basichttpsclient example: fingerprint handled by update scripts (esp8…

…266#8311) * basichttpsclient example: fingerprint handled by update scripts
rovo89 · Mar 6, 2023 · 74e02d1 · 74e02d1
1 parent be02af0
commit 74e02d1
Show file tree

Hide file tree

Showing 3 changed files with 71 additions and 13 deletions.
diff --git a/libraries/ESP8266HTTPClient/examples/BasicHttpsClient/BasicHttpsClient.ino b/libraries/ESP8266HTTPClient/examples/BasicHttpsClient/BasicHttpsClient.ino
@@ -9,12 +9,15 @@
 
 #include <ESP8266WiFi.h>
 #include <ESP8266WiFiMulti.h>
-
 #include <ESP8266HTTPClient.h>
-
 #include <WiFiClientSecureBearSSL.h>
-// Fingerprint for demo URL, expires on June 2, 2021, needs to be updated well before this date
-const uint8_t fingerprint[20] = { 0x40, 0xaf, 0x00, 0x6b, 0xec, 0x90, 0x22, 0x41, 0x8e, 0xa3, 0xad, 0xfa, 0x1a, 0xe8, 0x25, 0x41, 0x1d, 0x1a, 0x54, 0xb3 };
+
+#include "certs.h"
+
+#ifndef STASSID
+#define STASSID "your-ssid"
+#define STAPSK "your-password"
+#endif
 
 ESP8266WiFiMulti WiFiMulti;
 
@@ -27,14 +30,9 @@ void setup() {
   Serial.println();
   Serial.println();
 
-  for (uint8_t t = 4; t > 0; t--) {
-    Serial.printf("[SETUP] WAIT %d...\n", t);
-    Serial.flush();
-    delay(1000);
-  }
-
   WiFi.mode(WIFI_STA);
-  WiFiMulti.addAP("SSID", "PASSWORD");
+  WiFiMulti.addAP(STASSID, STAPSK);
+  Serial.println("setup() done connecting to ssid '" STASSID "'");
 }
 
 void loop() {
@@ -43,14 +41,14 @@ void loop() {
 
     std::unique_ptr<BearSSL::WiFiClientSecure> client(new BearSSL::WiFiClientSecure);
 
-    client->setFingerprint(fingerprint);
+    client->setFingerprint(fingerprint_sni_cloudflaressl_com);
     // Or, if you happy to ignore the SSL certificate, then use the following line instead:
     // client->setInsecure();
 
     HTTPClient https;
 
     Serial.print("[HTTPS] begin...\n");
-    if (https.begin(*client, "https://jigsaw.w3.org/HTTP/connection.html")) {  // HTTPS
+    if (https.begin(*client, jigsaw_host, jigsaw_port)) {  // HTTPS
 
       Serial.print("[HTTPS] GET...\n");
       // start connection and send HTTP header

diff --git a/libraries/ESP8266HTTPClient/examples/BasicHttpsClient/certUpdate b/libraries/ESP8266HTTPClient/examples/BasicHttpsClient/certUpdate
@@ -0,0 +1,2 @@
+cd ${0%/*} 2>/dev/null
+python3 ../../../../tools/cert.py -s jigsaw.w3.org -n jigsaw > certs.h
diff --git a/libraries/ESP8266HTTPClient/examples/BasicHttpsClient/certs.h b/libraries/ESP8266HTTPClient/examples/BasicHttpsClient/certs.h
@@ -0,0 +1,58 @@
+
+// this file is autogenerated - any modification will be overwritten
+// unused symbols will not be linked in the final binary
+// generated on 2023-02-08 22:18:50
+// by ['../../../../tools/cert.py', '-s', 'jigsaw.w3.org', '-n', 'jigsaw']
+
+#pragma once
+
+////////////////////////////////////////////////////////////
+// certificate chain for jigsaw.w3.org:443
+
+const char* jigsaw_host = "jigsaw.w3.org";
+const uint16_t jigsaw_port = 443;
+
+// CN: sni.cloudflaressl.com => name: sni_cloudflaressl_com
+// not valid before: 2022-03-17 00:00:00
+// not valid after:  2023-03-16 23:59:59
+const char fingerprint_sni_cloudflaressl_com [] PROGMEM = "29:c7:3d:b3:50:36:83:0b:90:c1:9c:e0:ef:71:72:b1:3f:c7:31:e1";
+const char pubkey_sni_cloudflaressl_com [] PROGMEM = R"PUBKEY(
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYnkGDyrIltjRnxoVdy/xgndo+WGM
+OASzs2hHeCjbJ1KplKJc/ciKXCWq/4+pTzSiVgTFhRmCdLcU1Fa05YFNQQ==
+-----END PUBLIC KEY-----
+)PUBKEY";
+
+// http://cacerts.digicert.com/CloudflareIncECCCA-3.crt
+// CN: Cloudflare Inc ECC CA-3 => name: Cloudflare_Inc_ECC_CA_3
+// not valid before: 2020-01-27 12:48:08
+// not valid after:  2024-12-31 23:59:59
+const char cert_Cloudflare_Inc_ECC_CA_3 [] PROGMEM = R"CERT(
+-----BEGIN CERTIFICATE-----
+MIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBa
+MQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl
+clRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIw
+MDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNV
+BAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVD
+QyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAe
+nQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb
+16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSME
+GDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0l
+BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYI
+KwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j
+b20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09t
+bmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEF
+BQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw
+CAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEB
+AAUkHd0bsCrrmNaF4zlNXmtXnYJX/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un
++ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFe
+lpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1H
+goE6y/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1
+CZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw
+6DEdfgkfCv4+3ao8XnTSrLE=
+-----END CERTIFICATE-----
+)CERT";
+
+// end of certificate chain for jigsaw.w3.org:443
+////////////////////////////////////////////////////////////
+
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		cd ${0%/*} 2>/dev/null
		python3 ../../../../tools/cert.py -s jigsaw.w3.org -n jigsaw > certs.h