Skip to content

Commit

Permalink
fix _fingerprint is set checks for ESP32
Browse files Browse the repository at this point in the history
see #633 and #632
  • Loading branch information
Links2004 committed Mar 7, 2021
1 parent 7c3b1b7 commit ed685e5
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 4 deletions.
11 changes: 7 additions & 4 deletions src/WebSocketsClient.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -229,8 +229,11 @@ void WebSocketsClient::loop(void) {
#else
#error setCACert not implemented
#endif
#if defined(SSL_BARESSL)
} else if(_fingerprint) {
#if defined(ESP32)
} else if(!SSL_FINGERPRINT_IS_SET) {
_client.ssl->setInsecure();
#elif defined(SSL_BARESSL)
} else if(SSL_FINGERPRINT_IS_SET) {
_client.ssl->setFingerprint(_fingerprint);
} else {
_client.ssl->setInsecure();
Expand Down Expand Up @@ -865,14 +868,14 @@ void WebSocketsClient::connectedCb() {

#if defined(HAS_SSL)
#if defined(SSL_AXTLS) || defined(ESP32)
if(_client.isSSL && _fingerprint.length()) {
if(_client.isSSL && SSL_FINGERPRINT_IS_SET) {
if(!_client.ssl->verify(_fingerprint.c_str(), _host.c_str())) {
DEBUG_WEBSOCKETS("[WS-Client] certificate mismatch\n");
WebSockets::clientDisconnect(&_client, 1000);
return;
}
#else
if(_client.isSSL && _fingerprint) {
if(_client.isSSL && SSL_FINGERPRINT_IS_SET) {
#endif
} else if(_client.isSSL && !_CA_cert) {
#if defined(SSL_BARESSL)
Expand Down
2 changes: 2 additions & 0 deletions src/WebSocketsClient.h
Original file line number Diff line number Diff line change
Expand Up @@ -112,12 +112,14 @@ class WebSocketsClient : protected WebSockets {
#ifdef SSL_AXTLS
String _fingerprint;
const char * _CA_cert;
#define SSL_FINGERPRINT_IS_SET (_fingerprint.length())
#define SSL_FINGERPRINT_NULL ""
#else
const uint8_t * _fingerprint;
BearSSL::X509List * _CA_cert;
BearSSL::X509List * _client_cert;
BearSSL::PrivateKey * _client_key;
#define SSL_FINGERPRINT_IS_SET (_fingerprint != NULL)
#define SSL_FINGERPRINT_NULL NULL
#endif

Expand Down

0 comments on commit ed685e5

Please sign in to comment.