From be190212dee73b823f54f6725447d224e6972596 Mon Sep 17 00:00:00 2001 From: Robert Lubos Date: Thu, 3 Jul 2025 15:02:58 +0200 Subject: [PATCH 1/3] samples: net: http_client: Update TLS configuration Python HTTPS server counterpart for the sample now seems to enforce ECDHE key exchange, so enable it in the sample. Signed-off-by: Robert Lubos --- samples/net/sockets/http_client/overlay-tls.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/samples/net/sockets/http_client/overlay-tls.conf b/samples/net/sockets/http_client/overlay-tls.conf index 1a91e13e3d68..ba49439d858d 100644 --- a/samples/net/sockets/http_client/overlay-tls.conf +++ b/samples/net/sockets/http_client/overlay-tls.conf @@ -8,6 +8,10 @@ CONFIG_MBEDTLS_BUILTIN=y CONFIG_MBEDTLS_ENABLE_HEAP=y CONFIG_MBEDTLS_HEAP_SIZE=60000 CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=2048 +CONFIG_MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED=y +CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED=y +CONFIG_MBEDTLS_ECDH_C=y +CONFIG_MBEDTLS_ECP_C=y CONFIG_NET_SOCKETS_SOCKOPT_TLS=y CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS=6 From 64aebb6b967e45ecee01f3e03701048187c53617 Mon Sep 17 00:00:00 2001 From: Robert Lubos Date: Thu, 3 Jul 2025 15:04:56 +0200 Subject: [PATCH 2/3] samples: net: http_client: Avoid parallel IPv4/IPv6 sessions Apparently the simple python HTTPS server the sample is interfacing, cannot handle parallel TLS sessions (just one at a time), hence establishing both IPv4/6 connections before sending request doesn't work well, half of the requests are dropped. Therefore, modify the sample a little to run only one TLS (or TCP if no TLS is used) connection at a time. Additionally, add a log in case HTTP client request fails, as it could easily be overlooked if something went wrong. Signed-off-by: Robert Lubos --- samples/net/sockets/http_client/src/main.c | 114 +++++++++++---------- 1 file changed, 60 insertions(+), 54 deletions(-) diff --git a/samples/net/sockets/http_client/src/main.c b/samples/net/sockets/http_client/src/main.c index d33f0bdeafe5..3751f580cc16 100644 --- a/samples/net/sockets/http_client/src/main.c +++ b/samples/net/sockets/http_client/src/main.c @@ -159,6 +159,7 @@ static int run_queries(void) int32_t timeout = 3 * MSEC_PER_SEC; int ret = 0; int port = HTTP_PORT; + struct http_request req; if (IS_ENABLED(CONFIG_NET_SOCKETS_SOCKOPT_TLS)) { ret = tls_credential_add(CA_CERTIFICATE_TAG, @@ -178,21 +179,10 @@ static int run_queries(void) (void)connect_socket(AF_INET, SERVER_ADDR4, port, &sock4, (struct sockaddr *)&addr4, sizeof(addr4)); - } - - if (IS_ENABLED(CONFIG_NET_IPV6)) { - (void)connect_socket(AF_INET6, SERVER_ADDR6, port, - &sock6, (struct sockaddr *)&addr6, - sizeof(addr6)); - } - - if (sock4 < 0 && sock6 < 0) { - LOG_ERR("Cannot create HTTP connection."); - return -ECONNABORTED; - } - - if (sock4 >= 0 && IS_ENABLED(CONFIG_NET_IPV4)) { - struct http_request req; + if (sock4 < 0) { + LOG_ERR("Cannot create HTTP IPv4 connection."); + return -ECONNABORTED; + } memset(&req, 0, sizeof(req)); @@ -205,12 +195,21 @@ static int run_queries(void) req.recv_buf_len = sizeof(recv_buf_ipv4); ret = http_client_req(sock4, &req, timeout, "IPv4 GET"); + if (ret < 0) { + LOG_ERR("Client error %d", ret); + } close(sock4); } - if (sock6 >= 0 && IS_ENABLED(CONFIG_NET_IPV6)) { - struct http_request req; + if (IS_ENABLED(CONFIG_NET_IPV6)) { + (void)connect_socket(AF_INET6, SERVER_ADDR6, port, + &sock6, (struct sockaddr *)&addr6, + sizeof(addr6)); + if (sock6 < 0) { + LOG_ERR("Cannot create HTTP IPv6 connection."); + return -ECONNABORTED; + } memset(&req, 0, sizeof(req)); @@ -223,6 +222,9 @@ static int run_queries(void) req.recv_buf_len = sizeof(recv_buf_ipv6); ret = http_client_req(sock6, &req, timeout, "IPv6 GET"); + if (ret < 0) { + LOG_ERR("Client error %d", ret); + } close(sock6); } @@ -234,21 +236,10 @@ static int run_queries(void) (void)connect_socket(AF_INET, SERVER_ADDR4, port, &sock4, (struct sockaddr *)&addr4, sizeof(addr4)); - } - - if (IS_ENABLED(CONFIG_NET_IPV6)) { - (void)connect_socket(AF_INET6, SERVER_ADDR6, port, - &sock6, (struct sockaddr *)&addr6, - sizeof(addr6)); - } - - if (sock4 < 0 && sock6 < 0) { - LOG_ERR("Cannot create HTTP connection."); - return -ECONNABORTED; - } - - if (sock4 >= 0 && IS_ENABLED(CONFIG_NET_IPV4)) { - struct http_request req; + if (sock4 < 0) { + LOG_ERR("Cannot create HTTP IPv4 connection."); + return -ECONNABORTED; + } memset(&req, 0, sizeof(req)); @@ -263,12 +254,21 @@ static int run_queries(void) req.recv_buf_len = sizeof(recv_buf_ipv4); ret = http_client_req(sock4, &req, timeout, "IPv4 POST"); + if (ret < 0) { + LOG_ERR("Client error %d", ret); + } close(sock4); } - if (sock6 >= 0 && IS_ENABLED(CONFIG_NET_IPV6)) { - struct http_request req; + if (IS_ENABLED(CONFIG_NET_IPV6)) { + (void)connect_socket(AF_INET6, SERVER_ADDR6, port, + &sock6, (struct sockaddr *)&addr6, + sizeof(addr6)); + if (sock6 < 0) { + LOG_ERR("Cannot create HTTP IPv6 connection."); + return -ECONNABORTED; + } memset(&req, 0, sizeof(req)); @@ -283,6 +283,9 @@ static int run_queries(void) req.recv_buf_len = sizeof(recv_buf_ipv6); ret = http_client_req(sock6, &req, timeout, "IPv6 POST"); + if (ret < 0) { + LOG_ERR("Client error %d", ret); + } close(sock6); } @@ -293,29 +296,19 @@ static int run_queries(void) sock6 = -1; if (IS_ENABLED(CONFIG_NET_IPV4)) { - (void)connect_socket(AF_INET, SERVER_ADDR4, port, - &sock4, (struct sockaddr *)&addr4, - sizeof(addr4)); - } - - if (IS_ENABLED(CONFIG_NET_IPV6)) { - (void)connect_socket(AF_INET6, SERVER_ADDR6, port, - &sock6, (struct sockaddr *)&addr6, - sizeof(addr6)); - } - - if (sock4 < 0 && sock6 < 0) { - LOG_ERR("Cannot create HTTP connection."); - return -ECONNABORTED; - } - - if (sock4 >= 0 && IS_ENABLED(CONFIG_NET_IPV4)) { - struct http_request req; const char *headers[] = { "Transfer-Encoding: chunked\r\n", NULL }; + (void)connect_socket(AF_INET, SERVER_ADDR4, port, + &sock4, (struct sockaddr *)&addr4, + sizeof(addr4)); + if (sock4 < 0) { + LOG_ERR("Cannot create HTTP IPv4 connection."); + return -ECONNABORTED; + } + memset(&req, 0, sizeof(req)); req.method = HTTP_POST; @@ -329,17 +322,27 @@ static int run_queries(void) req.recv_buf_len = sizeof(recv_buf_ipv4); ret = http_client_req(sock4, &req, timeout, "IPv4 POST"); + if (ret < 0) { + LOG_ERR("Client error %d", ret); + } close(sock4); } - if (sock6 >= 0 && IS_ENABLED(CONFIG_NET_IPV6)) { - struct http_request req; + if (IS_ENABLED(CONFIG_NET_IPV6)) { const char *headers[] = { "Transfer-Encoding: chunked\r\n", NULL }; + (void)connect_socket(AF_INET6, SERVER_ADDR6, port, + &sock6, (struct sockaddr *)&addr6, + sizeof(addr6)); + if (sock6 < 0) { + LOG_ERR("Cannot create HTTP IPv6 connection."); + return -ECONNABORTED; + } + memset(&req, 0, sizeof(req)); req.method = HTTP_POST; @@ -353,6 +356,9 @@ static int run_queries(void) req.recv_buf_len = sizeof(recv_buf_ipv6); ret = http_client_req(sock6, &req, timeout, "IPv6 POST"); + if (ret < 0) { + LOG_ERR("Client error %d", ret); + } close(sock6); } From d3aac789746b00cb266a089e2650561f2ae5e99b Mon Sep 17 00:00:00 2001 From: Robert Lubos Date: Thu, 3 Jul 2025 15:16:13 +0200 Subject: [PATCH 3/3] manifest: Pull net-tools HTTP server scripts fixes Pull latest fixes for HTTP(s) server scripts. Signed-off-by: Robert Lubos --- west.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/west.yml b/west.yml index fe8253bfa2f2..26081dbb5b24 100644 --- a/west.yml +++ b/west.yml @@ -320,7 +320,7 @@ manifest: - debug revision: 33e5c23cbedda5ba12dbe50c4baefb362a791001 - name: net-tools - revision: 986bfeb040df3d9029366de8aea4ce1f84e93780 + revision: 64bf49ad9b6d1d1f9d24bf8b94d82d9bcb52f61a path: tools/net-tools groups: - tools