v1.4.5 to Sync with SSLClient v1.6.11

khoih-prog · web-flow · commit e3ed6d8c4cb8 · 2022-03-29T12:55:26.000-04:00
### Releases v1.4.5 1. Sync with [SSLClient v1.6.11](https://github.com/OPEnSLab-OSU/SSLClient/releases/tag/v1.6.11). Check [Pull in OPEnSLab-OSU's SSLClient v1.6.11 #17](khoih-prog/EthernetWebServer_SSL#17) 2. Add example [AWS_IoT](examples/AWS_IoT)
diff --git a/src/SSLClient/SSLClient.h b/src/SSLClient/SSLClient.h
@@ -396,6 +396,20 @@ class EthernetSSLClient : public Client
     {
       return m_timeout;
     }
+    
+		/**
+    @brief Change the time used during x509 verification to a different value.
+
+    This function directly calls br_x509_minimal_set_time to change the validation
+    time used by the minimal verification engine. You can use this function if the default value
+    of the compile time is causing issues. See https://bearssl.org/apidoc/bearssl__x509_8h.html#a7f3558b1999ce904084d578700b1002c
+    for more information what this function does and how to use it.
+
+    @param days Days are counted in a proleptic Gregorian calendar since January 1st, 0 AD.
+    @param seconds Seconds are counted since midnight, from 0 to 86400 (a count of 86400 is possible only if a leap second happened).
+    */
+    
+    void setVerificationTime(uint32_t days, uint32_t seconds);
 
   private:
     /** @brief Returns an instance of m_client that is polymorphic and can be used by EthernetSSLClient */
diff --git a/src/SSLClient/SSLClient_Impl.h b/src/SSLClient/SSLClient_Impl.h
@@ -121,11 +121,24 @@ size_t EthernetSSLClient::write(const uint8_t *buf, size_t size)
   // check if the socket is still open and such
   if (!m_soft_connected(func_name) || !buf || !size)
     return 0;
+    
+  // wait until bearssl is ready to send
+  if (m_run_until(BR_SSL_SENDAPP) < 0) 
+  {
+	  m_error("Failed while waiting for the engine to enter BR_SSL_SENDAPP", func_name);
+	  return 0;
+  }  
 
   // add to the bearssl io buffer, simply appending whatever we want to write
   size_t alen;
   unsigned char *br_buf = br_ssl_engine_sendapp_buf(&m_sslctx.eng, &alen);
   size_t cur_idx = 0;
+  
+  if (alen == 0) 
+  {
+    m_error("BearSSL returned zero length buffer for sending, did an internal error occur?", func_name);
+    return 0;
+  }
 
   // while there are still elements to write
   while (cur_idx < size)
@@ -389,6 +402,12 @@ void EthernetSSLClient::setMutualAuthParams(const SSLClientParameters& params)
   }
 }
 
+/* see SSLClient.h */
+void EthernetSSLClient::setVerificationTime(uint32_t days, uint32_t seconds) 
+{
+  br_x509_minimal_set_time(&m_x509ctx, days, seconds);
+}
+
 bool EthernetSSLClient::m_soft_connected(const char* func_name) 
 {
   // check if the socket is still open and such
