From 3e525a648685068b8ecc7f1647ec45ca5f3ffeaf Mon Sep 17 00:00:00 2001 From: Khoi Hoang <57012152+khoih-prog@users.noreply.github.com> Date: Tue, 31 Dec 2019 17:27:00 -0500 Subject: [PATCH] Add files via upload --- README.md | 15 +- .../HowToUse_SSL_LocalBlynkServer.md | 319 ++++++++++++++++++ library.json | 2 +- library.properties | 2 +- src/BlynkSimpleEsp8266_SSL_WM.h | 6 +- src/BlynkSimpleEsp8266_WM.h | 19 +- 6 files changed, 341 insertions(+), 22 deletions(-) create mode 100644 extras/SSL_Notes/HowToUse_SSL_LocalBlynkServer.md diff --git a/README.md b/README.md index 588244b..9bcccd8 100644 --- a/README.md +++ b/README.md @@ -92,8 +92,8 @@ void loop() ``` ## Prerequisite -* ESP8266 core for Arduino https://github.com/esp8266/Arduino#installing-with-boards-manager -* Blynk library https://www.arduino.cc/en/guide/libraries#toc3 +* `ESP8266 core 2.5.2 or later` for Arduino (https://github.com/esp8266/Arduino#installing-with-boards-manager) +* `Blynk library 0.6.1 or later` (https://www.arduino.cc/en/guide/libraries#toc3) ## TO DO @@ -106,6 +106,7 @@ void loop() 3. For fresh config data, don't need to wait for connecting timeout before entering config portal. 4. If the config data not entered completely (SSID, password, Server and Blynk token), entering config portal 5. Correct the operation of BUILTIN_LED +6. Modify code to be compatible with ESP8266 core pre-2.5.2. ## Example Please take a look at examples, as well. @@ -153,6 +154,14 @@ void loop() } ``` +### Releases v1.0.3 + +***New in this version*** + +1. Modify code to be compatible with ESP8266 core pre-2.5.2. But it's still advisable to update to the latest stable core, such as 2.6.3 + +2. Add examples + ### Releases v1.0.2 ***Features*** @@ -165,7 +174,7 @@ void loop() ***New in this version*** -1.Fix bug +1. Fix bug 2. If the config data not entered completely (SSID, password, Server and Blynk token), entering config portal diff --git a/extras/SSL_Notes/HowToUse_SSL_LocalBlynkServer.md b/extras/SSL_Notes/HowToUse_SSL_LocalBlynkServer.md new file mode 100644 index 0000000..e8d4b07 --- /dev/null +++ b/extras/SSL_Notes/HowToUse_SSL_LocalBlynkServer.md @@ -0,0 +1,319 @@ +To use SSL, in Arduino IDE Tools menu, it's OK to select either Basic SSL Support (lower ROM use, OK with Blynk+OpenSSL+LetsEncrypt) or All Ciphers, + +Certainly don't forget to forward port 9443 from your Internet Router to your local Blynk server. + +## For ESP8266 + + +## Using LetsEncrypt Certificate (valid only 3 months, can be 1 year with paid subscription ) + + 1) In libraries/Blynk/src/Blynk/BlynkConfig.h, uncomment to use #define BLYNK_SSL_USE_LETSENCRYPT + + ``` + // Uncomment to use Let's Encrypt Root CA + #define BLYNK_SSL_USE_LETSENCRYPT + ``` + + 2) Server and name must use hostname, for example: "xxxx.duckdns.org" / "xxxx.no-ip.org". Local IP won't work (e.g. "192.168.x.y", "10.10.x.y", etc.). Otherwise, you will get the following error: + + ``` + Error BSSL:_wait_for_handshake: failed + BSSL:Couldn't connect. Error = 'Expected server name was not found in the chain.' + ``` + + Numbered IP ( e.g. 222.222.111.111) is also not supported. This is the limitation of Let's Encrypt. Also have in mind that "xxxx.duckdns.org"/"xxxx.no-ip.org" must be resolved by public DNS severs. + + Add server.host property in server.properties file. For example : + + ``` + server.host=xxxx.duckdns.org + ``` + or + ``` + server.host=xxxx.no-ip.org + ``` + 3) Modifying /home/pi/Blynk-Server/server.properties (assuming your Blynk Server was installed in /home/pi/Blynk-Server, replacing with your correct path). You can try either of the following ways: + + a) OK + + ``` + server.ssl.cert=/home/pi/Blynk-Server/fullchain.crt + server.ssl.key=/home/pi/Blynk-Server/privkey.pem + server.ssl.key.pass=your_ssl_key_password + ``` + + b) OK. Let's Encrypt certificate found on ~/Blynk-Server or / + + ``` + server.ssl.cert= + server.ssl.key= + server.ssl.key.pass= + ``` + + 4) Get LetsEncrypt Certificate => fullchain.crt, privkey.pem and user.pem are created in / (root / 664) + + 5) Convert fullchain.crt -> fullchain_der.h : + + ``` + cd ~/Blynk_Server + cp /fullchain.crt . + openssl x509 -in fullchain.crt -outform der -out fullchain.der + xxd -i fullchain.der > fullchain_der.h + ``` + + Then delete the line + ``` + "unsigned char fullchain_der[] =" + ``` + and + ``` + "unsigned int fullchain_der_len = xxxx;" + ``` + in the file + + 6) Replacing certificate files in ~/Arduino/libraries/Blynk/src/certs/ (assuming Arduino libraries are stored in ~/Arduino/libraries/. Replacing with your correct path) with fullchain_der.h. + + a) ~/Arduino/libraries/Blynk/src/certs/blynkcloud_der.h (if don't use #define BLYNK_SSL_USE_LETSENCRYPT) + b) ~/Arduino/libraries/Blynk/src/certs/dst_der.h (if use #define BLYNK_SSL_USE_LETSENCRYPT) + + ``` + cd ~/Arduino/libraries/Blynk/src/certs/ + mv dst_der.h dst_der.h.orig + mv blynkcloud_der.h blynkcloud_der.h.orig + cp ~/Blynk_Server/fullchain_der.h blynkcloud_der.h + cp ~/Blynk_Server/fullchain_der.h dst_der.h + ``` + +## Using OpenSSL Certificate (valid 5 years) + + 1) In libraries/Blynk/src/Blynk/BlynkConfig.h, comment to not use #define BLYNK_SSL_USE_LETSENCRYPT + + ``` + // Uncomment to use Let's Encrypt Root CA + //#define BLYNK_SSL_USE_LETSENCRYPT + ``` + + 2) Server and name must use hostname, for example: "xxxx.duckdns.org" / "xxxx.no-ip.org". Local IP won't work (e.g. "192.168.x.y", "10.10.x.y", etc.).Otherwise, you will get the following error: + + ``` + Error BSSL:_wait_for_handshake: failed + BSSL:Couldn't connect. Error = 'Expected server name was not found in the chain.' + ``` + + 3) Create Certificate (in the example, make a new ~/Blynk-Server/SSL directory store to-be-created SSL certificate): + + ``` + pi@raspberrypi:~/Blynk-Server/SSL $ openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout server.key -out server.crt + + Generating a RSA private key + ............+++++ + .........+++++ + writing new private key to 'server.key' + ----- + You are about to be asked to enter information that will be incorporated + into your certificate request. + What you are about to enter is what is called a Distinguished Name or a DN. + There are quite a few fields but you can leave some blank + For some fields there will be a default value, + If you enter '.', the field will be left blank. + ----- + Country Name (2 letter code) [AU]:XX + State or Province Name (full name) [Some-State]:YYYY + Locality Name (eg, city) []:AAAAA + Organization Name (eg, company) [Internet Widgits Pty Ltd]:YourName + Organizational Unit Name (eg, section) []:. + Common Name (e.g. server FQDN or YOUR name) []:xxxx.duckdns.org or xxxx.no-ip.org + Email Address []:your_email@yourmail.com + ``` + + To create server.pem, must use v1 PBE-SHA1-2DES. Otherwise, Blynk server will have error "invalid key file". + + ``` + pi@raspberrypi:~/Blynk-Server/SSL $ openssl pkcs8 -topk8 -v1 PBE-SHA1-2DES -in server.key -out server.pem + Enter Encryption Password: your_ssl_key_password + Verifying - Enter Encryption Password: your_ssl_key_password + ``` + + Copy server.* files to ~/Blynk-Server. Chown/grp to root, Chmod to 644 + + Remember your your_ssl_key_password to use later in server.properties file. + + 2) Modify file server.properties + + a) Modify as follows: + + ``` + server.ssl.cert=/home/pi/Blynk-Server/server.crt + server.ssl.key=/home/pi/Blynk-Server/server.pem + server.ssl.key.pass=your_ssl_key_password + ``` + + 4) Convert server.crt => server_der.h : + + ``` + cd ~/Blynk_Server + cp /server.crt . + openssl x509 -in server.crt -outform der -out server.der + xxd -i server.der > server_der.h + ``` + + Then edit and delete "unsigned char server_der[] =" and "unsigned int server_der_len = xxxx;" in the file + + 5) Replacing certificate files in ~/Arduino/libraries/Blynk/src/certs/ with server_der.h + + a) ~/Arduino/libraries/Blynk/src/certs/blynkcloud_der.h (if not define BLYNK_SSL_USE_LETSENCRYPT) + b) ~/Arduino/libraries/Blynk/src/certs/dst_der.h (if define BLYNK_SSL_USE_LETSENCRYPT) + + ``` + cd ~/Arduino/libraries/Blynk/src/certs/ + mv dst_der.h dst_der.h.orig + mv blynkcloud_der.h blynkcloud_der.h.orig + cp ~/Blynk_Server/server_der.h blynkcloud_der.h + cp ~/Blynk_Server/server_der.h dst_der.h + ``` + +## For ESP32 + + 1) For ESP32 SSL, use if using LetsEncrypt (use #define BLYNK_SSL_USE_LETSENCRYPT) and if use OpenSSL (don't use #define BLYNK_SSL_USE_LETSENCRYPT) + + These line are in ~/Arduino/libraries/Blynk/src/BlynkSimpleEsp32_SSL.h or BlynkSimpleEsp32_SSL_WM.h + ``` + #if defined(BLYNK_SSL_USE_LETSENCRYPT) + static const char BLYNK_DEFAULT_ROOT_CA[] = + #include + #else + static const char BLYNK_DEFAULT_ROOT_CA[] = + #include + #endif + ``` + + 2) To create file blynkcloud_pem.h/letsencrypt_pem.h from localServer certificate file OpenSSL server.crt or LetsEncrypt fullchain.crt, just copy and add ",",\n,; to the end of each line similar to the original file. (You can write a simple C program to do this converting task). + + This file is OK to use (both blynkcloud_pem.h/letsencrypt_pem.h are the same) even if BLYNK_SSL_USE_LETSENCRYPT is defined or not. + + For Example: blynkcloud_pem.h generated from server.crt + + ``` + + "-----BEGIN CERTIFICATE-----\n" \ +"MIID8TCCAtmgAwIBAgIUXTAEvCpQ1v695km/VZ5xScms0LIwDQYJKoZIhvcNAQEL\n" \ +"BQAwgYcxCzAJBgNVBAYTAkNBMRAwDgYDVQQIDAdPTlRBUklPMRQwEgYDVQQHDAtN\n" \ +"aXNzaXNzYXVnZTESMBAGA1UECgwJS2hvaUhvYW5nMRowGAYDVQQDDBFraG9paC5k\n" \ +"dWNrZG5zLm9yZzEgMB4GCSqGSIb3DQEJARYRa2hvaWg1OEBnbWFpbC5jb20wHhcN\n" \ +"MTkwOTI1MDI0NTQ2WhcNMjQwOTIzMDI0NTQ2WjCBhzELMAkGA1UEBhMCQ0ExEDAO\n" \ +"BgNVBAgMB09OVEFSSU8xFDASBgNVBAcMC01pc3Npc3NhdWdlMRIwEAYDVQQKDAlL\n" \ +"aG9pSG9hbmcxGjAYBgNVBAMMEWtob2loLmR1Y2tkbnMub3JnMSAwHgYJKoZIhvcN\n" \ +"AQkBFhFraG9paDU4QGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC\n" \ +"AQoCggEBAMWo8olI2wf9v72wQXJyMF+IUKM39IkGo6nzYmyB6FYAFo3n/k/X+A1p\n" \ +"7FML6t6kauqDRuCOmpyysuNPyzKRU+NmY+Lfae5mOXXBlEM5C7WSv2tQAI7W653G\n" \ +"s1vWdCKZRNr2rvuFyc/1Fhox23sZJVK1bohwUYCTRRwTtq4dg+Cg47oui1Q0UEHM\n" \ +"luawula/jYUt9UyzNqilxcLP47KrH2QenG4zdOq8jSD9EJ4F7y9uCaU2VRm3vaO4\n" \ +"2rHtcQuvt7uj21UQfrsn47uSP2JDnBljPuRVGwQV1sCRBHrxDmkGT+ri4MKz1uzK\n" \ +"wPzlLhZZlQjud+2WGjdF3/WBWhNY5wkCAwEAAaNTMFEwHQYDVR0OBBYEFMlHW+J/\n" \ +"CfKhqlCpavqEM628lhMaMB8GA1UdIwQYMBaAFMlHW+J/CfKhqlCpavqEM628lhMa\n" \ +"MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAQSYEN7QIMMeYLG\n" \ +"f5J/nGoJbApP3+o1hjU2N8RvA315HtclCAmO4Ruk/gtsEyi7PoBZWCz/o6bpypkz\n" \ +"GIPO2bvwI7O5nHBee6AXntZ9Qzjl08WLlm9zCTsOzvh2pkIuzaucG2JfcD3V0z22\n" \ +"jXqYDpIL1x3UmEmKPrrJlwQY2wzWNZF/Z9vUUvLIS59+KmtpsmhPqqAQuEt3vmkX\n" \ +"5xs+6ZI3VboN1N7Xg/N2WsXzpnslxu9qiMaSZ3sHTL8sYhLlnN34EF+V3cjai+uS\n" \ +"JEWZcGbwKTkwCaWy+MYFEWJUK/Chic2RgslG4jdO4lMXBDnc0+kCQgasUo6mbNUs\n" \ +"WSHZY1Q=\n" \ +"-----END CERTIFICATE-----\n" ; + +``` + +## See more in Blynk Server instructions (https://github.com/blynkkk/blynk-server#blynk-server) : + +A) Automatic Let's Encrypt certificates generation + + Latest Blynk server has super cool feature - automatic Let's Encrypt certificates generation. However, it has few requirements: + + Add server.host property in server.properties file. For example : + + server.host=myhost.com + + IP is not supported, this is the limitation of Let's Encrypt. Also have in mind that myhost.com should be resolved by public DNS severs. + + Add contact.email property in server.properties. For example : + + contact.email=test@gmail.com + + You need to start server on port 80 (requires root or admin rights) or make port forwarding to default Blynk HTTP port - 8080. + + That's it! Run server as regular and certificates will be generated automatically. + +B) Manual Let's Encrypt SSL/TLS Certificates + + 1) First install certbot on your server (machine where you going to run Blynk Server) + + ``` + wget https://dl.eff.org/certbot-auto + chmod a+x certbot-auto + ``` + + 2) Generate and verify certificates (your server should be connected to internet and have open 80/443 ports) + ``` + ./certbot-auto certonly --agree-tos --email YOUR_EMAIL --standalone -d YOUR_HOST + ``` + For example: + + ``` + ./certbot-auto certonly --agree-tos --email pupkin@blynk.cc --standalone -d blynk.cc + ``` + + Then add to your server.properties file (in folder with server.jar) + + ``` + server.ssl.cert=/etc/letsencrypt/live/YOUR_HOST/fullchain.pem + server.ssl.key=/etc/letsencrypt/live/YOUR_HOST/privkey.pem + server.ssl.key.pass=your_ssl_key_password + ``` + +C) Generate own OpenSSL certificates + + 1) Generate self-signed certificate and key + + ``` + openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout server.key -out server.crt + ``` + 2) Convert server.key to PKCS#8 private key file in PEM format + + a) For Local Blynk Server running RPi Raspbian, using: + + + ```openjdk version "11.0.3" 2019-04-16``` + ```OpenJDK Runtime Environment (build 11.0.3+7-post-Raspbian-5)``` + ```OpenJDK Server VM (build 11.0.3+7-post-Raspbian-5, mixed mode``` + + + use only v1 PBE-SHA1-2DES by this command: ( If use with Ubuntu => invalid key file ) + + ``` + openssl pkcs8 -topk8 -v1 PBE-SHA1-2DES -in server.key -out server.pem + ``` + + b) For Local Blynk Server running Ubuntu, using + + ``` + java version "11.0.5" 2019-10-15 LTS + Java(TM) SE Runtime Environment 18.9 (build 11.0.5+10-LTS) + Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.5+10-LTS, mixed mode) + + ``` + + use this command to generate pem file: ( If use with RPi => invalid key file ) + + ``` + openssl pkcs8 -topk8 -inform PEM -outform PEM -in server.key -out server.pem + ``` + + If you connect hardware with USB script you have to provide an option '-s' pointing to "common name" (hostname) you did specified during certificate generation. + + As an output you'll retrieve server.crt and server.pem files that you need to provide for server.ssl properties. + + ``` + server.ssl.cert=./server.pem + server.ssl.key=./server.pem + server.ssl.key.pass=your_ssl_key_password + ``` + diff --git a/library.json b/library.json index aeaf00a..13db288 100644 --- a/library.json +++ b/library.json @@ -1,6 +1,6 @@ { "name": "Blynk_WM", - "version": "1.0.2", + "version": "1.0.3", "description": "Build a smartphone app for your project in minutes. Blynk allows creating IoT solutions easily. It supports WiFi, BLE, Bluetooth, Ethernet, GSM, USB, Serial. Works with many boards like ESP8266, ESP32, Arduino UNO, Nano, Due, Mega, Zero, MKR100, Yun, Raspberry Pi, Particle, Energia, ARM mbed, Intel Edison/Galileo/Joule, BBC micro:bit, DFRobot, RedBearLab, Microduino, LinkIt ONE ...", "keywords": "sensors, control, device, smartphone, mobile, app, web, cloud, communication, protocol, iot, m2m, wifi, ble, bluetooth, ethernet, usb, serial, gsm, gprs, 3g, data, esp8266, http", "authors": diff --git a/library.properties b/library.properties index 22cd339..5042b11 100644 --- a/library.properties +++ b/library.properties @@ -1,5 +1,5 @@ name=Blynk_WiFiManager -version=1.0.2 +version=1.0.3 author=Khoi Hoang license=MIT maintainer=Khoi Hoang diff --git a/src/BlynkSimpleEsp8266_SSL_WM.h b/src/BlynkSimpleEsp8266_SSL_WM.h index 0275bbc..3044432 100644 --- a/src/BlynkSimpleEsp8266_SSL_WM.h +++ b/src/BlynkSimpleEsp8266_SSL_WM.h @@ -541,7 +541,7 @@ class BlynkWifi if (file) { - file.write((char*) &Blynk8266_WM_config, sizeof(Blynk8266_WM_config)); + file.write((uint8_t*) &Blynk8266_WM_config, sizeof(Blynk8266_WM_config)); file.close(); BLYNK_LOG1(BLYNK_F("OK")); } @@ -556,7 +556,7 @@ class BlynkWifi if (file) { - file.write((char*) &Blynk8266_WM_config, sizeof(Blynk8266_WM_config)); + file.write((uint8_t*) &Blynk8266_WM_config, sizeof(Blynk8266_WM_config)); file.close(); BLYNK_LOG1(BLYNK_F("OK")); } @@ -859,7 +859,7 @@ class BlynkWifi IPAddress apIP(192, 168, 4, 1); WiFi.mode(WIFI_AP); - WiFi.softAP(ssid, pass); + WiFi.softAP(ssid.c_str(), pass.c_str()); delay(100); // ref: https://github.com/espressif/arduino-esp32/issues/985#issuecomment-359157428 WiFi.softAPConfig(apIP, apIP, IPAddress(255, 255, 255, 0)); diff --git a/src/BlynkSimpleEsp8266_WM.h b/src/BlynkSimpleEsp8266_WM.h index bc14347..f2cd58a 100644 --- a/src/BlynkSimpleEsp8266_WM.h +++ b/src/BlynkSimpleEsp8266_WM.h @@ -1,14 +1,10 @@ -/**************************************************************************************************************************** - * BlynkSimpleEsp8266_WM.h - * For ESP8266 boards - * +/** * Blynk_WM is a library for the ESP8266/ESP32 Arduino platform (https://github.com/esp8266/Arduino) to enable easy * configuration/reconfiguration and autoconnect/autoreconnect of WiFi/Blynk * Forked from Blynk library v0.6.1 https://github.com/blynkkk/blynk-library/releases * Built by Khoi Hoang https://github.com/khoih-prog/Blynk_WM * Licensed under MIT license * Version: 1.0.2 - * * Original Blynk Library author: * @file BlynkSimpleEsp8266.h * @author Volodymyr Shymanskyy @@ -17,12 +13,7 @@ * @date Jan 2015 * @brief * - * Version Modified By Date Comments - * ------- ----------- ---------- ----------- - * 1.0.0 K Hoang 28/10/2019 Initial coding - * 1.0.1 K Hoang 28/10/2019 Add features - * 1.0.2 K Hoang 21/11/2019 Fix bug. Add features. - *****************************************************************************************************************************/ + */ #ifndef BlynkSimpleEsp8266_WM_h #define BlynkSimpleEsp8266_WM_h @@ -435,7 +426,7 @@ class BlynkWifi if (file) { - file.write((char*) &Blynk8266_WM_config, sizeof(Blynk8266_WM_config)); + file.write((uint8_t*) &Blynk8266_WM_config, sizeof(Blynk8266_WM_config)); file.close(); BLYNK_LOG1(BLYNK_F("OK")); } @@ -450,7 +441,7 @@ class BlynkWifi if (file) { - file.write((char*) &Blynk8266_WM_config, sizeof(Blynk8266_WM_config)); + file.write((uint8_t*) &Blynk8266_WM_config, sizeof(Blynk8266_WM_config)); file.close(); BLYNK_LOG1(BLYNK_F("OK")); } @@ -753,7 +744,7 @@ class BlynkWifi IPAddress apIP(192, 168, 4, 1); WiFi.mode(WIFI_AP); - WiFi.softAP(ssid, pass); + WiFi.softAP(ssid.c_str(), pass.c_str()); delay(100); // ref: https://github.com/espressif/arduino-esp32/issues/985#issuecomment-359157428 WiFi.softAPConfig(apIP, apIP, IPAddress(255, 255, 255, 0));