From 6d9670101bc78f114c05dc91a7b9fb34117b4266 Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Tue, 25 Feb 2025 16:59:16 +0000 Subject: [PATCH] Add FreeRTOS + wolfIP + wolfSSL HTTPS example This example demonstrates a full-stack embedded networking application using: - FreeRTOS (POSIX port) for RTOS simulation - wolfIP for zero-allocation networking - wolfSSL for TLS 1.3 security Features: - Virtual networking through TAP interface - HTTPS server with TLS 1.3 - UDP echo server for testing - Comprehensive test scripts Co-Authored-By: daniele@wolfssl.com --- .../freertos-wolfip-wolfssl-https/.gitignore | 3 + .../CMakeLists.txt | 17 ++- .../freertos-wolfip-wolfssl-https/README.md | 87 ++++++++++++++ .../include/FreeRTOSConfig.h | 21 ++++ .../include/user_settings.h | 48 ++++++++ .../setup_network.sh | 21 ++++ .../src/https_server.c | 106 ++++++++++++++++++ .../src/https_server.h | 47 ++++++++ .../freertos-wolfip-wolfssl-https/src/main.c | 36 +++++- .../src/wolfip_freertos.c | 45 ++++---- .../src/wolfip_freertos.h | 24 ++++ .../test_https.sh | 27 +++++ 12 files changed, 457 insertions(+), 25 deletions(-) create mode 100644 fullstack/freertos-wolfip-wolfssl-https/README.md create mode 100644 fullstack/freertos-wolfip-wolfssl-https/include/user_settings.h create mode 100755 fullstack/freertos-wolfip-wolfssl-https/setup_network.sh create mode 100644 fullstack/freertos-wolfip-wolfssl-https/src/https_server.c create mode 100644 fullstack/freertos-wolfip-wolfssl-https/src/https_server.h create mode 100755 fullstack/freertos-wolfip-wolfssl-https/test_https.sh diff --git a/fullstack/freertos-wolfip-wolfssl-https/.gitignore b/fullstack/freertos-wolfip-wolfssl-https/.gitignore index 3611d8d7..fd0f8e64 100644 --- a/fullstack/freertos-wolfip-wolfssl-https/.gitignore +++ b/fullstack/freertos-wolfip-wolfssl-https/.gitignore @@ -2,6 +2,9 @@ freertos/FreeRTOS/ freertos/FreeRTOS-Kernel/ +# Certificate files +certs/ + # Build directory build/ diff --git a/fullstack/freertos-wolfip-wolfssl-https/CMakeLists.txt b/fullstack/freertos-wolfip-wolfssl-https/CMakeLists.txt index 027cfa4b..fa30d0a3 100644 --- a/fullstack/freertos-wolfip-wolfssl-https/CMakeLists.txt +++ b/fullstack/freertos-wolfip-wolfssl-https/CMakeLists.txt @@ -5,6 +5,9 @@ project(freertos_wolfssl_demo C) set(CMAKE_C_STANDARD 11) set(CMAKE_C_STANDARD_REQUIRED ON) +# wolfSSL configuration +add_definitions(-DWOLFSSL_USER_SETTINGS) + # FreeRTOS Kernel source files for POSIX port set(FREERTOS_PORT_DIR ${CMAKE_CURRENT_SOURCE_DIR}/freertos/FreeRTOS-Kernel/portable/ThirdParty/GCC/Posix) set(FREERTOS_HEAP_DIR ${CMAKE_CURRENT_SOURCE_DIR}/freertos/FreeRTOS-Kernel/portable/MemMang) @@ -14,8 +17,12 @@ include_directories( ${CMAKE_CURRENT_SOURCE_DIR}/include ${CMAKE_CURRENT_SOURCE_DIR}/freertos/FreeRTOS-Kernel/include ${FREERTOS_PORT_DIR} - /home/ubuntu/repos/wolfip/src - /home/ubuntu/repos/wolfip + ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src + ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip + ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src/http + ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src/port + ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfssl + ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfssl/include ) # FreeRTOS source files @@ -33,7 +40,9 @@ set(FREERTOS_SOURCES # Add wolfIP library add_library(wolfip STATIC - /home/ubuntu/repos/wolfip/src/wolfip.c + ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src/wolfip.c + ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src/http/httpd.c + ${CMAKE_CURRENT_SOURCE_DIR}/../../../wolfip/src/port/wolfssl_io.c ) # Add the main application @@ -41,9 +50,11 @@ add_executable(freertos_sim ${FREERTOS_SOURCES} src/main.c src/wolfip_freertos.c + src/https_server.c ) target_link_libraries(freertos_sim pthread wolfip + wolfssl ) diff --git a/fullstack/freertos-wolfip-wolfssl-https/README.md b/fullstack/freertos-wolfip-wolfssl-https/README.md new file mode 100644 index 00000000..690f77be --- /dev/null +++ b/fullstack/freertos-wolfip-wolfssl-https/README.md @@ -0,0 +1,87 @@ +# FreeRTOS + wolfIP + wolfSSL HTTPS Example + +This example demonstrates a full-stack embedded networking application using FreeRTOS, wolfIP, and wolfSSL. It implements a secure HTTPS server running on a simulated FreeRTOS environment with TLS 1.3 support. + +## Stack Components + +The example integrates the following components: +- FreeRTOS (POSIX port) - Real-time operating system +- wolfIP - TCP/IP networking stack +- wolfSSL - TLS 1.3 security layer +- TAP interface - Virtual network interface + +## Building and Running + +### Prerequisites +- wolfSSL library +- wolfIP library +- CMake (>= 3.13) +- GCC +- Linux with TUN/TAP support + +### Setup +1. Run the setup script to clone FreeRTOS repositories: +```bash +./setup.sh +``` + +2. Configure the network interface (requires root): +```bash +sudo ./setup_network.sh +``` + +3. Build the example: +```bash +mkdir -p build && cd build +cmake .. +make +``` + +4. Run the example (requires root): +```bash +sudo ./freertos_sim +``` + +### Testing +Test the HTTPS server using curl: +```bash +sudo ./test_https.sh +``` + +Or manually: +```bash +curl -v --cacert /path/to/wolfssl/certs/ca-cert.pem \ + --tlsv1.3 --insecure https://10.10.0.10:443/ +``` + +## Software Bill of Materials (SBOM) + +| Component | Version | License | Source | +|-----------|---------|----------|---------| +| FreeRTOS | Latest | MIT | https://github.com/FreeRTOS/FreeRTOS | +| FreeRTOS-Kernel | Latest | MIT | https://github.com/FreeRTOS/FreeRTOS-Kernel | +| wolfSSL | Latest | GPLv2 | https://github.com/wolfSSL/wolfssl | +| wolfIP | Latest | GPLv2 | https://github.com/wolfSSL/wolfip | + +## Features +- TLS 1.3 support with wolfSSL +- Zero dynamic memory allocation networking with wolfIP +- Virtual networking through TAP interface +- UDP echo server for testing +- HTTPS server with demo page +- FreeRTOS task management and scheduling + +## Network Configuration +- TAP Interface: 10.10.0.1/24 (Host) +- FreeRTOS IP: 10.10.0.10/24 +- Default Gateway: 10.10.0.1 + +## Security Features +- TLS 1.3 with modern cipher suites +- Certificate-based authentication +- Support for various cryptographic algorithms: + - AES (ECB, CBC, GCM) + - ChaCha20-Poly1305 + - Curve25519 + - ED25519 + - SHA-2 and SHA-3 family diff --git a/fullstack/freertos-wolfip-wolfssl-https/include/FreeRTOSConfig.h b/fullstack/freertos-wolfip-wolfssl-https/include/FreeRTOSConfig.h index 0f0dd0e0..4116ee17 100644 --- a/fullstack/freertos-wolfip-wolfssl-https/include/FreeRTOSConfig.h +++ b/fullstack/freertos-wolfip-wolfssl-https/include/FreeRTOSConfig.h @@ -1,3 +1,24 @@ +/* FreeRTOSConfig.h + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + #ifndef FREERTOS_CONFIG_H #define FREERTOS_CONFIG_H diff --git a/fullstack/freertos-wolfip-wolfssl-https/include/user_settings.h b/fullstack/freertos-wolfip-wolfssl-https/include/user_settings.h new file mode 100644 index 00000000..d684a1c2 --- /dev/null +++ b/fullstack/freertos-wolfip-wolfssl-https/include/user_settings.h @@ -0,0 +1,48 @@ +/* user_settings.h + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* wolfSSL configuration */ +#ifndef USER_SETTINGS_H +#define USER_SETTINGS_H + +#define WOLFSSL_TLS13 +#define HAVE_TLS_EXTENSIONS +#define HAVE_SUPPORTED_CURVES +#define HAVE_FFDHE_2048 +#define HAVE_HKDF +#define HAVE_AEAD +#define HAVE_CHACHA +#define HAVE_POLY1305 +#define WOLFSSL_AES_COUNTER +#define WOLFSSL_AES_DIRECT +#define HAVE_AES_ECB +#define HAVE_AES_CBC +#define HAVE_AES_GCM +#define HAVE_AESGCM +#define HAVE_CURVE25519 +#define HAVE_ED25519 +#define WOLFSSL_SHA384 +#define WOLFSSL_SHA512 +#define WOLFSSL_SHA224 +#define WOLFSSL_SHA3 +#define WOLFSSL_SHAKE256 + +#endif /* USER_SETTINGS_H */ diff --git a/fullstack/freertos-wolfip-wolfssl-https/setup_network.sh b/fullstack/freertos-wolfip-wolfssl-https/setup_network.sh new file mode 100755 index 00000000..5dbcdf16 --- /dev/null +++ b/fullstack/freertos-wolfip-wolfssl-https/setup_network.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# Configure host TAP interface for wolfSSL embedded testing +# Creates a TAP interface for virtual networking between host and FreeRTOS + +# Check if running as root +if [ "$EUID" -ne 0 ]; then + echo "Please run as root (sudo)" + exit 1 +fi + +# Remove existing interface if present +ip link show wtap0 >/dev/null 2>&1 && ip link delete wtap0 + +# Create new TAP interface and configure it +ip tuntap add dev wtap0 mode tap +ip link set wtap0 down +ip addr flush dev wtap0 +ip addr add 10.10.0.1/24 dev wtap0 +ip link set wtap0 up + +echo "TAP interface wtap0 configured with IP 10.10.0.1/24" diff --git a/fullstack/freertos-wolfip-wolfssl-https/src/https_server.c b/fullstack/freertos-wolfip-wolfssl-https/src/https_server.c new file mode 100644 index 00000000..a49084d6 --- /dev/null +++ b/fullstack/freertos-wolfip-wolfssl-https/src/https_server.c @@ -0,0 +1,106 @@ +/* https_server.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include "https_server.h" +#include "httpd.h" +#include +#include + +static WOLFSSL_CTX *g_ssl_ctx = NULL; +static struct httpd g_httpd; + +/* Root page handler */ +static int handle_root(struct httpd *httpd, struct http_client *hc, struct http_request *req) { + const char *response = "

wolfSSL HTTPS Demo

" + "

TLS 1.3 + FreeRTOS + wolfIP

"; + http_send_response_headers(hc, HTTP_STATUS_OK, "OK", "text/html", strlen(response)); + http_send_response_body(hc, response, strlen(response)); + return 0; +} + +int https_server_init(struct wolfIP *ipstack) { + int ret; + + /* Initialize wolfSSL */ + if ((ret = wolfSSL_Init()) != WOLFSSL_SUCCESS) { + printf("Failed to initialize wolfSSL\n"); + return -1; + } + + /* Create and initialize WOLFSSL_CTX */ + if ((g_ssl_ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())) == NULL) { + printf("Failed to create WOLFSSL_CTX\n"); + return -1; + } + + /* Load server certificates */ + if ((ret = wolfSSL_CTX_use_certificate_file(g_ssl_ctx, CERT_FILE, + WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) { + printf("Failed to load %s\n", CERT_FILE); + return -1; + } + + /* Load server key */ + if ((ret = wolfSSL_CTX_use_PrivateKey_file(g_ssl_ctx, KEY_FILE, + WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) { + printf("Failed to load %s\n", KEY_FILE); + return -1; + } + + /* Initialize HTTP server with SSL context */ + if (httpd_init(&g_httpd, ipstack, HTTPS_PORT, g_ssl_ctx) != 0) { + printf("Failed to initialize HTTPS server\n"); + return -1; + } + + /* Register handlers */ + if (httpd_register_handler(&g_httpd, "/", handle_root) != 0) { + printf("Failed to register root handler\n"); + return -1; + } + + printf("HTTPS server initialized on port %d\n", HTTPS_PORT); + return 0; +} + +static void https_server_task(void* pvParameters) { + const TickType_t xDelay = pdMS_TO_TICKS(100); + + printf("HTTPS server task started\n"); + + /* Task main loop - wolfIP handles connections in callbacks */ + for(;;) { + vTaskDelay(xDelay); + } +} + +int https_server_start(void) { + BaseType_t ret; + + ret = xTaskCreate(https_server_task, + "HTTPS_Server", + HTTPS_TASK_STACK_SIZE, + NULL, + HTTPS_TASK_PRIORITY, + NULL); + + return (ret == pdPASS) ? 0 : -1; +} diff --git a/fullstack/freertos-wolfip-wolfssl-https/src/https_server.h b/fullstack/freertos-wolfip-wolfssl-https/src/https_server.h new file mode 100644 index 00000000..ac54a8eb --- /dev/null +++ b/fullstack/freertos-wolfip-wolfssl-https/src/https_server.h @@ -0,0 +1,47 @@ +/* https_server.h + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifndef HTTPS_SERVER_H +#define HTTPS_SERVER_H + +#include "FreeRTOS.h" +#include "task.h" +#include "wolfip.h" +#include "httpd.h" +#include + +/* HTTPS server configuration */ +#define HTTPS_PORT 443 +#define HTTPS_TASK_STACK_SIZE (16 * 1024) +#define HTTPS_TASK_PRIORITY (tskIDLE_PRIORITY + 2) + +/* Certificate paths */ +#define CERT_FILE "./certs/server-cert.pem" +#define KEY_FILE "./certs/server-key.pem" +#define CA_FILE "./certs/ca-cert.pem" + +/* Initialize HTTPS server with wolfSSL and wolfIP */ +int https_server_init(struct wolfIP *ipstack); + +/* Start HTTPS server task */ +int https_server_start(void); + +#endif /* HTTPS_SERVER_H */ diff --git a/fullstack/freertos-wolfip-wolfssl-https/src/main.c b/fullstack/freertos-wolfip-wolfssl-https/src/main.c index 9a91f3d8..c0382f5b 100644 --- a/fullstack/freertos-wolfip-wolfssl-https/src/main.c +++ b/fullstack/freertos-wolfip-wolfssl-https/src/main.c @@ -1,7 +1,29 @@ +/* main.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + #include #include "FreeRTOS.h" #include "task.h" #include "wolfip_freertos.h" +#include "https_server.h" static void testTask(void* pvParameters) { const TickType_t xDelay = 1000 / portTICK_PERIOD_MS; @@ -27,8 +49,20 @@ static void testTask(void* pvParameters) { printf("Failed to start UDP echo server\n"); return; } + + printf("Starting HTTPS server...\n"); + ret = https_server_init(g_wolfip); + if (ret != 0) { + printf("Failed to initialize HTTPS server\n"); + return; + } + ret = https_server_start(); + if (ret != 0) { + printf("Failed to start HTTPS server\n"); + return; + } - printf("Network stack and UDP echo server running...\n"); + printf("Network stack, UDP echo server, and HTTPS server running...\n"); for(;;) { vTaskDelay(xDelay); } diff --git a/fullstack/freertos-wolfip-wolfssl-https/src/wolfip_freertos.c b/fullstack/freertos-wolfip-wolfssl-https/src/wolfip_freertos.c index 277a579c..6984db7e 100644 --- a/fullstack/freertos-wolfip-wolfssl-https/src/wolfip_freertos.c +++ b/fullstack/freertos-wolfip-wolfssl-https/src/wolfip_freertos.c @@ -1,3 +1,24 @@ +/* wolfip_freertos.c + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + #include "wolfip_freertos.h" #include #include @@ -20,7 +41,7 @@ uint32_t wolfIP_getrandom(void) { return ret; } -static struct wolfIP *g_wolfip = NULL; +struct wolfIP *g_wolfip = NULL; static TaskHandle_t g_network_task = NULL; static int tap_fd = -1; @@ -76,24 +97,6 @@ static int tap_init(struct ll *dev, const char *ifname) { return -1; } - /* Configure IP address */ - struct sockaddr_in *addr = (struct sockaddr_in *)&ifr.ifr_addr; - addr->sin_family = AF_INET; - addr->sin_addr.s_addr = inet_addr("192.168.1.10"); - if (ioctl(sock_fd, SIOCSIFADDR, &ifr) < 0) { - perror("ioctl SIOCSIFADDR"); - close(sock_fd); - return -1; - } - - /* Configure netmask */ - addr->sin_addr.s_addr = inet_addr("255.255.255.0"); - if (ioctl(sock_fd, SIOCSIFNETMASK, &ifr) < 0) { - perror("ioctl SIOCSIFNETMASK"); - close(sock_fd); - return -1; - } - close(sock_fd); return 0; } @@ -172,9 +175,9 @@ int wolfIP_FreeRTOS_Init(void) { /* Configure IP settings */ wolfIP_ipconfig_set(g_wolfip, - atoip4("192.168.1.10"), /* IP */ + atoip4("10.10.0.10"), /* IP */ atoip4("255.255.255.0"), /* Netmask */ - atoip4("192.168.1.1")); /* Gateway */ + atoip4("10.10.0.1")); /* Gateway */ return 0; } diff --git a/fullstack/freertos-wolfip-wolfssl-https/src/wolfip_freertos.h b/fullstack/freertos-wolfip-wolfssl-https/src/wolfip_freertos.h index 70f6df28..b4dfdfb5 100644 --- a/fullstack/freertos-wolfip-wolfssl-https/src/wolfip_freertos.h +++ b/fullstack/freertos-wolfip-wolfssl-https/src/wolfip_freertos.h @@ -1,3 +1,24 @@ +/* wolfip_freertos.h + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + #ifndef WOLFIP_FREERTOS_H #define WOLFIP_FREERTOS_H @@ -5,6 +26,9 @@ #include "task.h" #include "wolfip.h" +/* Global wolfIP instance */ +extern struct wolfIP *g_wolfip; + /* Network task configuration */ #define WOLFIP_TASK_PRIORITY (tskIDLE_PRIORITY + 2) #define WOLFIP_TASK_STACK_SIZE (8 * 1024) diff --git a/fullstack/freertos-wolfip-wolfssl-https/test_https.sh b/fullstack/freertos-wolfip-wolfssl-https/test_https.sh new file mode 100755 index 00000000..fa1da4a1 --- /dev/null +++ b/fullstack/freertos-wolfip-wolfssl-https/test_https.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +# Test HTTPS server with curl using wolfSSL test certificates + +# Check if running as root +if [ "$EUID" -ne 0 ]; then + echo "Please run as root (sudo)" + exit 1 +fi + +# Ensure TAP interface is up +if ! ip link show wtap0 >/dev/null 2>&1; then + echo "TAP interface wtap0 not found. Please run setup_network.sh first." + exit 1 +fi + +echo "Testing HTTPS server with curl..." +curl -v --cacert ./certs/ca-cert.pem \ + --tlsv1.3 --insecure https://10.10.0.10:443/ + +# Check if curl command succeeded +if [ $? -eq 0 ]; then + echo "HTTPS test successful!" +else + echo "HTTPS test failed!" + exit 1 +fi