[wifi ssl client] added the possibility of setting custom tls cert and private key in wifi clients

andreagilardoni · andreagilardoni · commit 68ebe0db7a76 · 2025-10-28T16:03:37.000+01:00
diff --git a/libraries/WiFiS3/src/WiFiSSLClient.cpp b/libraries/WiFiS3/src/WiFiSSLClient.cpp
@@ -62,6 +62,18 @@ int WiFiSSLClient::connect(const char* host, uint16_t port) {
       if(!modem.passthrough((uint8_t *)_ecc_cert, _ecc_cert_len)) {
          return 0;
       }
+   } else if(_client_cert != nullptr && _private_key != nullptr) { // TODO make sure if set certificate is called to not use the above code
+      size_t size = strlen(_client_cert);
+      modem.write_nowait(string(PROMPT(_SSLCLIENTSETCERT)),res, "%s%d,%d\r\n" , CMD_WRITE(_SSLCLIENTSETCERT), _sock, size);
+      if(!modem.passthrough((uint8_t *)_client_cert, size)) {
+         return 0;
+      }
+
+      size = strlen(_private_key);
+      modem.write_nowait(string(PROMPT(_SSLCLIENTSETPKEY)),res, "%s%d,%d\r\n" , CMD_WRITE(_SSLCLIENTSETPKEY), _sock, size);
+      if(!modem.passthrough((uint8_t *)_private_key, size)) {
+         return 0;
+      }
    }
 
    if (_connectionTimeout) {
@@ -88,6 +100,9 @@ void WiFiSSLClient::setEccSlot(int ecc508KeySlot, const byte cert[], int certLen
    _ecc_slot = ecc508KeySlot;
    _ecc_cert = cert;
    _ecc_cert_len = certLength;
+
+   _client_cert = nullptr;
+   _private_key = nullptr;
 }
 
 /* -------------------------------------------------------------------------- */
@@ -283,3 +298,21 @@ uint16_t WiFiSSLClient::remotePort(){
    }
    return rv;
 }
+
+/* -------------------------------------------------------------------------- */
+void WiFiSSLClient::setCertificate(const char* clientCert){
+/* -------------------------------------------------------------------------- */
+   _client_cert = clientCert;
+   _ecc_slot = -1;
+   _ecc_cert = nullptr;
+   _ecc_cert_len = 0;
+}
+
+/* -------------------------------------------------------------------------- */
+void WiFiSSLClient::setPrivateKey(const char* privateKey){
+/* -------------------------------------------------------------------------- */
+   _private_key = privateKey;
+   _ecc_slot = -1;
+   _ecc_cert = nullptr;
+   _ecc_cert_len = 0;
+}
diff --git a/libraries/WiFiS3/src/WiFiSSLClient.h b/libraries/WiFiS3/src/WiFiSSLClient.h
@@ -75,6 +75,9 @@ class WiFiSSLClient : public WiFiClient {
     * @brief Sets the ECC (Elliptic Curve Cryptography) key slot and
     * certificate for establishing secure SSL connections.
     *
+    * Note that this function will disable custom certificates and private keys set with
+    * setCertificate() and setPrivateKey()
+    *
     * @param `int ecc508KeySlot` specifies the ECC key slot to be used for the SSL connection.
     * @param `const byte cert[]` is a pointer to the certificate data in the form of an array of bytes.
     * @param `int certLength` specifies the length of the certificate data array.
@@ -219,6 +222,30 @@ class WiFiSSLClient : public WiFiClient {
     */
    virtual uint16_t remotePort();
 
+   /**
+    * @brief Set the public certificate for this ssl client communication
+    *
+    * This function explicitly sets the certificate to use for this client in tls
+    * communication. Note that if setEccSlot was used it will be disabled for this client.
+    * This function should be called in conjunction with setPrivateKey()
+    *
+    * @param `clientCert` client certificate in PEM format
+    *
+    */
+   void setCertificate(const char* clientCert);
+
+   /**
+    * @brief Set the private key for this ssl client communication
+    *
+    * This function explicitly sets the private key to use for this client in tls
+    * communication. Note that if setEccSlot was used it will be disabled for this client.
+    * This function should be called in conjunction with setCertificate()
+    *
+    * @param `privateKey` client private key in PEM format
+    *
+    */
+   void setPrivateKey(const char* privateKey);
+
    /**
     * @brief Declares WiFiServer as a friend class.
     *
@@ -240,6 +267,8 @@ class WiFiSSLClient : public WiFiClient {
    int _read();
    void read_if_needed(size_t s);
    const char* _root_ca = nullptr;
+   const char* _client_cert = nullptr;
+   const char* _private_key = nullptr;
    int _ecc_slot = -1;
    const byte* _ecc_cert = nullptr;
    int _ecc_cert_len = 0;
