Skip to content

Commit 167e618

Browse files
Links2004Links2004
committed
Merge pull request Links2004#31 from schokocappucino/master
verify ssl certificate fingerprint
2 parents 24eb13c + 07bd519 commit 167e618

File tree

3 files changed

+23
-0
lines changed

3 files changed

+23
-0
lines changed

src/WebSockets.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -118,6 +118,7 @@ typedef struct {
118118
#if (WEBSOCKETS_NETWORK_TYPE == NETWORK_ESP8266)
119119
bool isSSL; ///< run in ssl mode
120120
WiFiClientSecure * ssl;
121+
const char * fingerprint;
121122
#endif
122123

123124
String cUrl; ///< http url

src/WebSocketsClient.cpp

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,7 @@ void WebSocketsClient::begin(const char *host, uint16_t port, const char * url)
4747
#if (WEBSOCKETS_NETWORK_TYPE == NETWORK_ESP8266)
4848
_client.isSSL = false;
4949
_client.ssl = NULL;
50+
_client.fingerprint = NULL;
5051
#endif
5152
_client.cUrl = url;
5253
_client.cCode = 0;
@@ -79,6 +80,17 @@ void WebSocketsClient::beginSSL(const char *host, uint16_t port, const char * ur
7980
void WebSocketsClient::beginSSL(String host, uint16_t port, String url) {
8081
beginSSL(host.c_str(), port, url.c_str());
8182
}
83+
84+
void WebSocketsClient::beginSSL(const char *host, uint16_t port, const char * url, const char * fingerprint) {
85+
begin(host, port, url);
86+
_client.isSSL = true;
87+
_client.fingerprint = fingerprint;
88+
}
89+
90+
void WebSocketsClient::beginSSL(String host, uint16_t port, String url, const char * fingerprint) {
91+
beginSSL(host.c_str(), port, url.c_str());
92+
_client.fingerprint = fingerprint;
93+
}
8294
#endif
8395

8496
/**
@@ -124,6 +136,14 @@ void WebSocketsClient::loop(void) {
124136

125137
#if (WEBSOCKETS_NETWORK_TYPE == NETWORK_ESP8266)
126138
_client.tcp->setNoDelay(true);
139+
140+
if (_client.isSSL && _client.fingerprint != NULL) {
141+
if (!(((WiFiClientSecure*)_client.tcp)->verify(_client.fingerprint, _host.c_str()))) {
142+
DEBUG_WEBSOCKETS("[WS-Client] certificate mismatch\n");
143+
WebSockets::clientDisconnect(&_client, 1000);
144+
return;
145+
}
146+
}
127147
#endif
128148

129149
// send Header to Server

src/WebSocketsClient.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,8 @@ class WebSocketsClient: private WebSockets {
4242
#if (WEBSOCKETS_NETWORK_TYPE == NETWORK_ESP8266)
4343
void beginSSL(const char *host, uint16_t port, const char * url = "/");
4444
void beginSSL(String host, uint16_t port, String url = "/");
45+
void beginSSL(const char *host, uint16_t port, const char * url, const char * fingerprint);
46+
void beginSSL(String host, uint16_t port, String url, const char * fingerprint);
4547
#endif
4648

4749
void loop(void);

0 commit comments

Comments
 (0)