Example Arduino: How to use cert

examples/arduino/cert_connection/cert_connection.ino

@@ -0,0 +1,161 @@
+/**************************************************************************************************/
+// Example: cert_connection
+// Description:
+//   Example of how to setup Bot with Telegram Bot API Server certificate to validate the
+//   connection to the server in a more secure way.
+// Created on: 15 jul. 2023
+// Last modified date: 15 jul. 2023
+// Version: 1.0.0
+/**************************************************************************************************/
+
+/* Libraries */
+
+// Standard C/C++ libraries
+#include <string.h>
+
+// Device libraries (Arduino ESP32/ESP8266 Cores)
+#include <Arduino.h>
+#ifdef ESP8266
+    #include <ESP8266WiFi.h>
+#else
+    #include <WiFi.h>
+#endif
+
+// Telegram libraries
+#include <utlgbotlib.h>
+#include "tlgcert.h"
+
+/**************************************************************************************************/
+
+// WiFi Parameters
+#define WIFI_SSID "mynet1234"
+#define WIFI_PASS "password1234"
+#define MAX_CONN_FAIL 50
+#define MAX_LENGTH_WIFI_SSID 31
+#define MAX_LENGTH_WIFI_PASS 63
+
+// Telegram Bot Token (Get from Botfather)
+#define TLG_TOKEN "XXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
+
+// Enable Bot debug level (0 - None; 1 - Bot Level; 2 - Bot+HTTPS Level)
+#define DEBUG_LEVEL_UTLGBOT 0
+
+/**************************************************************************************************/
+
+/* Functions Prototypes */
+
+void wifi_init_stat(void);
+bool wifi_handle_connection(void);
+
+/**************************************************************************************************/
+
+/* Globals */
+
+// Create Bot object
+uTLGBot Bot(TLG_TOKEN);
+
+/**************************************************************************************************/
+
+/* Main Function */
+
+void setup(void)
+{
+    // Enable Bot debug
+    Bot.set_debug(DEBUG_LEVEL_UTLGBOT);
+    Bot.set_cert(TLG_CERT);
+
+    // Initialize Serial
+    Serial.begin(115200);
+
+    // Initialize WiFi station connection
+    wifi_init_stat();
+
+    // Wait WiFi connection
+    Serial.println("Waiting for WiFi connection.");
+    while(!wifi_handle_connection())
+    {
+        Serial.println(".");
+        delay(1000);
+    }
+
+    // Bot getMe command
+    Bot.getMe();
+}
+
+void loop()
+{
+    // Handle WiFi connection and do nothing if it is not connected
+    if(!wifi_handle_connection())
+    {
+        // Wait 100ms and check again
+        delay(100);
+        return;
+    }
+
+    // Test Bot getUpdate command and receive messages
+    if(Bot.getUpdates())
+    {
+        // Send an echo message back
+        Bot.sendMessage(Bot.received_msg.chat.id, Bot.received_msg.text);
+    }
+
+    // Wait 1s for next iteration
+    delay(1000);
+}
+
+/**************************************************************************************************/
+
+/* Functions */
+
+// Init WiFi interface
+void wifi_init_stat(void)
+{
+    Serial.println("Initializing TCP-IP adapter...");
+    Serial.print("Wifi connecting to SSID: ");
+    Serial.println(WIFI_SSID);
+
+    WiFi.mode(WIFI_STA);
+    WiFi.begin(WIFI_SSID, WIFI_PASS);
+
+    Serial.println("TCP-IP adapter successfuly initialized.");
+}
+
+/**************************************************************************************************/
+
+/* WiFi Change Event Handler */
+
+bool wifi_handle_connection(void)
+{
+    static bool wifi_connected = false;
+
+    // Device is not connected
+    if(WiFi.status() != WL_CONNECTED)
+    {
+        // Was connected
+        if(wifi_connected)
+        {
+            Serial.println("WiFi disconnected.");
+            wifi_connected = false;
+        }
+
+        return false;
+    }
+    // Device connected
+    else
+    {
+        // Wasn't connected
+        if(!wifi_connected)
+        {
+            Serial.println("");
+            Serial.println("WiFi connected");
+            Serial.print("IP address: ");
+            Serial.println(WiFi.localIP());
+
+            wifi_connected = true;
+        }
+
+        return true;
+    }
+}
+
+/**************************************************************************************************/

examples/arduino/cert_connection/tlgcert.h

@@ -0,0 +1,44 @@
+
+/* Include Guard Open */
+
+#ifndef TLG_CERT_H_
+#define TLG_CERT_H_
+
+/*****************************************************************************/
+
+/* Telegram Bot API Server Certificate */
+
+// Notes:
+// - This is CA Root Certificate used on Telegram Certificate chains.
+// - This certificate will expire 31/12/2037.
+
+const char TLG_CERT[] = \
+    "-----BEGIN CERTIFICATE-----\r\n" \
+    "MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx\r\n" \
+    "EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT\r\n" \
+    "EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp\r\n" \
+    "ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz\r\n" \
+    "NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH\r\n" \
+    "EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE\r\n" \
+    "AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw\r\n" \
+    "DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD\r\n" \
+    "E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH\r\n" \
+    "/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy\r\n" \
+    "DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh\r\n" \
+    "GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR\r\n" \
+    "tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA\r\n" \
+    "AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE\r\n" \
+    "FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX\r\n" \
+    "WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu\r\n" \
+    "9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr\r\n" \
+    "gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo\r\n" \
+    "2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO\r\n" \
+    "LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI\r\n" \
+    "4uJEvlz36hz1\r\n" \
+    "-----END CERTIFICATE-----\r\n";
+
+/*****************************************************************************/
+
+/* Include Guard Close */
+
+#endif /* TLG_CERT_H_ */

src/utility/multihttpsclient/multihttpsclient_hals/arduino/multihttpsclient_arduino.cpp

@@ -77,12 +77,11 @@ void MultiHTTPSClient::set_cert(const char* cert_https_server)
     {
         #ifdef ESP8266
             // ESP8266 doesn't have a hardware element for SSL/TLS acceleration
-            // Note for users: Don't set a cert to ignore server authenticy and trust verification
-            // to get a faster response
+            // This means that it will cost in memory and will be slow
             _cert.append(_cert_https_server);
             _client.setTrustAnchors(&_cert);
         #else
-            // ESP32 has a hardware element for SSL/TLS acceleration, so it could be use
+            // ESP32 has a hardware element for SSL/TLS acceleration
             _client.setCACert(_cert_https_server);
         #endif
     }
@@ -113,9 +112,6 @@ int8_t MultiHTTPSClient::connect(const char* host, uint16_t port)
         #endif
     }
 
-    if(_connected == false)
-    {   _printf("[HTTPS] Error: Connection fail (%d)\n", (int)(conn_result));   }
-
     return _connected;
 }