个人备案网站能用公司,新网域名注册,地推一手项目平台,营销型网站四大功能1. 简介
1.1 HTTPS HTTPS#xff08;HyperText Transfer Protocol over Secure Socket Layer#xff09;#xff0c;全称安全套接字层超文本传输协议#xff0c;一般理解为HTTPSSL/TLS#xff0c;通过SSL证书来验证服务器的身份#xff0c;并为浏览器和服务器之间的通信…1. 简介
1.1 HTTPS HTTPSHyperText Transfer Protocol over Secure Socket Layer全称安全套接字层超文本传输协议一般理解为HTTPSSL/TLS通过SSL证书来验证服务器的身份并为浏览器和服务器之间的通信进行加密。该协议使用443端口进行通信。 它解决的是HTTP协议明文传输的不安全性HTTPS协议在数据进行传输之前对数据进行加密然后再发送到服务器。这样就算数据被第三者所截获但是由于数据是加密的所以你的个人信息仍然是安全的。
1.2 SSL/TLS SSLSecure Socket Layer安全套接字层1994年为 Netscape 所研发SSL 协议位于 TCP/IP 协议与各种应用层协议之间为数据通讯提供安全支持。 TLSTransport Layer Security传输层安全其前身是 SSL它最初的几个版本SSL 1.0、SSL 2.0、SSL 3.0由网景公司开发1999年从 3.1 开始被 IETF 标准化并改名发展至今已经有 TLS 1.0、TLS 1.1、TLS 1.2 三个版本。SSL 3.0和TLS 1.0由于存在安全漏洞已经很少被使用到。
1.3 通信流程 2. 例程 因为HTTPS相对于HTTP只是多了加密的过程所以例程大体是沿用前一篇文章的代码所以下面只会讲解加密部分的代码。
2.1 函数API
2.1.1 启动服务器
esp_err_t httpd_ssl_start(httpd_handle_t *handle, httpd_ssl_config_t *config)
handleHTTPS句柄config服务器配置。
struct httpd_ssl_config {httpd_config_t httpd;const uint8_t *servercert;size_t servercert_len;const uint8_t *cacert_pem;size_t cacert_len;const uint8_t *prvtkey_pem;size_t prvtkey_len;bool use_ecdsa_peripheral;uint8_t ecdsa_key_efuse_blk;httpd_ssl_transport_mode_t transport_mode;uint16_t port_secure;uint16_t port_insecure;bool session_tickets;bool use_secure_element;esp_https_server_user_cb *user_cb;void *ssl_userdata;esp_tls_handshake_callback cert_select_cb;const char** alpn_protos;
}; 配置结构体的内容比较多ESP-IDF也提供了HTTPD_SSL_CONFIG_DEFAULT宏进行快速默认配置所以下面只解释一些常用的配置
servercert服务器证书servercert_len服务器证书长度cacert_pemCA证书cacert_lenCA证书长度prvtkey_pem私钥prvtkey_len私钥长度port_secure安全端口即采用https访问时的端口默认为443port_insecure非安全端口即采用http访问时的端口默认为80user_cb用户回调主要用于客户端连接或断开时进行自定义处理
2.2 代码
#include freertos/FreeRTOS.h#include esp_system.h
#include esp_wifi.h
#include esp_event.h
#include esp_log.h
#include nvs_flash.h
#include sys/socket.h
#include lwip/err.h
#include lwip/sys.h
#include netdb.h
#include arpa/inet.h
#include esp_https_server.h
#include esp_tls.h
#include mbedtls/base64.h#include string.h#define TAG appstatic httpd_handle_t server_handle;static const uint8_t servercert[]
-----BEGIN CERTIFICATE-----\n\
MIIDKzCCAhOgAwIBAgIUBxM3WJf2bP12kAfqhmhhjZWv0ukwDQYJKoZIhvcNAQEL\n\
BQAwJTEjMCEGA1UEAwwaRVNQMzIgSFRUUFMgc2VydmVyIGV4YW1wbGUwHhcNMTgx\n\
MDE3MTEzMjU3WhcNMjgxMDE0MTEzMjU3WjAlMSMwIQYDVQQDDBpFU1AzMiBIVFRQ\n\
UyBzZXJ2ZXIgZXhhbXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n\
ALBint6nP77RCQcmKgwPtTsGK0uClxgLwKJ3WXuye3oqnnjqJCwMEneXzGdG09T\n\
sA0SyNPwrEgebLCH80an3gWU4pHDdqGHfJQa2jBL290e/5L5MB6PTs2NKcojK/k\n\
qcZkn58MWXhDW1NpAnJtjVniK2Ksvr/YIYSbyDJiEs0MGxExkOl9d7hRHJaIzd\n\
GF/vO2pl295v1qXekAlkgNMtYIVAjUy9CMpqaQBCQRLBmPSJRkXBsYk8GPnieS4\n\
sUsp53DsNvCCtWDT6fd9D1vBB6nDk/FCPKhtjYOwOAZlX4wWNSZpRNr5dfrxKsb\n\
jAn4PCuR2akdF4G8WLUeDWECAwEAAaNTMFEwHQYDVR0OBBYEFMnmdJKOEepXrHI/\n\
ivM6mVqJgAX8MB8GA1UdIwQYMBaAFMnmdJKOEepXrHI/ivM6mVqJgAX8MA8GA1Ud\n\
EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBADiXIGEkSsN0SLSfCF1VNWO3\n\
emBurfOcDq4EGEaxRKAU0814VEmU87btIDx80z5DbfGGHCPrY7odIkxGNn0DJY\n\
W1WcFDOcbiWoUN6DTkAML0SMnp8aGj9ffx3xqoggTvGdWVVA4pgwqZT7Ybntx\n\
bkzcNFW0sqmCv4IN1t4w6L0A87ZwsNwVpre/j6uyBw7s8YoJHDLRFT6g7qgn0tcN\n\
ZufhNISvgWCVJQy/SZjNBHSpnIdCUSJAeTY2mkM4sGxY0Widk8LnjydxZUSxC3Nl\n\
hb6pnMh3jRq4h05CZielA4/aTdrNPv/qok67ot/XJdY3qHCCd8O2b14OVq9jo\n\
-----END CERTIFICATE-----;static const uint8_t prvkey[]
-----BEGIN PRIVATE KEY-----\n\
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCwYp7epz0QkH\n\
JioMD7U7BitLgpcYPi8Cid1l7snt6Kp546iQsDBJ3l8xnRtPU7ANEsjT8KxIHmyw\n\
h/NGp94FlOKRw3ahh3yUGtowS9vdHvSTAfuj07NjSnKIyv5KnGZJfDFl4Q1tT\n\
aQJybY1Z4itirL6/2CGEm8g/iYhLNDBsRMfpDpfXe4URyWiM3Rhf7ztqZdveb9al\n\
3pAJZIDTLWCFQI1MvQjKamkAQkES/gZj0iUZFwbGJPBj54nkuLFLKedw7DbwgrVg\n\
0n3fQ9b/gQepw5PxQjyobY2DsDgGZVMFjUmaUTaXX68SrG4wJDwrkdmpHReB\n\
vFi1Hg1hAgMBAAECggEAaTCnZkl/7qBjLexIryC/CBBJyaJ70W1kQ7NMYfniWwui\n\
f0aRxJgOdD81rjTvkINsPpxPRQO6oOadjzdjImYEuQTqrJTEUnntbu924eh2D9\n\
Mf2CAanj0mglRnscS9mmljZ0KzoGMX6Z/EhnuS40WiJTlWlH6MlQU/FDnwC6U34y\n\
JKy6/jGryfsxkGU/NRvKSru6JYJWt5v7sOrymHWD62IT59h3blOiP8GMtYKeQlX\n\
49om9Mo1VTIFASY3lrxmexbY6FG8YOtfIe0tTAiGrkb9Pz6tYbaj9FjEWOv4Vc\n\
3VMBUVdGJjgqvE8fx/mHo4Rg69BUPfPSrpEg7sQKBgQDlL85G04VZgrNZgOx6\n\
pTlCCl/NkfNb1OYa0BELqWINoWaWQHnm6lX8YjrUjwRpBF5s7mFhguFjUjp/NW6D\n\
0EEg5BmO0ePJ3dLKSeOA7gMo7y7kAcD/YGToqAaGljkBIIAWK5Su5yldrECTQKG\n\
YnMKyQ1MWUfCYEwHtPvFvE5aPwKBgQDFBWXekpxHIvt/B41Cl/TftAzE7/f58JjV\n\
MFo/JCh9TDcH6N5TMTRS1/iQrv5M6kJSSrHnq8pqDXOwfHLwxetpk9tr937VRzoL\n\
CuG1Ar7c1AO6ujNnAEmUVC2DppL/ck5mRPWK/kgLwZSaNcZf8sydRgphsW1ogJin\n\
7g0nGbFwXwKBgQCPoZY07Pr1TeP4g8OwWTu5F6dSvdU2CAbtZthH5q98u1n/cAj1\n\
noak1Srpa3foGMTUn9CHu5kwHPIpUPNeAZZBpq91uxa5pnkDMp3UrLIRJ2uZyr8\n\
4PxcknEEh8DR5hsM/IbDcrCJQglM19ZtQeW3LKkY4BsIxjDf45ymH407IQKBgE/g\n\
Ul6cPfOxQRlNLH4VMVgInSyyxWx1mODFy7DRrgCuh5kTVhQUVBM8x9lcwAn8V9/\n\
nQT55wR8E603pznqY/jX0xvAqZE6YVPcw4kpZcwNwL1RhEl8GliikBlRzUL3SsW3\n\
q30AfqEViHPE3XpE66PPo6Hb1ymJCVr77iUuC3wtAoGBAIBrOGunv1qZMfqmwAY2\n\
lxlzRgxgSiaev0lTNxDzZkmU/u3dgdTwJ5DDANqPwJc6b8SGYTp9rQ0mbgVHnhIB\n\
jcJQBQkTfq6Z0H6OoTVi7dPs3ibQJFrtkoyvYAbyk36quBmNRjVh6rc8468bhXYr\n\
v/tMeGJP/0Zw8v/X2CFll96\n\
-----END PRIVATE KEY-----;static const char index_html[] \
!DOCTYPE html \
html \
head \
meta charset\utf-8\ \
titleindex/title \
/head \
\
body \h1Hello from ESP32/h1 \
/body \form action\/hello\ method\post\ \label for\name\Whats your name:/label \input type\text\ id\name\ name\name\ required \input type\submit\ value\OK\/button \/form \
/html \
;static const char hello_html_template[] \
!DOCTYPE html \
html \
head \
meta charset\utf-8\ \
titlehello/title \
/head \
\
body \h1Oh, Hello %s/h1 \
/body \
\
/html \
;static esp_err_t index_get_handler(httpd_req_t *req)
{/* 获取Host信息 */size_t buf_len httpd_req_get_hdr_value_len(req, Host) 1;if (buf_len 1) {char *buf malloc(buf_len);if (httpd_req_get_hdr_value_str(req, Host, buf, buf_len) ESP_OK) {ESP_LOGI(TAG, Get request to host: %s, buf);}free(buf);}/* 回复数据包 */httpd_resp_sendstr(req, index_html);return ESP_OK;
}static const httpd_uri_t index_uri {.uri /index,.method HTTP_GET,.handler index_get_handler,.user_ctx NULL
};static esp_err_t hello_post_handler(httpd_req_t *req)
{/* 获取Host信息 */size_t buf_len httpd_req_get_hdr_value_len(req, Host) 1;if (buf_len 1) {char *buf malloc(buf_len);if (httpd_req_get_hdr_value_str(req, Host, buf, buf_len) ESP_OK) {ESP_LOGI(TAG, Post request to host: %s, buf);}free(buf);}/* 获取内容长度 */int len 0;{char *buf malloc(128);memset(buf, 0, 128);if (httpd_req_get_hdr_value_str(req, Content-Length, buf, 128) ! ESP_OK) {ESP_LOGE(TAG, Get content length failed);return ESP_FAIL;}len atoi(buf) 1;free(buf);}/* 获取表单数据 */char *buf malloc(len);memset(buf, 0, len);if (httpd_req_recv(req, buf, len) 0) {ESP_LOGE(TAG, Receive request content failed);return ESP_FAIL;}if (strstr(buf, name) NULL) {ESP_LOGE(TAG, Cant found fleid \name\);free(buf);return ESP_FAIL;}/* 发送数据 */char *hello_html malloc(1024);snprintf(hello_html, 1024, hello_html_template, buf strlen(name));httpd_resp_sendstr(req, hello_html);free(buf);free(hello_html);return ESP_OK;
}static const httpd_uri_t hello_uri {.uri /hello,.method HTTP_POST,.handler hello_post_handler,.user_ctx NULL
};static void print_peer_cert_info(const mbedtls_ssl_context *ssl)
{const mbedtls_x509_crt *cert;const size_t buf_size 1024;char *buf calloc(buf_size, sizeof(char));if (buf NULL) {ESP_LOGE(TAG, Out of memory - Callback execution failed!);return;}cert mbedtls_ssl_get_peer_cert(ssl);if (cert ! NULL) {mbedtls_x509_crt_info((char *) buf, buf_size - 1, , cert);ESP_LOGI(TAG, Peer certificate info:\n%s, buf);} else {ESP_LOGW(TAG, Could not obtain the peer certificate!);}free(buf);
}static void https_server_user_callback(esp_https_server_user_cb_arg_t *user_cb)
{mbedtls_ssl_context *ssl_ctx NULL;switch(user_cb-user_cb_state) {case HTTPD_SSL_USER_CB_SESS_CREATE:int sockfd -1;esp_err_t esp_ret;esp_ret esp_tls_get_conn_sockfd(user_cb-tls, sockfd);if (esp_ret ! ESP_OK) {ESP_LOGE(TAG, Error in obtaining the sockfd from tls context);break;}ESP_LOGI(TAG, Socket FD: %d, sockfd);ssl_ctx (mbedtls_ssl_context *) esp_tls_get_ssl_context(user_cb-tls);if (ssl_ctx NULL) {ESP_LOGE(TAG, Error in obtaining ssl context);break;}ESP_LOGI(TAG, Current Ciphersuite: %s, mbedtls_ssl_get_ciphersuite(ssl_ctx));break;case HTTPD_SSL_USER_CB_SESS_CLOSE:ssl_ctx (mbedtls_ssl_context *) esp_tls_get_ssl_context(user_cb-tls);if (ssl_ctx NULL) {ESP_LOGE(TAG, Error in obtaining ssl context);break;}print_peer_cert_info(ssl_ctx);break;default:break;}
}static void event_handler(void* arg,esp_event_base_t event_base,int32_t event_id,void* event_data)
{if (event_base IP_EVENT) {if (event_id IP_EVENT_STA_GOT_IP) {/* 配置 */httpd_ssl_config_t conf HTTPD_SSL_CONFIG_DEFAULT();conf.servercert servercert;conf.servercert_len sizeof(servercert);conf.prvtkey_pem prvkey;conf.prvtkey_len sizeof(prvkey);conf.user_cb https_server_user_callback;/* 启动服务器 */esp_err_t ret httpd_ssl_start(server_handle, conf);if (ESP_OK ! ret) {ESP_LOGI(TAG, Error starting server!);return;}/* 注册URI */httpd_register_uri_handler(server_handle, index_uri);httpd_register_uri_handler(server_handle, hello_uri);ip_event_got_ip_t *data event_data;ESP_LOGI(TAG, HTTPS server started at https:// IPSTR /index, IP2STR((data-ip_info.ip)));}} else if (event_base WIFI_EVENT) {if (event_id WIFI_EVENT_STA_DISCONNECTED) {static uint32_t retry 1;ESP_LOGW(TAG, Try reconnect WiFi, retry %lu, retry);vTaskDelay(500 / portTICK_PERIOD_MS);esp_wifi_connect();retry;} else if (event_id WIFI_EVENT_STA_START) {esp_wifi_connect();}}
}int app_main()
{/* 初始化NVS */esp_err_t ret nvs_flash_init();if (ret ESP_ERR_NVS_NO_FREE_PAGES || ret ESP_ERR_NVS_NEW_VERSION_FOUND) {ESP_ERROR_CHECK(nvs_flash_erase());ESP_ERROR_CHECK(nvs_flash_init());}/* 初始化WiFi协议栈 */ESP_ERROR_CHECK(esp_netif_init());ESP_ERROR_CHECK(esp_event_loop_create_default());esp_netif_create_default_wifi_sta();wifi_init_config_t cfg WIFI_INIT_CONFIG_DEFAULT();ESP_ERROR_CHECK(esp_wifi_init(cfg));ESP_ERROR_CHECK(esp_event_handler_instance_register(WIFI_EVENT,ESP_EVENT_ANY_ID,event_handler,NULL,NULL));ESP_ERROR_CHECK(esp_event_handler_instance_register(IP_EVENT,IP_EVENT_STA_GOT_IP,event_handler,NULL,NULL));wifi_config_t wifi_config {.sta {.ssid Your SSID,.password Your Password,.threshold.authmode WIFI_AUTH_WPA_WPA2_PSK,},};ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA));ESP_ERROR_CHECK(esp_wifi_set_config(WIFI_IF_STA, wifi_config));ESP_ERROR_CHECK(esp_wifi_start());return 0;
}https服务器需要配置自己的公钥和私钥我这里使用的是官方例程给的当然也可以自己生成例程中也注册了用户回调来演示如何获取客户端的套接字描述符和查看客户端的SSL验证信息。 调用httpd_ssl_start函数即可启动服务器服务器启动后调用httpd_register_uri_handler函数注册URI服务这里后面就跟上一篇文章的一样了。 网页的内容就跟之前的一样在输入框中填写自己的名字点击“OK”按钮就会跳转到另一个页面。 例程的log有时候会弹出0x7780错误一般是由于没有设置CA证书导致客户端或服务器认为对方不安全。
