Open Secure Connection with TLS-SSL

Owned by Former user (Deleted)
Last updated: Jan 04, 2021 by WES Admin
10 min read

Below is an example of simple FTP client application with the Secure module enabled.

#define  FTP_SERVER_IP_ADDR       "192.168.1.101" 
#define  FTP_SERVER_PORT                      21 
#define  FTP_SERVER_PORT_SECURE              990 
           
#define  FTPc_USERNAME                "anonymous" 
#define  FTPc_PASSWORD           "test123micrium"  
           
#define  FTPs_COMMON_NAME          "micrium.com"
           
#define  RX_FILE_REMOTE           "file_remote_1" 
#define  RX_FILE_LOCAL             "\\file_local" 
#define  TX_FILE_REMOTE              "file_local" 
#define  TX_FILE_LOCAL          "\\file_remote_2"

static  CPU_CHAR *p_cert = "MIIDBjCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQUFADCBqDEkMCIGA1UEAwwbbWFy"
                           "eWxpc2UtUEMubWljcml1bTAxLmxvY2FsMQswCQYDVQQGEwJDQTEPMA0GA1UECAwG"
                           "UXVlYmVjMREwDwYDVQQHDAhNb250cmVhbDEQMA4GA1UECgwHTWljcml1bTEOMAwG"
                           "A1UECwwFVENQSVAxLTArBgkqhkiG9w0BCQEWHm1hcnlsaXNlLm1vbmNoYWxpbkBt"
                           "aWNyaXVtLmNvbTAeFw0xNDA5MTYxNDE3MzlaFw0xNTA5MTYxNDE3MzlaMIGoMSQw"
                           "IgYDVQQDDBttYXJ5bGlzZS1QQy5taWNyaXVtMDEubG9jYWwxCzAJBgNVBAYTAkNB"
                           "MQ8wDQYDVQQIDAZRdWViZWMxETAPBgNVBAcMCE1vbnRyZWFsMRAwDgYDVQQKDAdN"
                           "aWNyaXVtMQ4wDAYDVQQLDAVUQ1BJUDEtMCsGCSqGSIb3DQEJARYebWFyeWxpc2Uu"
                           "bW9uY2hhbGluQG1pY3JpdW0uY29tMIG/MA0GCSqGSIb3DQEBAQUAA4GtADCBqQKB"
                           "oQDG6pUtiLaONnmkUtdAy71aQYB1WFVykBBZmCa3bMOOtORrNZ6QflbipR+wenW2"
                           "RajwRAmAqX+Fsxh7BQQvW9c+ZurggY3K/Immo0+TxbttyT0Qh18CB9U9+85IiWfx"
                           "ze1h8ZkYvpEQKEjGugbY6H5N13FghVgKfE6LyTpfB5vU7wIJPvAyf6mU25YeQGzW"
                           "/y0SI3UrJmyDWvnz1M+xUY/1AgMBAAEwDQYJKoZIhvcNAQEFBQADgaEADLPxKzrZ"
                           "meFGXHvSELHxhdYgSRHI6o5Areh2t8sfNiDg9a+40WMZp4HwDECKCvUEZaPXTsev"
                           "PJOIJfcKbwhEZeLNVKOeIi+jcUU0h2DAR4dLaYWDUN8an7iMiO1TG623Muo1415Y"
                           "boPMyMNAjMEDncP1uwyCtoQPg15FL1acrXezxK44icwG/+WA2081Sw8ym3i+/jp4"
                           "1j/c9FURMyFPPw==";

#if  (NET_SECURE_CFG_EN == DEF_ENABLED) 
static  FTPc_SECURE_CFG   ftpc_secure_cfg;
#endif

static  void  AppTaskStart (void  *p_arg)                           								/* See Note #1. */
{ 
    FTPc_CONN    conn;
    CPU_BOOLEAN  result; 
    CPU_INT32U   len;
    FTPc_ERR     err_ftpc;
    NET_ERR      err_net; 


    len = Str_Len(p_cert);
    NetSecure_CA_CertIntall(p_cert, 																/* See Note #2. */
                            len, 
                            NET_SOCK_SECURE_CERT_KEY_FMT_PEM, 
                           &err_net);
	if (err_net != NET_ERR_NONE) {
		printf("Add CA Certificate failed.\n\r");
		return;
	}
  
    Str_Copy(ftpc_secure_cfg.CommonName, FTPs_COMMON_NAME);       									/* See Note #3.  */                            
    ftpc_secure_cfg.TrustCallback = &NetSecure_TrustInvalidSig;        					 			/* See Note #4.  */                       
           
    result = FTPc_Open(&conn,
                        DEF_NULL,                                      	 							/* See Note #5.  */
                       &ftpc_secure_cfg,      
                        FTP_SERVER_IP_ADDR,
                        FTP_SERVER_PORT_SECURE,  
                        FTPc_USERNAME,                                 
                        FTPc_PASSWORD,                                                                
                       &err_ftpc);
    if (result != DEF_OK) { 
        printf("Secure FTPc_Open() failed.\n\r"); 
        return; 
    } 
           
    result = FTPc_RecvFile(&conn,																	/* See Note #6.  */
                            RX_FILE_REMOTE,                 
                            RX_FILE_LOCAL, 
                           &err_ftpc); 
    if (result != DEF_OK) { 
        printf("Secure FTPc_RecvFile() failed.\n\r"); 
        FTPc_Close(&net_err); 
        return; 
    }
           
    result = FTPc_SendFile(&conn,																	/* See Note #7.  */
                            TX_FILE_REMOTE,                                         
                            TX_FILE_LOCAL, 
                            DEF_FALSE, 
                           &err_ftpc); 
    if (result != DEF_OK) { 
        printf("FTPc_SendFile() failed.\n\r"); 
        FTPc_Close(&net_err); 
        return; 
    }  

    result = FTPc_Close(&conn, &err_ftpc);        													/* See Note #8.  */                                            
    if (result != DEF_OK) { 
        printf("FTPc_Close() failed.\n\r"); 
    } 
}
          
 
CPU_BOOLEAN   NetSecure_TrustInvalidSig (CPU_CHAR                          *p_common_name,          /* See Note #9.  */  
                                         CPU_INT32S                         common_name_len,
                                         NET_SOCK_SECURE_UNTRUSTED_REASON   reason)
{
    printf("NET SECURE: The certificate from ");
           
    for (common_name_len ; common_name_len > 0 ; common_name_len--) {
        print("%c", *p_common_name);
        p_common_name++;
    }
           
    switch (reason) {                                                                               /* See Note #10. */  
        case NET_SOCK_SECURE_UNTRUSTED_BY_CA:
             print(" is not trusted by the Certificate Authority.\r\n");
             return (DEF_NO);
           
        case NET_SOCK_SECURE_EXPIRE_DATE:
             print(" has an expired date.\r\n");
             return (DEF_YES);     
           
        case NET_SOCK_SECURE_INVALID_DATE:
             print(" has an invalid date.\r\n");
             return (DEF_NO);       
           
        case NET_SOCK_SECURE_SELF_SIGNED:
             print(" is self-signed.\r\n");
             return (DEF_YES);       
           
        case NET_SOCK_SECURE_UNKNOWN:
             print(" is untrusted for unknown reasons.\r\n");
             return (DEF_NO);
           
        default:
             return (DEF_NO);
    }
}
  1. µC/FTPc executes into the caller’s task context. All interface functions are blocking calls, until completion or error. µC/FTPc does not rely directly on any Real-Time Operating System (RTOS), but does rely on µC/TCP-IP.
  2. Install CA Certificate.
  3. Initialize the common name of the FTP server.
  4. Initialize the trust secure callback function.
  5. Establish a secure connection with the FTP server.
  6. Transmit a file from the secure FTP server to the target running µC/FTPc.
  7. Transmit a file from the target running µC/FTPc to the secure FTP server.
  8. Close the secure connection with the server.
  9. Example of trust secure callback function.
  10. Depending on the un-trusted reason, return DEF_YES to trust the server certificate or return DEF_NO to distrust the server certificate.