Gopher beyond El[i]phants

Tag: TLS

  • SYNC ESP8266 BOARD DATETIME WITH NTP (DAY 2)

    To follow yesterday progress, I will use the board to fetch the index page of example.org in two scenarios,

    • Get an URL served on HTTP
    • Get an URL served on HTTPS

    There are multiple ways to finish the job, for example, there are different libraries can be used, or, even in the same library, there are still multiple options to implement the same function. So, please notice here, what I mentioned below just a functional way. It’s not the only solution nor the best solution.

    Get an URL served on HTTP

    The ESP8266 library has really good examples related to HTTPClient, HTTPSClient etc. I copied the source code from the example and made a little change to get an easy output.

    #include <WiFiClient.h>

WiFiClient client;

void getURL(String url) {  
  HTTPClient http;  
  if (http.begin(client, url)) {
    Serial.print("[HTTP] GET ... ");
    // start connection and send HTTP header
    int httpCode = http.GET();
    // httpCode will be negative on error
    if (httpCode > 0) {
      // HTTP header has been send and Server response header has been handled
      Serial.printf("code: %d\n", httpCode);
      // file found at server
      if (httpCode == HTTP_CODE_OK || httpCode == HTTP_CODE_MOVED_PERMANENTLY) {
        String payload = http.getString();
        Serial.printf("Payload: %d byte\n", payload.length());
        blink(2);
      }
    } else {
      Serial.printf("failed, error: %d %s\n", httpCode, http.errorToString(httpCode).c_str());
      blink(5);
    }
    http.end();
  } else {
    Serial.printf("[HTTP} Unable to connect\n");
    blink(5);
  }
}

    For a successful case, it will return the length of the payload.

    Return the length of the payload

    Or if anything unusual happened, it returns the error code and message. Such as,

    Return error code and error message

    Establish an HTTPS request

    To establish an HTTPS request, replace <WiFiClient.h> to <WiFiClientSecure.h> and find a way to validate with the server. In the example “BearSSL_Validation.ino“, most possible ways have been discussed and compared. It’s worth to read. In fetchCertAuthority() , it shows what will happen with and without NTP synced. I will put the screenshot of the result of the example here.

    Output of ‘fetchCertAuthority()’ in ‘BearSSL_Validation.ino

    Therefore, the major change would be replacing <WiFiClient.h> to <WiFiClientSecure.h> and using WiFiClientSecure instance instead of WiFiClient. An extra setup is needed.

    #include <WiFiClientSecure.h>

WiFiClientSecure client;
static const char digicert[] PROGMEM = R"EOF(
// Something here
)EOF";
X509List* cert;

void setupSecure() {  
  cert = new X509List(digicert);
  client.setTrustAnchors(cert);  
}

    To get the content of digicert, I used the following command and copy and paste the content to replace `Something here` above.

    echo -n | openssl s_client -connect example.org:443     | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

    Assembling

    Then we can have simple setup()and loop() by assembling all these functions together.

    void setup() {  
  Serial.begin(115200);
  pinMode(LED_BUILTIN, OUTPUT);
  connectWiFi("your-ssid", "your-pass");
  setDateTime();  
  setupSecure();
}

void loop() {    
  getDateTime();
  getURL("https://example.org");
  delay(1000);
}

    The whole source code has been put on gist. I strongly suggest you give a try to disable and enable line 56 to see how HTTPS affects by NTP.

  • Sync ESP8266 board DateTime with NTP (Day 1)

    Most of the times, I want my ESP8266 board to communicate with the server through a securer channel such as MQTT over TLS or HTTPS. However, to verify the certification, system’s date/time has to be in a proper configuration.

    Since ESP8266 is designed to have the network, I believe NTP is definitely the first choice and is the easiest one to use. In this post, I will show you how to get date/time and set it by using NTP.

    Dummy project

    A dummy project is set up for this post. And of course, it can be a part of a real project since the WWW is very important to my most of side projects. The board will do,

    • Connect to the WiFi network;
    • Use the GET method communicate with www.example.com every 5 seconds;
    • Flash build-in LED twice if 200 was returned by the server;
    • Or flash build-in LED 5 times if an error occurred.

    Flash LED is the easiest part. But remember to put pinMode(LED_BUILTIN, OUTPUT); in the very beginning to initialise the output pin.

    void blink(int t) {
  for(int i = 0; i < t; i ++) {
    digitalWrite(LED_BUILTIN, LOW);
    delay(500);
    digitalWrite(LED_BUILTIN, HIGH);
    delay(200);
  }
}
    (more…)