NetBurner 3.5.6
PDF Version
SSL/TLS Client

SSL/TLS Client Example

A NetBurner embedded device application that demonstrates SSL/TLS client connections with automated testing and connection monitoring.

Overview

This application performs automated SSL/TLS client connections to a specified server, tracking both successful and failed connection attempts. It provides real-time status updates through both network messages and serial debug output, making it useful for testing SSL/TLS connectivity and performance analysis.

Features

  • Automated SSL/TLS client connections with configurable target server
  • Connection attempt tracking (successes and failures)
  • Performance timing measurements
  • Dual output channels: network messages to server and serial debug
  • Comprehensive error reporting with specific SSL error codes
  • Built-in retry mechanism with configurable delays
  • DNS hostname resolution support

Configuration

Server Settings

Modify the following definitions in main.cpp to configure your target SSL server:

#define SSL_SERVER_NAME "192.168.0.53" // Server IP address or hostname
#define SSL_SERVER_PORT 4433 // Server port number

Certificate Checking (Optional)

Certificate checking is disabled by default. To enable certificate verification:

  1. Include a CA certificate list in your project
  2. Uncomment #define NB_SSL_CLIENT_CERTIFICATE_CHECKING_ENABLED in sslclient.cpp
  3. Rebuild the system libraries

Application Behavior

Connection Process

  1. Initialization: Waits for active network (DHCP) for up to 5 seconds
  2. DNS Resolution: Resolves the server hostname to IP address (15-second timeout)
  3. SSL Connection: Attempts SSL/TLS connection (20-second timeout)
  4. Message Exchange: Sends connection statistics to the server
  5. Cleanup: Closes connection and waits before next attempt

Test Parameters

  • Maximum Attempts: 50 connections
  • Connection Timeout: 20 seconds
  • DNS Timeout: 15 seconds
  • Retry Delay: 0.5 seconds between attempts
  • Network Wait: 5 seconds for DHCP

Output Information

For each connection attempt, the application reports:

  • Target server and port
  • Connection start timestamp
  • Success/failure status with error details
  • Total connection time in system ticks and seconds
  • Running totals of successful and failed attempts

Testing with OpenSSL

You can test the client using OpenSSL's server functionality:

openssl s_server -accept 4433 -cert Server.crt -key Server.key
accept
int accept(int listening_socket, IPADDR *address, uint16_t *port, uint16_t timeout)
Accept an incoming connection on a listening socket.

Replace Server.crt and Server.key with your certificate files. These can be created using:

  • NetBurner development tools
  • OpenSSL certificate generation commands
  • Certificate Authority (CA) issued certificates

Refer to the OpenSSL s_server documentation for additional configuration options.

Error Handling

The application provides detailed error reporting for SSL connection failures:

  • SSL_ERROR_FAILED_NEGOTIATION: SSL handshake negotiation failed
  • SSL_ERROR_CERTIFICATE_UNKNOWN: Unknown certificate error
  • SSL_ERROR_CERTIFICATE_NAME_FAILED: Certificate name verification failed
  • SSL_ERROR_CERTIFICATE_VERIFY_FAILED: Certificate verification failed
  • Other errors: Generic SSL connection errors

Performance Monitoring

Connection timing is measured and reported for each attempt:

  • System tick timestamps for precise timing
  • Approximate duration in seconds
  • Running statistics for performance analysis

Build Requirements

  • NetBurner development environment
  • SSL/TLS libraries enabled
  • Network stack with DNS resolution support
  • Serial debug output capability

Usage Notes

  • The application runs continuously until 50 connections are completed
  • After completion, the device must be reset to repeat the test
  • Enable system diagnostics for development (remove for production)
  • Ensure target server is accessible and properly configured
  • Monitor both serial output and network messages for complete status

Development Considerations

  • Remove EnableSystemDiagnostics() call for production builds
  • Adjust timeout values based on network conditions
  • Consider certificate validation requirements for production use
  • Monitor memory usage during extended connection testing