TLS_CREDENTIAL_SERVER_CERTIFICATE credential type is misleading, as in
fact it just represents a public certificate, it does not matter if the
certificate belongs to a server or a client. And actually, it was
already used in-tree for clients as well, for example in LwM2M.
Therefore rename the credential type to a more generic
TLS_CREDENTIAL_PUBLIC_CERTIFICATE and deprecate the old one.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
"ca.der" contains an RSA key, but this file is now useless for this sample
as the sample is using EC keys. It's likely a leftover from some initial
development, so it can be removed.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
A _res_fallback parameter to HTTP_SERVICE_DEFINE is added to optionally
specify a fallback resource detail, which will be served if no other
resource matches the URL.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Passing HTTP upgrade request context to the user callback allows the
user to decide whether to accept or reject the websocket connection
based on the HTTP headers in the request. The primary reason for this is
to enable authentication of the websocket connection (e.g. via cookies
or Authorization header).
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Testcase uses certificates from the sample application at
samples/net/sockets/http_server. These were modified and moved into a
different folder by a previous commit, causing a build failure in the
test.
Testcase updated to:
- use new path to certificates
- update available cipher suites, since certificates now use ECDSA
- update expected hostname in certificate
The CA certificate in the sample app is also converted to .der format
for inclusion in the test (the content is exactly the same as the PEM
version, just converted to DER).
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Existing cipher suites and certificates used by HTTP server sample are
included in RFC9113 Appendix A: Prohibited TLS 1.2 Cipher Suites. The
RFC specifies that when using HTTP/2, these cipher suites may be treated
as an error of type INADEQUATE_SECURITY, and in practice it seems that
Chrome and Firefox do implement this.
The certificates have been updated to use ECDSA-P265 signatures, and
supported cipher suites updated to include ECDH key exchange and AES GCM
and CCM modes.
Some scripts are included to allow users to generate their own
certificates if desired.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Remove the CONFIG_NET_SAMPLE_CERTS_WITH_SC option and make the CA-signed
certificate the only option - there is no real downside to this over
using the unsigned certificate.
Remove adding of CA certificate as a TLS credential on the server, since
this credential is not used by the server. It may be useful to include
in any client code used to communicate with the server, so the
certificate itself is retained.
After this, some TLS tag enumerations are unused so have been removed.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Concurrent HTTP POST requests on different HTTP2 concurrent streams
require that the client's header_capture_context is re-used to capture
headers on a second stream before all of the body data has been received
(and sent to the application) on the first stream.
As a result, any captured headers must be sent to the application
callback before any headers can be received on a different stream. In
practice this means that for HTTP2 the application callback is called
for the first time on receiving a headers frame, before any data frames
are received. All subsequent application callbacks will not include the
request header data.
While this mechanism is not necessary for HTTP1, it is also updated to
only send headers in the first application callback for consistency.
Fixes#82273
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
The buffer pointer provided to the dynamic handler should be verified
after checking the transaction status. In case upload was aborted and
underlying connection closed, the callback will get
HTTP_SERVER_DATA_ABORTED status w/o a pointer to any data.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
After introduction of struct http_response_ctx, the dynamic resource
data buffer is no longer needed for transferring data between the
application callback and the server. It is therefore removed to avoid
unnecessary copying of data.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Allow the application to send headers and response codes from a dynamic
resource callback by filling out a response context structure.
This also allows simple requests to be completed in a single execution
of the callback, by setting the final_chunk flag.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Added a websocket connection sending network statistics to a client, to
demonstrate how this can be used to push data to the client as an
alternative to GET requests triggered by a Javascript timer.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Accept JSON payload including LED number and state, to demonstrate JSON
parsing and allow control of multiple LEDs if the board supports this.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
Previously the dynamic resource in the http_server sample simply echo'd
the received data back to the sender. This doesn't demonstrate how the
dynamic handlers would be used in a more typical use case, where the
application may need to wait for the full request before acting on it or
creating a response.
Therefore two new dynamic resources have bee added: a '/led' resource
which can be used to control the board's LED (if present) via a POST
request, and a '/uptime' resource which can be used to query the kernel
uptime via a GET request.
The static resources are updated with some javascript to support
demonstrating the new dynamic resouces via a web browser.
Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
A simple HTTP server sample application.
Signed-off-by: Emna Rekik <emna.rekik007@gmail.com>
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
