thingsee / thingsee-sdk

Thingsee OS SDK
https://github.com/thingsee/thingsee-sdk/wiki
22 stars 18 forks source link

HTTPS /cloud/events not implemented? #9

Open jonnenauha opened 8 years ago

jonnenauha commented 8 years ago

We are doing our own cloud service where the device will post data to.

If you configure the cloud.json to have "https" and protocol, its not actually using HTTPS. We also tried prefixing the host with https:// but that did not work either (abviously as its putting protocol into the Host header).

I looked around and (probably?) found the relevant code part https://github.com/thingsee/thingsee-sdk/blob/a764aefa31282193e8ea119ad86edd8efa3ad13a/apps/ts_engine/ts-connector/ts_connector.c#L183-L205

I also cant find any place where .cloud_params.protocol is being used at all in the client.

We have a nginx reverse proxy in front of our cloud service, the "https" configured client produces a error along the lines "The client is trying to post HTTP to a HTTPS port" and it suppresses with 400 Bad Request, as in not forwarding the request to our backends.

Our test device has firmaware https://github.com/thingsee/thingsee-sdk/releases/tag/dev_20151110_1 so its a couple of pre-releases old.

So my questions are: Has this already been fixed? If not are you going to implement https requests on the device client side? Is it on the roadmap?

Would like to send as secure traffic if possible. Not a big hassle though, we are now doing it via http 80.


Ping @cvetan5

Python1320 commented 8 years ago

I could not find HTTPS/SSL references in the source and I do not see SSL support coming any time too soon at least:

The hardware seems to have AES acceleration, so not all hope is lost in performance front.

It's all just a matter of coding. Maybe something can be ported over from for example FreeRTOS-compatible SSL-libraries.

paulorclopes commented 8 years ago

Hey,

At some point Thingsee had indeed on the roadmap development of HTTPS implementation. However, our roadmap has been restructured. Currently there isn't a clear plan to when implement HTTPS/SSL protocols.

The best assumption so far is what Python1320 mentioned:

It's all just a matter of coding. Maybe something can be ported over from for example FreeRTOS-compatible SSL-libraries.

We'll update you when there are changes on this matter.

Python1320 commented 8 years ago

One promising library that our team has found is mbed TLS (Apache 2.0 License. Now owned by ARM so it should be(come) quite compatible with the processor's acceleration too) It also has nice tutorials if someone wants to take a shot at integrating it: https://tls.mbed.org/kb/how-to/mbedtls-tutorial

paulorclopes commented 8 years ago

@Python1320 thanks for the addition. Can be helpful for other developers.

Regards, Paulo, Thingsee

comatoze commented 7 years ago

Has this been resolved? At master_20161021_2 it mentions that 'retail-tls' and 'retail-tls-dbg' configs were added on 21-Oct-2016.

jkivilin commented 7 years ago

'retail-tls' configurations enable HTTPS support, but will have much less memory available for Thingsee engine to run. TLS receive fragment size is 16 KiB, and that amount of memory is permanently allocated for TLS rx-buffer and not available for other tasks. Given that Thingsee One has 80 KiB RAM, this is quite large and as result Thingsee engine is not able to run as complex profiles as is possible without HTTPS support.

If you are in full control of your HTTPS server and you can limit TLS fragment size on the server-side, then you can reduce the TLS rx-buffer size with CONFIG_MBEDTLS_MAX_FRAGMENT_LEN config option. Note that with 'retail-tls' configuration, the size of tx TLS fragment has been already reduced to 512 bytes using "CONFIG_MBEDTLS_MAX_OUT_FRAGMENT_LEN=512" option.