HTTPS support on N+2?
#1
Posted 20 November 2012 - 09:05 PM
#2
Posted 21 November 2012 - 12:16 AM
OpenSSL is pretty large, so I don't think it will fit. But I've learned to never say never One of our enterprising community members may find a way to make it work.Is HTTPS supported on N+2? It came up in another thread on the board, but I'm wondering if with the new hardware its possible to use HTTPS for restful or other services located across the network.
There are some smaller SSL stacks, albeit not open source ones, that could be integrated for commercial projects using Netduino Plus 2.
Chris
Edited by Chris Walker, 21 November 2012 - 03:02 PM.
corrected typo -- thanks cuno!
#3
Posted 21 November 2012 - 01:22 AM
#4
Posted 21 November 2012 - 06:41 AM
The basic run-down is that your device can be a client or a server as far as SSL is concerned so technically you can pull off HTTPs. If you're using basic HTTPS then you only need to store one or two certificates. One to certify your netduino as a secure server and possibly another certificate/cert chain that points to a publicly trusted certification authority(CA). If you don't care about the certificate being trusted and you just want secure communications it's pretty simple.
- Generate and store the SSL certificate for your netduino into RAM at run-time via the CertificateStore class. Put the cert on an SD card and read it off each time you boot up
- Use the SSLStream class for reading and writing data instead of a NetworkStream with the client socket.
- Server authentication via the netduino certificate is mandatory but client authentication with a separate certificate is optional. Use the SSLStream.AuthenticateAsClient and AuthenticateAsServer functions.
- Once authenticated, you use the streams like normal HTTP
#5
Posted 21 November 2012 - 11:28 AM
You mean SSL stacks? Polar SSL and Matrix SSL are small dual-licensed open source SSL stacks:There are some smaller TCP stacks, albeit not open source ones, that could be integrated for commercial projects using Netduino Plus 2.
http://www.matrixssl.org/
https://polarssl.org/
I don't really know either one, but they appear like good candidates for integration into NETMF (not Apache 2.0 licensed, though). If anyone has experience with that, I'd be very interested.
Cuno
PS
Open SSL indeed seems an order of magnitude too large for Netduino Plus 2 or similar boards.
PPS
It would be particularly interesting to learn about the speed of these generic stacks. SSL stacks not tuned for a particular microcontroller may be very slow (e.g., taking more than a minute for opening a connection).
#6
Posted 21 November 2012 - 03:03 PM
Doh! Yes, SSL Fixed.You mean SSL stacks? Polar SSL and Matrix SSL are small dual-licensed open source SSL stacks:
BTW, thanks for the additional notes on SSL stacks. I really wish we could find an open source one to squeeze in... Would be awesome.
Chris
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users