Skip to content

Tls custom certificate #502

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
andreagilardoni wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Tls custom certificate #502

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
34f296c
codestyle unification
andreagilardoni Oct 27, 2025
68ebe0d
[wifi ssl client] added the possibility of setting custom tls cert an…
andreagilardoni Oct 28, 2025
File filter

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
[wifi ssl client] added the possibility of setting custom tls cert an… 
…d private key in wifi clients
  • Loading branch information
@andreagilardoni
andreagilardoni committed Oct 28, 2025
commit 68ebe0db7a7612e1175e4f1fb95252ae7b51d398
33 changes: 33 additions & 0 deletions libraries/WiFiS3/src/WiFiSSLClient.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,18 @@ int WiFiSSLClient::connect(const char* host, uint16_t port) {
if(!modem.passthrough((uint8_t *)_ecc_cert, _ecc_cert_len)) {
return 0;
}
} else if(_client_cert != nullptr && _private_key != nullptr) { // TODO make sure if set certificate is called to not use the above code
size_t size = strlen(_client_cert);
modem.write_nowait(string(PROMPT(_SSLCLIENTSETCERT)),res, "%s%d,%d\r\n" , CMD_WRITE(_SSLCLIENTSETCERT), _sock, size);
if(!modem.passthrough((uint8_t *)_client_cert, size)) {
return 0;
}

size = strlen(_private_key);
modem.write_nowait(string(PROMPT(_SSLCLIENTSETPKEY)),res, "%s%d,%d\r\n" , CMD_WRITE(_SSLCLIENTSETPKEY), _sock, size);
if(!modem.passthrough((uint8_t *)_private_key, size)) {
return 0;
}
}

if (_connectionTimeout) {
Expand All @@ -88,6 +100,9 @@ void WiFiSSLClient::setEccSlot(int ecc508KeySlot, const byte cert[], int certLen
_ecc_slot = ecc508KeySlot;
_ecc_cert = cert;
_ecc_cert_len = certLength;

_client_cert = nullptr;
_private_key = nullptr;
}

/* -------------------------------------------------------------------------- */
Expand Down Expand Up @@ -283,3 +298,21 @@ uint16_t WiFiSSLClient::remotePort(){
}
return rv;
}

/* -------------------------------------------------------------------------- */
void WiFiSSLClient::setCertificate(const char* clientCert){
/* -------------------------------------------------------------------------- */
_client_cert = clientCert;
_ecc_slot = -1;
_ecc_cert = nullptr;
_ecc_cert_len = 0;
}

/* -------------------------------------------------------------------------- */
void WiFiSSLClient::setPrivateKey(const char* privateKey){
/* -------------------------------------------------------------------------- */
_private_key = privateKey;
_ecc_slot = -1;
_ecc_cert = nullptr;
_ecc_cert_len = 0;
}
29 changes: 29 additions & 0 deletions libraries/WiFiS3/src/WiFiSSLClient.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,9 @@ class WiFiSSLClient : public WiFiClient {
* @brief Sets the ECC (Elliptic Curve Cryptography) key slot and
* certificate for establishing secure SSL connections.
*
* Note that this function will disable custom certificates and private keys set with
* setCertificate() and setPrivateKey()
*
* @param `int ecc508KeySlot` specifies the ECC key slot to be used for the SSL connection.
* @param `const byte cert[]` is a pointer to the certificate data in the form of an array of bytes.
* @param `int certLength` specifies the length of the certificate data array.
Expand Down Expand Up @@ -219,6 +222,30 @@ class WiFiSSLClient : public WiFiClient {
*/
virtual uint16_t remotePort();

/**
* @brief Set the public certificate for this ssl client communication
*
* This function explicitly sets the certificate to use for this client in tls
* communication. Note that if setEccSlot was used it will be disabled for this client.
* This function should be called in conjunction with setPrivateKey()
*
* @param `clientCert` client certificate in PEM format
*
*/
void setCertificate(const char* clientCert);

/**
* @brief Set the private key for this ssl client communication
*
* This function explicitly sets the private key to use for this client in tls
* communication. Note that if setEccSlot was used it will be disabled for this client.
* This function should be called in conjunction with setCertificate()
*
* @param `privateKey` client private key in PEM format
*
*/
void setPrivateKey(const char* privateKey);

/**
* @brief Declares WiFiServer as a friend class.
*
Expand All @@ -240,6 +267,8 @@ class WiFiSSLClient : public WiFiClient {
int _read();
void read_if_needed(size_t s);
const char* _root_ca = nullptr;
const char* _client_cert = nullptr;
const char* _private_key = nullptr;
int _ecc_slot = -1;
const byte* _ecc_cert = nullptr;
int _ecc_cert_len = 0;
Expand Down
Loading