network/https_server/main.c

/*******************************************************************************
* # License
* Copyright 2019 Silicon Laboratories Inc. www.silabs.com
*******************************************************************************
*
* The licensor of this software is Silicon Laboratories Inc. Your use of this
* software is governed by the terms of Silicon Labs Master Software License
* Agreement (MSLA) available at
* www.silabs.com/about-us/legal/master-software-license-agreement. This
* software is distributed to you in Source Code format and is governed by the
* sections of the MSLA applicable to Source Code.
*
******************************************************************************/
#include "gos.h"
#include "example_app_util.h"
#define SETTINGS_MAGIC_NUMBER 0x00010000
#define APPLICATION_START_LINE "\r\n\r\nSecure HTTP Server example starting..."
/*************************************************************************************************/
void gos_app_init(void)
{
gos_result_t result;
GOS_LOG(APPLICATION_START_LINE);
if(GOS_FAILED(result, gos_load_app_settings_once("settings.ini", SETTINGS_MAGIC_NUMBER)))
{
GOS_LOG("Failed to load settings, err:%d", result);
return;
}
example_app_util_network_up(GOS_INTERFACE_DEFAULT, true, network_event_handler);
}
/*************************************************************************************************/
static void network_event_handler(bool is_up)
{
if (is_up == true)
{
char buffer[96];
const gos_interface_t interface = gos_network_get_default_interface();
GOS_LOG("Network up");
GOS_LOG("Secure HTTP Server running");
GOS_LOG("\r\n-----------------------------------------------\r\n");
if(interface == GOS_INTERFACE_SOFTAP)
{
GOS_LOG("Connect to the device's SoftAP:");
GOS_LOG(" Name: %s", GOS_GET_SETTING_STR("softap.ssid", buffer));
GOS_GET_SETTING_STR("softap.passkey", buffer);
GOS_LOG(" Password: %s", (buffer[0] == 0) ? "<none>" : buffer);
GOS_LOG("\r\nThen using a web browser, open:\r\n");
GOS_LOG(" (DNS server) https://%s", GOS_GET_SETTING_STR("softap.dns_server.url", buffer));
GOS_LOG("or (IP address) https://%s", GOS_GET_SETTING_STR("softap.static.ip", buffer));
GOS_LOG("\r\nDepending on which hostname you used to generate the server cert.");
}
else if(interface == GOS_INTERFACE_WLAN)
{
GOS_LOG("Connect to the local network:");
GOS_LOG(" Name: %s", GOS_GET_SETTING_STR("wlan.ssid", buffer));
GOS_LOG("\r\nThen using a web browser, open:\r\n");
GOS_LOG(" (mDNS server) https://%s", GOS_GET_SETTING_STR("mdns.hostname", buffer));
GOS_LOG("or (IP address) https://%s", GOS_GET_SETTING_STR("wlan.network.ip", buffer));
GOS_LOG("\r\nDepending on which hostname you used to generate the server cert.");
}
else if(interface == GOS_INTERFACE_ETHERNET)
{
GOS_LOG("Connect to the local network");
GOS_LOG("\r\nThen using a web browser, open:\r\n");
GOS_LOG(" (mDNS server) https://%s", GOS_GET_SETTING_STR("mdns.hostname", buffer));
GOS_LOG("or (IP address) https://%s", GOS_GET_SETTING_STR("ethernet.network.ip", buffer));
GOS_LOG("\r\nDepending on which hostname you used to generate the server cert.");
}
GOS_LOG("\r\n-----------------------------------------------\r\n");
GOS_LOG("NOTE: You MUST have the generated root CA cert:\r\n");
GOS_LOG(" <project dir>/resources/certificates/ca/certs/root-ca.crt\r\n");
GOS_LOG("Installed into your browser to securely connect to the device's server.");
GOS_LOG("Typically you can just double-click this file and follow the dialog that pops up.");
GOS_LOG("If double-clicking doesn't work, go to your browser's advanced security settings,");
GOS_LOG("and 'import' the above certificate into the browser's:");
GOS_LOG(" 'Trusted Root Certification Authorities'");
GOS_LOG("NOTE: You may need to restart your browser for the new certificate to be registered.");
GOS_LOG("\r\n-----------------------------------------------\r\n");
if(GOS_GET_SETTING_STR("http.server.tls_verify_peer", buffer)[0] == '0')
{
GOS_LOG("Server client verification is currently disabled.");
GOS_LOG("To enable client verification, issue the commands:\r\n");
GOS_LOG(" set http.server.tls_verify_peer 1");
GOS_LOG(" save");
GOS_LOG(" reboot");
GOS_LOG("\r\nUpon restart, your web browser MUST have a client certificate to connect to the server.");
GOS_LOG("Install the following testing client certificate:\r\n");
GOS_LOG(" <project dir>/resources/certificates/ca/client/certs/client.p12\r\n");
GOS_LOG("To enable your browser to connect to the secure HTTP server.");
GOS_LOG("Typically you can just double-click this file and follow the dialog that pops up.");
GOS_LOG("Hint: Leave any dialog password fields blank.");
GOS_LOG("NOTE: You may need to restart your browser for the new certificate to be registered.");
}
else
{
GOS_LOG("Server client verification is currently enabled.");
GOS_LOG("To disable client verification, issue the commands:\r\n");
GOS_LOG(" set http.server.tls_verify_peer 0");
GOS_LOG(" save");
GOS_LOG(" reboot");
GOS_LOG("\r\nUntil you disable client verification,");
GOS_LOG("your web browser MUST have a client certificate to connect to the server.");
GOS_LOG("Install the following testing client certificate:\r\n");
GOS_LOG(" <project dir>/resources/certificates/ca/client/certs/client.p12\r\n");
GOS_LOG("To enable your browser to connect to the secure HTTP server.");
GOS_LOG("Typically you can just double-click this file and follow the dialog that pops up.");
GOS_LOG("Hint: Leave any dialog password fields blank.");
GOS_LOG("NOTE: You may need to restart your browser for the new certificate to be registered.");
GOS_LOG("\r\n-----------------------------------------------\r\n");
GOS_LOG("Hint: Periodically issue the command:\r\n");
GOS_LOG(" get http.server.tls_client_log");
GOS_LOG("\r\nTo view a log of connected TLS clients.");
}
GOS_LOG("\r\n-----------------------------------------------\r\n");
}
else
{
GOS_LOG("Network down");
}
}