From ed685e551f9a1a992037f5fdc791a36c4c43abc0 Mon Sep 17 00:00:00 2001
From: Links <help.markus+gitk@gmail.com>
Date: Sat, 6 Mar 2021 09:22:52 +0100
Subject: [PATCH] fix _fingerprint is set checks for ESP32 see #633 and #632

---
 src/WebSocketsClient.cpp | 11 +++++++----
 src/WebSocketsClient.h   |  2 ++
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/WebSocketsClient.cpp b/src/WebSocketsClient.cpp
index 50ed631..e3519c8 100644
--- a/src/WebSocketsClient.cpp
+++ b/src/WebSocketsClient.cpp
@@ -229,8 +229,11 @@ void WebSocketsClient::loop(void) {
 #else
 #error setCACert not implemented
 #endif
-#if defined(SSL_BARESSL)
-            } else if(_fingerprint) {
+#if defined(ESP32)
+            } else if(!SSL_FINGERPRINT_IS_SET) {
+                _client.ssl->setInsecure();
+#elif defined(SSL_BARESSL)
+            } else if(SSL_FINGERPRINT_IS_SET) {
                 _client.ssl->setFingerprint(_fingerprint);
             } else {
                 _client.ssl->setInsecure();
@@ -865,14 +868,14 @@ void WebSocketsClient::connectedCb() {
 
 #if defined(HAS_SSL)
 #if defined(SSL_AXTLS) || defined(ESP32)
-    if(_client.isSSL && _fingerprint.length()) {
+    if(_client.isSSL && SSL_FINGERPRINT_IS_SET) {
         if(!_client.ssl->verify(_fingerprint.c_str(), _host.c_str())) {
             DEBUG_WEBSOCKETS("[WS-Client] certificate mismatch\n");
             WebSockets::clientDisconnect(&_client, 1000);
             return;
         }
 #else
-    if(_client.isSSL && _fingerprint) {
+    if(_client.isSSL && SSL_FINGERPRINT_IS_SET) {
 #endif
     } else if(_client.isSSL && !_CA_cert) {
 #if defined(SSL_BARESSL)
diff --git a/src/WebSocketsClient.h b/src/WebSocketsClient.h
index 15863a7..efa7631 100644
--- a/src/WebSocketsClient.h
+++ b/src/WebSocketsClient.h
@@ -112,12 +112,14 @@ class WebSocketsClient : protected WebSockets {
 #ifdef SSL_AXTLS
     String _fingerprint;
     const char * _CA_cert;
+#define SSL_FINGERPRINT_IS_SET (_fingerprint.length())
 #define SSL_FINGERPRINT_NULL ""
 #else
     const uint8_t * _fingerprint;
     BearSSL::X509List * _CA_cert;
     BearSSL::X509List * _client_cert;
     BearSSL::PrivateKey * _client_key;
+#define SSL_FINGERPRINT_IS_SET (_fingerprint != NULL)
 #define SSL_FINGERPRINT_NULL NULL
 #endif