diff --git a/README.md b/README.md index 4b4e3cdc1..1fac42b99 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ Please browse the subdirectories for specific documentation. The application prints debug messages over the serial port, so you can monitor its activity with a serial terminal emulator. Start the [serial terminal emulator](https://developer.mbed.org/handbook/Terminals) and connect to the [virtual serial port](https://developer.mbed.org/handbook/SerialPC#host-interface-and-terminal-applications) presented by FRDM-K64F. Use the following settings: -* 115200 baud (not 9600). +* 9600 baud. * 8N1. * No flow control. diff --git a/tls-client/README.md b/tls-client/README.md index 787412b7c..33bb40aca 100644 --- a/tls-client/README.md +++ b/tls-client/README.md @@ -17,58 +17,46 @@ __NOTE:__ Make sure that the Ethernet cable is plugged in correctly before runni The output in the terminal window should be similar to this: ``` - {{timeout;120}} - {{host_test_name;default}} - {{description;mbed TLS example HTTPS client}} - {{test_id;MBEDTLS_EX_HTTPS_CLIENT}} - {{start}} - - Client IP Address is 192.168.0.2 - Starting DNS lookup for developer.mbed.org - DNS Response Received: - developer.mbed.org: 217.140.101.30 - Connecting to 217.140.101.30:443 - Connected to 217.140.101.30:443 - Starting the TLS handshake... - TLS connection to developer.mbed.org established - Server certificate: - cert. version : 3 - serial number : 11:21:4E:4B:13:27:F0:89:21:FB:70:EC:3B:B5:73:5C:FF:B9 - issuer name : C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 - subject name : C=GB, ST=Cambridgeshire, L=Cambridge, O=ARM Ltd, CN=*.mbed.com - issued on : 2015-03-05 10:31:02 - expires on : 2016-03-05 10:31:02 - signed using : RSA with SHA-256 - RSA key size : 2048 bits - basic constraints : CA=false - subject alt name : *.mbed.com, *.mbed.org, mbed.org, mbed.com - key usage : Digital Signature, Key Encipherment - ext key usage : TLS Web Server Authentication, TLS Web Client Authentication - Certificate verification passed - - HTTPS: Received 473 chars from server - HTTPS: Received 200 OK status ... [OK] - HTTPS: Received 'Hello world!' status ... [OK] - HTTPS: Received message: - - HTTP/1.1 200 OK - Server: nginx/1.7.10 - Date: Tue, 18 Aug 2015 18:34:04 GMT - Content-Type: text/plain - Content-Length: 14 - Connection: keep-alive - Last-Modified: Fri, 27 Jul 2012 13:30:34 GMT - Accept-Ranges: bytes - Cache-Control: max-age=36000 - Expires: Wed, 19 Aug 2015 04:34:04 GMT - X-Upstream-L3: 172.17.42.1:8080 - X-Upstream-L2: developer-sjc-indigo-2-nginx - X-Upstream-L1-next-hop: 217.140.101.86:8001 - X-Upstream-L1: developer-sjc-indigo-border-nginx - - Hello world! - {{success}} - {{end}} +Using Ethernet LWIP +Client IP Address is 10.2.203.43 +Connecting with developer.mbed.org +Starting the TLS handshake... +TLS connection to developer.mbed.org established +Server certificate: + cert. version : 3 + serial number : 11:21:B8:47:9B:21:6C:B1:C6:AF:BC:5D:0C:19:52:DC:D7:C3 + issuer name : C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 + subject name : C=GB, ST=Cambridgeshire, L=Cambridge, O=ARM Ltd, CN=*.mbed.com + issued on : 2016-03-03 12:26:08 + expires on : 2017-04-05 10:31:02 + signed using : RSA with SHA-256 + RSA key size : 2048 bits + basic constraints : CA=false + subject alt name : *.mbed.com, mbed.org, *.mbed.org, mbed.com + key usage : Digital Signature, Key Encipherment + ext key usage : TLS Web Server Authentication, TLS Web Client Authentication +Certificate verification passed + +HTTPS: Received 439 chars from server +HTTPS: Received 200 OK status ... [OK] +HTTPS: Received 'Hello world!' status ... [OK] +HTTPS: Received message: + +HTTP/1.1 200 OK +Server: nginx/1.7.10 +Date: Wed, 20 Jul 2016 10:00:35 GMT +Content-Type: text/plain +Content-Length: 14 +Connection: keep-alive +Last-Modified: Fri, 27 Jul 2012 13:30:34 GMT +Accept-Ranges: bytes +Cache-Control: max-age=36000 +Expires: Wed, 20 Jul 2016 20:00:35 GMT +X-Upstream-L3: 172.17.0.3:80 +X-Upstream-L2: developer-sjc-indigo-1-nginx +Strict-Transport-Security: max-age=31536000; includeSubdomains + +Hello world! ``` ## Debugging the TLS connection diff --git a/tls-client/main.cpp b/tls-client/main.cpp index bfc2dad49..d881ae070 100644 --- a/tls-client/main.cpp +++ b/tls-client/main.cpp @@ -1,7 +1,7 @@ /* * Hello world example of a TLS client: fetch an HTTPS page * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved + * Copyright (C) 2006-2016, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may @@ -19,17 +19,6 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(TARGET_LIKE_MBED) - -#include - -int main() { - printf("This program only works on mbed OS.\n"); - return 0; -} - -#else - /** \file main.cpp * \brief An example TLS Client application * This application sends an HTTPS request to developer.mbed.org and searches for a string in @@ -48,12 +37,9 @@ int main() { #include "mbed.h" #include "NetworkStack.h" -#include "LWIPInterface.h" -//#include "EthernetInterface.h" +#include "EthernetInterface.h" #include "TCPSocket.h" -#include "test_env.h" -//#include "lwipv4_init.h" #include "mbedtls/platform.h" #include "mbedtls/ssl.h" @@ -66,9 +52,6 @@ int main() { namespace { -Serial output(USBTX, USBRX); -NetworkStack *network_stack = NULL; - const char *HTTPS_SERVER_NAME = "developer.mbed.org"; const int HTTPS_SERVER_PORT = 443; const int RECV_BUFFER_SIZE = 600; @@ -144,8 +127,6 @@ const char SSL_CA_PEM[] = #endif } -//using namespace mbed::Sockets::v0; - /** * \brief HelloHTTPS implements the logic for fetching a file from a webserver * using a TCP socket and parsing the result. @@ -159,7 +140,7 @@ class HelloHTTPS { * @param[in] domain The domain name to fetch from * @param[in] port The port of the HTTPS server */ - HelloHTTPS(const char * domain, const uint16_t port) : + HelloHTTPS(const char * domain, const uint16_t port, NetworkInterface *net_iface) : _domain(domain), _port(port) { @@ -168,7 +149,7 @@ class HelloHTTPS { _got200 = false; _bpos = 0; _request_sent = 0; - _tcpsocket = new TCPSocket(network_stack); + _tcpsocket = new TCPSocket(net_iface); mbedtls_entropy_init(&_entropy); mbedtls_ctr_drbg_init(&_ctr_drbg); @@ -258,11 +239,11 @@ class HelloHTTPS { /* Connect to the server */ - output.printf("Connecting with %s\r\n", _domain); + mbedtls_printf("Connecting with %s\r\n", _domain); _tcpsocket->connect( _domain, _port ); /* Start the handshake, the rest will be done in onReceive() */ - output.printf("Starting the TLS handshake...\r\n"); + mbedtls_printf("Starting the TLS handshake...\r\n"); ret = mbedtls_ssl_handshake(&_ssl); if (ret < 0) { if (ret != MBEDTLS_ERR_SSL_WANT_READ && @@ -289,7 +270,7 @@ class HelloHTTPS { char buf[1024]; mbedtls_x509_crt_info(buf, sizeof(buf), "\r ", mbedtls_ssl_get_peer_cert(&_ssl)); - output.printf("Server certificate:\r\n%s\r", buf); + mbedtls_printf("Server certificate:\r\n%s\r", buf); #if defined(UNSAFE) uint32_t flags = mbedtls_ssl_get_verify_result(&_ssl); @@ -321,15 +302,14 @@ class HelloHTTPS { _gothello = _gothello || strstr(_buffer, HTTPS_HELLO_STR) != NULL; /* Print status messages */ - output.printf("HTTPS: Received %d chars from server\r\n", _bpos); - output.printf("HTTPS: Received 200 OK status ... %s\r\n", _got200 ? "[OK]" : "[FAIL]"); - output.printf("HTTPS: Received '%s' status ... %s\r\n", HTTPS_HELLO_STR, _gothello ? "[OK]" : "[FAIL]"); - output.printf("HTTPS: Received message:\r\n\r\n"); - output.printf("%s", _buffer); + mbedtls_printf("HTTPS: Received %d chars from server\r\n", _bpos); + mbedtls_printf("HTTPS: Received 200 OK status ... %s\r\n", _got200 ? "[OK]" : "[FAIL]"); + mbedtls_printf("HTTPS: Received '%s' status ... %s\r\n", HTTPS_HELLO_STR, _gothello ? "[OK]" : "[FAIL]"); + mbedtls_printf("HTTPS: Received message:\r\n\r\n"); + mbedtls_printf("%s", _buffer); _error = !(_got200 && _gothello); _tcpsocket->close(); -// MBED_HOSTTEST_RESULT(!error()); } /** * Check if the test has completed. @@ -360,7 +340,7 @@ class HelloHTTPS { static void print_mbedtls_error(const char *name, int err) { char buf[128]; mbedtls_strerror(err, buf, sizeof (buf)); - output.printf("%s() failed: -0x%04x (%d): %s\r\n", name, -err, err, buf); + mbedtls_printf("%s() failed: -0x%04x (%d): %s\r\n", name, -err, err, buf); } #if DEBUG_LEVEL > 0 @@ -381,7 +361,7 @@ class HelloHTTPS { } } - output.printf("%s:%04d: |%d| %s", basename, line, level, str); + mbedtls_printf("%s:%04d: |%d| %s", basename, line, level, str); } /** @@ -393,16 +373,16 @@ class HelloHTTPS { char buf[1024]; (void) data; - output.printf("\nVerifying certificate at depth %d:\n", depth); + mbedtls_printf("\nVerifying certificate at depth %d:\n", depth); mbedtls_x509_crt_info(buf, sizeof (buf) - 1, " ", crt); - output.printf("%s", buf); + mbedtls_printf("%s", buf); if (*flags == 0) - output.printf("No verification issue for this certificate\n"); + mbedtls_printf("No verification issue for this certificate\n"); else { mbedtls_x509_crt_verify_info(buf, sizeof (buf), " ! ", *flags); - output.printf("%s\n", buf); + mbedtls_printf("%s\n", buf); } return 0; @@ -447,17 +427,8 @@ class HelloHTTPS { printf("MBED: Socket Error: %d\r\n", error); s->close(); _error = true; -// MBED_HOSTTEST_RESULT(false); - } - -#if 0 - void onDisconnect(TCPStream *s) { - s->close(); - MBED_HOSTTEST_RESULT(!error()); } -#endif - protected: TCPSocket* _tcpsocket; @@ -483,34 +454,19 @@ class HelloHTTPS { */ int main() { /* The default 9600 bps is too slow to print full TLS debug info and could - * cause the other party to time out. Select a higher baud rate for - * printf(), regardless of debug level for the sake of uniformity. */ - - // Sets the console baud-rate - output.baud(115200); - -// MBED_HOSTTEST_TIMEOUT(120); -// MBED_HOSTTEST_SELECT(_default); -// MBED_HOSTTEST_DESCRIPTION(mbed TLS example HTTPS client); -// MBED_HOSTTEST_START("MBEDTLS_EX_HTTPS_CLIENT"); + * cause the other party to time out. */ - /* Initialise with DHCP, connect, and start up the stack */ - LWIPInterface lwip; - - lwip.connect(); - output.printf("Using Ethernet LWIP\r\n"); - network_stack = &lwip; - - const char *ip_addr = network_stack->get_ip_address(); + /* Inititalise with DHCP, connect, and start up the stack */ + EthernetInterface eth_iface; + eth_iface.connect(); + mbedtls_printf("Using Ethernet LWIP\r\n"); + const char *ip_addr = eth_iface.get_ip_address(); if (ip_addr) { - output.printf("Client IP Address is %s\r\n",ip_addr); + mbedtls_printf("Client IP Address is %s\r\n", ip_addr); } else { - output.printf("No Client IP Address\r\n"); + mbedtls_printf("No Client IP Address\r\n"); } - - HelloHTTPS hello(HTTPS_SERVER_NAME, HTTPS_SERVER_PORT); + HelloHTTPS hello(HTTPS_SERVER_NAME, HTTPS_SERVER_PORT, ð_iface); hello.startTest(HTTPS_PATH); } - -#endif /* TARGET_LIKE_MBED */ diff --git a/tls-client/mbed-os.lib b/tls-client/mbed-os.lib index f9bce8bf3..e286558cf 100644 --- a/tls-client/mbed-os.lib +++ b/tls-client/mbed-os.lib @@ -1 +1 @@ -https://github.com/ARMmbed/mbed-os/#c0c5a70b1907d701f69f37b8812b5fe2ce048ff0 +https://github.com/ARMmbed/mbed-os/#b7b6dd2c8769251c66d68911f116ec899c7054f7