本篇文章介紹使用Pico-SDK 結合LwIP and MbedTLS 在Raspberry Pi Pico W上建立HTTPS(Secure HTTP) server。本專案會使用LwIP 中SNTP and HTTP Application。詳細步驟如下說明:
一、連線WiFi並設定static IP:
cyw43_arch_enable_sta_mode();
netif_set_status_callback(netif_default, netif_status_cb);
cyw43_arch_wifi_connect_timeout_ms(WIFI_SSID, WIFI_PASSWORD, CYW43_AUTH_WPA2_AES_PSK, 30000);
使用netif_set_status_callback當成功連上WiFi時呼叫netif_status_cb設定Static IP。
二、以LwIP SNTP application設定系統時間。
在CMakeLists.txt加入:
add_definitions(
-DSNTP_SERVER_DNS=1
-DSNTP_SERVER_ADDRESS="pool.ntp.org"
-DSNTP_SET_SYSTEM_TIME=sntp_set_system_time
-DSNTP_STARTUP_DELAY=0
)
sntp_set_system_time為SNTP client取得資料時呼叫的callback function。
在程式中呼叫
sntp_setoperatingmode(SNTP_OPMODE_POLL);
sntp_init();
以啟用SNTP client。
三、建立self-signed Server Side Certificates:
- openssl genrsa -des3 -out ca.key 2048:
建立Root CA key。 - openssl req -new -x509 -days 3650 -key ca.key -out ca.cert:
建立self-signed root Certificate。 - openssl genrsa -out server.key 2048:
建立server side private key。 - openssl req -new -out server.csr -key server.key
使用server key製作server憑證需求(certificate request) - openssl x509 -req -in server.csr -CA ca.cert -CAkey ca.key -CAcreateserial -out server.cert -days 365
使用root CA ca.cert簽署server side certificate。
四、設定MbedTLS的TLS connection參數:
- 將ca.cert, server.cert與server.key加入在專案picow_https_cert.h中。
- CMakeLists.txt加入:
target_link_libraries(picow_https_server
pico_cyw43_arch_lwip_poll
pico_lwip_sntp
pico_lwip_http
pico_mbedtls
pico_lwip_mbedtls
) - 在lwipopts.conf加入:
/* in Pico-SDK above 1.5.0 */ #define MEMP_NUM_SYS_TIMEOUT (LWIP_NUM_SYS_TIMEOUT_INTERNAL+1) /* TCP WND must be at least 16 kb to match TLS record size or you will get a warning "altcp_tls: TCP_WND is smaller than the RX decrypion buffer, connection RX might stall!" */ // tls #undef TCP_WND #define TCP_WND 16384 #define LWIP_ALTCP 1 #define LWIP_ALTCP_TLS 1 #define LWIP_ALTCP_TLS_MBEDTLS 1 #define LWIP_DEBUG 1 #define ALTCP_MBEDTLS_DEBUG LWIP_DBG_ON /* set authmode */ #define ALTCP_MBEDTLS_AUTHMODE MBEDTLS_SSL_VERIFY_NONE //#define ALTCP_MBEDTLS_AUTHMODE MBEDTLS_SSL_VERIFY_REQUIRED - 設定tls config:
加入self-signed root CA certificate, server certificate and server private key
tls_config = altcp_tls_create_config_server_privkey_cert(SERVER_KEY, sizeof(SERVER_KEY), NULL, 0, SERVER_CERT, sizeof(SERVER_CERT));
mbedtls_x509_crt_parse(tls_config->cert, CA_CERT, sizeof(CA_CERT));
五、設定https server:
這個專案將web page files放在SD卡上,先mount SD在設定root path有關pico SD storage driver請參閱前面文章
https server如何讀取page file,修改自LwIP的fs_example.c範例程式。
- mount SD:
if (f_mount(&fs, SDMMC_PATH, 1) != FR_OK) {
printf("mount error\n");
return 0;
} - 設定web server root path:
fs_ex_init(SDMMC_PATH"/"); - 啟用https:
httpd_inits(tls_config);
使用broswer, curl與wget使令測試,過程如下列影片。
六、成果影片
七、程式碼
- CMakeLists.txt
# Generated Cmake Pico project file
cmake_minimum_required(VERSION 3.13)
set(CMAKE_C_STANDARD 11)
set(CMAKE_CXX_STANDARD 17)
# Initialise pico_sdk from installed location
# (note this can come from environment, CMake cache etc)
set(PICO_SDK_PATH "/home/duser/pico/pico-sdk")
set(PICO_BOARD pico_w CACHE STRING "Board type")
# Pull in Raspberry Pi Pico SDK (must be before project)
include(pico_sdk_import.cmake)
if (PICO_SDK_VERSION_STRING VERSION_LESS "1.4.0")
message(FATAL_ERROR "Raspberry Pi Pico SDK version 1.4.0 (or later) required. Your version is ${PICO_SDK_VERSION_STRING}")
endif()
project(picow_https_server C CXX ASM)
# Initialise the Raspberry Pi Pico SDK
pico_sdk_init()
# Add executable. Default name is the project name, version 0.1
add_executable(picow_https_server
picow_https_server.c
fs_example.c)
add_definitions(
-DSNTP_SERVER_DNS=1
-DSNTP_SERVER_ADDRESS="pool.ntp.org"
-DSNTP_SET_SYSTEM_TIME=sntp_set_system_time
-DSNTP_STARTUP_DELAY=0
)
pico_set_program_name(picow_https_server "picow_https_server")
pico_set_program_version(picow_https_server "0.1")
pico_enable_stdio_uart(picow_https_server 1)
pico_enable_stdio_usb(picow_https_server 0)
# Add the standard library to the build
target_link_libraries(picow_https_server
pico_stdlib)
# Add the standard include files to the build
target_include_directories(picow_https_server PRIVATE
${CMAKE_CURRENT_LIST_DIR}
${CMAKE_CURRENT_LIST_DIR}/.. # for our common lwipopts or any other standard includes, if required
)
# Add any user requested libraries
target_link_libraries(picow_https_server
pico_cyw43_arch_lwip_poll
pico_lwip_sntp
pico_lwip_http
pico_mbedtls
pico_lwip_mbedtls
)
add_subdirectory(pico_storage_drv)
target_link_libraries(picow_https_server
pico_storage_drv
)
pico_add_extra_outputs(picow_https_server)
- picow_https_server.c
#include < stdio.h >
#include "pico/stdlib.h"
#include "pico/cyw43_arch.h"
#include "lwip/altcp_tls.h"
#include "lwip/altcp_tcp.h"
#include "lwip/altcp.h"
#include "lwip/apps/httpd.h"
#include "lwip/apps/sntp.h"
#include "picow_https_cert.h"
#include "ff.h"
#include "pico_storage.h"
#define WIFI_SSID "your-ssid"
#define WIFI_PASSWORD "your-password"
struct altcp_tls_config {
mbedtls_ssl_config conf;
mbedtls_x509_crt *cert;
mbedtls_pk_context *pkey;
u8_t cert_count;
u8_t cert_max;
u8_t pkey_count;
u8_t pkey_max;
mbedtls_x509_crt *ca;
#if defined(MBEDTLS_SSL_CACHE_C) && ALTCP_MBEDTLS_USE_SESSION_CACHE
/** Inter-connection cache for fast connection startup */
struct mbedtls_ssl_cache_context cache;
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && ALTCP_MBEDTLS_USE_SESSION_TICKETS
mbedtls_ssl_ticket_context ticket_ctx;
#endif
};
struct altcp_tls_config *tls_config = NULL;
void fs_ex_init(const char *httpd_root_dir);
void netif_status_cb(struct netif *netif) {
if (netif_is_link_up(netif)) {
ip_addr_t ipaddr;
ip_addr_t netmask;
ip_addr_t gateway;
ipaddr_aton("192.168.1.70", &ipaddr);
ipaddr_aton("255.255.255.0", &netmask);
ipaddr_aton("192.168.1.1", &gateway);
netif_set_addr(netif, &ipaddr, &netmask, &gateway);
}
}
void sntp_set_system_time(uint32_t sec, uint32_t us)
{
struct tm info;
time_t tim = sec;
struct timeval tmv;
tmv.tv_sec=sec;
tmv.tv_usec=us;
settimeofday(&tmv, 0);
printf("set time :%s\n", ctime(&tim));
sntp_stop();
}
int main()
{
stdio_init_all();
if (cyw43_arch_init()) {
printf("cyw43 arch init error\n");
return 0;
}
//1. connect to WiFi network and set static IP
cyw43_arch_enable_sta_mode();
netif_set_status_callback(netif_default, netif_status_cb);
int wifi_stat = cyw43_arch_wifi_connect_timeout_ms(WIFI_SSID, WIFI_PASSWORD, CYW43_AUTH_WPA2_AES_PSK, 30000);
if (wifi_stat) {
printf("wifi connect error:%d\n", wifi_stat);
return 0;
}
printf("Wifi connected\n");
printf("get ip addr:%s\n",ipaddr_ntoa(&(cyw43_state.netif[0].ip_addr)));
// 2. set SNTP
sntp_setoperatingmode(SNTP_OPMODE_POLL);
sntp_init();
// 3. set TLS connection
tls_config = altcp_tls_create_config_server_privkey_cert(SERVER_KEY, sizeof(SERVER_KEY), NULL, 0, SERVER_CERT, sizeof(SERVER_CERT));
mbedtls_x509_crt_parse(tls_config->cert, CA_CERT, sizeof(CA_CERT));
//4. mount FS in SD card and start https server
FATFS fs;
FIL fil;
FRESULT res;
if (f_mount(&fs, SDMMC_PATH, 1) != FR_OK) {
printf("mount error\n");
return 0;
}
fs_ex_init(SDMMC_PATH"/");
httpd_inits(tls_config);
time_t tm;
while(1) {
cyw43_arch_poll();
sleep_ms(50);
}
return 0;
}
- fs_example.c
/**
* @file
* HTTPD custom file system example
*
* This file demonstrates how to add support for an external file system to httpd.
* It provides access to the specified root directory and uses stdio.h file functions
* to read files.
*
* ATTENTION: This implementation is *not* secure: no checks are added to ensure
* files are only read below the specified root directory!
*/
/*
* Copyright (c) 2017 Simon Goldschmidt
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification,
* are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
* SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
* OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
* OF SUCH DAMAGE.
*
* This file is part of the lwIP TCP/IP stack.
*
* Author: Simon Goldschmidt < goldsimon@gmx.de >
*
*/
#include "lwip/opt.h"
#include "lwip/apps/fs.h"
#include "lwip/def.h"
#include "lwip/mem.h"
#include "stdio.h"
#include "string.h"
#include "ff.h"
#include "pico_storage.h"
/** define LWIP_HTTPD_EXAMPLE_CUSTOMFILES to 1 to enable this file system */
#ifndef LWIP_HTTPD_EXAMPLE_CUSTOMFILES
#define LWIP_HTTPD_EXAMPLE_CUSTOMFILES 1
#endif
/** define LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED to 1 to delay open and read
* as if e.g. reading from external SPI flash */
#ifndef LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED
#define LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED 0
#endif
/** define LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ to the number of bytes
* to read to emulate limited transfer buffers and don't read whole files in
* one chunk.
* WARNING: lowering this slows down the connection!
*/
#ifndef LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ
#define LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ 0
#endif
#if LWIP_HTTPD_EXAMPLE_CUSTOMFILES
#if !LWIP_HTTPD_CUSTOM_FILES
#error This needs LWIP_HTTPD_CUSTOM_FILES
#endif
#if !LWIP_HTTPD_DYNAMIC_HEADERS
#error This needs LWIP_HTTPD_DYNAMIC_HEADERS
#endif
#if !LWIP_HTTPD_DYNAMIC_FILE_READ
#error This wants to demonstrate read-after-open, so LWIP_HTTPD_DYNAMIC_FILE_READ is required!
#endif
#if !LWIP_HTTPD_FS_ASYNC_READ
#error This needs LWIP_HTTPD_FS_ASYNC_READ
#endif
#if !LWIP_HTTPD_FILE_EXTENSION
#error This needs LWIP_HTTPD_FILE_EXTENSION
#endif
#if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED
#include "lwip/tcpip.h"
#endif
struct fs_custom_data {
//FILE *f;
FIL *f;
#if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED
int delay_read;
fs_wait_cb callback_fn;
void *callback_arg;
#endif
};
const char* fs_ex_root_dir;
void
fs_ex_init(const char *httpd_root_dir)
{
fs_ex_root_dir = strdup(httpd_root_dir);
}
#if LWIP_HTTPD_CUSTOM_FILES
int
fs_open_custom(struct fs_file *file, const char *name)
{
char full_filename[256];
//FILE *f;
FIL f;
FRESULT res;
snprintf(full_filename, 255, "%s%s", fs_ex_root_dir, name);
full_filename[255] = 0;
//f = fopen(full_filename, "rb");
res =f_open(&f, full_filename, FA_READ);
//if (f != NULL) {
if (res == FR_OK) {
//if (!fseek(f, 0, SEEK_END)) {
if (f_lseek(&f, 0) == FR_OK) {
//int len = (int)ftell(f);
int len = (int)f_size(&f);
//if(!fseek(f, 0, SEEK_SET)) {
struct fs_custom_data *data = (struct fs_custom_data *)mem_malloc(sizeof(struct fs_custom_data));
LWIP_ASSERT("out of memory?", data != NULL);
memset(file, 0, sizeof(struct fs_file));
#if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED
file->len = 0; /* read size delayed */
data->delay_read = 3;
LWIP_UNUSED_ARG(len);
#else
file->len = len;
#endif
file->flags = FS_FILE_FLAGS_HEADER_PERSISTENT;
data->f = &f;
file->pextension = data;
return 1;
//}
}
//fclose(f);
f_close(&f);
}
return 0;
}
void
fs_close_custom(struct fs_file *file)
{
if (file && file->pextension) {
struct fs_custom_data *data = (struct fs_custom_data *)file->pextension;
if (data->f != NULL) {
//fclose(data->f);
f_close(data->f);
data->f = NULL;
}
mem_free(data);
}
}
#if LWIP_HTTPD_FS_ASYNC_READ
u8_t
fs_canread_custom(struct fs_file *file)
{
/* This function is only necessary for asynchronous I/O:
If reading would block, return 0 and implement fs_wait_read_custom() to call the
supplied callback if reading works. */
#if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED
struct fs_custom_data *data;
LWIP_ASSERT("file != NULL", file != NULL);
data = (struct fs_custom_data *)file->pextension;
if (data == NULL) {
/* file transfer has been completed already */
LWIP_ASSERT("transfer complete", file->index == file->len);
return 1;
}
LWIP_ASSERT("data != NULL", data != NULL);
/* This just simulates a simple delay. This delay would normally come e.g. from SPI transfer */
if (data->delay_read == 3) {
/* delayed file size mode */
data->delay_read = 1;
LWIP_ASSERT("", file->len == 0);
if (!fseek(data->f, 0, SEEK_END)) {
int len = (int)ftell(data->f);
if(!fseek(data->f, 0, SEEK_SET)) {
file->len = len; /* read size delayed */
data->delay_read = 1;
return 0;
}
}
/* if we come here, something is wrong with the file */
LWIP_ASSERT("file error", 0);
}
if (data->delay_read == 1) {
/* tell read function to delay further */
}
#endif
LWIP_UNUSED_ARG(file);
return 1;
}
#if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED
static void
fs_example_read_cb(void *arg)
{
struct fs_custom_data *data = (struct fs_custom_data *)arg;
fs_wait_cb callback_fn = data->callback_fn;
void *callback_arg = data->callback_arg;
data->callback_fn = NULL;
data->callback_arg = NULL;
LWIP_ASSERT("no callback_fn", callback_fn != NULL);
callback_fn(callback_arg);
}
#endif
u8_t
fs_wait_read_custom(struct fs_file *file, fs_wait_cb callback_fn, void *callback_arg)
{
#if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED
err_t err;
struct fs_custom_data *data = (struct fs_custom_data *)file->pextension;
LWIP_ASSERT("data not set", data != NULL);
data->callback_fn = callback_fn;
data->callback_arg = callback_arg;
err = tcpip_try_callback(fs_example_read_cb, data);
LWIP_ASSERT("out of queue elements?", err == ERR_OK);
LWIP_UNUSED_ARG(err);
#else
LWIP_ASSERT("not implemented in this example configuration", 0);
#endif
LWIP_UNUSED_ARG(file);
LWIP_UNUSED_ARG(callback_fn);
LWIP_UNUSED_ARG(callback_arg);
/* Return
- 0 if ready to read (at least one byte)
- 1 if reading should be delayed (call 'tcpip_callback(callback_fn, callback_arg)' when ready) */
return 1;
}
int
fs_read_async_custom(struct fs_file *file, char *buffer, int count, fs_wait_cb callback_fn, void *callback_arg)
{
struct fs_custom_data *data = (struct fs_custom_data *)file->pextension;
//FILE *f;
FIL *f;
int len;
int read_count = count;
LWIP_ASSERT("data not set", data != NULL);
#if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_DELAYED
/* This just simulates a delay. This delay would normally come e.g. from SPI transfer */
LWIP_ASSERT("invalid state", data->delay_read >= 0 && data->delay_read <= 2);
if (data->delay_read == 2) {
/* no delay next time */
data->delay_read = 0;
return FS_READ_DELAYED;
} else if (data->delay_read == 1) {
err_t err;
/* execute requested delay */
data->delay_read = 2;
LWIP_ASSERT("duplicate callback request", data->callback_fn == NULL);
data->callback_fn = callback_fn;
data->callback_arg = callback_arg;
err = tcpip_try_callback(fs_example_read_cb, data);
LWIP_ASSERT("out of queue elements?", err == ERR_OK);
LWIP_UNUSED_ARG(err);
return FS_READ_DELAYED;
}
/* execute this read but delay the next one */
data->delay_read = 1;
#endif
#if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ
read_count = LWIP_MIN(read_count, LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ);
#endif
f = data->f;
//len = (int)fread(buffer, 1, read_count, f);
f_read(f, buffer,read_count, &len);
LWIP_UNUSED_ARG(callback_fn);
LWIP_UNUSED_ARG(callback_arg);
file->index += len;
/* Return
- FS_READ_EOF if all bytes have been read
- FS_READ_DELAYED if reading is delayed (call 'tcpip_callback(callback_fn, callback_arg)' when done) */
if (len == 0) {
/* all bytes read already */
return FS_READ_EOF;
}
return len;
}
#else /* LWIP_HTTPD_FS_ASYNC_READ */
int
fs_read_custom(struct fs_file *file, char *buffer, int count)
{
struct fs_custom_data *data = (struct fs_custom_data *)file->pextension;
FILE *f;
int len;
int read_count = count;
LWIP_ASSERT("data not set", data != NULL);
#if LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ
read_count = LWIP_MIN(read_count, LWIP_HTTPD_EXAMPLE_CUSTOMFILES_LIMIT_READ);
#endif
f = data->f;
len = (int)fread(buffer, 1, read_count, f);
file->index += len;
/* Return FS_READ_EOF if all bytes have been read */
return len;
}
#endif /* LWIP_HTTPD_FS_ASYNC_READ */
#endif /* LWIP_HTTPD_CUSTOM_FILES */
#endif /* LWIP_HTTPD_EXAMPLE_CUSTOMFILES */
- lwipopts.h
#ifndef __LWIPOPTS_H__
#define __LWIPOPTS_H__
// Common settings used in most of the pico_w examples
// (see https://www.nongnu.org/lwip/2_1_x/group__lwip__opts.html for details)
// allow override in some examples
#ifndef NO_SYS
#define NO_SYS 1
#endif
// allow override in some examples
#ifndef LWIP_SOCKET
#define LWIP_SOCKET 0
#endif
#if PICO_CYW43_ARCH_POLL
#define MEM_LIBC_MALLOC 1
#else
// MEM_LIBC_MALLOC is incompatible with non polling versions
#define MEM_LIBC_MALLOC 0
#endif
#define MEM_ALIGNMENT 4
#define MEM_SIZE 4000
#define MEMP_NUM_TCP_SEG 32
#define MEMP_NUM_ARP_QUEUE 10
#define PBUF_POOL_SIZE 24
#define LWIP_ARP 1
#define LWIP_ETHERNET 1
#define LWIP_ICMP 1
#define LWIP_RAW 1
#define TCP_WND (8 * TCP_MSS)
#define TCP_MSS 1460
#define TCP_SND_BUF (8 * TCP_MSS)
#define TCP_SND_QUEUELEN ((4 * (TCP_SND_BUF) + (TCP_MSS - 1)) / (TCP_MSS))
#define LWIP_NETIF_STATUS_CALLBACK 1
#define LWIP_NETIF_LINK_CALLBACK 1
#define LWIP_NETIF_HOSTNAME 1
#define LWIP_NETCONN 0
#define MEM_STATS 0
#define SYS_STATS 0
#define MEMP_STATS 0
#define LINK_STATS 0
// #define ETH_PAD_SIZE 2
#define LWIP_CHKSUM_ALGORITHM 3
#define LWIP_DHCP 1
#define LWIP_IPV4 1
#define LWIP_TCP 1
#define LWIP_UDP 1
#define LWIP_DNS 1
#define LWIP_TCP_KEEPALIVE 1
#define LWIP_NETIF_TX_SINGLE_PBUF 1
#define DHCP_DOES_ARP_CHECK 0
#define LWIP_DHCP_DOES_ACD_CHECK 0
#ifndef NDEBUG
#define LWIP_DEBUG 1
#define LWIP_STATS 1
#define LWIP_STATS_DISPLAY 1
#endif
#define ETHARP_DEBUG LWIP_DBG_OFF
#define NETIF_DEBUG LWIP_DBG_OFF
#define PBUF_DEBUG LWIP_DBG_OFF
#define API_LIB_DEBUG LWIP_DBG_OFF
#define API_MSG_DEBUG LWIP_DBG_OFF
#define SOCKETS_DEBUG LWIP_DBG_OFF
#define ICMP_DEBUG LWIP_DBG_OFF
#define INET_DEBUG LWIP_DBG_OFF
#define IP_DEBUG LWIP_DBG_OFF
#define IP_REASS_DEBUG LWIP_DBG_OFF
#define RAW_DEBUG LWIP_DBG_OFF
#define MEM_DEBUG LWIP_DBG_OFF
#define MEMP_DEBUG LWIP_DBG_OFF
#define SYS_DEBUG LWIP_DBG_OFF
#define TCP_DEBUG LWIP_DBG_OFF
#define TCP_INPUT_DEBUG LWIP_DBG_OFF
#define TCP_OUTPUT_DEBUG LWIP_DBG_OFF
#define TCP_RTO_DEBUG LWIP_DBG_OFF
#define TCP_CWND_DEBUG LWIP_DBG_OFF
#define TCP_WND_DEBUG LWIP_DBG_OFF
#define TCP_FR_DEBUG LWIP_DBG_OFF
#define TCP_QLEN_DEBUG LWIP_DBG_OFF
#define TCP_RST_DEBUG LWIP_DBG_OFF
#define UDP_DEBUG LWIP_DBG_OFF
#define TCPIP_DEBUG LWIP_DBG_OFF
#define PPP_DEBUG LWIP_DBG_OFF
#define SLIP_DEBUG LWIP_DBG_OFF
#define DHCP_DEBUG LWIP_DBG_OFF
/* in Pico-SDK above 1.5.0 */
#define MEMP_NUM_SYS_TIMEOUT (LWIP_NUM_SYS_TIMEOUT_INTERNAL+1)
/* TCP WND must be at least 16 kb to match TLS record size
or you will get a warning "altcp_tls: TCP_WND is smaller than the RX decrypion buffer, connection RX might stall!" */
// tls
#undef TCP_WND
#define TCP_WND 16384
#define LWIP_ALTCP 1
#define LWIP_ALTCP_TLS 1
#define LWIP_ALTCP_TLS_MBEDTLS 1
#define LWIP_DEBUG 1
#define ALTCP_MBEDTLS_DEBUG LWIP_DBG_ON
/* set authmode */
#define ALTCP_MBEDTLS_AUTHMODE MBEDTLS_SSL_VERIFY_NONE
//#define ALTCP_MBEDTLS_AUTHMODE MBEDTLS_SSL_VERIFY_REQUIRED
// httpd
#define HTTPD_ENABLE_HTTPS 1 // enable https
#define LWIP_HTTPD 1
//#define LWIP_HTTPD_SSI 1
//#define LWIP_HTTPD_CGI 1
//#define LWIP_HTTPD_SSI_MULTIPART 1
//#define LWIP_HTTPD_SUPPORT_POST 1
//#define LWIP_HTTPD_SSI_INCLUDE_TAG 0
// extern wbe page files
#define LWIP_HTTPD_CUSTOM_FILES 1
#define LWIP_HTTPD_DYNAMIC_HEADERS 1
#define LWIP_HTTPD_FS_ASYNC_READ 1
#define LWIP_HTTPD_DYNAMIC_FILE_READ 1
#define LWIP_HTTPD_FILE_EXTENSION 1
#endif /* __LWIPOPTS_H__ */
- mbedtls_config.h
/* Workaround for some mbedtls source files using INT_MAX without including limits.h */
#include <limits.h>
#define MBEDTLS_NO_PLATFORM_ENTROPY
#define MBEDTLS_ENTROPY_HARDWARE_ALT
#define MBEDTLS_SSL_OUT_CONTENT_LEN 2048
#define MBEDTLS_ALLOW_PRIVATE_ACCESS
#define MBEDTLS_HAVE_TIME
#define MBEDTLS_HAVE_TIME_DATE
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
#define MBEDTLS_ECP_DP_BP512R1_ENABLED
#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_SHA256_SMALLER
#define MBEDTLS_SSL_SERVER_NAME_INDICATION
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_ERROR_C
#define MBEDTLS_MD_C
#define MBEDTLS_MD5_C
#define MBEDTLS_OID_C
#define MBEDTLS_PKCS5_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_PLATFORM_C
#define MBEDTLS_RSA_C
#define MBEDTLS_SHA1_C
#define MBEDTLS_SHA224_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA512_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_USE_C
#define MBEDTLS_AES_FEWER_TABLES
/* TLS 1.2 */
#define MBEDTLS_SSL_PROTO_TLS1_2
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_GCM_C
#define MBEDTLS_ECDH_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ECDSA_C
#define MBEDTLS_ASN1_WRITE_C
// The following is needed to parse a certificate
#define MBEDTLS_PEM_PARSE_C
#define MBEDTLS_BASE64_C
沒有留言:
張貼留言