ST
Connect a secure socket with TLS server authentication through X-NUCLEO_IDW01M1 Wi-Fi.
Dependencies: NetworkSocketAPI X_NUCLEO_IDW01M1v2 mbed
Fork of
HelloWorld_IDW01M1v2
by 
ST
Example of TLS connection using X-NUCLEO-IDW01M1 Wi-Fi expansion board.
The application is meant to be used with mbed OS 2 ("Classic") only (no mbedOS 5 support).
It uses the TLS/SSL feature provided natively by the Wi-Fi module and performs secure connection to https://mbed.org also verifying the server identity.
To avoid expired CA certificates, system time (in epoch) must be manually entered (e..g. using http://www.epochconverter.com/ ) .
Retrieval of current time from an NTP server is shown by this example.
main.cpp
- Committer:
- mapellil
- Date:
- 2017-01-16
- Revision:
- 12:7b6b23225fd0
- Parent:
- 11:0b4472769b08
File content as of revision 12:7b6b23225fd0:
/* SpwfInterface NetworkSocketAPI Example Program
* Copyright (c) 2015 ARM Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "mbed.h"
#include "SpwfInterface.h"
#include "TCPSocket.h"
//www.mbed.com CA certificate in PEM format
char CA_cert []="-----BEGIN CERTIFICATE-----\r\n"
"MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT\r\n"
"MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i\r\n"
"YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG\r\n"
"EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg\r\n"
"R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9\r\n"
"9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq\r\n"
"fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv\r\n"
"iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU\r\n"
"1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+\r\n"
"bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW\r\n"
"MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA\r\n"
"ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l\r\n"
"uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn\r\n"
"Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS\r\n"
"tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF\r\n"
"PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un\r\n"
"hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV\r\n"
"5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==\r\n"
"-----END CERTIFICATE-----\r\n";
//------------------------------------
// Hyperterminal configuration
// 9600 bauds, 8-bit data, no parity
//------------------------------------
Serial pc(USBTX, USBRX);
DigitalOut myled(LED1);
/*************************************
//FRDM-K64: D9->UART1_TX, D7->UART1_RX
Pin connections:
FRDM IDW01M1
------ ---------
+3v3 <--> +3v3
GND <--> GND
D9 <--> D8
D7 <--> D2
SpwfSAInterface spwf(D9, D7, false);
*************************************/
/*************************************
//LPCXpresso11U68: D9->UART1_TX, D7->UART1_RX
Pin connections:
LPC IDW01M1
------ ---------
+3v3 <--> +3v3
GND <--> GND
A1 <--> D8
A2 <--> D2
SpwfSAInterface spwf(A1, A2, false);
*************************************/
//NUCLEO: D8->UART1_TX (PA_9), D2->UART1_RX (PA_10)
SpwfSAInterface spwf(D8, D2, false);
int main() {
int err;
char * ssid = "STM";
char * seckey = "STMDemo";
pc.printf("\r\nTLS_HelloWorld mbed Application\r\n");
pc.printf("\r\nconnecting to AP\r\n");
if(spwf.connect(ssid, seckey, NSAPI_SECURITY_WPA2)) {
pc.printf("\r\nnow connected\r\n");
} else {
pc.printf("\r\nerror connecting to AP.\r\n");
return -1;
}
// Start Secure Socket connection test (one way server autentication only)
TCPSocket socket(&spwf);
time_t ctTime;
ctTime = time(NULL);
printf ("Start Secure Socket connection with one way server autentication test\n\r");
printf("Initial System Time is: %s\r\n", ctime(&ctTime));
printf("Need to adjust time? if yes enter time in seconds elapsed since Epoch (cmd: date +'%%s'), otherwise enter 0 ");
int t=0;
scanf("%d",&t);
printf ("entered time is: %d \n\r", t);
if (t != 0) { time_t txTm = t; set_time(txTm); } // set Nucleo system time
ctTime = time(NULL);
printf ("The current system time is: %s", ctime (&ctTime)); // set WiFi module systm time
if (!spwf.set_time(ctTime)) printf ("ERROR set_time\n\r");
if (!spwf.clean_TLS_certificate(ALL)) printf ("ERROR clean_TLS_certificate\n\r");
if (!spwf.set_TLS_certificate(CA_cert, sizeof(CA_cert), FLASH_CA_ROOT_CERT)) printf ("ERROR set_TLS_certificate\n\r");
if (!spwf.set_TLS_SRV_domain("*.mbed.com",FLASH_DOMAIN)) printf ("ERROR set_TLS_CA_domain\n\r");
// NOTE: the Wifi API set_secure_mode() and set_unsecure_mode() refers to the whole interface so the socket must be created / opened after
// having set the desidered mode (deft unsecure).
//#define SEC_MODE1 // two possible ways to secure connect a socket are shown
SocketAddress addr(&spwf, "");
spwf.gethostbyname(&addr,"www.mbed.com"); // ask DNS to resolve URL/IP
addr.set_port(443);
spwf.set_secure_mode();
socket.open(&spwf);
spwf.set_unsecure_mode();
printf ("Connecting to www.mbed.com IP: %s ...\n\r", addr.get_ip_address());
#ifdef SEC_MODE1
err = socket.connect(addr);
#else
err = socket.connect("www.mbed.com", 443);
#endif
if (err != 0 )printf ("ERROR secure socket connection failed: %d\n\r", err);
else printf ("--->>> Secure socket CONNECTED to: %s\n\r", addr.get_ip_address());
socket.close();
printf ("Socket closed\n\r");
spwf.disconnect();
printf ("WIFI disconnected, exiting ...\n\r");
while(1) {
wait(1);
myled = !myled;
}
}