├── Licence.txt ├── README.md └── WiFiWebClient_SSL2_forYT.ino /Licence.txt: -------------------------------------------------------------------------------- 1 | This software, the ideas and concepts is Copyright (c) David Bird 2014 and beyond. 2 | 3 | All rights to this software are reserved. 4 | 5 | It is prohibited to redistribute or reproduce of any part or all of the software contents in any form other than the following: 6 | 7 | 1. You may print or download to a local hard disk extracts for your personal and non-commercial use only. 8 | 9 | 2. You may copy the content to individual third parties for their personal use, but only if you acknowledge the author David Bird as the source of the material. 10 | 11 | 3. You may not, except with my express written permission, distribute or commercially exploit the content. 12 | 13 | 4. You may not transmit it or store it in any other website or other form of electronic retrieval system for commercial purposes. 14 | 15 | 5. You MUST include all of this copyright and permission notice ('as annotated') and this shall be included in all copies or substantial portions of the software and where the software use is visible to an end-user. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS" FOR PRIVATE USE ONLY, IT IS NOT FOR COMMERCIAL USE IN WHOLE OR PART OR CONCEPT. 18 | 19 | FOR PERSONAL USE IT IS SUPPLIED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 20 | 21 | IN NO EVENT SHALL THE AUTHOR OR COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ESP8266_SSL_Authentication 2 | How to Authenticate an SSL Connection using pre-determined Certificate values 3 | -------------------------------------------------------------------------------- /WiFiWebClient_SSL2_forYT.ino: -------------------------------------------------------------------------------- 1 | // Simple Web client example 2 | #include 3 | #include 4 | 5 | char ssid[] = "********"; // your network SSID (name) 6 | char pass[] = "********"; // your network password (use for WPA, or use as key for WEP) 7 | char server1[] = "www.google.co.uk"; // name address for Google (using DNS) 8 | char server2[] = "thingspeak.com"; // name address for Google (using DNS) 9 | 10 | int port = 443; 11 | 12 | // Security Certificate Authentic Fingerprints obtained from: from https://www.grc.com/fingerprints.htm 13 | const char* fingerprint1 = "23 E2 56 C4 C6 68 06 0E AC 83 E3 2E EB 8D 0F 45 C8 BA DB 8C"; //https://www.google.co.uk 20x8=160-bit key 14 | const char* fingerprint2 = "78 60 18 44 81 35 BF DF 77 84 D4 0A 22 0D 9B 4E 6C DC 57 2C"; //https://thingspeak.com/ 20x8=160-bit key 15 | 16 | WiFiClientSecure client; 17 | 18 | void setup() { 19 | Serial.begin(115200); 20 | WiFi.begin(ssid, pass); 21 | Serial.println("\nConnected to wifi"); 22 | Serial.print("connecting to "); 23 | Serial.println(server1); 24 | if (!client.connect(server1, port)) { 25 | Serial.println("connection failed"); 26 | return; 27 | } 28 | if (client.verify(fingerprint1, server1)) { // Now verify that this is the www.google.co.uk server by checking its certificate and fingerprint 29 | Serial.println("certificate matches..."); 30 | Serial.println("Requesting data from server..."); 31 | client.println("GET /search?q=123456=english& HTTP/1.1"); // Make a HTTP request: 32 | client.println("Host: www.google.co.uk"); 33 | client.println("Connection: close"); 34 | client.println(); 35 | } else 36 | { 37 | Serial.println("certificate does not match..."); 38 | client.stop(); 39 | Serial.println("Demonstration complete"); 40 | while(1); 41 | } 42 | } 43 | 44 | void loop() { 45 | while (client.connected()) {// if there are incoming bytes available read and print them: 46 | char c = client.read(); 47 | Serial.write(c); 48 | if (c=='\n' || c=='\r') Serial.println(); 49 | } 50 | client.stop(); 51 | Serial.println("Demonstration complete"); 52 | while(1); 53 | } 54 | 55 | /* 56 | * The client generates a random key that will be used for the primary symmetrical encryption algorithm. 57 | * It encrypts it using an algorithm agreed upon during the Hello phase together with the server’s public key (found on its SSL certificate). 58 | * It sends this encrypted key to the server where it is decrypted using the server’s private key and the interesting parts of the handshake are complete. 59 | * The parties can now be content that they are talking to the right person and have secretly agreed on a key to symmetrically encrypt the data they 60 | * are about to send each other. 61 | * HTTP requests and responses can now be sent by forming a plaintext message and encrypting and sending it. 62 | * The other party is the only one who knows how to decrypt this message and so anyone monitoring the data traffic is unable to read or modify any requests 63 | * to make an intercept. 64 | */ 65 | 66 | --------------------------------------------------------------------------------