mbed-os-examples
Hello world example of a TLS client: fetch an HTTPS page. The canonical source for this example lives at https://github.com/ARMmbed/mbed-os-example-tls
HTTPS File Download Example for TLS Client on mbed OS
This application downloads a file from an HTTPS server (developer.mbed.org) and looks for a specific string in that file.
Getting started
Building with mbed CLI
If you'd like to use mbed CLI to build this, then you should set up your environment if you have not done so already. For instructions, refer to the main readme. The instructions here relate to using the developer.mbed.org Online Compiler
Import the program in to the Online Compiler, select your board from the drop down in the top right hand corner and then compile the application. Once it has built, you can drag and drop the binary onto your device.
Required hardware
This example also requires an Ethernet cable an connection to the internet additional to the hardware requirements in the main readme.
Monitoring the application
NOTE: Make sure that the Ethernet cable is plugged in correctly before running the application.
The output in the terminal window should be similar to this:
terminal output
Using Ethernet LWIP
Client IP Address is 10.2.203.43
Connecting with developer.mbed.org
Starting the TLS handshake...
TLS connection to developer.mbed.org established
Server certificate:
cert. version : 3
serial number : 11:21:B8:47:9B:21:6C:B1:C6:AF:BC:5D:0C:19:52:DC:D7:C3
issuer name : C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2
subject name : C=GB, ST=Cambridgeshire, L=Cambridge, O=ARM Ltd, CN=*.mbed.com
issued on : 2016-03-03 12:26:08
expires on : 2017-04-05 10:31:02
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : *.mbed.com, mbed.org, *.mbed.org, mbed.com
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication, TLS Web Client Authentication
Certificate verification passed
HTTPS: Received 439 chars from server
HTTPS: Received 200 OK status ... [OK]
HTTPS: Received 'Hello world!' status ... [OK]
HTTPS: Received message:
HTTP/1.1 200 OK
Server: nginx/1.7.10
Date: Wed, 20 Jul 2016 10:00:35 GMT
Content-Type: text/plain
Content-Length: 14
Connection: keep-alive
Last-Modified: Fri, 27 Jul 2012 13:30:34 GMT
Accept-Ranges: bytes
Cache-Control: max-age=36000
Expires: Wed, 20 Jul 2016 20:00:35 GMT
X-Upstream-L3: 172.17.0.3:80
X-Upstream-L2: developer-sjc-indigo-1-nginx
Strict-Transport-Security: max-age=31536000; includeSubdomains
Hello world!
Debugging the TLS connection
To print out more debug information about the TLS connection, edit the file `main.cpp` and change the definition of `DEBUG_LEVEL` (near the top of the file) from 0 to a positive number:
- Level 1 only prints non-zero return codes from SSL functions and information about the full certificate chain being verified.
- Level 2 prints more information about internal state updates.
- Level 3 is intermediate.
- Level 4 (the maximum) includes full binary dumps of the packets.
The TLS connection can fail with an error similar to:
error message
mbedtls_ssl_write() failed: -0x2700 (-9984): X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
Failed to fetch /media/uploads/mbed_official/hello.txt from developer.mbed.org:443
This probably means you need to update the contents of the SSL_CA_PEM constant (this can happen if you modify HTTPS_SERVER_NAME, or when developer.mbed.org switches to a new CA when updating its certificate).
Another possible reason for this error is a proxy providing a different certificate. Proxies can be used in some network configurations or for performing man-in-the-middle attacks. If you choose to ignore this error and proceed with the connection anyway, you can change the definition of UNSAFE near the top of the file from 0 to 1.
Warning: this removes all security against a possible active attacker, so use at your own risk or for debugging only!
Revision 66:ce8709d9912c, committed 2018-05-04
- Comitter:
- mbed_official
- Date:
- Fri May 04 12:30:06 2018 +0100
- Parent:
- 65:a358e0ad3471
- Child:
- 67:3bf1bf2323fa
- Commit message:
- Merge pull request #87 from andresag01/iotssl-1247-tls-client-refactoring
Refactor tls-client example to improve readability
.
Commit copied from https://github.com/ARMmbed/mbed-os-example-tls
Changed in this revision
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/HelloHttpsClient.cpp Fri May 04 12:30:06 2018 +0100
@@ -0,0 +1,374 @@
+/*
+ * Hello world example of a TLS client: fetch an HTTPS page
+ *
+ * Copyright (C) 2006-2018, Arm Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of Mbed TLS (https://tls.mbed.org)
+ */
+
+#include "HelloHttpsClient.h"
+
+#include "easy-connect.h"
+
+#include "mbedtls/platform.h"
+#include "mbedtls/config.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/error.h"
+#include "mbedtls/debug.h"
+
+#include <stdint.h>
+#include <string.h>
+
+const char *HelloHttpsClient::DRBG_PERSONALIZED_STR =
+ "Mbed TLS helloword client";
+
+const size_t HelloHttpsClient::ERROR_LOG_BUFFER_LENGTH = 128;
+
+const char *HelloHttpsClient::TLS_PEM_CA =
+ "-----BEGIN CERTIFICATE-----\n"
+ "MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\n"
+ "A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\n"
+ "b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\n"
+ "MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\n"
+ "YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\n"
+ "aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\n"
+ "jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\n"
+ "xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\n"
+ "1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\n"
+ "snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\n"
+ "U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\n"
+ "9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\n"
+ "BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\n"
+ "AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\n"
+ "yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\n"
+ "38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\n"
+ "AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\n"
+ "DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\n"
+ "HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\n"
+ "-----END CERTIFICATE-----\n";
+
+const char *HelloHttpsClient::HTTP_REQUEST_FILE_PATH =
+ "/media/uploads/mbed_official/hello.txt";
+
+const char *HelloHttpsClient::HTTP_HELLO_STR = "Hello world!";
+
+const char *HelloHttpsClient::HTTP_OK_STR = "200 OK";
+
+HelloHttpsClient::HelloHttpsClient(const char *in_server_name,
+ const uint16_t in_server_port) :
+ socket(),
+ server_name(in_server_name),
+ server_port(in_server_port)
+{
+ mbedtls_entropy_init(&entropy);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_x509_crt_init(&cacert);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&ssl_conf);
+}
+
+HelloHttpsClient::~HelloHttpsClient()
+{
+ mbedtls_entropy_free(&entropy);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_x509_crt_free(&cacert);
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&ssl_conf);
+
+ socket.close();
+}
+
+int HelloHttpsClient::run()
+{
+ int ret;
+ size_t req_len, req_offset, resp_offset;
+ uint32_t flags;
+ bool resp_200, resp_hello;
+
+ /* Configure the TCPSocket */
+ if ((ret = configureTCPSocket()) != 0)
+ return ret;
+
+ /* Configure already initialized Mbed TLS structures */
+ if ((ret = configureTlsContexts()) != 0)
+ return ret;
+
+ /* Start a connection to the server */
+ if ((ret = socket.connect(server_name, server_port)) != NSAPI_ERROR_OK) {
+ mbedtls_printf("socket.connect() returned %d\n", ret);
+ return ret;
+ }
+ mbedtls_printf("Successfully connected to %s at port %u\n",
+ server_name, server_port);
+
+ /* Start the TLS handshake */
+ mbedtls_printf("Starting the TLS handshake...\n");
+ do {
+ ret = mbedtls_ssl_handshake(&ssl);
+ } while(ret != 0 &&
+ (ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE));
+ if (ret < 0) {
+ mbedtls_printf("mbedtls_ssl_handshake() returned -0x%04X\n", -ret);
+ return ret;
+ }
+ mbedtls_printf("Successfully completed the TLS handshake\n");
+
+ /* Fill the request buffer */
+ ret = snprintf(gp_buf, sizeof(gp_buf),
+ "GET %s HTTP/1.1\nHost: %s\n\n", HTTP_REQUEST_FILE_PATH,
+ server_name);
+ req_len = static_cast<size_t>(ret);
+ if (ret < 0 || req_len >= sizeof(gp_buf)) {
+ mbedtls_printf("Failed to compose HTTP request using snprintf: %d\n",
+ ret);
+ return ret;
+ }
+
+ /* Send the HTTP request to the server over TLS */
+ req_offset = 0;
+ do {
+ ret = mbedtls_ssl_write(&ssl,
+ reinterpret_cast<const unsigned char *>(gp_buf + req_offset),
+ req_len - req_offset);
+ if (ret > 0)
+ req_offset += static_cast<size_t>(ret);
+ }
+ while(req_offset < req_len &&
+ (ret > 0 ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE ||
+ ret == MBEDTLS_ERR_SSL_WANT_READ));
+ if (ret < 0) {
+ mbedtls_printf("mbedtls_ssl_write() returned -0x%04X\n", -ret);
+ return ret;
+ }
+
+ /* Print information about the TLS connection */
+ ret = mbedtls_x509_crt_info(gp_buf, sizeof(gp_buf),
+ "\r ", mbedtls_ssl_get_peer_cert(&ssl));
+ if (ret < 0) {
+ mbedtls_printf("mbedtls_x509_crt_info() returned -0x%04X\n", -ret);
+ return ret;
+ }
+ mbedtls_printf("Server certificate:\n%s\n", gp_buf);
+
+ /* Ensure certificate verification was successful */
+ flags = mbedtls_ssl_get_verify_result(&ssl);
+ if (flags != 0) {
+ ret = mbedtls_x509_crt_verify_info(gp_buf, sizeof(gp_buf),
+ "\r ! ", flags);
+ if (ret < 0) {
+ mbedtls_printf("mbedtls_x509_crt_verify_info() returned "
+ "-0x%04X\n", -ret);
+ return ret;
+ } else {
+ mbedtls_printf("Certificate verification failed (flags %lu):"
+ "\n%s\n", flags, gp_buf);
+ return -1;
+ }
+ } else {
+ mbedtls_printf("Certificate verification passed\n");
+ }
+
+ mbedtls_printf("Established TLS connection to %s\n", server_name);
+
+ /* Read response from the server */
+ resp_offset = 0;
+ resp_200 = false;
+ resp_hello = false;
+ do {
+ ret = mbedtls_ssl_read(&ssl,
+ reinterpret_cast<unsigned char *>(gp_buf + resp_offset),
+ sizeof(gp_buf) - resp_offset - 1);
+ if (ret > 0)
+ resp_offset += static_cast<size_t>(ret);
+
+ /* Ensure that the response string is null-terminated */
+ gp_buf[resp_offset] = '\0';
+
+ /* Check if we received expected string */
+ resp_200 = resp_200 || strstr(gp_buf, HTTP_OK_STR) != NULL;
+ resp_hello = resp_hello || strstr(gp_buf, HTTP_HELLO_STR) != NULL;
+ } while((!resp_200 || !resp_hello) &&
+ (ret > 0 ||
+ ret == MBEDTLS_ERR_SSL_WANT_READ || MBEDTLS_ERR_SSL_WANT_WRITE));
+ if (ret < 0) {
+ mbedtls_printf("mbedtls_ssl_read() returned -0x%04X\n", -ret);
+ return ret;
+ }
+
+ /* Display response information */
+ mbedtls_printf("HTTP: Received %u chars from server\n", resp_offset);
+ mbedtls_printf("HTTP: Received '%s' status ... %s\n", HTTP_OK_STR,
+ resp_200 ? "OK" : "FAIL");
+ mbedtls_printf("HTTP: Received message:\n%s\n", gp_buf);
+
+ return 0;
+}
+
+int HelloHttpsClient::configureTCPSocket()
+{
+ int ret;
+
+ /*
+ * Use easy-connect lib to support multiple network bearers. See
+ * https://github.com/ARMmbed/easy-connect README.md for more information.
+ */
+#if HELLO_HTTPS_CLIENT_DEBUG_LEVEL > 0
+ NetworkInterface *network = easy_connect(true);
+#else
+ NetworkInterface *network = easy_connect(false);
+#endif /* HELLO_HTTPS_CLIENT_DEBUG_LEVEL > 0 */
+ if(network == NULL) {
+ mbedtls_printf("easy_connect() returned NULL\n"
+ "Failed to connect to the network\n");
+ return -1;
+ }
+
+ if ((ret = socket.open(network)) != NSAPI_ERROR_OK) {
+ mbedtls_printf("socket.open() returned %d\n", ret);
+ return ret;
+ }
+
+ socket.set_blocking(false);
+
+ return 0;
+}
+
+int HelloHttpsClient::configureTlsContexts()
+{
+ int ret;
+
+ ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ reinterpret_cast<const unsigned char *>(DRBG_PERSONALIZED_STR),
+ strlen(DRBG_PERSONALIZED_STR) + 1);
+ if (ret != 0) {
+ mbedtls_printf("mbedtls_ctr_drbg_seed() returned -0x%04X\n", -ret);
+ return ret;
+ }
+
+ ret = mbedtls_x509_crt_parse(&cacert,
+ reinterpret_cast<const unsigned char *>(TLS_PEM_CA),
+ strlen(TLS_PEM_CA) + 1);
+ if (ret != 0) {
+ mbedtls_printf("mbedtls_x509_crt_parse() returned -0x%04X\n", -ret);
+ return ret;
+ }
+
+ ret = mbedtls_ssl_config_defaults(&ssl_conf, MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT);
+ if (ret != 0) {
+ mbedtls_printf("mbedtls_ssl_config_defaults() returned -0x%04X\n",
+ -ret);
+ return ret;
+ }
+
+ mbedtls_ssl_conf_ca_chain(&ssl_conf, &cacert, NULL);
+ mbedtls_ssl_conf_rng(&ssl_conf, mbedtls_ctr_drbg_random, &ctr_drbg);
+
+ /*
+ * It is possible to disable authentication by passing
+ * MBEDTLS_SSL_VERIFY_NONE in the call to mbedtls_ssl_conf_authmode()
+ */
+ mbedtls_ssl_conf_authmode(&ssl_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
+
+#if HELLO_HTTPS_CLIENT_DEBUG_LEVEL > 0
+ mbedtls_ssl_conf_verify(&ssl_conf, sslVerify, this);
+ mbedtls_ssl_conf_dbg(&ssl_conf, sslDebug, NULL);
+ mbedtls_debug_set_threshold(HELLO_HTTPS_CLIENT_DEBUG_LEVEL);
+#endif /* HELLO_HTTPS_CLIENT_DEBUG_LEVEL > 0 */
+
+ if ((ret = mbedtls_ssl_setup( &ssl, &ssl_conf)) != 0) {
+ mbedtls_printf("mbedtls_ssl_setup() returned -0x%04X\n", -ret);
+ return ret;
+ }
+
+ if ((ret = mbedtls_ssl_set_hostname( &ssl, server_name )) != 0) {
+ mbedtls_printf("mbedtls_ssl_set_hostname() returned -0x%04X\n",
+ -ret);
+ return ret;
+ }
+
+ mbedtls_ssl_set_bio(&ssl, static_cast<void *>(&socket), sslSend, sslRecv,
+ NULL);
+
+ return 0;
+}
+
+int HelloHttpsClient::sslRecv(void *ctx, unsigned char *buf, size_t len)
+{
+ TCPSocket *socket = static_cast<TCPSocket *>(ctx);
+ int ret = socket->recv(buf, len);
+
+ if (ret == NSAPI_ERROR_WOULD_BLOCK)
+ ret = MBEDTLS_ERR_SSL_WANT_READ;
+ else if (ret < 0)
+ mbedtls_printf("socket.recv() returned %d\n", ret);
+
+ return ret;
+}
+
+int HelloHttpsClient::sslSend(void *ctx, const unsigned char *buf, size_t len)
+{
+ TCPSocket *socket = static_cast<TCPSocket *>(ctx);
+ int ret = socket->send(buf, len);
+
+ if (ret == NSAPI_ERROR_WOULD_BLOCK)
+ ret = MBEDTLS_ERR_SSL_WANT_WRITE;
+ else if (ret < 0)
+ mbedtls_printf("socket.send() returned %d\n", ret);
+
+ return ret;
+}
+
+void HelloHttpsClient::sslDebug(void *ctx, int level, const char *file,
+ int line, const char *str)
+{
+ (void)ctx;
+
+ const char *p, *basename;
+
+ /* Extract basename from file */
+ for (p = basename = file; *p != '\0'; p++) {
+ if (*p == '/' || *p == '\\')
+ basename = p + 1;
+ }
+
+ mbedtls_printf("%s:%d: |%d| %s\r", basename, line, level, str);
+}
+
+int HelloHttpsClient::sslVerify(void *ctx, mbedtls_x509_crt *crt, int depth,
+ uint32_t *flags)
+{
+ HelloHttpsClient *client = static_cast<HelloHttpsClient *>(ctx);
+
+ int ret = -1;
+
+ ret = mbedtls_x509_crt_info(client->gp_buf, sizeof(gp_buf), "\r ", crt);
+ if (ret < 0) {
+ mbedtls_printf("mbedtls_x509_crt_info() returned -0x%04X\n", -ret);
+ } else {
+ ret = 0;
+ mbedtls_printf("Verifying certificate at depth %d:\n%s\n",
+ depth, client->gp_buf);
+ }
+
+ return ret;
+}
+
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/HelloHttpsClient.h Fri May 04 12:30:06 2018 +0100
@@ -0,0 +1,228 @@
+/*
+ * Hello world example of a TLS client: fetch an HTTPS page
+ *
+ * Copyright (C) 2006-2018, Arm Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of Mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef _HELLOHTTPSCLIENT_H_
+#define _HELLOHTTPSCLIENT_H_
+
+#include "TCPSocket.h"
+
+#include "mbedtls/config.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/error.h"
+#include "mbedtls/debug.h"
+
+#include <stdint.h>
+
+/**
+ * Change to a number between 1 and 4 to debug the TLS connection
+ */
+#define HELLO_HTTPS_CLIENT_DEBUG_LEVEL 0
+
+/**
+ * Length (in bytes) for generic buffers used to hold debug or HTTP
+ * request/response strings
+ */
+#define GENERAL_PURPOSE_BUFFER_LENGTH 1024
+
+/**
+ * This class implements the logic for fetching a file from a webserver using
+ * a TCP socket and parsing the result.
+ */
+class HelloHttpsClient
+{
+public:
+ /**
+ * Construct an HelloHttpsClient instance
+ *
+ * \param[in] in_server_name
+ * The server domain/IP address
+ * \param[in] in_server_port
+ * The server port
+ */
+ HelloHttpsClient(const char *in_server_name,
+ const uint16_t in_server_port);
+
+ /**
+ * Free any allocated resources
+ */
+ ~HelloHttpsClient();
+
+ /**
+ * Start the connection to the server and request to read the file at
+ * HTTP_REQUEST_FILE_PATH
+ *
+ * \return 0 if successful
+ */
+ int run();
+
+private:
+ /**
+ * Create a TCPSocket object that can be used to communicate with the server
+ */
+ int configureTCPSocket();
+
+ /**
+ * Configure the Mbed TLS structures required to establish a TLS connection
+ * with the server
+ */
+ int configureTlsContexts();
+
+ /**
+ * Wrapper function around TCPSocket that gets called by Mbed TLS whenever
+ * we call mbedtls_ssl_read()
+ *
+ * \param[in] ctx
+ * The TCPSocket object
+ * \param[in] buf
+ * Buffer where data received will be stored
+ * \param[in] len
+ * The length (in bytes) of the buffer
+ *
+ * \return If successful, the number of bytes received, a negative value
+ * otherwise.
+ */
+ static int sslRecv(void *ctx, unsigned char *buf, size_t len);
+
+ /**
+ * Wrapper function around TCPSocket that gets called by Mbed TLS whenever
+ * we call mbedtls_ssl_write()
+ *
+ * \param[in] ctx
+ * The TCPSocket object
+ * \param[in] buf
+ * Buffer containing the data to be sent
+ * \param[in] len
+ * The number of bytes to send
+ *
+ * \return If successful, the number of bytes sent, a negative value
+ * otherwise
+ */
+ static int sslSend(void *ctx, const unsigned char *buf, size_t len);
+
+ /**
+ * Callback to handle debug prints to serial
+ *
+ * \param[in] ctx
+ * The context (unused in this case)
+ * \param[in] level
+ * The current debug level
+ * \param[in] file
+ * The C file that is logging this message
+ * \param[in] line
+ * The line number in the file
+ * \param[in] str
+ * The string to log to serial
+ */
+ static void sslDebug(void *ctx, int level, const char *file, int line,
+ const char *str);
+
+ /**
+ * Callback to handle certificate verification
+ *
+ * /param[in] data
+ * (unused)
+ * /param[in] crt
+ * The crt in the chain that we are verifying
+ * /param[in] depth
+ * The depth of the current certificate in the chain
+ * /param[in/out] flags
+ * The flags resulting from the verification
+ *
+ * /return 0 if successful
+ */
+ static int sslVerify(void *ctx, mbedtls_x509_crt *crt, int depth,
+ uint32_t *flags);
+
+private:
+ /**
+ * Personalization string for the drbg
+ */
+ static const char *DRBG_PERSONALIZED_STR;
+
+ /**
+ * Length of error string buffer for logging failures related to Mbed TLS
+ */
+ static const size_t ERROR_LOG_BUFFER_LENGTH;
+
+ /**
+ * Chain of trusted CAs in PEM format
+ */
+ static const char *TLS_PEM_CA;
+
+ /**
+ * Path to the file that will be requested from the server
+ */
+ static const char *HTTP_REQUEST_FILE_PATH;
+
+ /**
+ * Expected strings in the HTTP response from the server
+ */
+ static const char *HTTP_OK_STR;
+
+ /**
+ * Expected strings in the HTTP response from the server
+ */
+ static const char *HTTP_HELLO_STR;
+
+ /**
+ * Instance of TCPSocket used to communicate with the server
+ */
+ TCPSocket socket;
+
+ /**
+ * The domain/IP address of the server to contact
+ */
+ const char *server_name;
+ /**
+ * The port number to use in the connection
+ */
+ const uint16_t server_port;
+
+ /**
+ * A generic buffer used to hold debug or HTTP request/response strings
+ */
+ char gp_buf[GENERAL_PURPOSE_BUFFER_LENGTH];
+
+ /**
+ * Entropy context used to seed the DRBG to use in the TLS connection
+ */
+ mbedtls_entropy_context entropy;
+ /**
+ * The DRBG used throughout the TLS connection
+ */
+ mbedtls_ctr_drbg_context ctr_drbg;
+ /**
+ * The parsed chain of trusted CAs
+ */
+ mbedtls_x509_crt cacert;
+ /**
+ * THe TLS context
+ */
+ mbedtls_ssl_context ssl;
+ /**
+ * The TLS configuration in use
+ */
+ mbedtls_ssl_config ssl_conf;
+};
+
+#endif /* _HELLOHTTPSCLIENT_H_ */
--- a/README.md Wed May 02 06:30:32 2018 +0100 +++ b/README.md Fri May 04 12:30:06 2018 +0100 @@ -25,47 +25,46 @@ ``` Starting mbed-os-example-tls/tls-client -Using Mbed OS 5.X.Y -[EasyConnect] Connected to Network successfully -[EasyConnect] MAC address ae:41:46:27:31:e7 -[EasyConnect] IP address 192.168.64.255 -Connecting with os.mbed.com +Using Mbed OS 5.6.3 +[EasyConnect] IPv4 mode +Successfully connected to os.mbed.com at port 443 Starting the TLS handshake... -TLS connection to os.mbed.com established +Successfully completed the TLS handshake Server certificate: - cert. version : 3 - serial number : 65:7B:6D:8D:15:A5:B6:86:87:6B:5E:BC - issuer name : C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 - subject name : C=GB, ST=Cambridgeshire, L=Cambridge, O=ARM Ltd, CN=*.mbed.com - issued on : 2017-04-03 13:54:02 - expires on : 2018-05-06 10:31:02 - signed using : RSA with SHA-256 - RSA key size : 2048 bits - basic constraints : CA=false - subject alt name : *.mbed.com, mbed.org, *.mbed.org, mbed.com - key usage : Digital Signature, Key Encipherment - ext key usage : TLS Web Server Authentication, TLS Web Client Authentication + cert. version : 3 + serial number : 65:7B:6D:8D:15:A5:B6:86:87:6B:5E:BC + issuer name : C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 + subject name : C=GB, ST=Cambridgeshire, L=Cambridge, O=ARM Ltd, CN=*.mbed.com + issued on : 2017-04-03 13:54:02 + expires on : 2018-05-06 10:31:02 + signed using : RSA with SHA-256 + RSA key size : 2048 bits + basic constraints : CA=false + subject alt name : *.mbed.com, mbed.org, *.mbed.org, mbed.com + key usage : Digital Signature, Key Encipherment + ext key usage : TLS Web Server Authentication, TLS Web Client Authentication + Certificate verification passed - -HTTPS: Received 200 OK status ... [OK] -HTTPS: Received 'Hello world!' status ... [OK] -HTTPS: Received message: - +Established TLS connection to os.mbed.com +HTTP: Received 365 chars from server +HTTP: Received '200 OK' status ... OK +HTTP: Received message: HTTP/1.1 200 OK -Server: nginx/1.11.12 -Date: Mon, 18 Sep 2017 12:54:59 GMT +Server: nginx/1.11.10 +Date: Wed, 08 Nov 2017 09:07:59 GMT Content-Type: text/plain Content-Length: 14 Connection: keep-alive Last-Modified: Fri, 27 Jul 2012 13:30:34 GMT Accept-Ranges: bytes Cache-Control: max-age=36000 -Expires: Mon, 18 Sep 2017 22:54:59 GMT -X-Upstream-L3: 172.17.0.4:80 -X-Upstream-L2: developer-sjc-cyan-1-nginx +Expires: Wed, 08 Nov 2017 19:07:59 GMT Strict-Transport-Security: max-age=31536000; includeSubdomains Hello world! + + +DONE ``` ## Debugging the TLS connection
--- a/main.cpp Wed May 02 06:30:32 2018 +0100
+++ b/main.cpp Fri May 04 12:30:06 2018 +0100
@@ -1,7 +1,7 @@
/*
* Hello world example of a TLS client: fetch an HTTPS page
*
- * Copyright (C) 2006-2016, Arm Limited, All Rights Reserved
+ * Copyright (C) 2006-2018, Arm Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -19,423 +19,70 @@
* This file is part of Mbed TLS (https://tls.mbed.org)
*/
-/** \file main.cpp
- * \brief An example TLS Client application
- * This application sends an HTTPS request to os.mbed.com and searches for a string in
- * the result.
+/**
+ * \file main.cpp
+ *
+ * \brief An example TLS Client application
*
- * This example is implemented as a logic class (HelloHTTPS) wrapping a TCP socket.
- * The logic class handles all events, leaving the main loop to just check if the process
- * has finished.
+ * This application sends an HTTPS request to os.mbed.com and searches
+ * for a string in the result.
+ *
+ * This example is implemented as a logic class (HelloHttpsClient) wrapping a
+ * TCP socket. The logic class handles all events, leaving the main loop to just
+ * check if the process has finished.
*/
-/* Change to a number between 1 and 4 to debug the TLS connection */
-#define DEBUG_LEVEL 0
-
#include "mbed.h"
-#include "easy-connect.h"
#include "mbedtls/platform.h"
-#include "mbedtls/ssl.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/error.h"
-#if DEBUG_LEVEL > 0
-#include "mbedtls/debug.h"
-#endif
-
-namespace {
-
-const char *HTTPS_SERVER_NAME = "os.mbed.com";
-const int HTTPS_SERVER_PORT = 443;
-const int RECV_BUFFER_SIZE = 600;
-
-const char HTTPS_PATH[] = "/media/uploads/mbed_official/hello.txt";
-
-/* Test related data */
-const char *HTTPS_OK_STR = "200 OK";
-const char *HTTPS_HELLO_STR = "Hello world!";
-
-/* personalization string for the drbg */
-const char *DRBG_PERS = "mbed TLS helloword client";
+#include "HelloHttpsClient.h"
-/* List of trusted root CA certificates
- * currently only GlobalSign, the CA for os.mbed.com
- *
- * To add more than one root, just concatenate them.
- */
-const char SSL_CA_PEM[] = "-----BEGIN CERTIFICATE-----\n"
- "MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG\n"
- "A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv\n"
- "b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw\n"
- "MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i\n"
- "YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT\n"
- "aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ\n"
- "jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp\n"
- "xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz8kHp\n"
- "1Wrjsok6Vjk4bwY8iGlbKk3Fp1S4bInMm/k8yuX9ifUSPJJ4ltbcdG6TRGHRjcdG\n"
- "snUOhugZitVtbNV4FpWi6cgKOOvyJBNPc1STE4U6G7weNLWLBYy5d4ux2x8gkasJ\n"
- "U26Qzns3dLlwR5EiUWMWea6xrkEmCMgZK9FGqkjWZCrXgzT/LCrBbBlDSgeF59N8\n"
- "9iFo7+ryUp9/k5DPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E\n"
- "BTADAQH/MB0GA1UdDgQWBBRge2YaRQ2XyolQL30EzTSo//z9SzANBgkqhkiG9w0B\n"
- "AQUFAAOCAQEA1nPnfE920I2/7LqivjTFKDK1fPxsnCwrvQmeU79rXqoRSLblCKOz\n"
- "yj1hTdNGCbM+w6DjY1Ub8rrvrTnhQ7k4o+YviiY776BQVvnGCv04zcQLcFGUl5gE\n"
- "38NflNUVyRRBnMRddWQVDf9VMOyGj/8N7yy5Y0b2qvzfvGn9LhJIZJrglfCm7ymP\n"
- "AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad\n"
- "DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\n"
- "HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\n"
- "-----END CERTIFICATE-----\n";
+/* Domain/IP address of the server to contact */
+const char SERVER_NAME[] = "os.mbed.com";
-}
+/* Port used to connect to the server */
+const int SERVER_PORT = 443;
/**
- * \brief HelloHTTPS implements the logic for fetching a file from a webserver
- * using a TCP socket and parsing the result.
+ * The main function driving the HTTPS client.
*/
-class HelloHTTPS {
-public:
- /**
- * HelloHTTPS Constructor
- * Initializes the TCP socket, sets up event handlers and flags.
- *
- * @param[in] domain The domain name to fetch from
- * @param[in] port The port of the HTTPS server
- */
- HelloHTTPS(const char * domain, const uint16_t port, NetworkInterface *net_iface) :
- _domain(domain), _port(port)
- {
-
- _gothello = false;
- _got200 = false;
- _bpos = 0;
- _request_sent = 0;
- _tcpsocket = new TCPSocket(net_iface);
- _tcpsocket->set_blocking(false);
- _buffer[RECV_BUFFER_SIZE - 1] = 0;
-
- mbedtls_entropy_init(&_entropy);
- mbedtls_ctr_drbg_init(&_ctr_drbg);
- mbedtls_x509_crt_init(&_cacert);
- mbedtls_ssl_init(&_ssl);
- mbedtls_ssl_config_init(&_ssl_conf);
- }
- /**
- * HelloHTTPS Desctructor
- */
- ~HelloHTTPS() {
- mbedtls_entropy_free(&_entropy);
- mbedtls_ctr_drbg_free(&_ctr_drbg);
- mbedtls_x509_crt_free(&_cacert);
- mbedtls_ssl_free(&_ssl);
- mbedtls_ssl_config_free(&_ssl_conf);
- _tcpsocket->close();
- delete _tcpsocket;
- }
- /**
- * Start the test.
- *
- * Starts by clearing test flags, then resolves the address with DNS.
- *
- * @param[in] path The path of the file to fetch from the HTTPS server
- * @return SOCKET_ERROR_NONE on success, or an error code on failure
+int main()
+{
+ /*
+ * The default 9600 bps is too slow to print full TLS debug info and could
+ * cause the other party to time out.
*/
- void startTest(const char *path) {
- /* Initialize the flags */
- _got200 = false;
- _gothello = false;
- _disconnected = false;
- _request_sent = false;
-
- /*
- * Initialize TLS-related stuf.
- */
- int ret;
- if ((ret = mbedtls_ctr_drbg_seed(&_ctr_drbg, mbedtls_entropy_func, &_entropy,
- (const unsigned char *) DRBG_PERS,
- sizeof (DRBG_PERS))) != 0) {
- print_mbedtls_error("mbedtls_crt_drbg_init", ret);
- return;
- }
-
- if ((ret = mbedtls_x509_crt_parse(&_cacert, (const unsigned char *) SSL_CA_PEM,
- sizeof (SSL_CA_PEM))) != 0) {
- print_mbedtls_error("mbedtls_x509_crt_parse", ret);
- return;
- }
- if ((ret = mbedtls_ssl_config_defaults(&_ssl_conf,
- MBEDTLS_SSL_IS_CLIENT,
- MBEDTLS_SSL_TRANSPORT_STREAM,
- MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
- print_mbedtls_error("mbedtls_ssl_config_defaults", ret);
- return;
- }
-
- mbedtls_ssl_conf_ca_chain(&_ssl_conf, &_cacert, NULL);
- mbedtls_ssl_conf_rng(&_ssl_conf, mbedtls_ctr_drbg_random, &_ctr_drbg);
+ HelloHttpsClient *client;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
- /* It is possible to disable authentication by passing
- * MBEDTLS_SSL_VERIFY_NONE in the call to mbedtls_ssl_conf_authmode()
- */
- mbedtls_ssl_conf_authmode(&_ssl_conf, MBEDTLS_SSL_VERIFY_REQUIRED);
-
-#if DEBUG_LEVEL > 0
- mbedtls_ssl_conf_verify(&_ssl_conf, my_verify, NULL);
- mbedtls_ssl_conf_dbg(&_ssl_conf, my_debug, NULL);
- mbedtls_debug_set_threshold(DEBUG_LEVEL);
-#endif
-
- if ((ret = mbedtls_ssl_setup(&_ssl, &_ssl_conf)) != 0) {
- print_mbedtls_error("mbedtls_ssl_setup", ret);
- return;
- }
+ mbedtls_printf("Starting mbed-os-example-tls/tls-client\n");
- mbedtls_ssl_set_hostname(&_ssl, HTTPS_SERVER_NAME);
-
- mbedtls_ssl_set_bio(&_ssl, static_cast<void *>(_tcpsocket),
- ssl_send, ssl_recv, NULL );
-
-
- /* Connect to the server */
- mbedtls_printf("Connecting with %s\n", _domain);
- ret = _tcpsocket->connect(_domain, _port);
- if (ret != NSAPI_ERROR_OK) {
- mbedtls_printf("Failed to connect\n");
- printf("MBED: Socket Error: %d\n", ret);
- _tcpsocket->close();
- return;
- }
-
- /* Start the handshake, the rest will be done in onReceive() */
- mbedtls_printf("Starting the TLS handshake...\n");
- do {
- ret = mbedtls_ssl_handshake(&_ssl);
- } while (ret != 0 && (ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE));
- if (ret < 0) {
- print_mbedtls_error("mbedtls_ssl_handshake", ret);
- _tcpsocket->close();
- return;
- }
-
- /* Fill the request buffer */
- _bpos = snprintf(_buffer, sizeof(_buffer) - 1,
- "GET %s HTTP/1.1\nHost: %s\n\n", path, HTTPS_SERVER_NAME);
-
- int offset = 0;
- do {
- ret = mbedtls_ssl_write(&_ssl,
- (const unsigned char *) _buffer + offset,
- _bpos - offset);
- if (ret > 0)
- offset += ret;
- } while (offset < _bpos && (ret > 0 || ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE));
- if (ret < 0) {
- print_mbedtls_error("mbedtls_ssl_write", ret);
- _tcpsocket->close();
- return;
- }
-
- /* It also means the handshake is done, time to print info */
- printf("TLS connection to %s established\n", HTTPS_SERVER_NAME);
+#if defined(MBED_MAJOR_VERSION)
+ mbedtls_printf("Using Mbed OS %d.%d.%d\n",
+ MBED_MAJOR_VERSION, MBED_MINOR_VERSION, MBED_PATCH_VERSION);
+#else
+ printf("Using Mbed OS from master.\n");
+#endif /* MBEDTLS_MAJOR_VERSION */
- const uint32_t buf_size = 1024;
- char *buf = new char[buf_size];
- mbedtls_x509_crt_info(buf, buf_size, "\r ",
- mbedtls_ssl_get_peer_cert(&_ssl));
- mbedtls_printf("Server certificate:\n%s", buf);
-
- uint32_t flags = mbedtls_ssl_get_verify_result(&_ssl);
- if( flags != 0 )
- {
- mbedtls_x509_crt_verify_info(buf, buf_size, "\r ! ", flags);
- printf("Certificate verification failed:\n%s\n", buf);
- }
- else
- printf("Certificate verification passed\n\n");
-
-
- /* Read data out of the socket */
- offset = 0;
- do {
- ret = mbedtls_ssl_read(&_ssl, (unsigned char *) _buffer + offset,
- sizeof(_buffer) - offset - 1);
- if (ret > 0)
- offset += ret;
-
- /* Check each of the flags */
- _buffer[offset] = 0;
- _got200 = _got200 || strstr(_buffer, HTTPS_OK_STR) != NULL;
- _gothello = _gothello || strstr(_buffer, HTTPS_HELLO_STR) != NULL;
- } while ( (!_got200 || !_gothello) &&
- (ret > 0 || ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE));
- if (ret < 0) {
- print_mbedtls_error("mbedtls_ssl_read", ret);
- delete[] buf;
- _tcpsocket->close();
- return;
- }
- _bpos = static_cast<size_t>(offset);
-
- _buffer[_bpos] = 0;
-
- /* Close socket before status */
- _tcpsocket->close();
-
- /* Print status messages */
- mbedtls_printf("HTTPS: Received %d chars from server\n", _bpos);
- mbedtls_printf("HTTPS: Received 200 OK status ... %s\n", _got200 ? "[OK]" : "[FAIL]");
- mbedtls_printf("HTTPS: Received '%s' status ... %s\n", HTTPS_HELLO_STR, _gothello ? "[OK]" : "[FAIL]");
- mbedtls_printf("HTTPS: Received message:\n\n");
- mbedtls_printf("%s", _buffer);
-
- delete[] buf;
+ /* Allocate a HTTPS client */
+ client = new (std::nothrow) HelloHttpsClient(SERVER_NAME, SERVER_PORT);
+ if (client == NULL) {
+ mbedtls_printf("Failed to allocate HelloHttpsClient object\n"
+ "\nFAIL\n");
+ return exit_code;
}
-protected:
- /**
- * Helper for pretty-printing mbed TLS error codes
- */
- static void print_mbedtls_error(const char *name, int err) {
- char buf[128];
- mbedtls_strerror(err, buf, sizeof (buf));
- mbedtls_printf("%s() failed: -0x%04x (%d): %s\n", name, -err, err, buf);
- }
-
-#if DEBUG_LEVEL > 0
- /**
- * Debug callback for Mbed TLS
- * Just prints on the USB serial port
- */
- static void my_debug(void *ctx, int level, const char *file, int line,
- const char *str)
- {
- const char *p, *basename;
- (void) ctx;
-
- /* Extract basename from file */
- for(p = basename = file; *p != '\0'; p++) {
- if(*p == '/' || *p == '\\') {
- basename = p + 1;
- }
- }
-
- mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str);
+ /* Run the client */
+ if (client->run() != 0) {
+ mbedtls_printf("\nFAIL\n");
+ } else {
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+ mbedtls_printf("\nDONE\n");
}
- /**
- * Certificate verification callback for Mbed TLS
- * Here we only use it to display information on each cert in the chain
- */
- static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags)
- {
- const uint32_t buf_size = 1024;
- char *buf = new char[buf_size];
- (void) data;
-
- mbedtls_printf("\nVerifying certificate at depth %d:\n", depth);
- mbedtls_x509_crt_info(buf, buf_size - 1, " ", crt);
- mbedtls_printf("%s", buf);
-
- if (*flags == 0)
- mbedtls_printf("No verification issue for this certificate\n");
- else
- {
- mbedtls_x509_crt_verify_info(buf, buf_size, " ! ", *flags);
- mbedtls_printf("%s\n", buf);
- }
-
- delete[] buf;
- return 0;
- }
-#endif
-
- /**
- * Receive callback for Mbed TLS
- */
- static int ssl_recv(void *ctx, unsigned char *buf, size_t len) {
- int recv = -1;
- TCPSocket *socket = static_cast<TCPSocket *>(ctx);
- recv = socket->recv(buf, len);
-
- if(NSAPI_ERROR_WOULD_BLOCK == recv){
- return MBEDTLS_ERR_SSL_WANT_READ;
- }else if(recv < 0){
- mbedtls_printf("Socket recv error %d\n", recv);
- return -1;
- }else{
- return recv;
- }
- }
-
- /**
- * Send callback for Mbed TLS
- */
- static int ssl_send(void *ctx, const unsigned char *buf, size_t len) {
- int size = -1;
- TCPSocket *socket = static_cast<TCPSocket *>(ctx);
- size = socket->send(buf, len);
+ delete client;
- if(NSAPI_ERROR_WOULD_BLOCK == size){
- return MBEDTLS_ERR_SSL_WANT_WRITE;
- }else if(size < 0){
- mbedtls_printf("Socket send error %d\n", size);
- return -1;
- }else{
- return size;
- }
- }
-
-protected:
- TCPSocket* _tcpsocket;
-
- const char *_domain; /**< The domain name of the HTTPS server */
- const uint16_t _port; /**< The HTTPS server port */
- char _buffer[RECV_BUFFER_SIZE]; /**< The response buffer */
- size_t _bpos; /**< The current offset in the response buffer */
- volatile bool _got200; /**< Status flag for HTTPS 200 */
- volatile bool _gothello; /**< Status flag for finding the test string */
- volatile bool _disconnected;
- volatile bool _request_sent;
-
- mbedtls_entropy_context _entropy;
- mbedtls_ctr_drbg_context _ctr_drbg;
- mbedtls_x509_crt _cacert;
- mbedtls_ssl_context _ssl;
- mbedtls_ssl_config _ssl_conf;
-};
-
-/**
- * The main loop of the HTTPS Hello World test
- */
-int main() {
- /* The default 9600 bps is too slow to print full TLS debug info and could
- * cause the other party to time out. */
-
- printf("\nStarting mbed-os-example-tls/tls-client\n");
-#if defined(MBED_MAJOR_VERSION)
- printf("Using Mbed OS %d.%d.%d\n", MBED_MAJOR_VERSION, MBED_MINOR_VERSION, MBED_PATCH_VERSION);
-#else
- printf("Using Mbed OS from master.\n");
-#endif
-
- /* Use the easy-connect lib to support multiple network bearers. */
- /* See https://github.com/ARMmbed/easy-connect README.md for info. */
-
-#if DEBUG_LEVEL > 0
- NetworkInterface* network = easy_connect(true);
-#else
- NetworkInterface* network = easy_connect(false);
-#endif /* DEBUG_LEVEL > 0 */
- if (NULL == network) {
- printf("Connecting to the network failed... See serial output.\n");
- return 1;
- }
-
- HelloHTTPS *hello = new HelloHTTPS(HTTPS_SERVER_NAME, HTTPS_SERVER_PORT, network);
- hello->startTest(HTTPS_PATH);
- delete hello;
+ return exit_code;
}
--- a/mbed_app.json Wed May 02 06:30:32 2018 +0100
+++ b/mbed_app.json Fri May 04 12:30:06 2018 +0100
@@ -28,7 +28,6 @@
},
"target_overrides": {
"*": {
- "platform.stdio-baud-rate": 9600,
"platform.stdio-convert-newlines": true
},
"UBLOX_EVK_ODIN_W2": {
--- a/mbedtls_entropy_config.h Wed May 02 06:30:32 2018 +0100 +++ b/mbedtls_entropy_config.h Fri May 04 12:30:06 2018 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2016, Arm Limited, All Rights Reserved + * Copyright (C) 2006-2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -36,7 +36,3 @@ #define MBEDTLS_MPI_MAX_SIZE 256 #define MBEDTLS_MPI_WINDOW_SIZE 1 - -#if defined(TARGET_STM32F439xI) && defined(MBEDTLS_CONFIG_HW_SUPPORT) -#undef MBEDTLS_AES_ALT -#endif /* TARGET_STM32F439xI && MBEDTLS_CONFIG_HW_SUPPORT */