HTTPS client is here for the Photon! - by the glowfi.sh Team


#41

@jhlink You can also likely interface with him & the code directly on github.


#42

Thanks @dougM!! I’ll be sure shoot him an email!!

@ericso, I’m actually working a lot with AWS. If you need some help, give me a holler.
The API Gateway is actually quite nice to access most if not all of the AWS features.

@josec, The Red Flash of Death… an embedded systems developer’s worst nightmare…
I’ve got a photon, and despite it having a huge amount of memory, it’s running out of memory.
I’m going to try and get on this tonight to see if there’s any way to recycle previously used memory.


#43

I’ve found that the library induces “SOS” mode.
Currently, I’ve posted the issue on the Github repo [here].

If there’s anyone that can lend a helping hand or any useful advice in debugging this, please do post!!

I’d love to hear any kind of input!

I’m going to try my best digging through this!


#44

Thanks for making this.

@michaelT / @josec, I’ve been playing with this for a while and can’t figure out how to just make a GET request and output the response/body of the response. The timeapi example is good and I can see the response body when debugging but can’t figure out how to actually output that myself.

Any examples?

Thanks


Encrypting sensor reading using AES( or other supported schemes)
#45

Thanks for that info @jhlink, I’m starting to look at AWS API gateway as well as a front gate into Lambda and like the UX so far. Are there any tips or tech resources that you can give for hooking up from Particle cloud to API gateway to Lambda?
Can I PM you for more info?


#46

The link doesn’t go anywhere.


#47

Sorry!!
Here’s the full link!


#48

Hey @MarkyD,

The biggest problem isn’t AWS, but rather https protocols for Particle.
The HTTPS Client library unfortunately isn’t able to handle this reliably, and it does require a bit of debugging.

The best way I’ve found to handle data requests (POST/GET/etc) is through Particle webhooks. The It’s great because you can make https calls very easily, but it sucks because you have a very limited number of requests/webhooks per minute. (Unless of course you email Particle directly to raise the limits of these requests/webhooks for a certain cost.)

Go ahead and PM me if you have any more questions!!

James


#49

Thanks @jhlink!


#50

@markyd, @jhlink, @dougM, @bryceadams, @ericso, @fbt

Sorry about my hiatus. Just wanted to check in to see if there is still any interest for the library. I made a small tweak that should avoid the RED blinking LED :wink:

The main reason this happens is when the request reply timeout occurs. This basically causes all the MatrixSSL buffers to be re-allocated. This can be prevented by implementing some sort of an algorithm to allocate within a single memory pool to prevent the overrun. But obviously, it’s a lot more work and is going to take up some time.

@jhlink I don’t think the https protocols are being handled unreliably per se. It does what it’s intended to for the examples that are in there. Let me know if you got to spend any more time with the library by chance. I am curious to hear, and maybe solve a problem or two.

If I hear back from here, I intend to set a small roadmap and see where we go from there.

jersey99


#51

@jersey99
I think there’s immense interest for the library. AWS especially ties in really nicely with scalable IoT tech, but requires at the very minimum HTTPS, assuming you’re using API Gateway. (You could try making direct requests with AWS services, but that involves some crazy complex implementation of their authentication protocol.)

I tried looking into debugging the problem myself, but I got lost in the immense amount of MatrixSSL code. (The goto statements are especially confusing.)

The Photon has HTTPS protocol in its firmware documentation, but it actually goes through Particle Cloud before reaching a web endpoint, which sounds great but that’s until you read about the webhook, request, and host limits. For hobbyists, not really that big of a problem, but it is a bit of an obstacle if you have larger demands per Photon device.

I sort of gave up debugging this library, so I thought of developing a more lean HTTPS library using a different TLS/SSL library instead of MatrixSSL, like NanoSSL, PolarSSL, or maybe Cyassl. But this is a project way down the road. I’ve had to switch to the Arduino Yun’s due to project deadlines and such.


#52

yes! … :point_up:


#53

Yes, totally! The SAP HANA Cloud Platform (HCP) requires HTTPS connections (if you try HTTP, you get redirected to HTTPS), and since getting stuff into HCP is my day job, it’s quite important to me.

Thanks for your efforts!!!


#54

I really like PolarSSL.


#55

@Butch @jhlink @fbt
If possible can we have quick list of problems you having with using httpsclient-particle? So that we prioritize?

Thanks!


#56

Sure!!

– Memory… Problems?
The biggest problem is the frequent red SOS lights. If I don’t receive any response, this light appears. Now, the photon does reset automatically and executes the sketch again, but the same error repeats. A cycle results, really.

I think increasing the timeout is a good solution, but I don’t think it solves the underlying problem. There could still be future SOS’s that could occur.

@jersey99, thanks for the correction! You’re right! HTTPS protocols are being handled correctly; it’s really just an issue of memory allocation.

The best fix, I think, would be to shift from dynamic to static memory usage, or rather dynamic restricted to a pool of statically allocated memory. However, this is such a challenge.
The code is a bit… wild to debug. Maybe some refactoring or code optimization could be considered?


Some other thoughts…

– Reducing the code base. I really think that the library could be a lot smaller. TLS/SSL is critical, of course, but something very intensive like 4096 RSA is a bit overkill. If anything, I think a separate branch just for HTTPS related code would be ideal. There would be a smaller code footprint with lots of room for other cool things like more libraries, maybe a song or picture or two for the YOLO inclined. Or if anything, moving all the high level cryptographic functions to a new library entirely and call it “Cryptography-Particle.”


In list form…

  • Reducing code footprint
  • A little bit of code refactoring. (Getting rid of nightmarish go-to statements, specifically.)
  • Moving from dynamic memory allocation to using only statically allocated memory and proper constraints, checks, and safeguards for it.

#57

I need to run in an “insecure” mode where it will ignore certificate warnings for the url I’m hitting. Is this an option buried somewhere that I can’t find?


#58

Hey dougM, I’m not sure if this might be possible.
If you need to run in an “insecure” mode, could you try and use HTTP instead?


#59

Those aren’t the same thing. I need to use HTTPS but need an exception for the cert. Basically “NET::ERR_CERT_AUTHORITY_INVALID” is the error I’m trying to work around be the cert is for xxx.domain.com but I have to access it via 192.168.1.1. so it becomes invalid.


#60

Hi @jersey99 ,

any progress on the red flashing interdeath of things ?

I’m also having the same issue. First time request -> response goes ok -> but keeps on until timeout and next time i get the

matrixSslNewClientSession:-10
New Client Session Failed: Exiting

And then red sos + 1 blink which is told to be a hard fault by the manual.