esp32_https_server icon indicating copy to clipboard operation
esp32_https_server copied to clipboard

Published 20 hours ago verified publisher icon fhessel

Is it allowable to change an SSLCert between HTTPSServer construction and calling start()?

Open jackjansen opened this issue 5 years ago • 3 comments

Describe Your Goal I'm creating a wrapper around esp32_https_server to that has the same API as WebServer.h and WebServerSecure.h.

What Does Your Project Look Like

The WebServerSecure.h sequence of doing things is:

  WebServer server();
  server.getServer().setServerKeyAndCert(....);
  server.begin();

HTTPSServer uses a different paradigm, where the SSLCert is passed in during construction. I could of course delay the construction of the HTTPSServer, but from inspection of the code it seems that the SSLCert passed in during construction isn't actually used until start() is called.

So, I could pass in an empty SSLCert to the constructor, and then fill in the key/cert with SSLCert::setCert() and SSLCert::setPK() before calling HTTPSServer::start().

But it feels a bit like a hack to do this, so therefore my question: is it okay to depend on the ability to change the SSLCert between calling the HTTPSServer constructor and the start() method?

jackjansen avatar Dec 22 '19 22:12 jackjansen

Do you have an example for the ESP32? For setServerKeyAndCert(), I can only find a related ESP8266 implementation.

Using an empty SSLCert to create the server instance should be fine, but changing the certificate while the server socket is up has to be prevented. I don't see a reason why the certificate should be used in the meantime, putting it into the constructor's parameter list was just a way to avoid an additional call to a setter.

It would also be important to compare the memory management of both implementations. This library takes pointers and relies on the user to make sure that the data remains valid. From this function and this implementation of X509List, I'd assume that the original WebServer makes a copy of the certificate and private key data. So in my opinion, that should also go into the wrapper so that it can be called with the same assumptions.

fhessel avatar Dec 22 '19 23:12 fhessel

Hmm, good point. I will check. I was indeed modelling after the esp8266 server (there isn't any esp32 server, that's the whole point of doing the compatibility layer:-).

I really wound't want to make a copy, these things are big, I'll see what sort of use cases I can find of whether people actually use the library without non-persistent arguments.

jackjansen avatar Dec 23 '19 01:12 jackjansen

I used WebServer.h in the Arduino ESP32 repository as a starting point for creating the compat repo, so maybe there are also differences in the interfaces of that one and the ESP8266 WebServer.h.

I agree that the certificates and keys should only be copied if necessary due to their size. It just has to match the programmer's expectations, and that has to be clarified in the API documentation. I didn't find an explicit statement on that topic by the authors of the original WebServer.h, though, which is why I started digging in the code.

fhessel avatar Dec 24 '19 14:12 fhessel