Update CA Certs and Fingerprint optional

Update Let's Encrypt CA Certs and make websocket.org Fingerprint optional

examples/ESP8266/SecuredTwoWay-Esp8266-Client/SecuredTwoWay-Esp8266-Client.ino

@@ -40,34 +40,50 @@
 #include <WebSockets2_Generic.h>
 #include <ESP8266WiFi.h>
 
-using namespace websockets2_generic;
+time_t now;
 
+using namespace websockets2_generic;
 
-// Need to update certs. Otherwise, can't connect to server using invalid certs.
+#if USING_SET_TRUST_ANCHORS
 // The hardcoded certificate authority for this example.
 // Don't use it on your own apps!!!!!
-
+// KH, Update Let's Encrypt CA Cert, May 2nd 2021
+// Valid from : Sep  4 00:00:00 2020 GMT
+// Expired    : Sep 15 16:00:00 2025 GMT
 const char ca_cert[] PROGMEM = R"EOF(
 -----BEGIN CERTIFICATE-----
-MIIC1TCCAb2gAwIBAgIJAMPt1Ms37+hLMA0GCSqGSIb3DQEBCwUAMCExCzAJBgNV
-BAYTAlVTMRIwEAYDVQQDDAkxMjcuMC4wLjMwHhcNMTgwMzE0MDQyMTU0WhcNMjkw
-NTMxMDQyMTU0WjAhMQswCQYDVQQGEwJVUzESMBAGA1UEAwwJMTI3LjAuMC4zMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsa4qU/tlzN4YTcnn/I/ffsi
-jOPc8QRcwClKzasIZNFEye4uThl+LGZWFIFb8X8Dc+xmmBaWlPJbqtphgFKStpar
-DdduHSW1ud6Y1FVKxljo3UwCMrYm76Q/jNzXJvGs6Z1MDNsVZzGJaoqit2H2Hkvk
-y+7kk3YbEDlcyVsLOw0zCKL4cd2DSNDyhIZxWo2a8Qn5IdjWAYtsTnW6MvLk/ya4
-abNeRfSZwi+r37rqi9CIs++NpL5ynqkKKEMrbeLactWgHbWrZeaMyLpuUEL2GF+w
-MRaAwaj7ERwT5gFJRqYwj6bbfIdx5PC7h7ucbyp272MbrDa6WNBCMwQO222t4wID
-AQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCmXfrC42nW
-IpL3JDkB8YlB2QUvD9JdMp98xxo33+xE69Gov0e6984F1Gluao0p6sS7KF+q3YLS
-4hjnzuGzF9GJMimIB7NMQ20yXKfKpmKJ7YugMaKTDWDhHn5679mKVbLSQxHCUMEe
-tEnMT93/UaDbWBjV6zu876q5vjPMYgDHODqO295ySaA71UkijaCn6UwKUT49286T
-V9ZtzgabNGHXfklHgUPWoShyze+G3g29I1BR0qABoJI63zaNu8ua42v5g1RldxsW
-X8yKI14mFOGxuvcygG8L2xxysW7Zq+9g+O7gW0Pm6RDYnUQmIwY83h1KFCtYCJdS
-2PgozwkkUNyP
+MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow
+MjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT
+AlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs
+jVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp
+Tm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB
+U840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7
+gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel
+/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R
+oYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
+BAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p
+ZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE
+p7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE
+AYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu
+Y3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0
+LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf
+r52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
+AQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH
+ejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8
+S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL
+qjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p
+O5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw
+UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==
 -----END CERTIFICATE-----
 )EOF";
 
+#endif
+
+// Need to update certs. Otherwise, can't connect to server using invalid certs.
+// The hardcoded certificate authority for this example.
+// Don't use it on your own apps!!!!!
 
 // The client's private key which must be kept secret
 const char client_private_key[] PROGMEM = R"EOF(
@@ -177,18 +193,35 @@ void setup()
     return;
   }
 
-  Serial.print("Connected to Wifi, Connecting to WebSockets Server @");
-  Serial.println(websockets_connection_string);
+  Serial.println("Successfully connected to WiFi, setting time... ");
+
+  // We configure ESP8266's time, as we need it to validate the certificates
+  configTime(2 * 3600, 1, ntp1, ntp2);
+  while(now < 2 * 3600) 
+  {
+      Serial.print(".");
+      delay(500);
+      now = time(nullptr);
+  }
 
+  Serial.println("");
+  Serial.println("Time set, Connecting to WebSockets Server @");
+  Serial.println(websockets_connection_string);
+
   // run callback when messages are received
   client.onMessage(onMessageCallback);
 
   // run callback when events are occuring
   client.onEvent(onEventsCallback);
-
+
+#if USING_SET_TRUST_ANCHORS
   // Before connecting, set the ssl certificates and key of the server
-  X509List cert(ca_cert);
-  client.setTrustAnchors(&cert);
+    X509List cert(ca_cert);
+    client.setTrustAnchors(&cert);
+#else
+  // Before connecting, set the ssl fingerprint of the server
+  client.setFingerprint(echo_org_ssl_fingerprint);
+#endif
 
   X509List *serverCertList = new X509List(client_cert);
   PrivateKey *serverPrivKey = new PrivateKey(client_private_key);

examples/ESP8266/SecuredTwoWay-Esp8266-Client/defines.h

@@ -34,10 +34,20 @@ const char* password = "password"; //Enter Password
 
 const char* websockets_connection_string = "wss://echo.websocket.org/"; //Enter server adress
 
-// To update SHA1 fingerprint, use Google Chrome to connect to https://www.websocket.org/echo.html 
-// Then "View Site Information" => "Certificate Viewer" => Copy SHA1 fingerprint
-// KH, This SHA1 fingerprint was updated 15.04.2021, 
-// Issued on Mar 15th 2021, expired on June 13th 2021
-const char echo_org_ssl_fingerprint[] PROGMEM   = "34 A2 66 08 A1 4D 1E 83 1A 0E 49 3C 4A 84 45 9E 4A 0D 08 FE";
+/* NTP Time Servers */
+const char *ntp1 = "time.windows.com";
+const char *ntp2 = "pool.ntp.org";
+
+// True to use setTrustAnchors, false to use Fingerprint
+#define USING_SET_TRUST_ANCHORS       true
+
+
+#if !USING_SET_TRUST_ANCHORS
+  // To update SHA1 fingerprint, use Google Chrome to connect to https://www.websocket.org/echo.html 
+  // Then "View Site Information" => "Certificate Viewer" => Copy SHA1 fingerprint
+  // KH, This SHA1 fingerprint was updated 15.04.2021, 
+  // Issued on Mar 15th 2021, expired on June 13th 2021
+  const char echo_org_ssl_fingerprint[] PROGMEM   = "34 A2 66 08 A1 4D 1E 83 1A 0E 49 3C 4A 84 45 9E 4A 0D 08 FE";
+#endif
 
 #endif      //defines_h