From a2b11520fe6af33817ef30f4a74d52e29182fed9 Mon Sep 17 00:00:00 2001 From: Stephan Hadinger Date: Fri, 6 Nov 2020 18:27:43 +0100 Subject: [PATCH] Fix tls time with new NTP client --- lib/lib_ssl/bearssl-esp8266/src/t_inner.h | 4 +++- tasmota/WiFiClientSecureLightBearSSL.cpp | 6 +++++- tasmota/WiFiClientSecureLightBearSSL.h | 1 - 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/lib_ssl/bearssl-esp8266/src/t_inner.h b/lib/lib_ssl/bearssl-esp8266/src/t_inner.h index 435c67c49..c596c9f18 100644 --- a/lib/lib_ssl/bearssl-esp8266/src/t_inner.h +++ b/lib/lib_ssl/bearssl-esp8266/src/t_inner.h @@ -433,7 +433,9 @@ */ #ifndef BR_USE_UNIX_TIME -#if defined __unix__ || defined __linux__ || defined ESP8266 || defined ESP32\ +/*#if defined __unix__ || defined __linux__ || defined ESP8266 || defined ESP32\*/ +// Tasmota now uses its own NTP client so we need to pass explicitly the current time +#if defined __unix__ || defined __linux__ || defined ESP32\ || defined _POSIX_SOURCE || defined _POSIX_C_SOURCE \ || (defined __APPLE__ && defined __MACH__) #define BR_USE_UNIX_TIME 1 diff --git a/tasmota/WiFiClientSecureLightBearSSL.cpp b/tasmota/WiFiClientSecureLightBearSSL.cpp index 645509989..809524711 100755 --- a/tasmota/WiFiClientSecureLightBearSSL.cpp +++ b/tasmota/WiFiClientSecureLightBearSSL.cpp @@ -67,6 +67,9 @@ void _Log_heap_size(const char *msg) { #define LOG_HEAP_SIZE(a) #endif +// get UTC time from Tasmota +extern uint32_t UtcTime(void); + // Stack thunked versions of calls // Initially in BearSSLHelpers.h extern "C" { @@ -179,7 +182,6 @@ void WiFiClientSecure_light::_clear() { _eng = nullptr; _iobuf_in = nullptr; _iobuf_out = nullptr; - _now = 0; // You can override or ensure time() is correct w/configTime setBufferSizes(1024, 1024); // reasonable minimum _handshake_done = false; _last_error = 0; @@ -918,6 +920,8 @@ bool WiFiClientSecure_light::_connectSSL(const char* hostName) { br_x509_minimal_set_rsa(x509_minimal, br_ssl_engine_get_rsavrfy(_eng)); br_x509_minimal_set_hash(x509_minimal, br_sha256_ID, &br_sha256_vtable); br_ssl_engine_set_x509(_eng, &x509_minimal->vtable); + uint32_t now = UtcTime(); + br_x509_minimal_set_time(x509_minimal, now / 86400 + 719528, now % 86400); #else x509_insecure = (br_x509_pubkeyfingerprint_context*) malloc(sizeof(br_x509_pubkeyfingerprint_context)); diff --git a/tasmota/WiFiClientSecureLightBearSSL.h b/tasmota/WiFiClientSecureLightBearSSL.h index 67f74b0db..ed6ced416 100755 --- a/tasmota/WiFiClientSecureLightBearSSL.h +++ b/tasmota/WiFiClientSecureLightBearSSL.h @@ -112,7 +112,6 @@ class WiFiClientSecure_light : public WiFiClient { br_ssl_engine_context *_eng; // &_sc->eng, to allow for client or server contexts std::shared_ptr _iobuf_in; std::shared_ptr _iobuf_out; - time_t _now; int _iobuf_in_size; int _iobuf_out_size; bool _handshake_done;