┬──┬◡ﾉ(° -°ﾉ) Harmony with wolfssl tcp server and self sign certificate
This is my eighth week in AESTE. Continue working on PIC32 with DM320004, however this time rather than focusing on MLA code, I shifted to use Microchip Harmony source code on PIC32.
┏(-_-)┓┏(-_-)┛┗(-_– )┓┗(-_-)┛┏(-_-)┓ ┏(-_-)┛┗(-_– )┓┗(-_-)┛┏(-_-)┓┏(-_-)┛┗(-_– )┓┗(-_-)┛┏(-_-)┓┏(-_-)┛┗(-_– )┓┗(-_-)┛┏(-_-)┓
The advantage of using Harmony is that most of the driver, third party library and initialization code are ready. And more importantly Harmony already have a wolfssl example project on TCP Server & Client for PIC32. To test the example code just download Harmony library and update MPLAB X to the latest version. Open the wolfssl TCP Server example project, compile and run. According to the Harmony help
Getting started with MPLAB Harmony webserver example project
- Download MPLAB Harmony library and update MPLAB X to latest version.
- Open pic32 eth web server.X compile and run the code. (Make sure at the top bar/section select the correct configuration, PIC32mx_ETH if using DM320004
- Then just follow the MPLAB Harmony Help pdf, there explain how to run the project
Problem one might encounter on webserver example project
- Open a browser and type ‘http://mchpboard_e’ might not give anything
- Open a terminal and type ‘ping mchpboard_e’ will just give an error
- ‘MPLAB X > tools > Embedded > Mplab Harmony Configurator > Harmony Framework > TCPIP Stack > Network Configuration 0’ can self set the IPaddress for pic32
- Next open a browser and type ‘http://IPadress’ the one that was set in harmony configurator will also gives an error.
- To solve the problem of 1 to 4, just untick some default TCPIP Stack configation especially NetBios, then open browser and try to access the webserver example with ‘http://IPaddress’, if still nothing happen then reduce most of the TCPIP Stack Configurator and only remain HTTPServer
After getting the TCPIP Stack webserver example project working, I proceed with wolfssl tcp server example project. wolfssl example project will also face the same problem with, unknown IP address detected and ‘https://mchpboard_e’ will result nothing. The solution is at step (5) above just remain ‘User TCP\IP stack’, ‘DHCP Client’, ‘DNS Client’, ‘Use SNTP Client’ and ‘Use TCP\IP Commands’. Next the IPaddress can be set in Configurator or at ‘system_config.h’
Getting Started with wolfSSL tcp Server example project
- Compile and run the project, there are 3 method to test it.
- First method using openssl, then during the prompt state type any random key and enter
$ openssl s_client -connect IPadress:port
- Second method is using curl
$ curl -k -i https://IPadress
- Third method, not really recommended
Open brower and type https://IPadress
- Both method will return a string.
Next is to create self sign certificate to experiment with wolfssl. The problem that I faced is that I could not exchange key using ‘curl’ with pic32 (wolfssl tcp server project). The error shown in curl is the host name is different and ssl unrecognized. Therefore i decided to create a self sign certificate to replace the default wolfssl certificated in ‘wolfssl/certs_test.h’
Getting Started with self sign certificate and testing on PIC32
Follow this link: http://www.akadia.com/services/ssh_test_certificate.html
until step 4 then continue here: (make sure the HOST is the IPadress of PIC32 Project
- $ openssl x509 -in your.crt -outform der -out your-cert.der
$ openssl x509 -in your.crt -out your-cert.pem -outform PEM
$ openssl rsa -in your.key -outform der -out your-key.der
$ openssl rsa -in your.key -out your-key.pem -outform PEM
$ hexdump -v -e ” 10/1 \”0x%02X, \” \”\n\”” your.der
10.$ hexdump -v -e ” 10/1 \”0x%02X, \” \”\n\”” your-key.der
Then in Project(wolfssl tcp server) navigate to ‘net_pres_cert_store.c’
open ‘certs_test.h’ (if can;t open through project, do it manually) located at <harmony>/third-party/tcpip/wolfssl/wolfssl
Copy the Hex from your-cert.der to replace ‘server_cert_der_2048’ (if using wolfssl tcp server) !!Remove the empty 0x if exist
Copy the Hex from your-key.der to replace ‘server_key_der_2048’ (if using wolfssl tcp server) !!Remove the empty 0x if exist
Compile and Run the code
$ openssl s_client -connect IPadress:port -key your-key.pem -showcerts -cert your-cert.pem -tls1_2
$ openssl s_client -connect IPadress:port
(just to observe the certificate variable)
$ curl -i https://IPadress –cacert your.crt
(now curl will exchange certificate with TLS server, the output will be the same with example project)
$ curl -i -1 –tlsv1.2 https://IPadress –cacert your.crt
By doing so, now I could exchange key with PIC32 using curl.