本篇文章介紹使用Pico-SDK 結合LwIP and MbedTLS 在Raspberry Pi Pico W上建立HTTPS(Secure HTTP) server。本專案會使用LwIP 中SNTP and HTTP Application。詳細步驟如下說明:
一、連線WiFi並設定static IP:
cyw43_arch_enable_sta_mode();
netif_set_status_callback(netif_default, netif_status_cb);
cyw43_arch_wifi_connect_timeout_ms(WIFI_SSID, WIFI_PASSWORD, CYW43_AUTH_WPA2_AES_PSK, 30000);
使用netif_set_status_callback當成功連上WiFi時呼叫netif_status_cb設定Static IP。
二、以LwIP SNTP application設定系統時間。
在CMakeLists.txt加入:
add_definitions(
-DSNTP_SERVER_DNS=1
-DSNTP_SERVER_ADDRESS="pool.ntp.org"
-DSNTP_SET_SYSTEM_TIME=sntp_set_system_time
-DSNTP_STARTUP_DELAY=0
)
sntp_set_system_time為SNTP client取得資料時呼叫的callback function。
在程式中呼叫
sntp_setoperatingmode(SNTP_OPMODE_POLL);
sntp_init();
以啟用SNTP client。
三、建立self-signed Server Side Certificates:
- openssl genrsa -des3 -out ca.key 2048:
建立Root CA key。 - openssl req -new -x509 -days 3650 -key ca.key -out ca.cert:
建立self-signed root Certificate。 - openssl genrsa -out server.key 2048:
建立server side private key。 - openssl req -new -out server.csr -key server.key
使用server key製作server憑證需求(certificate request) - openssl x509 -req -in server.csr -CA ca.cert -CAkey ca.key -CAcreateserial -out server.cert -days 365
使用root CA ca.cert簽署server side certificate。
四、設定MbedTLS的TLS connection參數:
- 將ca.cert, server.cert與server.key加入在專案picow_https_cert.h中。
- CMakeLists.txt加入:
target_link_libraries(picow_https_server
pico_cyw43_arch_lwip_poll
pico_lwip_sntp
pico_lwip_http
pico_mbedtls
pico_lwip_mbedtls
) - 在lwipopts.conf加入:
/* in Pico-SDK above 1.5.0 */ #define MEMP_NUM_SYS_TIMEOUT (LWIP_NUM_SYS_TIMEOUT_INTERNAL+1) /* TCP WND must be at least 16 kb to match TLS record size or you will get a warning "altcp_tls: TCP_WND is smaller than the RX decrypion buffer, connection RX might stall!" */ // tls #undef TCP_WND #define TCP_WND 16384 #define LWIP_ALTCP 1 #define LWIP_ALTCP_TLS 1 #define LWIP_ALTCP_TLS_MBEDTLS 1 #define LWIP_DEBUG 1 #define ALTCP_MBEDTLS_DEBUG LWIP_DBG_ON /* set authmode */ #define ALTCP_MBEDTLS_AUTHMODE MBEDTLS_SSL_VERIFY_NONE //#define ALTCP_MBEDTLS_AUTHMODE MBEDTLS_SSL_VERIFY_REQUIRED - 設定tls config:
加入self-signed root CA certificate, server certificate and server private key
tls_config = altcp_tls_create_config_server_privkey_cert(SERVER_KEY, sizeof(SERVER_KEY), NULL, 0, SERVER_CERT, sizeof(SERVER_CERT));
mbedtls_x509_crt_parse(tls_config->cert, CA_CERT, sizeof(CA_CERT));
五、設定https server:
這個專案將web page files放在SD卡上,先mount SD在設定root path有關pico SD storage driver請參閱前面文章
https server如何讀取page file,修改自LwIP的fs_example.c範例程式。
- mount SD:
if (f_mount(&fs, SDMMC_PATH, 1) != FR_OK) {
printf("mount error\n");
return 0;
} - 設定web server root path:
fs_ex_init(SDMMC_PATH"/"); - 啟用https:
httpd_inits(tls_config);
使用broswer, curl與wget使令測試,過程如下列影片。
六、成果影片
七、程式碼
- CMakeLists.txt
# Generated Cmake Pico project file cmake_minimum_required(VERSION 3.13) set(CMAKE_C_STANDARD 11) set(CMAKE_CXX_STANDARD 17) # Initialise pico_sdk from installed location # (note this can come from environment, CMake cache etc) set(PICO_SDK_PATH "/home/duser/pico/pico-sdk") set(PICO_BOARD pico_w CACHE STRING "Board type") # Pull in Raspberry Pi Pico SDK (must be before project) include(pico_sdk_import.cmake) if (PICO_SDK_VERSION_STRING VERSION_LESS "1.4.0") message(FATAL_ERROR "Raspberry Pi Pico SDK version 1.4.0 (or later) required. Your version is ${PICO_SDK_VERSION_STRING}") endif() project(picow_https_server C CXX ASM) # Initialise the Raspberry Pi Pico SDK pico_sdk_init() # Add executable. Default name is the project name, version 0.1 add_executable(picow_https_server picow_https_server.c fs_example.c) add_definitions( -DSNTP_SERVER_DNS=1 -DSNTP_SERVER_ADDRESS="pool.ntp.org" -DSNTP_SET_SYSTEM_TIME=sntp_set_system_time -DSNTP_STARTUP_DELAY=0 ) pico_set_program_name(picow_https_server "picow_https_server") pico_set_program_version(picow_https_server "0.1") pico_enable_stdio_uart(picow_https_server 1) pico_enable_stdio_usb(picow_https_server 0) # Add the standard library to the build target_link_libraries(picow_https_server pico_stdlib) # Add the standard include files to the build target_include_directories(picow_https_server PRIVATE ${CMAKE_CURRENT_LIST_DIR} ${CMAKE_CURRENT_LIST_DIR}/.. # for our common lwipopts or any other standard includes, if required ) # Add any user requested libraries target_link_libraries(picow_https_server pico_cyw43_arch_lwip_poll pico_lwip_sntp pico_lwip_http pico_mbedtls pico_lwip_mbedtls ) add_subdirectory(pico_storage_drv) target_link_libraries(picow_https_server pico_storage_drv ) pico_add_extra_outputs(picow_https_server)
- picow_https_server.c
#include < stdio.h > #include "pico/stdlib.h" #include "pico/cyw43_arch.h" #include "lwip/altcp_tls.h" #include "lwip/altcp_tcp.h" #include "lwip/altcp.h" #include "lwip/apps/httpd.h" #include "lwip/apps/sntp.h" #include "picow_https_cert.h" #include "ff.h" #include "pico_storage.h" #define WIFI_SSID "your-ssid" #define WIFI_PASSWORD "your-password" struct altcp_tls_config { mbedtls_ssl_config conf; mbedtls_x509_crt *cert; mbedtls_pk_context *pkey; u8_t cert_count; u8_t cert_max; u8_t pkey_count; u8_t pkey_max; mbedtls_x509_crt *ca; #if defined(MBEDTLS_SSL_CACHE_C) && ALTCP_MBEDTLS_USE_SESSION_CACHE /** Inter-connection cache for fast connection startup */ struct mbedtls_ssl_cache_context cache; #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) && ALTCP_MBEDTLS_USE_SESSION_TICKETS mbedtls_ssl_ticket_context ticket_ctx; #endif }; struct altcp_tls_config *tls_config = NULL; void fs_ex_init(const char *httpd_root_dir); void netif_status_cb(struct netif *netif) { if (netif_is_link_up(netif)) { ip_addr_t ipaddr; ip_addr_t netmask; ip_addr_t gateway; ipaddr_aton("192.168.1.70", &ipaddr); ipaddr_aton("255.255.255.0", &netmask); ipaddr_aton("192.168.1.1", &gateway); netif_set_addr(netif, &ipaddr, &netmask, &gateway); } } void sntp_set_system_time(uint32_t sec, uint32_t us) { struct tm info; time_t tim = sec; struct timeval tmv; tmv.tv_sec=sec; tmv.tv_usec=us; settimeofday(&tmv, 0); printf("set time :%s\n", ctime(&tim)); sntp_stop(); } int main() { stdio_init_all(); if (cyw43_arch_init()) { printf("cyw43 arch init error\n"); return 0; } //1. connect to WiFi network and set static IP cyw43_arch_enable_sta_mode(); netif_set_status_callback(netif_default, netif_status_cb); int wifi_stat = cyw43_arch_wifi_connect_timeout_ms(WIFI_SSID, WIFI_PASSWORD, CYW43_AUTH_WPA2_AES_PSK, 30000); if (wifi_stat) { printf("wifi connect error:%d\n", wifi_stat); return 0; } printf("Wifi connected\n"); printf("get ip addr:%s\n",ipaddr_ntoa(&(cyw43_state.netif[0].ip_addr))); // 2. set SNTP sntp_setoperatingmode(SNTP_OPMODE_POLL); sntp_init(); // 3. set TLS connection tls_config = altcp_tls_create_config_server_privkey_cert(SERVER_KEY, sizeof(SERVER_KEY), NULL, 0, SERVER_CERT, sizeof(SERVER_CERT)); mbedtls_x509_crt_parse(tls_config->cert, CA_CERT, sizeof(CA_CERT)); //4. mount FS in SD card and start https server FATFS fs; FIL fil; FRESULT res; if (f_mount(&fs, SDMMC_PATH, 1) != FR_OK) { printf("mount error\n"); return 0; } fs_ex_init(SDMMC_PATH"/"); httpd_inits(tls_config); time_t tm; while(1) { cyw43_arch_poll(); sleep_ms(50); } return 0; }
- fs_example.c
/** * @file * HTTPD custom file system example * * This file demonstrates how to add support for an external file system to httpd. * It provides access to the specified root directory and uses stdio.h file functions * to read files. * * ATTENTION: This implementation is *not* secure: no checks are added to ensure * files are only read below the specified root directory! */ /* * Copyright (c) 2017 Simon Goldschmidt * All rights reserved. * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT * SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT * OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY * OF SUCH DAMAGE. * * This file is part of the lwIP TCP/IP stack. * * Author: Simon Goldschmidt < goldsimon@gmx.de > * */ #include "lwip/opt.h" #include "lwip/apps/fs.h" #include "lwip/def.h" #include "lwip/mem.h" #include "stdio.h" #include "string.h" #include "ff.h" #include "pico_storage.h" /** define LWIP_HTTPD_EXAMPLE_CUSTOMFILES to 1 to enable this file system */ #ifndef LWIP_HTTPD_EXAMPLE_CUSTOMFILES #define LWIP_HTTPD_EXAMPLE_CUSTOMFILES 1 #endif /** define LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED to 1 to delay open and read * as if e.g. reading from external SPI flash */ #ifndef LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED #define LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED 0 #endif /** define LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ to the number of bytes * to read to emulate limited transfer buffers and don't read whole files in * one chunk. * WARNING: lowering this slows down the connection! */ #ifndef LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ #define LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ 0 #endif #if LWIP_HTTPD_EXAMPLE_CUSTOMFILES #if !LWIP_HTTPD_CUSTOM_FILES #error This needs LWIP_HTTPD_CUSTOM_FILES #endif #if !LWIP_HTTPD_DYNAMIC_HEADERS #error This needs LWIP_HTTPD_DYNAMIC_HEADERS #endif #if !LWIP_HTTPD_DYNAMIC_FILE_READ #error This wants to demonstrate read-after-open, so LWIP_HTTPD_DYNAMIC_FILE_READ is required! #endif #if !LWIP_HTTPD_FS_ASYNC_READ #error This needs LWIP_HTTPD_FS_ASYNC_READ #endif #if !LWIP_HTTPD_FILE_EXTENSION #error This needs LWIP_HTTPD_FILE_EXTENSION #endif #if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED #include "lwip/tcpip.h" #endif struct fs_custom_data { //FILE *f; FIL *f; #if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED int delay_read; fs_wait_cb callback_fn; void *callback_arg; #endif }; const char* fs_ex_root_dir; void fs_ex_init(const char *httpd_root_dir) { fs_ex_root_dir = strdup(httpd_root_dir); } #if LWIP_HTTPD_CUSTOM_FILES int fs_open_custom(struct fs_file *file, const char *name) { char full_filename[256]; //FILE *f; FIL f; FRESULT res; snprintf(full_filename, 255, "%s%s", fs_ex_root_dir, name); full_filename[255] = 0; //f = fopen(full_filename, "rb"); res =f_open(&f, full_filename, FA_READ); //if (f != NULL) { if (res == FR_OK) { //if (!fseek(f, 0, SEEK_END)) { if (f_lseek(&f, 0) == FR_OK) { //int len = (int)ftell(f); int len = (int)f_size(&f); //if(!fseek(f, 0, SEEK_SET)) { struct fs_custom_data *data = (struct fs_custom_data *)mem_malloc(sizeof(struct fs_custom_data)); LWIP_ASSERT("out of memory?", data != NULL); memset(file, 0, sizeof(struct fs_file)); #if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED file->len = 0; /* read size delayed */ data->delay_read = 3; LWIP_UNUSED_ARG(len); #else file->len = len; #endif file->flags = FS_FILE_FLAGS_HEADER_PERSISTENT; data->f = &f; file->pextension = data; return 1; //} } //fclose(f); f_close(&f); } return 0; } void fs_close_custom(struct fs_file *file) { if (file && file->pextension) { struct fs_custom_data *data = (struct fs_custom_data *)file->pextension; if (data->f != NULL) { //fclose(data->f); f_close(data->f); data->f = NULL; } mem_free(data); } } #if LWIP_HTTPD_FS_ASYNC_READ u8_t fs_canread_custom(struct fs_file *file) { /* This function is only necessary for asynchronous I/O: If reading would block, return 0 and implement fs_wait_read_custom() to call the supplied callback if reading works. */ #if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED struct fs_custom_data *data; LWIP_ASSERT("file != NULL", file != NULL); data = (struct fs_custom_data *)file->pextension; if (data == NULL) { /* file transfer has been completed already */ LWIP_ASSERT("transfer complete", file->index == file->len); return 1; } LWIP_ASSERT("data != NULL", data != NULL); /* This just simulates a simple delay. This delay would normally come e.g. from SPI transfer */ if (data->delay_read == 3) { /* delayed file size mode */ data->delay_read = 1; LWIP_ASSERT("", file->len == 0); if (!fseek(data->f, 0, SEEK_END)) { int len = (int)ftell(data->f); if(!fseek(data->f, 0, SEEK_SET)) { file->len = len; /* read size delayed */ data->delay_read = 1; return 0; } } /* if we come here, something is wrong with the file */ LWIP_ASSERT("file error", 0); } if (data->delay_read == 1) { /* tell read function to delay further */ } #endif LWIP_UNUSED_ARG(file); return 1; } #if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED static void fs_example_read_cb(void *arg) { struct fs_custom_data *data = (struct fs_custom_data *)arg; fs_wait_cb callback_fn = data->callback_fn; void *callback_arg = data->callback_arg; data->callback_fn = NULL; data->callback_arg = NULL; LWIP_ASSERT("no callback_fn", callback_fn != NULL); callback_fn(callback_arg); } #endif u8_t fs_wait_read_custom(struct fs_file *file, fs_wait_cb callback_fn, void *callback_arg) { #if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED err_t err; struct fs_custom_data *data = (struct fs_custom_data *)file->pextension; LWIP_ASSERT("data not set", data != NULL); data->callback_fn = callback_fn; data->callback_arg = callback_arg; err = tcpip_try_callback(fs_example_read_cb, data); LWIP_ASSERT("out of queue elements?", err == ERR_OK); LWIP_UNUSED_ARG(err); #else LWIP_ASSERT("not implemented in this example configuration", 0); #endif LWIP_UNUSED_ARG(file); LWIP_UNUSED_ARG(callback_fn); LWIP_UNUSED_ARG(callback_arg); /* Return - 0 if ready to read (at least one byte) - 1 if reading should be delayed (call 'tcpip_callback(callback_fn, callback_arg)' when ready) */ return 1; } int fs_read_async_custom(struct fs_file *file, char *buffer, int count, fs_wait_cb callback_fn, void *callback_arg) { struct fs_custom_data *data = (struct fs_custom_data *)file->pextension; //FILE *f; FIL *f; int len; int read_count = count; LWIP_ASSERT("data not set", data != NULL); #if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED /* This just simulates a delay. This delay would normally come e.g. from SPI transfer */ LWIP_ASSERT("invalid state", data->delay_read >= 0 && data->delay_read <= 2); if (data->delay_read == 2) { /* no delay next time */ data->delay_read = 0; return FS_READ_DELAYED; } else if (data->delay_read == 1) { err_t err; /* execute requested delay */ data->delay_read = 2; LWIP_ASSERT("duplicate callback request", data->callback_fn == NULL); data->callback_fn = callback_fn; data->callback_arg = callback_arg; err = tcpip_try_callback(fs_example_read_cb, data); LWIP_ASSERT("out of queue elements?", err == ERR_OK); LWIP_UNUSED_ARG(err); return FS_READ_DELAYED; } /* execute this read but delay the next one */ data->delay_read = 1; #endif #if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ read_count = LWIP_MIN(read_count, LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ); #endif f = data->f; //len = (int)fread(buffer, 1, read_count, f); f_read(f, buffer,read_count, &len); LWIP_UNUSED_ARG(callback_fn); LWIP_UNUSED_ARG(callback_arg); file->index += len; /* Return - FS_READ_EOF if all bytes have been read - FS_READ_DELAYED if reading is delayed (call 'tcpip_callback(callback_fn, callback_arg)' when done) */ if (len == 0) { /* all bytes read already */ return FS_READ_EOF; } return len; } #else /* LWIP_HTTPD_FS_ASYNC_READ */ int fs_read_custom(struct fs_file *file, char *buffer, int count) { struct fs_custom_data *data = (struct fs_custom_data *)file->pextension; FILE *f; int len; int read_count = count; LWIP_ASSERT("data not set", data != NULL); #if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ read_count = LWIP_MIN(read_count, LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ); #endif f = data->f; len = (int)fread(buffer, 1, read_count, f); file->index += len; /* Return FS_READ_EOF if all bytes have been read */ return len; } #endif /* LWIP_HTTPD_FS_ASYNC_READ */ #endif /* LWIP_HTTPD_CUSTOM_FILES */ #endif /* LWIP_HTTPD_EXAMPLE_CUSTOMFILES */
- lwipopts.h
#ifndef __LWIPOPTS_H__ #define __LWIPOPTS_H__ // Common settings used in most of the pico_w examples // (see https://www.nongnu.org/lwip/2_1_x/group__lwip__opts.html for details) // allow override in some examples #ifndef NO_SYS #define NO_SYS 1 #endif // allow override in some examples #ifndef LWIP_SOCKET #define LWIP_SOCKET 0 #endif #if PICO_CYW43_ARCH_POLL #define MEM_LIBC_MALLOC 1 #else // MEM_LIBC_MALLOC is incompatible with non polling versions #define MEM_LIBC_MALLOC 0 #endif #define MEM_ALIGNMENT 4 #define MEM_SIZE 4000 #define MEMP_NUM_TCP_SEG 32 #define MEMP_NUM_ARP_QUEUE 10 #define PBUF_POOL_SIZE 24 #define LWIP_ARP 1 #define LWIP_ETHERNET 1 #define LWIP_ICMP 1 #define LWIP_RAW 1 #define TCP_WND (8 * TCP_MSS) #define TCP_MSS 1460 #define TCP_SND_BUF (8 * TCP_MSS) #define TCP_SND_QUEUELEN ((4 * (TCP_SND_BUF) + (TCP_MSS - 1)) / (TCP_MSS)) #define LWIP_NETIF_STATUS_CALLBACK 1 #define LWIP_NETIF_LINK_CALLBACK 1 #define LWIP_NETIF_HOSTNAME 1 #define LWIP_NETCONN 0 #define MEM_STATS 0 #define SYS_STATS 0 #define MEMP_STATS 0 #define LINK_STATS 0 // #define ETH_PAD_SIZE 2 #define LWIP_CHKSUM_ALGORITHM 3 #define LWIP_DHCP 1 #define LWIP_IPV4 1 #define LWIP_TCP 1 #define LWIP_UDP 1 #define LWIP_DNS 1 #define LWIP_TCP_KEEPALIVE 1 #define LWIP_NETIF_TX_SINGLE_PBUF 1 #define DHCP_DOES_ARP_CHECK 0 #define LWIP_DHCP_DOES_ACD_CHECK 0 #ifndef NDEBUG #define LWIP_DEBUG 1 #define LWIP_STATS 1 #define LWIP_STATS_DISPLAY 1 #endif #define ETHARP_DEBUG LWIP_DBG_OFF #define NETIF_DEBUG LWIP_DBG_OFF #define PBUF_DEBUG LWIP_DBG_OFF #define API_LIB_DEBUG LWIP_DBG_OFF #define API_MSG_DEBUG LWIP_DBG_OFF #define SOCKETS_DEBUG LWIP_DBG_OFF #define ICMP_DEBUG LWIP_DBG_OFF #define INET_DEBUG LWIP_DBG_OFF #define IP_DEBUG LWIP_DBG_OFF #define IP_REASS_DEBUG LWIP_DBG_OFF #define RAW_DEBUG LWIP_DBG_OFF #define MEM_DEBUG LWIP_DBG_OFF #define MEMP_DEBUG LWIP_DBG_OFF #define SYS_DEBUG LWIP_DBG_OFF #define TCP_DEBUG LWIP_DBG_OFF #define TCP_INPUT_DEBUG LWIP_DBG_OFF #define TCP_OUTPUT_DEBUG LWIP_DBG_OFF #define TCP_RTO_DEBUG LWIP_DBG_OFF #define TCP_CWND_DEBUG LWIP_DBG_OFF #define TCP_WND_DEBUG LWIP_DBG_OFF #define TCP_FR_DEBUG LWIP_DBG_OFF #define TCP_QLEN_DEBUG LWIP_DBG_OFF #define TCP_RST_DEBUG LWIP_DBG_OFF #define UDP_DEBUG LWIP_DBG_OFF #define TCPIP_DEBUG LWIP_DBG_OFF #define PPP_DEBUG LWIP_DBG_OFF #define SLIP_DEBUG LWIP_DBG_OFF #define DHCP_DEBUG LWIP_DBG_OFF /* in Pico-SDK above 1.5.0 */ #define MEMP_NUM_SYS_TIMEOUT (LWIP_NUM_SYS_TIMEOUT_INTERNAL+1) /* TCP WND must be at least 16 kb to match TLS record size or you will get a warning "altcp_tls: TCP_WND is smaller than the RX decrypion buffer, connection RX might stall!" */ // tls #undef TCP_WND #define TCP_WND 16384 #define LWIP_ALTCP 1 #define LWIP_ALTCP_TLS 1 #define LWIP_ALTCP_TLS_MBEDTLS 1 #define LWIP_DEBUG 1 #define ALTCP_MBEDTLS_DEBUG LWIP_DBG_ON /* set authmode */ #define ALTCP_MBEDTLS_AUTHMODE MBEDTLS_SSL_VERIFY_NONE //#define ALTCP_MBEDTLS_AUTHMODE MBEDTLS_SSL_VERIFY_REQUIRED // httpd #define HTTPD_ENABLE_HTTPS 1 // enable https #define LWIP_HTTPD 1 //#define LWIP_HTTPD_SSI 1 //#define LWIP_HTTPD_CGI 1 //#define LWIP_HTTPD_SSI_MULTIPART 1 //#define LWIP_HTTPD_SUPPORT_POST 1 //#define LWIP_HTTPD_SSI_INCLUDE_TAG 0 // extern wbe page files #define LWIP_HTTPD_CUSTOM_FILES 1 #define LWIP_HTTPD_DYNAMIC_HEADERS 1 #define LWIP_HTTPD_FS_ASYNC_READ 1 #define LWIP_HTTPD_DYNAMIC_FILE_READ 1 #define LWIP_HTTPD_FILE_EXTENSION 1 #endif /* __LWIPOPTS_H__ */
- mbedtls_config.h
/* Workaround for some mbedtls source files using INT_MAX without including limits.h */ #include <limits.h> #define MBEDTLS_NO_PLATFORM_ENTROPY #define MBEDTLS_ENTROPY_HARDWARE_ALT #define MBEDTLS_SSL_OUT_CONTENT_LEN 2048 #define MBEDTLS_ALLOW_PRIVATE_ACCESS #define MBEDTLS_HAVE_TIME #define MBEDTLS_HAVE_TIME_DATE #define MBEDTLS_CIPHER_MODE_CBC #define MBEDTLS_ECP_DP_SECP192R1_ENABLED #define MBEDTLS_ECP_DP_SECP224R1_ENABLED #define MBEDTLS_ECP_DP_SECP256R1_ENABLED #define MBEDTLS_ECP_DP_SECP384R1_ENABLED #define MBEDTLS_ECP_DP_SECP521R1_ENABLED #define MBEDTLS_ECP_DP_SECP192K1_ENABLED #define MBEDTLS_ECP_DP_SECP224K1_ENABLED #define MBEDTLS_ECP_DP_SECP256K1_ENABLED #define MBEDTLS_ECP_DP_BP256R1_ENABLED #define MBEDTLS_ECP_DP_BP384R1_ENABLED #define MBEDTLS_ECP_DP_BP512R1_ENABLED #define MBEDTLS_ECP_DP_CURVE25519_ENABLED #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #define MBEDTLS_PKCS1_V15 #define MBEDTLS_SHA256_SMALLER #define MBEDTLS_SSL_SERVER_NAME_INDICATION #define MBEDTLS_AES_C #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_BIGNUM_C #define MBEDTLS_CIPHER_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C #define MBEDTLS_ERROR_C #define MBEDTLS_MD_C #define MBEDTLS_MD5_C #define MBEDTLS_OID_C #define MBEDTLS_PKCS5_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C #define MBEDTLS_PLATFORM_C #define MBEDTLS_RSA_C #define MBEDTLS_SHA1_C #define MBEDTLS_SHA224_C #define MBEDTLS_SHA256_C #define MBEDTLS_SHA512_C #define MBEDTLS_SSL_CLI_C #define MBEDTLS_SSL_SRV_C #define MBEDTLS_SSL_TLS_C #define MBEDTLS_X509_CRT_PARSE_C #define MBEDTLS_X509_USE_C #define MBEDTLS_AES_FEWER_TABLES /* TLS 1.2 */ #define MBEDTLS_SSL_PROTO_TLS1_2 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #define MBEDTLS_GCM_C #define MBEDTLS_ECDH_C #define MBEDTLS_ECP_C #define MBEDTLS_ECDSA_C #define MBEDTLS_ASN1_WRITE_C // The following is needed to parse a certificate #define MBEDTLS_PEM_PARSE_C #define MBEDTLS_BASE64_C
沒有留言:
張貼留言