Add HTTP client examples (#385)

Examples to demonstrate HTTP, HTTPS and TLS validation

Author: peterharperuk

README.md

@@ -189,6 +189,8 @@ App|Description
 [picow_wifi_scan](pico_w/wifi/wifi_scan) | Scans for WiFi networks and prints the results.
 [picow_udp_beacon](pico_w/wifi/udp_beacon) | A simple UDP transmitter.
 [picow_httpd](pico_w/wifi/httpd) | Runs a LWIP HTTP server test app
+[picow_http_client](pico_w/wifi/http_client) | Demonstrates how to make http and https requests
+[picow_http_client_verify](pico_w/wifi/http_client) | Demonstrates how to make a https request with server authentication
 
 #### FreeRTOS examples
 
@@ -204,6 +206,7 @@ App|Description
 [picow_freertos_ntp_client_socket](pico_w/wifi/freertos/ntp_client_socket) | Connects to an NTP server using the LwIP Socket API with FreeRTOS in NO_SYS=0 (i.e. full FreeRTOS integration) mode.
 [pico_freertos_httpd_nosys](pico_w/wifi/freertos/httpd) | Runs a LWIP HTTP server test app under FreeRTOS in NO_SYS=1 mode.
 [pico_freertos_httpd_sys](pico_w/wifi/freertos/httpd) | Runs a LWIP HTTP server test app under FreeRTOS in NO_SYS=0 (i.e. full FreeRTOS integration) mode.
+[picow_freertos_http_client_sys](pico_w/wifi/freertos/http_client) | Demonstrates how to make a https request in NO_SYS=0 (i.e. full FreeRTOS integration)
 
 ### Pico W Bluetooth
 

pico_w/wifi/CMakeLists.txt

@@ -17,6 +17,7 @@ else()
     add_subdirectory_exclude_platforms(tcp_client)
     add_subdirectory_exclude_platforms(tcp_server)
     add_subdirectory_exclude_platforms(udp_beacon)
+    add_subdirectory_exclude_platforms(http_client)
 
     if (NOT PICO_MBEDTLS_PATH)
         message("Skipping tls examples as PICO_MBEDTLS_PATH is not defined")

pico_w/wifi/freertos/CMakeLists.txt

@@ -7,4 +7,5 @@ else()
     add_subdirectory_exclude_platforms(iperf)
     add_subdirectory_exclude_platforms(ntp_client_socket)
     add_subdirectory_exclude_platforms(ping)
-endif()
+    add_subdirectory_exclude_platforms(http_client)
+endif()

pico_w/wifi/freertos/http_client/CMakeLists.txt

@@ -0,0 +1,55 @@
+# This example is disabled as mbedtls uses too much stack, and Freertos SMP is problematic with
+# pico_cyw43_arch_lwip_threadsafe_background (nosys), where WiFi and LwIP activity is performed in an IRQ.
+# Prefer to use pico_cyw43_arch_lwip_sys_freertos instead, where WiFi and LwIP activity is performed in a thread.
+if (0)
+add_executable(picow_freertos_http_client_nosys
+        picow_freertos_http_client.c
+        )
+target_compile_definitions(picow_freertos_http_client_nosys PRIVATE
+        WIFI_SSID=\"${WIFI_SSID}\"
+        WIFI_PASSWORD=\"${WIFI_PASSWORD}\"
+        ALTCP_MBEDTLS_AUTHMODE=MBEDTLS_SSL_VERIFY_REQUIRED
+        )
+target_include_directories(picow_freertos_http_client_nosys PRIVATE
+        ${CMAKE_CURRENT_LIST_DIR}
+        ${CMAKE_CURRENT_LIST_DIR}/.. # for our common FreeRTOSConfig
+        ${CMAKE_CURRENT_LIST_DIR}/../.. # for our common lwipopts and mbedtls_config
+        )
+target_link_libraries(picow_freertos_http_client_nosys
+        pico_cyw43_arch_lwip_threadsafe_background
+        pico_stdlib
+        example_lwip_http_util
+        FreeRTOS-Kernel-Heap4 # FreeRTOS kernel and dynamic heap
+        )
+pico_add_extra_outputs(picow_freertos_http_client_nosys)
+endif()
+
+add_executable(picow_freertos_http_client_sys
+        picow_freertos_http_client.c
+        )
+target_compile_definitions(picow_freertos_http_client_sys PRIVATE
+        WIFI_SSID=\"${WIFI_SSID}\"
+        WIFI_PASSWORD=\"${WIFI_PASSWORD}\"
+        NO_SYS=0 # don't want NO_SYS (generally this would be in your lwipopts.h)
+        ALTCP_MBEDTLS_AUTHMODE=MBEDTLS_SSL_VERIFY_REQUIRED
+        CYW43_TASK_STACK_SIZE=2048
+        )
+target_include_directories(picow_freertos_http_client_sys PRIVATE
+        ${CMAKE_CURRENT_LIST_DIR}
+        ${CMAKE_CURRENT_LIST_DIR}/.. # for our common FreeRTOSConfig
+        ${CMAKE_CURRENT_LIST_DIR}/../.. # for our common lwipopts
+        )
+target_link_libraries(picow_freertos_http_client_sys
+        pico_cyw43_arch_lwip_sys_freertos
+        pico_stdlib
+        example_lwip_http_util
+        FreeRTOS-Kernel-Heap4 # FreeRTOS kernel and dynamic heap
+        )
+pico_add_extra_outputs(picow_freertos_http_client_sys)
+
+# Ignore warnings from lwip code
+set_source_files_properties(
+        ${PICO_LWIP_PATH}/src/apps/altcp_tls/altcp_tls_mbedtls.c
+        PROPERTIES
+        COMPILE_OPTIONS "-Wno-unused-result"
+        )

pico_w/wifi/freertos/http_client/FreeRTOSConfig.h

@@ -0,0 +1,7 @@
+#ifndef FREERTOS_CONFIG_H
+#define FREERTOS_CONFIG_H
+
+// This example uses a common include to avoid repetition
+#include "FreeRTOSConfig_examples_common.h"
+
+#endif

pico_w/wifi/freertos/http_client/lwipopts.h

@@ -0,0 +1,36 @@
+#ifndef _LWIPOPTS_H
+#define _LWIPOPTS_H
+
+// Generally you would define your own explicit list of lwIP options
+// (see https://www.nongnu.org/lwip/2_1_x/group__lwip__opts.html)
+//
+// This example uses a common include to avoid repetition
+#include "lwipopts_examples_common.h"
+
+#if !NO_SYS
+#define TCPIP_THREAD_STACKSIZE 1024
+#define DEFAULT_THREAD_STACKSIZE 1024
+#define DEFAULT_RAW_RECVMBOX_SIZE 8
+#define TCPIP_MBOX_SIZE 8
+#define LWIP_TIMEVAL_PRIVATE 0
+
+// not necessary, can be done either way
+#define LWIP_TCPIP_CORE_LOCKING_INPUT 1
+
+// ping_thread sets socket receive timeout, so enable this feature
+#define LWIP_SO_RCVTIMEO 1
+#endif
+
+#define LWIP_ALTCP 1
+
+// If you don't want to use TLS (just a http request) you can avoid linking to mbedtls and remove the following
+#define LWIP_ALTCP_TLS           1
+#define LWIP_ALTCP_TLS_MBEDTLS   1
+
+// Note bug in lwip with LWIP_ALTCP and LWIP_DEBUG
+// https://savannah.nongnu.org/bugs/index.php?62159
+//#define LWIP_DEBUG 1
+#undef LWIP_DEBUG
+#define ALTCP_MBEDTLS_DEBUG  LWIP_DBG_ON
+
+#endif

pico_w/wifi/freertos/http_client/mbedtls_config.h

@@ -0,0 +1,6 @@
+#ifndef MBEDTLS_CONFIG_TLS_CLIENT_H
+#define MBEDTLS_CONFIG_TLS_CLIENT_H
+
+#include "mbedtls_config_examples_common.h"
+
+#endif

pico_w/wifi/freertos/http_client/picow_freertos_http_client.c

@@ -0,0 +1,121 @@
+/**
+ * Copyright (c) 2023 Raspberry Pi (Trading) Ltd.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include "pico/cyw43_arch.h"
+#include "pico/stdlib.h"
+#include "lwip/altcp_tls.h"
+
+#include "lwip/netif.h"
+
+#include "FreeRTOS.h"
+#include "task.h"
+#include "example_http_client_util.h"
+
+#ifndef RUN_FREERTOS_ON_CORE
+#define RUN_FREERTOS_ON_CORE 0
+#endif
+
+#define TEST_TASK_PRIORITY ( tskIDLE_PRIORITY + 2UL )
+#define TEST_TASK_STACK_SIZE 1024
+
+// Using this url as we know the root cert won't change for a long time
+#define HOST "fw-download-alias1.raspberrypi.com"
+#define URL_REQUEST "/net_install/boot.sig"
+
+// This is the PUBLIC root certificate exported from a browser
+// Note that the newlines are needed
+#define TLS_ROOT_CERT_OK "-----BEGIN CERTIFICATE-----\n\
+MIIC+jCCAn+gAwIBAgICEAAwCgYIKoZIzj0EAwIwgbcxCzAJBgNVBAYTAkdCMRAw\n\
+DgYDVQQIDAdFbmdsYW5kMRIwEAYDVQQHDAlDYW1icmlkZ2UxHTAbBgNVBAoMFFJh\n\
+c3BiZXJyeSBQSSBMaW1pdGVkMRwwGgYDVQQLDBNSYXNwYmVycnkgUEkgRUNDIENB\n\
+MR0wGwYDVQQDDBRSYXNwYmVycnkgUEkgUm9vdCBDQTEmMCQGCSqGSIb3DQEJARYX\n\
+c3VwcG9ydEByYXNwYmVycnlwaS5jb20wIBcNMjExMjA5MTEzMjU1WhgPMjA3MTEx\n\
+MjcxMTMyNTVaMIGrMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRW5nbGFuZDEdMBsG\n\
+A1UECgwUUmFzcGJlcnJ5IFBJIExpbWl0ZWQxHDAaBgNVBAsME1Jhc3BiZXJyeSBQ\n\
+SSBFQ0MgQ0ExJTAjBgNVBAMMHFJhc3BiZXJyeSBQSSBJbnRlcm1lZGlhdGUgQ0Ex\n\
+JjAkBgkqhkiG9w0BCQEWF3N1cHBvcnRAcmFzcGJlcnJ5cGkuY29tMHYwEAYHKoZI\n\
+zj0CAQYFK4EEACIDYgAEcN9K6Cpv+od3w6yKOnec4EbyHCBzF+X2ldjorc0b2Pq0\n\
+N+ZvyFHkhFZSgk2qvemsVEWIoPz+K4JSCpgPstz1fEV6WzgjYKfYI71ghELl5TeC\n\
+byoPY+ee3VZwF1PTy0cco2YwZDAdBgNVHQ4EFgQUJ6YzIqFh4rhQEbmCnEbWmHEo\n\
+XAUwHwYDVR0jBBgwFoAUIIAVCSiDPXut23NK39LGIyAA7NAwEgYDVR0TAQH/BAgw\n\
+BgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwIDaQAwZgIxAJYM+wIM\n\
+PC3wSPqJ1byJKA6D+ZyjKR1aORbiDQVEpDNWRKiQ5QapLg8wbcED0MrRKQIxAKUT\n\
+v8TJkb/8jC/oBVTmczKlPMkciN+uiaZSXahgYKyYhvKTatCTZb+geSIhc0w/2w==\n\
+-----END CERTIFICATE-----\n"
+
+void main_task(__unused void *params) {
+    if (cyw43_arch_init()) {
+        printf("failed to initialise\n");
+        return;
+    }
+
+    cyw43_arch_enable_sta_mode();
+    printf("Connecting to Wi-Fi...\n");
+    if (cyw43_arch_wifi_connect_timeout_ms(WIFI_SSID, WIFI_PASSWORD, CYW43_AUTH_WPA2_AES_PSK, 30000)) {
+        printf("failed to connect.\n");
+        exit(1);
+    } else {
+        printf("Connected.\n");
+    }
+
+    static const uint8_t cert_ok[] = TLS_ROOT_CERT_OK;
+    static EXAMPLE_HTTP_REQUEST_T req = {0};
+    req.hostname = HOST;
+    req.url = URL_REQUEST;
+    req.headers_fn = http_client_header_print_fn;
+    req.recv_fn = http_client_receive_print_fn;
+    req.tls_config = altcp_tls_create_config_client(cert_ok, sizeof(cert_ok));
+
+    int pass = http_client_request_sync(cyw43_arch_async_context(), &req);
+    altcp_tls_free_config(req.tls_config);
+    if (pass != 0) {
+        panic("test failed");
+    }
+
+    cyw43_arch_deinit();
+    panic("Test passed");
+}
+
+void vLaunch( void) {
+    TaskHandle_t task;
+    xTaskCreate(main_task, "TestMainThread", TEST_TASK_STACK_SIZE, NULL, TEST_TASK_PRIORITY, &task);
+
+#if NO_SYS && configUSE_CORE_AFFINITY && configNUM_CORES > 1
+    // we must bind the main task to one core (well at least while the init is called)
+    // (note we only do this in NO_SYS mode, because cyw43_arch_freertos
+    // takes care of it otherwise)
+    vTaskCoreAffinitySet(task, 1);
+#endif
+
+    /* Start the tasks and timer running. */
+    vTaskStartScheduler();
+}
+
+int main( void )
+{
+    stdio_init_all();
+
+    /* Configure the hardware ready to run the demo. */
+    const char *rtos_name;
+#if ( portSUPPORT_SMP == 1 )
+    rtos_name = "FreeRTOS SMP";
+#else
+    rtos_name = "FreeRTOS";
+#endif
+
+#if ( portSUPPORT_SMP == 1 ) && ( configNUM_CORES == 2 )
+    printf("Starting %s on both cores:\n", rtos_name);
+    vLaunch();
+#elif ( RUN_FREERTOS_ON_CORE == 1 )
+    printf("Starting %s on core 1:\n", rtos_name);
+    multicore_launch_core1(vLaunch);
+    while (true);
+#else
+    printf("Starting %s on core 0:\n", rtos_name);
+    vLaunch();
+#endif
+    return 0;
+}

pico_w/wifi/http_client/CMakeLists.txt

@@ -0,0 +1,58 @@
+pico_add_library(example_lwip_http_util NOFLAG)
+target_sources(example_lwip_http_util INTERFACE
+        ${CMAKE_CURRENT_LIST_DIR}/example_http_client_util.c
+        )
+pico_mirrored_target_link_libraries(example_lwip_http_util INTERFACE
+        pico_lwip_http
+        pico_lwip_mbedtls
+        pico_mbedtls
+        )
+target_include_directories(example_lwip_http_util INTERFACE
+        ${CMAKE_CURRENT_LIST_DIR}
+        )
+
+add_executable(picow_http_client
+        picow_http_client.c
+        )
+target_compile_definitions(picow_http_client PRIVATE
+        WIFI_SSID=\"${WIFI_SSID}\"
+        WIFI_PASSWORD=\"${WIFI_PASSWORD}\"
+        )
+target_include_directories(picow_http_client PRIVATE
+        ${CMAKE_CURRENT_LIST_DIR}
+        ${CMAKE_CURRENT_LIST_DIR}/.. # for our common lwipopts and mbedtls_config
+        )
+target_link_libraries(picow_http_client
+        pico_cyw43_arch_lwip_threadsafe_background
+        example_lwip_http_util
+        pico_stdlib
+        )
+pico_add_extra_outputs(picow_http_client)
+
+add_executable(picow_http_client_verify
+        picow_http_verify.c
+        )
+target_compile_definitions(picow_http_client_verify PRIVATE
+        WIFI_SSID=\"${WIFI_SSID}\"
+        WIFI_PASSWORD=\"${WIFI_PASSWORD}\"
+        # By default verification is optional (MBEDTLS_SSL_VERIFY_OPTIONAL)
+        # Make it required for this test
+        ALTCP_MBEDTLS_AUTHMODE=MBEDTLS_SSL_VERIFY_REQUIRED
+        )
+target_include_directories(picow_http_client_verify PRIVATE
+        ${CMAKE_CURRENT_LIST_DIR}
+        ${CMAKE_CURRENT_LIST_DIR}/.. # for our common lwipopts and mbedtls_config
+        )
+target_link_libraries(picow_http_client_verify
+        pico_cyw43_arch_lwip_threadsafe_background
+        example_lwip_http_util
+        pico_stdlib
+        )
+pico_add_extra_outputs(picow_http_client_verify)
+
+# Ignore warnings from lwip code
+set_source_files_properties(
+        ${PICO_LWIP_PATH}/src/apps/altcp_tls/altcp_tls_mbedtls.c
+        PROPERTIES
+        COMPILE_OPTIONS "-Wno-unused-result"
+        )