>
<tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:_s_s_l_session_8h"><td class="memItemLeft" align="right" valign="top">file  </td><td class="memItemRight" valign="bottom"><a class="el" href="_s_s_l_session_8h.html">SSLSession.h</a> <a href="_s_s_l_session_8h_source.html">[code]</a></td></tr>
<tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:time__macros_8h"><td class="memItemLeft" align="right" valign="top">file  </td><td class="memItemRight" valign="bottom"><a class="el" href="time__macros_8h.html">time_macros.h</a> <a href="time__macros_8h_source.html">[code]</a></td></tr>
<tr class="separator:"><td class="memSeparator" colspan="2"> </td></tr>
</div><!-- contents -->
@ -0,0 +1,15 @@
var dir_68267d1309a1af8e8297ef4c3efbcdba =
[ "SSLClient.cpp", "_s_s_l_client_8cpp.html", null ],
[ "SSLClient.h", "_s_s_l_client_8h.html", [
[ "SSLClient", "class_s_s_l_client.html", "class_s_s_l_client" ]
] ],
[ "SSLClientParameters.cpp", "_s_s_l_client_parameters_8cpp.html", "_s_s_l_client_parameters_8cpp" ],
[ "SSLClientParameters.h", "_s_s_l_client_parameters_8h.html", [
[ "SSLClientParameters", "class_s_s_l_client_parameters.html", "class_s_s_l_client_parameters" ]
] ],
[ "SSLSession.h", "_s_s_l_session_8h.html", [
[ "SSLSession", "class_s_s_l_session.html", "class_s_s_l_session" ]
] ],
[ "time_macros.h", "time__macros_8h.html", "time__macros_8h" ]
Normal file
* Subject: C=IE,O=Baltimore,OU=CyberTrust,CN=Baltimore CyberTrust Root
* Domain(s):
#define TAs_NUM 1
static const unsigned char TA_DN0[] = {
0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
0x02, 0x49, 0x45, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a,
0x13, 0x09, 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, 0x65, 0x31,
0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x0a, 0x43, 0x79,
0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x31, 0x22, 0x30, 0x20,
0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x42, 0x61, 0x6c, 0x74, 0x69,
0x6d, 0x6f, 0x72, 0x65, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72,
0x75, 0x73, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74,
static const unsigned char TA_RSA_N0[] = {
0xa3, 0x04, 0xbb, 0x22, 0xab, 0x98, 0x3d, 0x57, 0xe8, 0x26, 0x72, 0x9a,
0xb5, 0x79, 0xd4, 0x29, 0xe2, 0xe1, 0xe8, 0x95, 0x80, 0xb1, 0xb0, 0xe3,
0x5b, 0x8e, 0x2b, 0x29, 0x9a, 0x64, 0xdf, 0xa1, 0x5d, 0xed, 0xb0, 0x09,
0x05, 0x6d, 0xdb, 0x28, 0x2e, 0xce, 0x62, 0xa2, 0x62, 0xfe, 0xb4, 0x88,
0xda, 0x12, 0xeb, 0x38, 0xeb, 0x21, 0x9d, 0xc0, 0x41, 0x2b, 0x01, 0x52,
0x7b, 0x88, 0x77, 0xd3, 0x1c, 0x8f, 0xc7, 0xba, 0xb9, 0x88, 0xb5, 0x6a,
0x09, 0xe7, 0x73, 0xe8, 0x11, 0x40, 0xa7, 0xd1, 0xcc, 0xca, 0x62, 0x8d,
0x2d, 0xe5, 0x8f, 0x0b, 0xa6, 0x50, 0xd2, 0xa8, 0x50, 0xc3, 0x28, 0xea,
0xf5, 0xab, 0x25, 0x87, 0x8a, 0x9a, 0x96, 0x1c, 0xa9, 0x67, 0xb8, 0x3f,
0x0c, 0xd5, 0xf7, 0xf9, 0x52, 0x13, 0x2f, 0xc2, 0x1b, 0xd5, 0x70, 0x70,
0xf0, 0x8f, 0xc0, 0x12, 0xca, 0x06, 0xcb, 0x9a, 0xe1, 0xd9, 0xca, 0x33,
0x7a, 0x77, 0xd6, 0xf8, 0xec, 0xb9, 0xf1, 0x68, 0x44, 0x42, 0x48, 0x13,
0xd2, 0xc0, 0xc2, 0xa4, 0xae, 0x5e, 0x60, 0xfe, 0xb6, 0xa6, 0x05, 0xfc,
0xb4, 0xdd, 0x07, 0x59, 0x02, 0xd4, 0x59, 0x18, 0x98, 0x63, 0xf5, 0xa5,
0x63, 0xe0, 0x90, 0x0c, 0x7d, 0x5d, 0xb2, 0x06, 0x7a, 0xf3, 0x85, 0xea,
0xeb, 0xd4, 0x03, 0xae, 0x5e, 0x84, 0x3e, 0x5f, 0xff, 0x15, 0xed, 0x69,
0xbc, 0xf9, 0x39, 0x36, 0x72, 0x75, 0xcf, 0x77, 0x52, 0x4d, 0xf3, 0xc9,
0x90, 0x2c, 0xb9, 0x3d, 0xe5, 0xc9, 0x23, 0x53, 0x3f, 0x1f, 0x24, 0x98,
0x21, 0x5c, 0x07, 0x99, 0x29, 0xbd, 0xc6, 0x3a, 0xec, 0xe7, 0x6e, 0x86,
0x3a, 0x6b, 0x97, 0x74, 0x63, 0x33, 0xbd, 0x68, 0x18, 0x31, 0xf0, 0x78,
0x8d, 0x76, 0xbf, 0xfc, 0x9e, 0x8e, 0x5d, 0x2a, 0x86, 0xa7, 0x4d, 0x90,
0xdc, 0x27, 0x1a, 0x39,
static const unsigned char TA_RSA_E0[] = {
0x01, 0x00, 0x01,
static const br_x509_trust_anchor TAs[] = {
{ (unsigned char *)TA_DN0, sizeof TA_DN0 },
{ .rsa = {
(unsigned char *)TA_RSA_N0, sizeof TA_RSA_N0,
(unsigned char *)TA_RSA_E0, sizeof TA_RSA_E0,
} }
#ifdef __cplusplus
} /* extern "C" */
#endif /* ifndef _CERTIFICATES_H_ */
Basic MQTT example (with SSL!)
This sketch demonstrates the basic capabilities of the library.
It connects to an MQTT server then:
- publishes "hello world" to the topic "outTopic"
- subscribes to the topic "inTopic", printing out any messages
it receives. NB - it assumes the received payloads are strings not binary
It will reconnect to the server if the connection is lost using a blocking
reconnect function. See the 'mqtt_reconnect_nonblocking' example for how to
achieve the same result without blocking the main loop.
You will need to populate "certificates.h" with your trust anchors
and my_cert/my_key with your certificate/private key pair
#include <SPI.h>
#include <EthernetLarge.h>
#include <SSLClient.h>
#include "certificates.h" // This file must be regenerated
#include <PubSubClient.h>
const char my_cert[] = "FIXME";
const char my_key[] = "FIXME";
SSLClientParameters mTLS = SSLClientParameters::fromPEM(my_cert, sizeof my_cert, my_key, sizeof my_key);
byte mac[] = { 0xDE, 0xED, 0xBA, 0xFE, 0xFE, 0xED };
const char* mqttServer = "broker.example"; // Broker address
IPAddress ip (192, 168, 1, 2); // Custom client static IP
void callback(char* topic, byte* payload, unsigned int length) {
Serial.print("Message arrived [");
Serial.print("] ");
for (int i=0;i<length;i++) {
EthernetClient ethClient;
SSLClient ethClientSSL(ethClient, TAs, (size_t)TAs_NUM, A5);
PubSubClient client(mqttServer, 8883, callback, ethClientSSL);
void reconnect() {
// Loop until we're reconnected
while (!client.connected()) {
Serial.print("Attempting MQTT connection...");
// Attempt to connect
if (client.connect("arduinoClient")) {
// Once connected, publish an announcement...
client.publish("outTopic","hello world");
// ... and resubscribe
} else {
Serial.print("failed, rc=");
Serial.println(" try again in 5 seconds");
// Wait 5 seconds before retrying
void setup(){
// Start Serial
// Enable mutual TLS with SSLClient
// You can use Ethernet.init(pin) to configure the CS pin
Ethernet.init(10); // Most Arduino shields
//Ethernet.init(5); // MKR ETH shield
//Ethernet.init(0); // Teensy 2.0
//Ethernet.init(20); // Teensy++ 2.0
//Ethernet.init(15); // ESP8266 with Adafruit Featherwing Ethernet
//Ethernet.init(33); // ESP32 with Adafruit Featherwing Ethernet
Ethernet.begin(mac, ip);
void loop(){
if (!client.connected()) {
#ifdef __cplusplus
extern "C"
/* You will need to generate the information in this file manually
* using pycert_bearssl. For more information, please see
#define TAs_NUM 1
static const unsigned char TA_DN0[] = {
static const unsigned char TA_RSA_N0[] = {
static const unsigned char TA_RSA_E0[] = {
static const br_x509_trust_anchor TAs[] = {
{ (unsigned char *)TA_DN0, sizeof TA_DN0 },
{ .rsa = {
(unsigned char *)TA_RSA_N0, sizeof TA_RSA_N0,
(unsigned char *)TA_RSA_E0, sizeof TA_RSA_E0,
} }
#ifdef __cplusplus
} /* extern "C" */
#endif /* ifndef _CERTIFICATES_H_ */
Multi Domain HTTPS Client
This sketch connects to a website (
using an Arduino Wiznet Ethernet shield.
* Ethernet shield attached to pins 10, 11, 12, 13
created 18 Dec 2009
by David A. Mellis
modified 9 Apr 2012
by Noah Koontz, based on work by Adrian McEwen and Tom Igoe
// NOTE: This example REQUIRES the EthernetLarge library.
// You can get it here:
#include <SPI.h>
#include <EthernetLarge.h>
#include <SSLClient.h>
#include "trustanchors.h"
// Enter a MAC address for your controller below.
// Newer Ethernet shields have a MAC address printed on a sticker on the shield
byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
// the two domains we want to query
char server1[] = "";
char server2[] = "";
// and the queries we want to send to them
char query1[] = "GET /asciilogo.txt HTTP/1.1";
char query2[] = "GET /cdn-cgi/trace HTTP/1.1";
// Set the static IP address to use if the DHCP fails to assign
IPAddress ip(192, 168, 0, 177);
IPAddress myDns(8, 8, 8, 8);
// Choose the analog pin to get semi-random data from for SSL
// Pick a pin that's not connected or attached to a randomish voltage source
const int rand_pin = A5;
// Initialize the SSL client library
// We input an EthernetClient, our trust anchors, and the analog pin
// Additionally specify that we want to store 2 sessions since we are connecting to 2 domains
EthernetClient base_client;
SSLClient client(base_client, TAs, (size_t)TAs_NUM, rand_pin);
// Variables to measure the speed
unsigned long beginMicros, endMicros;
unsigned long byteCount = 0;
bool printWebData = true; // set to false for better speed measurement
void setup() {
// You can use Ethernet.init(pin) to configure the CS pin
Ethernet.init(10); // Most Arduino shields
//Ethernet.init(5); // MKR ETH shield
//Ethernet.init(0); // Teensy 2.0
//Ethernet.init(20); // Teensy++ 2.0
//Ethernet.init(15); // ESP8266 with Adafruit Featherwing Ethernet
//Ethernet.init(33); // ESP32 with Adafruit Featherwing Ethernet
// Open serial communications and wait for port to open:
while (!Serial) {
; // wait for serial port to connect. Needed for native USB port only
// start the Ethernet connection:
Serial.println("Initialize Ethernet with DHCP:");
if (Ethernet.begin(mac) == 0) {
Serial.println("Failed to configure Ethernet using DHCP");
// Check for Ethernet hardware present
if (Ethernet.hardwareStatus() == EthernetNoHardware) {
Serial.println("Ethernet shield was not found. Sorry, can't run without hardware. :(");
while (true) {
delay(1); // do nothing, no point running without Ethernet hardware
if (Ethernet.linkStatus() == LinkOFF) {
Serial.println("Ethernet cable is not connected.");
// try to congifure using IP address instead of DHCP:
Ethernet.begin(mac, ip, myDns);
} else {
Serial.print(" DHCP assigned IP ");
// give the Ethernet shield a second to initialize:
// connect!
void loop() {
// if there are incoming bytes available
// from the server, read them and print them:
int len = client.available();
if (len > 0) {
byte buffer[80];
if (len > 80) len = 80;
||||, len);
if (printWebData) {
Serial.write(buffer, len); // show in the serial monitor (slows some boards)
byteCount = byteCount + len;
// if the server's disconnected, stop the client:
if (!client.connected()) {
endMicros = micros();
Serial.print("Received ");
Serial.print(" bytes in ");
float seconds = (float)(endMicros - beginMicros) / 1000000.0;
Serial.print(seconds, 4);
float rate = (float)byteCount / seconds / 1000.0;
Serial.print(", rate = ");
Serial.print(" kbytes/second");
//quick delay
// connect again!
bool r = false;
void connectSSL() {
// cycle the server we want to connect to back and forth
char* server;
if (r) server = server1;
else server = server2;
r = !r;
Serial.print("connecting to ");
// if you get a connection, report back via serial:
auto start = millis();
if (client.connect(server, 443)) {
auto time = millis() - start;
Serial.print("Took: ");
// Make a HTTP request:
if (server == server1) client.println(query1);
else client.println(query2);
client.println("User-Agent: SSLClientOverEthernet");
client.print("Host: ");
client.println("Connection: close");
} else {
// if you didn't get a connection to the server:
Serial.println("connection failed");
beginMicros = micros();
#ifdef __cplusplus
extern "C"
/* This file is auto-generated by the pycert_bearssl tool. Do not change it manually.
* Certificates are BearSSL br_x509_trust_anchor format. Included certs:
* Index: 0
* Label: Baltimore CyberTrust Root
* Subject: C=IE,O=Baltimore,OU=CyberTrust,CN=Baltimore CyberTrust Root
* Domain(s):
* Index: 1
* Label: DigiCert High Assurance EV Root CA
* Subject: C=US,O=DigiCert Inc,,CN=DigiCert High Assurance EV Root CA
* Domain(s):
#define TAs_NUM 2
static const unsigned char TA_DN0[] = {
0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
0x02, 0x49, 0x45, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a,
0x13, 0x09, 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, 0x65, 0x31,
0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x0a, 0x43, 0x79,
0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x31, 0x22, 0x30, 0x20,
0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x42, 0x61, 0x6c, 0x74, 0x69,
0x6d, 0x6f, 0x72, 0x65, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72,
0x75, 0x73, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74,
static const unsigned char TA_RSA_N0[] = {
0xa3, 0x04, 0xbb, 0x22, 0xab, 0x98, 0x3d, 0x57, 0xe8, 0x26, 0x72, 0x9a,
0xb5, 0x79, 0xd4, 0x29, 0xe2, 0xe1, 0xe8, 0x95, 0x80, 0xb1, 0xb0, 0xe3,
0x5b, 0x8e, 0x2b, 0x29, 0x9a, 0x64, 0xdf, 0xa1, 0x5d, 0xed, 0xb0, 0x09,
0x05, 0x6d, 0xdb, 0x28, 0x2e, 0xce, 0x62, 0xa2, 0x62, 0xfe, 0xb4, 0x88,
0xda, 0x12, 0xeb, 0x38, 0xeb, 0x21, 0x9d, 0xc0, 0x41, 0x2b, 0x01, 0x52,
0x7b, 0x88, 0x77, 0xd3, 0x1c, 0x8f, 0xc7, 0xba, 0xb9, 0x88, 0xb5, 0x6a,
0x09, 0xe7, 0x73, 0xe8, 0x11, 0x40, 0xa7, 0xd1, 0xcc, 0xca, 0x62, 0x8d,
0x2d, 0xe5, 0x8f, 0x0b, 0xa6, 0x50, 0xd2, 0xa8, 0x50, 0xc3, 0x28, 0xea,
0xf5, 0xab, 0x25, 0x87, 0x8a, 0x9a, 0x96, 0x1c, 0xa9, 0x67, 0xb8, 0x3f,
0x0c, 0xd5, 0xf7, 0xf9, 0x52, 0x13, 0x2f, 0xc2, 0x1b, 0xd5, 0x70, 0x70,
0xf0, 0x8f, 0xc0, 0x12, 0xca, 0x06, 0xcb, 0x9a, 0xe1, 0xd9, 0xca, 0x33,
0x7a, 0x77, 0xd6, 0xf8, 0xec, 0xb9, 0xf1, 0x68, 0x44, 0x42, 0x48, 0x13,
0xd2, 0xc0, 0xc2, 0xa4, 0xae, 0x5e, 0x60, 0xfe, 0xb6, 0xa6, 0x05, 0xfc,
0xb4, 0xdd, 0x07, 0x59, 0x02, 0xd4, 0x59, 0x18, 0x98, 0x63, 0xf5, 0xa5,
0x63, 0xe0, 0x90, 0x0c, 0x7d, 0x5d, 0xb2, 0x06, 0x7a, 0xf3, 0x85, 0xea,
0xeb, 0xd4, 0x03, 0xae, 0x5e, 0x84, 0x3e, 0x5f, 0xff, 0x15, 0xed, 0x69,
0xbc, 0xf9, 0x39, 0x36, 0x72, 0x75, 0xcf, 0x77, 0x52, 0x4d, 0xf3, 0xc9,
0x90, 0x2c, 0xb9, 0x3d, 0xe5, 0xc9, 0x23, 0x53, 0x3f, 0x1f, 0x24, 0x98,
0x21, 0x5c, 0x07, 0x99, 0x29, 0xbd, 0xc6, 0x3a, 0xec, 0xe7, 0x6e, 0x86,
0x3a, 0x6b, 0x97, 0x74, 0x63, 0x33, 0xbd, 0x68, 0x18, 0x31, 0xf0, 0x78,
0x8d, 0x76, 0xbf, 0xfc, 0x9e, 0x8e, 0x5d, 0x2a, 0x86, 0xa7, 0x4d, 0x90,
0xdc, 0x27, 0x1a, 0x39,
static const unsigned char TA_RSA_E0[] = {
0x01, 0x00, 0x01,
static const unsigned char TA_DN1[] = {
0x30, 0x6c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
0x02, 0x55, 0x53, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a,
0x13, 0x0c, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74, 0x20, 0x49,
0x6e, 0x63, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13,
0x10, 0x77, 0x77, 0x77, 0x2e, 0x64, 0x69, 0x67, 0x69, 0x63, 0x65, 0x72,
0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x2b, 0x30, 0x29, 0x06, 0x03, 0x55,
0x04, 0x03, 0x13, 0x22, 0x44, 0x69, 0x67, 0x69, 0x43, 0x65, 0x72, 0x74,
0x20, 0x48, 0x69, 0x67, 0x68, 0x20, 0x41, 0x73, 0x73, 0x75, 0x72, 0x61,
0x6e, 0x63, 0x65, 0x20, 0x45, 0x56, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x20,
0x43, 0x41,
static const unsigned char TA_RSA_N1[] = {
0xc6, 0xcc, 0xe5, 0x73, 0xe6, 0xfb, 0xd4, 0xbb, 0xe5, 0x2d, 0x2d, 0x32,
0xa6, 0xdf, 0xe5, 0x81, 0x3f, 0xc9, 0xcd, 0x25, 0x49, 0xb6, 0x71, 0x2a,
0xc3, 0xd5, 0x94, 0x34, 0x67, 0xa2, 0x0a, 0x1c, 0xb0, 0x5f, 0x69, 0xa6,
0x40, 0xb1, 0xc4, 0xb7, 0xb2, 0x8f, 0xd0, 0x98, 0xa4, 0xa9, 0x41, 0x59,
0x3a, 0xd3, 0xdc, 0x94, 0xd6, 0x3c, 0xdb, 0x74, 0x38, 0xa4, 0x4a, 0xcc,
0x4d, 0x25, 0x82, 0xf7, 0x4a, 0xa5, 0x53, 0x12, 0x38, 0xee, 0xf3, 0x49,
0x6d, 0x71, 0x91, 0x7e, 0x63, 0xb6, 0xab, 0xa6, 0x5f, 0xc3, 0xa4, 0x84,
0xf8, 0x4f, 0x62, 0x51, 0xbe, 0xf8, 0xc5, 0xec, 0xdb, 0x38, 0x92, 0xe3,
0x06, 0xe5, 0x08, 0x91, 0x0c, 0xc4, 0x28, 0x41, 0x55, 0xfb, 0xcb, 0x5a,
0x89, 0x15, 0x7e, 0x71, 0xe8, 0x35, 0xbf, 0x4d, 0x72, 0x09, 0x3d, 0xbe,
0x3a, 0x38, 0x50, 0x5b, 0x77, 0x31, 0x1b, 0x8d, 0xb3, 0xc7, 0x24, 0x45,
0x9a, 0xa7, 0xac, 0x6d, 0x00, 0x14, 0x5a, 0x04, 0xb7, 0xba, 0x13, 0xeb,
0x51, 0x0a, 0x98, 0x41, 0x41, 0x22, 0x4e, 0x65, 0x61, 0x87, 0x81, 0x41,
0x50, 0xa6, 0x79, 0x5c, 0x89, 0xde, 0x19, 0x4a, 0x57, 0xd5, 0x2e, 0xe6,
0x5d, 0x1c, 0x53, 0x2c, 0x7e, 0x98, 0xcd, 0x1a, 0x06, 0x16, 0xa4, 0x68,
0x73, 0xd0, 0x34, 0x04, 0x13, 0x5c, 0xa1, 0x71, 0xd3, 0x5a, 0x7c, 0x55,
0xdb, 0x5e, 0x64, 0xe1, 0x37, 0x87, 0x30, 0x56, 0x04, 0xe5, 0x11, 0xb4,
0x29, 0x80, 0x12, 0xf1, 0x79, 0x39, 0x88, 0xa2, 0x02, 0x11, 0x7c, 0x27,
0x66, 0xb7, 0x88, 0xb7, 0x78, 0xf2, 0xca, 0x0a, 0xa8, 0x38, 0xab, 0x0a,
0x64, 0xc2, 0xbf, 0x66, 0x5d, 0x95, 0x84, 0xc1, 0xa1, 0x25, 0x1e, 0x87,
0x5d, 0x1a, 0x50, 0x0b, 0x20, 0x12, 0xcc, 0x41, 0xbb, 0x6e, 0x0b, 0x51,
0x38, 0xb8, 0x4b, 0xcb,
static const unsigned char TA_RSA_E1[] = {
0x01, 0x00, 0x01,
static const br_x509_trust_anchor TAs[] = {
{ (unsigned char *)TA_DN0, sizeof TA_DN0 },
{ .rsa = {
(unsigned char *)TA_RSA_N0, sizeof TA_RSA_N0,
(unsigned char *)TA_RSA_E0, sizeof TA_RSA_E0,
} }
{ (unsigned char *)TA_DN1, sizeof TA_DN1 },
{ .rsa = {
(unsigned char *)TA_RSA_N1, sizeof TA_RSA_N1,
(unsigned char *)TA_RSA_E1, sizeof TA_RSA_E1,
} }
#ifdef __cplusplus
} /* extern "C" */
#endif /* ifndef _CERTIFICATES_H_ */
Web client
This sketch connects to a website (
using an Arduino Wiznet Ethernet shield or STM32 built-in Ethernet.
Tested on ST Micro Nucleo-F767ZI.
* Ethernet shield attached to pins 10, 11, 12, 13
created 18 Dec 2009
by David A. Mellis
modified 9 Apr 2012
by Noah Koontz, based on work by Adrian McEwen and Tom Igoe
Modified 16 Oct 2019 by for STM32duino_STM32Ethernet
#include <LwIP.h>
#include <STM32Ethernet.h>
#include <SSLClient.h>
#include "trust_anchors.h"
// if you don't want to use DNS (and reduce your sketch size)
// use the numeric IP instead of the name for the server:
//IPAddress server(54,85,55,79); // numeric IP for Google (no DNS)
const char server[] = ""; // name address for Arduino (using DNS)
const char server_host[] = ""; // leave this alone, change only above two
// Set the static IP address to use if the DHCP fails to assign
IPAddress ip(192, 168, 0, 177);
IPAddress myDns(8, 8, 8, 8);
// Choose the analog pin to get semi-random data from for SSL
// Pick a pin that's not connected or attached to a randomish voltage source
const int rand_pin = A5;
// Initialize the SSL client library
// We input an EthernetClient, our trust anchors, and the analog pin
EthernetClient base_client;
SSLClient client(base_client, TAs, (size_t)TAs_NUM, rand_pin);
// Variables to measure the speed
unsigned long beginMicros, endMicros;
unsigned long byteCount = 0;
bool printWebData = true; // set to false for better speed measurement
void setup() {
// Open serial communications and wait for port to open:
while (!Serial) {
; // wait for serial port to connect. Needed for native USB port only
// start the Ethernet connection:
Serial.println("Initialize Ethernet with DHCP:");
// STM32 built-in Ethernet has a factory installed MAC address.
if (Ethernet.begin() == 0) {
Serial.println("Failed to configure Ethernet using DHCP");
while (1) delay(1);
} else {
Serial.print(" DHCP assigned IP ");
// give the Ethernet shield a second to initialize:
Serial.print("connecting to ");
// if you get a connection, report back via serial:
auto start = millis();
// specify the server and port, 443 is the standard port for HTTPS
if (client.connect(server, 443)) {
auto time = millis() - start;
Serial.print("connected to ");
Serial.print("Took: ");
// Make a HTTP request:
client.println("GET /asciilogo.txt HTTP/1.1");
client.println("User-Agent: SSLClientOverEthernet");
client.print("Host: ");
client.println("Connection: close");
} else {
// if you didn't get a connection to the server:
Serial.println("connection failed");
beginMicros = micros();
void loop() {
// if there are incoming bytes available
// from the server, read them and print them:
int len = client.available();
if (len > 0) {
byte buffer[80];
if (len > 80) len = 80;
||||, len);
if (printWebData) {
Serial.write(buffer, len); // show in the serial monitor (slows some boards)
byteCount = byteCount + len;
// if the server's disconnected, stop the client:
if (!client.connected()) {
endMicros = micros();
Serial.print("Received ");
Serial.print(" bytes in ");
float seconds = (float)(endMicros - beginMicros) / 1000000.0;
Serial.print(seconds, 4);
float rate = (float)byteCount / seconds / 1000.0;
Serial.print(", rate = ");
Serial.print(" kbytes/second");
// do nothing forevermore:
while (true) {
#ifdef __cplusplus
extern "C"
/* This file is auto-generated by the pycert_bearssl tool. Do not change it manually.
* Certificates are BearSSL br_x509_trust_anchor format. Included certs:
* Index: 0
* Label: Baltimore CyberTrust Root
* Subject: C=IE,O=Baltimore,OU=CyberTrust,CN=Baltimore CyberTrust Root
* Domain(s):
#define TAs_NUM 1
static const unsigned char TA_DN0[] = {
0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
0x02, 0x49, 0x45, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a,
0x13, 0x09, 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, 0x65, 0x31,
0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x0a, 0x43, 0x79,
0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x31, 0x22, 0x30, 0x20,
0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x42, 0x61, 0x6c, 0x74, 0x69,
0x6d, 0x6f, 0x72, 0x65, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72,
0x75, 0x73, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74,
static const unsigned char TA_RSA_N0[] = {
0xa3, 0x04, 0xbb, 0x22, 0xab, 0x98, 0x3d, 0x57, 0xe8, 0x26, 0x72, 0x9a,
0xb5, 0x79, 0xd4, 0x29, 0xe2, 0xe1, 0xe8, 0x95, 0x80, 0xb1, 0xb0, 0xe3,
0x5b, 0x8e, 0x2b, 0x29, 0x9a, 0x64, 0xdf, 0xa1, 0x5d, 0xed, 0xb0, 0x09,
0x05, 0x6d, 0xdb, 0x28, 0x2e, 0xce, 0x62, 0xa2, 0x62, 0xfe, 0xb4, 0x88,
0xda, 0x12, 0xeb, 0x38, 0xeb, 0x21, 0x9d, 0xc0, 0x41, 0x2b, 0x01, 0x52,
0x7b, 0x88, 0x77, 0xd3, 0x1c, 0x8f, 0xc7, 0xba, 0xb9, 0x88, 0xb5, 0x6a,
0x09, 0xe7, 0x73, 0xe8, 0x11, 0x40, 0xa7, 0xd1, 0xcc, 0xca, 0x62, 0x8d,
0x2d, 0xe5, 0x8f, 0x0b, 0xa6, 0x50, 0xd2, 0xa8, 0x50, 0xc3, 0x28, 0xea,
0xf5, 0xab, 0x25, 0x87, 0x8a, 0x9a, 0x96, 0x1c, 0xa9, 0x67, 0xb8, 0x3f,
0x0c, 0xd5, 0xf7, 0xf9, 0x52, 0x13, 0x2f, 0xc2, 0x1b, 0xd5, 0x70, 0x70,
0xf0, 0x8f, 0xc0, 0x12, 0xca, 0x06, 0xcb, 0x9a, 0xe1, 0xd9, 0xca, 0x33,
0x7a, 0x77, 0xd6, 0xf8, 0xec, 0xb9, 0xf1, 0x68, 0x44, 0x42, 0x48, 0x13,
0xd2, 0xc0, 0xc2, 0xa4, 0xae, 0x5e, 0x60, 0xfe, 0xb6, 0xa6, 0x05, 0xfc,
0xb4, 0xdd, 0x07, 0x59, 0x02, 0xd4, 0x59, 0x18, 0x98, 0x63, 0xf5, 0xa5,
0x63, 0xe0, 0x90, 0x0c, 0x7d, 0x5d, 0xb2, 0x06, 0x7a, 0xf3, 0x85, 0xea,
0xeb, 0xd4, 0x03, 0xae, 0x5e, 0x84, 0x3e, 0x5f, 0xff, 0x15, 0xed, 0x69,
0xbc, 0xf9, 0x39, 0x36, 0x72, 0x75, 0xcf, 0x77, 0x52, 0x4d, 0xf3, 0xc9,
0x90, 0x2c, 0xb9, 0x3d, 0xe5, 0xc9, 0x23, 0x53, 0x3f, 0x1f, 0x24, 0x98,
0x21, 0x5c, 0x07, 0x99, 0x29, 0xbd, 0xc6, 0x3a, 0xec, 0xe7, 0x6e, 0x86,
0x3a, 0x6b, 0x97, 0x74, 0x63, 0x33, 0xbd, 0x68, 0x18, 0x31, 0xf0, 0x78,
0x8d, 0x76, 0xbf, 0xfc, 0x9e, 0x8e, 0x5d, 0x2a, 0x86, 0xa7, 0x4d, 0x90,
0xdc, 0x27, 0x1a, 0x39,
static const unsigned char TA_RSA_E0[] = {
0x01, 0x00, 0x01,
static const br_x509_trust_anchor TAs[] = {
{ (unsigned char *)TA_DN0, sizeof TA_DN0 },
{ .rsa = {
(unsigned char *)TA_RSA_N0, sizeof TA_RSA_N0,
(unsigned char *)TA_RSA_E0, sizeof TA_RSA_E0,
} }
#ifdef __cplusplus
} /* extern "C" */
#endif /* ifndef _CERTIFICATES_H_ */
Web client
This sketch connects to a website (
using an Arduino Wiznet Ethernet shield and TLS. This
* Ethernet shield attached to pins 10, 11, 12, 13
created 18 Dec 2009
by David A. Mellis
modified 9 March 2020
by Noah Koontz, based on work by Adrian McEwen and Tom Igoe
#include <SPI.h>
#include <Ethernet.h>
#include <SSLClient.h>
#include "trust_anchors.h"
#define BUFFLEN 80
// Enter a MAC address for your controller below.
// Newer Ethernet shields have a MAC address printed on a sticker on the shield
// byte mac[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xED };
// With Tiva C the mac address could be changed with LM Flash Programmer
// if you don't want to use DNS (and reduce your sketch size)
// use the numeric IP instead of the name for the server:
//IPAddress server(54,85,55,79); // numeric IP for Google (no DNS)
const char server[] = ""; // name address for Arduino (using DNS)
const char server_host[] = ""; // leave this alone, change only above two
// Set the static IP address to use if the DHCP fails to assign
IPAddress ip(192,168,2,177);
IPAddress myDns(8, 8, 8, 8);
IPAddress gw = IPAddress(192,168,2,1);
IPAddress mask = IPAddress(255,255,255,0);
// Choose the analog pin to get semi-random data from for SSL
// Pick a pin that's not connected or attached to a randomish voltage source
const int rand_pin = A5;
// Initialize the SSL client library
// We input an EthernetClient, our trust anchors, and the analog pin
EthernetClient base_client;
SSLClient client(base_client, TAs, (size_t)TAs_NUM, rand_pin);
// Variables to measure the speed
unsigned long beginMicros, endMicros;
unsigned long byteCount = 0;
bool printWebData = true; // set to false for better speed measurement
void setup() {
// Open serial communications and wait for port to open:
while (!Serial) {
; // wait for serial port to connect. Needed for native USB port only
// start the Ethernet connection:
Serial.println(F("Initialize Ethernet with DHCP:"));
//if (Ethernet.begin(mac) == 0) {
if (Ethernet.begin(0) == 0) {
Serial.println(F("Failed to configure Ethernet using DHCP"));
Ethernet.begin(0, ip, myDns, gw, mask);
} else {
Serial.print(F(" DHCP assigned IP "));
// give the Ethernet shield a second to initialize:
Serial.print(F("connecting to "));
// if you get a connection, report back via serial:
auto start = millis();
// specify the server and port, 443 is the standard port for HTTPS
if (client.connect(server, 443)) {
auto time = millis() - start;
Serial.print(F("Took: "));
// Make a HTTP request:
client.println(F("GET /asciilogo.txt HTTP/1.1"));
client.println(F("User-Agent: SSLClientOverEthernet"));
client.print(F("Host: "));
client.println(F("Connection: close"));
} else {
// if you didn't get a connection to the server:
Serial.println(F("connection failed"));
beginMicros = micros();
void loop() {
// if there are incoming bytes available
// from the server, read them and print them:
int len = client.available();
while (len > 0) {
byte buffer[BUFFLEN];
if (len > BUFFLEN) len = BUFFLEN;
||||, len);
if (printWebData) {
Serial.write(buffer, len); // show in the serial monitor (slows some boards)
byteCount = byteCount + len;
len = client.available();
// if the server's disconnected, stop the client:
if (!client.connected()) {
endMicros = micros();
Serial.print(F("Received "));
Serial.print(F(" bytes in "));
float seconds = (float)(endMicros - beginMicros) / 1000000.0;
Serial.print(seconds, 4);
float rate = (float)byteCount / seconds / 1000.0;
Serial.print(F(", rate = "));
Serial.print(F(" kbytes/second"));
// do nothing forevermore:
while (true) {
#ifdef __cplusplus
extern "C"
/* This file is auto-generated by the pycert_bearssl tool. Do not change it manually.
* Certificates are BearSSL br_x509_trust_anchor format. Included certs:
* Index: 0
* Label: Baltimore CyberTrust Root
* Subject: C=IE,O=Baltimore,OU=CyberTrust,CN=Baltimore CyberTrust Root
* Domain(s):
#define TAs_NUM 1
static const unsigned char TA_DN0[] = {
0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
0x02, 0x49, 0x45, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x0a,
0x13, 0x09, 0x42, 0x61, 0x6c, 0x74, 0x69, 0x6d, 0x6f, 0x72, 0x65, 0x31,
0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x0a, 0x43, 0x79,
0x62, 0x65, 0x72, 0x54, 0x72, 0x75, 0x73, 0x74, 0x31, 0x22, 0x30, 0x20,
0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x19, 0x42, 0x61, 0x6c, 0x74, 0x69,
0x6d, 0x6f, 0x72, 0x65, 0x20, 0x43, 0x79, 0x62, 0x65, 0x72, 0x54, 0x72,
0x75, 0x73, 0x74, 0x20, 0x52, 0x6f, 0x6f, 0x74,
static const unsigned char TA_RSA_N0[] = {
0xa3, 0x04, 0xbb, 0x22, 0xab, 0x98, 0x3d, 0x57, 0xe8, 0x26, 0x72, 0x9a,
0xb5, 0x79, 0xd4, 0x29, 0xe2, 0xe1, 0xe8, 0x95, 0x80, 0xb1, 0xb0, 0xe3,
0x5b, 0x8e, 0x2b, 0x29, 0x9a, 0x64, 0xdf, 0xa1, 0x5d, 0xed, 0xb0, 0x09,
0x05, 0x6d, 0xdb, 0x28, 0x2e, 0xce, 0x62, 0xa2, 0x62, 0xfe, 0xb4, 0x88,
0xda, 0x12, 0xeb, 0x38, 0xeb, 0x21, 0x9d, 0xc0, 0x41, 0x2b, 0x01, 0x52,
0x7b, 0x88, 0x77, 0xd3, 0x1c, 0x8f, 0xc7, 0xba, 0xb9, 0x88, 0xb5, 0x6a,
0x09, 0xe7, 0x73, 0xe8, 0x11, 0x40, 0xa7, 0xd1, 0xcc, 0xca, 0x62, 0x8d,
0x2d, 0xe5, 0x8f, 0x0b, 0xa6, 0x50, 0xd2, 0xa8, 0x50, 0xc3, 0x28, 0xea,
0xf5, 0xab, 0x25, 0x87, 0x8a, 0x9a, 0x96, 0x1c, 0xa9, 0x67, 0xb8, 0x3f,
0x0c, 0xd5, 0xf7, 0xf9, 0x52, 0x13, 0x2f, 0xc2, 0x1b, 0xd5, 0x70, 0x70,
0xf0, 0x8f, 0xc0, 0x12, 0xca, 0x06, 0xcb, 0x9a, 0xe1, 0xd9, 0xca, 0x33,
0x7a, 0x77, 0xd6, 0xf8, 0xec, 0xb9, 0xf1, 0x68, 0x44, 0x42, 0x48, 0x13,
0xd2, 0xc0, 0xc2, 0xa4, 0xae, 0x5e, 0x60, 0xfe, 0xb6, 0xa6, 0x05, 0xfc,
0xb4, 0xdd, 0x07, 0x59, 0x02, 0xd4, 0x59, 0x18, 0x98, 0x63, 0xf5, 0xa5,
0x63, 0xe0, 0x90, 0x0c, 0x7d, 0x5d, 0xb2, 0x06, 0x7a, 0xf3, 0x85, 0xea,
0xeb, 0xd4, 0x03, 0xae, 0x5e, 0x84, 0x3e, 0x5f, 0xff, 0x15, 0xed, 0x69,
0xbc, 0xf9, 0x39, 0x36, 0x72, 0x75, 0xcf, 0x77, 0x52, 0x4d, 0xf3, 0xc9,
0x90, 0x2c, 0xb9, 0x3d, 0xe5, 0xc9, 0x23, 0x53, 0x3f, 0x1f, 0x24, 0x98,
0x21, 0x5c, 0x07, 0x99, 0x29, 0xbd, 0xc6, 0x3a, 0xec, 0xe7, 0x6e, 0x86,
0x3a, 0x6b, 0x97, 0x74, 0x63, 0x33, 0xbd, 0x68, 0x18, 0x31, 0xf0, 0x78,
0x8d, 0x76, 0xbf, 0xfc, 0x9e, 0x8e, 0x5d, 0x2a, 0x86, 0xa7, 0x4d, 0x90,
0xdc, 0x27, 0x1a, 0x39,
static const unsigned char TA_RSA_E0[] = {
0x01, 0x00, 0x01,
static const br_x509_trust_anchor TAs[] = {
{ (unsigned char *)TA_DN0, sizeof TA_DN0 },
{ .rsa = {
(unsigned char *)TA_RSA_N0, sizeof TA_RSA_N0,
(unsigned char *)TA_RSA_E0, sizeof TA_RSA_E0,
} }
#ifdef __cplusplus
} /* extern "C" */
#endif /* ifndef _CERTIFICATES_H_ */
