examples: Add esp-ssl example tests server/client

Closes IDF-1156

examples/protocols/openssl_client/CMakeLists.txt

@@ -8,3 +8,11 @@ set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_exam
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 project(openssl_client)
+
+if(CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN)
+    # This ca.crt is used when connecting to local(python executed) server
+    target_add_binary_data(openssl_client.elf "server_certs/ca.crt" TEXT)
+else()
+    # This ca.crt is used when connecting to www.baidu.com
+    target_add_binary_data(openssl_client.elf "main/baidu_ca.crt" TEXT)
+endif()

examples/protocols/openssl_client/README.md

@@ -1,17 +1,67 @@
-# Openssl Example
+# OpenSSL Client Example
 
-The Example contains of OpenSSL client demo.
+(See the README.md file in the upper level 'examples' directory for more information about examples.)
 
-Open the project configuration menu (`idf.py menuconfig`):
+This example shows how to set up esp openssl client and communicate over ssl transport layer.
 
-* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../README.md) for more details.
+## How to use example
+
+### Python scripts
+
+Script example_test.py could be used as a client part to the ESP-OPENSSL server demo,
+
+```
+python example_test.py
+```
+Note that this script is used in automated tests, as well, so the IDF test framework packages need to be imported;
+please add `$IDF_PATH/tools/ci/python_packages` to `PYTHONPATH`.
+
+### Hardware Required
+
+This example can be executed on any ESP32 board, the only required interface is WiFi and connection to internet.
+
+### Configure the project
+
+* Open the project configuration menu (`idf.py menuconfig`)
+* Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../../README.md) for more details.
+* Configure the openssl client endpoint URI under "Example Configuration", if "OPENSSL_CLIENT_URI_FROM_STDIN" is selected then the example application will connect to the URI it reads from stdin (used for testing)
 
 * When using Make build system, set `Default serial port` under `Serial flasher config`.
 
-* Configure target domain and port number under "Example Configuration"
+* When using OPENSSL_CLIENT_URI_FROM_STRING configure target domain and port number under "Example Configuration"
 
-If you want to test the OpenSSL client demo:
-  1. compile the code and load the firmware
-  2. open the UART TTY, then you can see it print the context of target domain
+* Please note that verification mode is VERIFY_PEER by default, that's why during connection to public host('www.baidu.com') it's needed to use 
+  appropriate certificates('baidu_ca.crt'), or it is needed to change verify mode to VERIFY_NONE.
 
-See the README.md file in the upper level 'examples' directory for more information about examples.
+### Build and Flash
+
+Build the project and flash it to the board, then run monitor tool to view serial output:
+
+```
+idf.py -p PORT flash monitor
+```
+
+(To exit the serial monitor, type ``Ctrl-]``.)
+
+See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects.
+
+## Example Output
+
+```
+I (2601) esp_netif_handlers: example_connect: sta ip: 192.168.1.191, mask: 255.255.255.0, gw: 192.168.1.1
+I (2601) example_connect: Got IPv4 event: Interface "example_connect: sta" address: 192.168.1.191
+I (3601) example_connect: Got IPv6 event: Interface "example_connect: sta" address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL
+I (3601) example_connect: Connected to example_connect: sta
+I (3611) example_connect: - IPv4 address: 192.168.1.191
+I (3611) example_connect: - IPv6 address: fe80:0000:0000:0000:260a:c4ff:fee7:a660, type: ESP_IP6_ADDR_IS_LINK_LOCAL
+I (3631) openssl_example: Test started
+I (3631) openssl_example: Trying connect to www.baidu.com port 443 ...
+I (3641) openssl_example: DNS lookup succeeded. IP=103.235.46.39
+I (4101) openssl_example: OK
+I (4101) openssl_example: Create SSL obj
+I (4101) openssl_example: OK
+I (4101) openssl_example: SSL verify mode = 0 connected to www.baidu.com port 443 ...
+I (8091) openssl_example: OK
+I (8091) openssl_example: SSL Connection Succeed
+
+```

examples/protocols/openssl_client/example_test.py

@@ -0,0 +1,126 @@
+from __future__ import print_function, unicode_literals
+
+import os
+import re
+import socket
+import ssl
+from threading import Event, Thread
+
+import ttfw_idf
+
+SERVER_CERTS_DIR = 'server_certs/'
+
+
+def _path(f):
+    return os.path.join(os.path.dirname(os.path.realpath(__file__)),f)
+
+
+def get_my_ip():
+    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+    try:
+        # doesn't even have to be reachable
+        s.connect(('10.255.255.255', 1))
+        IP = s.getsockname()[0]
+    except socket.error:
+        IP = '127.0.0.1'
+    finally:
+        s.close()
+    return IP
+
+
+# Simple TLS server
+class TlsServer:
+
+    def __init__(self, port, negotiated_protocol=ssl.PROTOCOL_TLSv1):
+        self.port = port
+        self.socket = socket.socket()
+        self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+        self.socket.settimeout(20.0)
+        self.shutdown = Event()
+        self.negotiated_protocol = negotiated_protocol
+        self.conn = None
+        self.ssl_error = None
+        self.server_thread = None
+
+    def __enter__(self):
+        try:
+            self.socket.bind(('', self.port))
+        except socket.error as e:
+            print('Bind failed:{}'.format(e))
+            raise
+
+        self.socket.listen(1)
+        self.server_thread = Thread(target=self.run_server)
+        self.server_thread.start()
+
+        return self
+
+    def __exit__(self, exc_type, exc_value, traceback):
+        self.shutdown.set()
+        self.server_thread.join()
+        self.socket.close()
+        if (self.conn is not None):
+            self.conn.close()
+
+    def run_server(self):
+        ctx = ssl.SSLContext(self.negotiated_protocol)
+        ctx.load_cert_chain(certfile=_path(SERVER_CERTS_DIR + 'ca.crt'), keyfile=_path(SERVER_CERTS_DIR + 'ca.key'))
+        self.socket = ctx.wrap_socket(self.socket, server_side=True)
+        try:
+            print('Listening socket')
+            self.conn, address = self.socket.accept()  # accept new connection
+            self.socket.settimeout(20.0)
+            print(' - connection from: {}'.format(address))
+        except ssl.SSLError as e:
+            self.conn = None
+            self.ssl_error = str(e)
+            print(' - SSLError: {}'.format(str(e)))
+
+
+def test_echo(dut):
+    dut.expect('SSL Connection Succeed')
+    print('SSL Connection Succeed')
+
+
+@ttfw_idf.idf_example_test(env_tag='Example_WIFI')
+def test_example_protocol_openssl_client(env, extra_data):
+    """
+     steps:
+       1. join AP
+       2. connect to uri "xxxx.xxxx.xxxx.xxxx:port"
+       3. send and receive data
+    """
+    dut1 = env.get_dut('openssl_client', 'examples/protocols/openssl_client', dut_class=ttfw_idf.ESP32DUT)
+    # check and log bin size
+    binary_file = os.path.join(dut1.app.binary_path, 'openssl_client.bin')
+    binary_size = os.path.getsize(binary_file)
+    ttfw_idf.log_performance('openssl_client_bin_size', '{}KB'.format(binary_size // 1024))
+
+    try:
+        if 'CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN' in dut1.app.get_sdkconfig():
+            uri_from_stdin = True
+        else:
+            uri = dut1.app.get_sdkconfig()['CONFIG_EXAMPLE_OPENSSL_CLIENT_TARGET_DOMAIN'].strip('"')
+            uri_from_stdin = False
+    except Exception:
+        print('ENV_TEST_FAILURE: Cannot find target domain in sdkconfig')
+        raise
+
+    # start test
+    dut1.start_app()
+    dut1.expect(re.compile(r' IPv4 address: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'), timeout=30)
+    ip = get_my_ip()
+
+    if uri_from_stdin:
+        server_port = 2222
+        with TlsServer(server_port, negotiated_protocol=ssl.PROTOCOL_TLSv1_1):
+            print('Starting test')
+            dut1.write('{} {}'.format(ip, server_port))
+            dut1.expect(re.compile('SSL Connection Succeed'), timeout=10)
+    else:
+        print('DUT connecting to {}'.format(uri))
+        test_echo(dut1)
+
+
+if __name__ == '__main__':
+    test_example_protocol_openssl_client()

examples/protocols/openssl_client/main/Kconfig.projbuild

@@ -1,15 +1,27 @@
 menu "Example Configuration"
 
-    config TARGET_DOMAIN
+    choice EXAMPLE_OPENSSL_CLIENT_URI_SOURCE
+        prompt "SSL Client URI source"
+        default EXAMPLE_OPENSSL_CLIENT_URI_FROM_STRING
+        help
+            Selects the source of the URI used in the example.
+
+        config EXAMPLE_OPENSSL_CLIENT_URI_FROM_STRING
+            bool "From string"
+
+        config EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN
+            bool "From stdin"
+    endchoice
+
+    config EXAMPLE_OPENSSL_CLIENT_TARGET_DOMAIN
         string "Target Domain"
         default "www.baidu.com"
         help
             Target domain for the example to connect to.
 
-    config TARGET_PORT_NUMBER
-        int "Target port number"
-        range 0 65535
-        default 443
+    config EXAMPLE_OPENSSL_CLIENT_TARGET_PORT
+        string "Target port number"
+        default "443"
         help
             Target port number for the example to connect to.
 

examples/protocols/openssl_client/main/baidu_ca.crt

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEaTCCA1GgAwIBAgILBAAAAAABRE7wQkcwDQYJKoZIhvcNAQELBQAwVzELMAkG
+A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
+b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw
+MDBaFw0yNDAyMjAxMDAwMDBaMGYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
+YWxTaWduIG52LXNhMTwwOgYDVQQDEzNHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW
+YWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDHDmw/I5N/zHClnSDDDlM/fsBOwphJykfVI+8DNIV0yKMCLkZc
+C33JiJ1Pi/D4nGyMVTXbv/Kz6vvjVudKRtkTIso21ZvBqOOWQ5PyDLzm+ebomchj
+SHh/VzZpGhkdWtHUfcKc1H/hgBKueuqI6lfYygoKOhJJomIZeg0k9zfrtHOSewUj
+mxK1zusp36QUArkBpdSmnENkiN74fv7j9R7l/tyjqORmMdlMJekYuYlZCa7pnRxt
+Nw9KHjUgKOKv1CGLAcRFrW4rY6uSa2EKTSDtc7p8zv4WtdufgPDWi2zZCHlKT3hl
+2pK8vjX5s8T5J4BO/5ZS5gIg4Qdz6V0rvbLxAgMBAAGjggElMIIBITAOBgNVHQ8B
+Af8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUlt5h8b0cFilT
+HMDMfTuDAEDmGnwwRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0
+dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCow
+KKAmoCSGImh0dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYB
+BQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNv
+bS9yb290cjEwHwYDVR0jBBgwFoAUYHtmGkUNl8qJUC99BM00qP/8/UswDQYJKoZI
+hvcNAQELBQADggEBAEYq7l69rgFgNzERhnF0tkZJyBAW/i9iIxerH4f4gu3K3w4s
+32R1juUYcqeMOovJrKV3UPfvnqTgoI8UV6MqX+x+bRDmuo2wCId2Dkyy2VG7EQLy
+XN0cvfNVlg/UBsD84iOKJHDTu/B5GqdhcIOKrwbFINihY9Bsrk8y1658GEV1BSl3
+30JAZGSGvip2CTFvHST0mdCF/vIhCPnG9vHQWe3WVjwIKANnuvD58ZAWR65n5ryA
+SOlCdjSXVWkkDoPWoC209fN5ikkodBpBocLTJIg1MGCUF7ThBCIxPTsvFwayuJ2G
+K1pp74P1S8SqtCr4fKGxhZSM9AyHDPSsQPhZSZg=
+-----END CERTIFICATE-----

examples/protocols/openssl_client/main/component.mk

@@ -1,3 +1,10 @@
 #
 # Main Makefile. This is basically the same as a component makefile.
 #
+
+ifdef CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN
+COMPONENT_EMBED_TXTFILES := ${PROJECT_PATH}/server_certs/ca.crt
+else
+COMPONENT_EMBED_TXTFILES := ${PROJECT_PATH}/main/baidu_ca.crt
+endif
+COMPONENT_EMBED_TXTFILES += ${PROJECT_PATH}/server_certs/ca.key

examples/protocols/openssl_client/main/openssl_client_example.h

@@ -17,17 +17,15 @@
    the config you want - ie #define OPENSSL_EXAMPLE_TARGET_NAME "www.baidu.com"
    and ie #define OPENSSL_EXAMPLE_TARGET_TCP_PORT 433
 */
-#define OPENSSL_EXAMPLE_TARGET_NAME        CONFIG_TARGET_DOMAIN
-#define OPENSSL_EXAMPLE_TARGET_TCP_PORT    CONFIG_TARGET_PORT_NUMBER
+#define EXAMPLE_OPENSSL_TARGET_DOMAIN CONFIG_EXAMPLE_OPENSSL_CLIENT_TARGET_DOMAIN
+#define EXAMPLE_OPENSSL_TARGET_PORT    CONFIG_EXAMPLE_OPENSSL_CLIENT_TARGET_PORT
 
-#define OPENSSL_EXAMPLE_REQUEST            "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n"
+#define EXAMPLE_OPENSSL_REQUEST            "{\"path\": \"/v1/ping/\", \"method\": \"GET\"}\r\n"
 
-#define OPENSSL_EXAMPLE_TASK_NAME        "openssl_example"
-#define OPENSSL_EXAMPLE_TASK_STACK_WORDS 10240
-#define OPENSSL_EXAMPLE_TASK_PRIORITY    8
+#define EXAMPLE_OPENSSL_TASK_NAME        "openssl_example"
+#define EXAMPLE_OPENSSL_TASK_STACK_WORDS 10240
+#define EXAMPLE_OPENSSL_TASK_PRIORITY    8
 
-#define OPENSSL_EXAMPLE_RECV_BUF_LEN       1024
-
-#define OPENSSL_EXAMPLE_LOCAL_TCP_PORT     443
+#define EXAMPLE_OPENSSL_RECV_BUF_LEN       1024
 
 #endif

examples/protocols/openssl_client/main/openssl_client_example_main.c

@@ -1,4 +1,4 @@
-/* OpenSSL client Example
+/* OpenSSL Client Example
 
    This example code is in the Public Domain (or CC0 licensed, at your option.)
 
@@ -6,172 +6,151 @@
    software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
    CONDITIONS OF ANY KIND, either express or implied.
 */
-
 #include "openssl_client_example.h"
 
-#include <string.h>
-
 #include "openssl/ssl.h"
 
-#include "freertos/FreeRTOS.h"
-#include "freertos/task.h"
+#include "lwip/netdb.h"
+#include "lwip/sockets.h"
 
-#include "esp_log.h"
-#include "esp_wifi.h"
-#include "esp_event.h"
 #include "nvs_flash.h"
-#include "esp_netif.h"
+#include "esp_event.h"
+#include "esp_log.h"
+
 #include "protocol_examples_common.h"
 
-#include "lwip/sockets.h"
-#include "lwip/netdb.h"
 
-const static char *TAG = "openssl_example";
+static const char *TAG = "openssl_example";
 
-static void openssl_example_task(void *p)
+static int open_connection(const char *host, char *port)
 {
-    int ret;
-    SSL_CTX *ctx;
-    SSL *ssl;
+    const struct addrinfo hints = {
+        .ai_family = AF_INET,
+        .ai_socktype = SOCK_STREAM,
+    };
+    struct addrinfo * res;
+    struct in_addr *addr;
+    int sd;
+    int err = getaddrinfo(host, port, &hints, &res);
+    if (err < 0) {
+        ESP_LOGE(TAG, "getaddrinfo() failed for IPV4 destination address. error: %d", err);
+        return -1;
+    }
+    if (res == 0) {
+        ESP_LOGE(TAG, "getaddrinfo() did not return any addresses");
+        return -1;
+    }
+    addr = &((struct sockaddr_in *)res->ai_addr)->sin_addr;
+    ESP_LOGI(TAG, "DNS lookup succeeded. IP=%s", inet_ntoa(*addr));
+    sd = socket(res->ai_family, res->ai_socktype, 0);
+    if(sd < 0) {
+        ESP_LOGE(TAG, "Failed to allocate socket.");
+        freeaddrinfo(res);
+        return -1;
+    }
+    if (connect(sd, res->ai_addr, res->ai_addrlen) != 0) {
+        ESP_LOGE(TAG, "Socket connect failed");
+        return -1;
+    }
+    return sd;
+}
+
+static SSL_CTX* init_contex(void)
+{
+
+#if CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN
+    extern const unsigned char cacert_pem_start[] asm("_binary_ca_crt_start");
+    extern const unsigned char cacert_pem_end[]   asm("_binary_ca_crt_end");
+#else
+    extern const unsigned char cacert_pem_start[] asm("_binary_baidu_ca_crt_start");
+    extern const unsigned char cacert_pem_end[]   asm("_binary_baidu_ca_crt_end");
+#endif
+    const unsigned int cacert_pem_bytes = cacert_pem_end - cacert_pem_start;
+
+    const SSL_METHOD *mtd = TLSv1_1_client_method();
+    SSL_CTX *ctx = SSL_CTX_new(mtd);   /* Create new context */
+    SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
+
+    X509 *x = d2i_X509(NULL, cacert_pem_start, cacert_pem_bytes);
+    if(!x) {
+        ESP_LOGI(TAG,"Loading certs failed \n");
+    }
+    SSL_CTX_add_client_CA(ctx, x);
+
+    return ctx;
+}
+
+static void start_example(const char *host, char *port)
+{
+    SSL_CTX *ctx = NULL;
+    SSL *ssl = NULL;
     int sockfd;
-    struct sockaddr_in sock_addr;
-    struct hostent *hp;
-    struct ip4_addr *ip4_addr;
+    int ret;
 
-    int recv_bytes = 0;
-    char recv_buf[OPENSSL_EXAMPLE_RECV_BUF_LEN];
-
-    const char send_data[] = OPENSSL_EXAMPLE_REQUEST;
-    const int send_bytes = sizeof(send_data);
-
-    ESP_LOGI(TAG, "OpenSSL demo thread start OK");
-
-    ESP_LOGI(TAG, "get target IP address");
-    hp = gethostbyname(OPENSSL_EXAMPLE_TARGET_NAME);
-    if (!hp) {
-        ESP_LOGI(TAG, "failed");
-        goto failed1;
-    }
-    ESP_LOGI(TAG, "OK");
-
-    ip4_addr = (struct ip4_addr *)hp->h_addr;
-    ESP_LOGI(TAG, IPSTR, IP2STR(ip4_addr));
-
-    ESP_LOGI(TAG, "create SSL context ......");
-    ctx = SSL_CTX_new(TLSv1_1_client_method());
+    ctx = init_contex();
     if (!ctx) {
-        ESP_LOGI(TAG, "failed");
+        ESP_LOGE(TAG, "Failed");
+        goto failed1;
+    }
+    ESP_LOGI(TAG, "Trying connect to %s port %s ...", host, port);
+    sockfd = open_connection(host, port);
+    if(sockfd < 0) {
+        ESP_LOGE(TAG,"Failed");
         goto failed1;
     }
     ESP_LOGI(TAG, "OK");
-
-    ESP_LOGI(TAG, "create socket ......");
-    sockfd = socket(AF_INET, SOCK_STREAM, 0);
-    if (sockfd < 0) {
-        ESP_LOGI(TAG, "failed");
+    ESP_LOGI(TAG, "Create SSL obj");
+    ssl = SSL_new(ctx);
+    if (!ssl) {
+        ESP_LOGE(TAG,"Failed");
         goto failed2;
     }
     ESP_LOGI(TAG, "OK");
-
-    ESP_LOGI(TAG, "bind socket ......");
-    memset(&sock_addr, 0, sizeof(sock_addr));
-    sock_addr.sin_family = AF_INET;
-    sock_addr.sin_addr.s_addr = 0;
-    sock_addr.sin_port = htons(OPENSSL_EXAMPLE_LOCAL_TCP_PORT);
-    ret = bind(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
-    if (ret) {
-        ESP_LOGI(TAG, "failed");
-        goto failed3;
-    }
-    ESP_LOGI(TAG, "OK");
-
-    ESP_LOGI(TAG, "socket connect to remote %s ......", OPENSSL_EXAMPLE_TARGET_NAME);
-    memset(&sock_addr, 0, sizeof(sock_addr));
-    sock_addr.sin_family = AF_INET;
-    sock_addr.sin_addr.s_addr = ip4_addr->addr;
-    sock_addr.sin_port = htons(OPENSSL_EXAMPLE_TARGET_TCP_PORT);
-    ret = connect(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
-    if (ret) {
-        ESP_LOGI(TAG, "failed");
-        goto failed3;
-    }
-    ESP_LOGI(TAG, "OK");
-
-    ESP_LOGI(TAG, "create SSL ......");
-    ssl = SSL_new(ctx);
-    if (!ssl) {
-        ESP_LOGI(TAG, "failed");
-        goto failed3;
-    }
-    ESP_LOGI(TAG, "OK");
-
     SSL_set_fd(ssl, sockfd);
-
-    ESP_LOGI(TAG, "SSL connected to %s port %d ......",
-        OPENSSL_EXAMPLE_TARGET_NAME, OPENSSL_EXAMPLE_TARGET_TCP_PORT);
     ret = SSL_connect(ssl);
-    if (!ret) {
-        ESP_LOGI(TAG, "failed " );
-        goto failed4;
-    }
-    ESP_LOGI(TAG, "OK");
-
-    ESP_LOGI(TAG, "send https request to %s port %d ......",
-        OPENSSL_EXAMPLE_TARGET_NAME, OPENSSL_EXAMPLE_TARGET_TCP_PORT);
-    ret = SSL_write(ssl, send_data, send_bytes);
     if (ret <= 0) {
-        ESP_LOGI(TAG, "failed");
-        goto failed5;
+        ESP_LOGE(TAG,"SSL Connection Failed");
+        goto failed3;
     }
-    ESP_LOGI(TAG, "OK");
-
-    do {
-        ret = SSL_read(ssl, recv_buf, OPENSSL_EXAMPLE_RECV_BUF_LEN - 1);
-        if (ret <= 0) {
-            break;
-        }
-        recv_buf[ret] = '\0';
-        recv_bytes += ret;
-        ESP_LOGI(TAG, "%s", recv_buf);
-    } while (1);
-
-    ESP_LOGI(TAG, "totally read %d bytes data from %s ......", recv_bytes, OPENSSL_EXAMPLE_TARGET_NAME);
-
-failed5:
-    SSL_shutdown(ssl);
-failed4:
+    ESP_LOGI(TAG,"SSL Connection Succeed");
+failed3:
     SSL_free(ssl);
     ssl = NULL;
-failed3:
+failed2:
     close(sockfd);
     sockfd = -1;
-failed2:
+failed1:
     SSL_CTX_free(ctx);
     ctx = NULL;
-failed1:
-    vTaskDelete(NULL);
-    return ;
 }
 
-static void openssl_example_client_init(void)
+#if CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN
+static void get_string(char *line, size_t size)
 {
-    int ret;
-    xTaskHandle openssl_handle;
-
-    ret = xTaskCreate(openssl_example_task,
-                      OPENSSL_EXAMPLE_TASK_NAME,
-                      OPENSSL_EXAMPLE_TASK_STACK_WORDS,
-                      NULL,
-                      OPENSSL_EXAMPLE_TASK_PRIORITY,
-                      &openssl_handle);
-
-    if (ret != pdPASS)  {
-        ESP_LOGI(TAG, "create thread %s failed", OPENSSL_EXAMPLE_TASK_NAME);
+    int count = 0;
+    while (count < size) {
+        int c = fgetc(stdin);
+        if (c == '\n') {
+            line[count] = '\0';
+            break;
+        } else if (c > 0 && c < 127) {
+            line[count] = c;
+            ++count;
+        }
+        vTaskDelay(10 / portTICK_PERIOD_MS);
     }
 }
+#endif /* CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN */
 
 void app_main(void)
 {
+    char host[128] = EXAMPLE_OPENSSL_TARGET_DOMAIN;
+    char port[32] = EXAMPLE_OPENSSL_TARGET_PORT;
+
+    ESP_LOGI(TAG, "[APP] Startup..");
+    ESP_LOGI(TAG, "[APP] Free memory: %d bytes", esp_get_free_heap_size());
+    ESP_LOGI(TAG, "[APP] IDF version: %s", esp_get_idf_version());
+
     ESP_ERROR_CHECK(nvs_flash_init());
     ESP_ERROR_CHECK(esp_netif_init());
     ESP_ERROR_CHECK(esp_event_loop_create_default());
@@ -182,5 +161,10 @@ void app_main(void)
      */
     ESP_ERROR_CHECK(example_connect());
 
-    openssl_example_client_init();
+#if CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN
+    char line[256] = "";
+    get_string(line, sizeof(line));
+    sscanf(line, "%s %s", host, port);
+#endif /* CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN */
+    start_example(host, port);
 }

examples/protocols/openssl_client/sdkconfig.ci

@@ -0,0 +1,2 @@
+CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STDIN=y
+CONFIG_EXAMPLE_OPENSSL_CLIENT_URI_FROM_STRING=n

examples/protocols/openssl_client/server_certs/ca.crt

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTTCCAjWgAwIBAgIUe0ZW+zwJ0KauAHVreTmv8xqC9QgwDQYJKoZIhvcNAQEL
+BQAwNjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoM
+CUVzcHJlc3NpZjAeFw0yMDA5MjMwNzU1NTRaFw00ODAyMDkwNzU1NTRaMDYxCzAJ
+BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlFc3ByZXNz
+aWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC52tv077MpX817BVUP
+yjmz/Nk1Tj7Za4pHlpVlbRRSlEz5h/62s7arB6dq9K2kC7fTIkw6MN/Qp4zPZ1Ug
+0abzZesb71w3NLhw9ModiakDkvdRoDORXbxeJuxHbJyui/8N9UNJfb3IOPX/nSP+
+coDWrkk0GrJbLwU1aLf7zr00iY2yx+lAEd75ElXhKrheUJJ/dpKYl4ZcGSm55WkQ
+tJi5dHfZCx1dDXnt49q5hbGa7lsOwdIdE7xM4NtqWo61LJ2Z/scbha48RMvEAnAl
+IfG9VcfjfOY1Y3LZemXS1NhuGRRgT3hc/xJFyTja4zg71XK1Z5VJO/QShFuDWnkx
+oXrdAgMBAAGjUzBRMB0GA1UdDgQWBBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAfBgNV
+HSMEGDAWgBRTSG/RoTNtlXzzHf/WrFRBCO9NMTAPBgNVHRMBAf8EBTADAQH/MA0G
+CSqGSIb3DQEBCwUAA4IBAQBqu44Bdq2JWAx3gDrIz42Vvocq4kRkNEg2C00b7OEU
+Hi/zm2JTOyoHQfLZWc1Y6dzcPTbA/+7JFgnlgyzfH4YCi8YosEjRB+cBqEwDeeGY
+XS0vKxEG69vDb/neqsKsWawKU7P8TVar7qg/41eqoC84o/d23eBFJ0Tr/3EWO5hr
+8ct2mSLkewCJIzxqQIsORynxjd7K9N2Dxb7Lg7kremM+nADfrbArSh443t+G9YEY
+fDatlIgFXietPyg6i27Aob5Ogs5gmbdY2swEoYfnrN++DpLyLoPB9Y1t/691CkNF
+AzCQft+CFyZfNXbjHBE7q3s660/UkC20OyHFyFt9C0q2
+-----END CERTIFICATE-----

examples/protocols/openssl_client/server_certs/ca.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAudrb9O+zKV/NewVVD8o5s/zZNU4+2WuKR5aVZW0UUpRM+Yf+
+trO2qwenavStpAu30yJMOjDf0KeMz2dVINGm82XrG+9cNzS4cPTKHYmpA5L3UaAz
+kV28XibsR2ycrov/DfVDSX29yDj1/50j/nKA1q5JNBqyWy8FNWi3+869NImNssfp
+QBHe+RJV4Sq4XlCSf3aSmJeGXBkpueVpELSYuXR32QsdXQ157ePauYWxmu5bDsHS
+HRO8TODbalqOtSydmf7HG4WuPETLxAJwJSHxvVXH43zmNWNy2Xpl0tTYbhkUYE94
+XP8SRck42uM4O9VytWeVSTv0EoRbg1p5MaF63QIDAQABAoIBAQC480UkcEz4hW/0
+VpAZkILvzFVTKLR+pPgM2Zt+PZiVvSMExwMBScIkXQ+L7kXGFCswntcAqZZxC+ui
+khAzAq+DVA8t03sPLRXGwrNHxbA98EjSH/xxUribcVx8j2c0g/ijKUl2nvz3fUfA
+wd4J3mS8PuB2S4LmHtquFbHRkiDTX8RPtq+1ZGpl2+u2DlKIyPrkr8UZyZPVVjHd
+ACyG4rJdFy/XVS3cGSQ0Nkp/Ml706oSOUklRPzQEumZt6UkdgRYt9VlLL65CzIrF
+qW34v0olgD5pVM4hIKIV8GgqGCqKhfsj8Mv6kQ2iO4/Wu32iwwezGpqO5pOUVJLB
+t/22iNxBAoGBAOmHHUN9Vl5wnZ88/TG1zU4aom/PHNiPCym1Zr4MekdMtCOFo+i/
+8hB+X8ZfR8VfQpzF2TdvCde0f/nQCT7ixCFmx5ZgD6QqDU2oHqV1N+/6k3IFGG8X
+BFcKMOyRU866E7RknMQfXmKc0V9BFnwo1hFfNlaQNUsiT6BX9TXvDzBVAoGBAMu9
+Vpnv95FbFAb3+5gLABfFu9jUDSIanE+YJgtm5akDxF5paYZNTUcTe0KwT/h/nqyU
+EyHeb32IbKUOzEmN1RlvfIec2QmZJk0u6TfLRLmORsBxM5z5dn+mvJwsYHaam0iI
+pdpbnObCH+dIgGrn6zPPgaLr/NQ/GJMbVpGTVAhpAoGAc9p9MRtAOvABspsuPXgl
+F2dtSKzmcaVdc160TvqfuzmZcLn/HBwFuhsH5sEkOQ3OXTpmTfL/Xg0FJGkJ/THA
+/ZUg1UBo4heeq/UI5yrlCmA0v+85NPulQo0iwmpCup9j4S28/CtXxvJniKsgvY4A
+zXN/4KgAWHr4J+MbGpuz3FUCgYB6ACr3iyaoN+3KLnzOEug/U/ykXnZu0ZiAYQ+H
+DFrB1qukDWNPNMLtqNDKomGA4IrXtOOwCE6i0SqdvDrAYNoWnRfo7RdaFAdHeKvW
+6TWCF5xuaFsLyKYY0nNm4XvyCaqqyIjoNKvD0sLf8B5V5gKFx+BM+xsuzYmdrWUt
+Txem4QKBgQDGTEuEy8lX3AO7+iSwjgOC0mooLOR6MoH3iH81GUj+IuiwngIDRtHj
+gIh0mNu6vgQkfBkaP27tyr00PBi3SIGAJOLaTKimjEOk0plTw1ewt4apMlhdcT/f
+eVEUD7zpX3v1a8mN34wCRUEilpfMvEpIxW3GnDRzxVaXerydLiApJQ==
+-----END RSA PRIVATE KEY-----