NetBurner 3.5.6
PDF Version
HTTPS WebSocket Demo

SSL/TLS WebSocket Demo

A NetBurner application demonstrating secure and non-secure HTTP/HTTPS web server functionality with WebSocket support and SSL/TLS authentication.

Overview

This application showcases how to implement both secure (HTTPS) and non-secure (HTTP) access to web resources alongside WebSocket communication. The server provides different access levels based on connection security, demonstrating practical SSL/TLS authentication patterns.

Features

  • Dual Protocol Support: Serves content over both HTTP (port 80) and HTTPS (port 443)
  • SSL/TLS WebSocket: Secure WebSocket communication with authentication
  • Access Control: Directory-based security with SSL-only restricted areas
  • Dynamic Content: Server-side functions for generating dynamic links and content
  • Echo WebSocket: Real-time bidirectional communication demonstration

Directory Structure

html/
httpsdir/
ssl.html # HTTPS-only accessible content
images/
SSL-Good.gif # Shown for secure connections
SSL-Bad.gif # Shown for non-secure connections
index.html # Main page (HTTP/HTTPS accessible)
script.js # Client-side JavaScript

Access Control

The application implements a three-tier access control system:

  • Level 0: Public access (HTTP/HTTPS)
  • Level 1: HTTPS-only access
  • Higher Levels: Custom authentication (extensible)

Security Implementation

HTTP_ACCESS CheckHttpAccess(int sock, int access_level, HTTP_Request &Req)
CheckHttpAccess
HTTP_ACCESS CheckHttpAccess(int sock, int access_level, HTTP_Request &Req)
All HTTP requests go though this function.
Definition JSON/DemoNetBurner/src/main.cpp:142
HTTP_ACCESS
HTTP_ACCESS
HTTP page access return values.
Definition http.h:51
HTTP_Request
HTTP Request Structure.
Definition http.h:83

This function overrides the system default to enforce SSL/TLS requirements:

  • Level 0: Always accessible
  • Level 1: Requires SSL connection, returns HTTP_FORBIDDEN for non-SSL
  • Extensible for additional security levels

WebSocket Functionality

Echo WebSocket Endpoint

  • Endpoint: /echo*
  • Functionality: Echoes received messages back to sender
  • Protocol: Supports both WS and WSS (secure WebSocket)

WebSocket Lifecycle

  1. Connection established via WSStart() callback
  2. Socket registered and semaphore posted
  3. Main loop handles read/write operations
  4. Automatic cleanup on connection errors

Dynamic Content Functions

SSL_Image()

Dynamically serves different images based on connection security:

  • SSL connections: SSL-Good.gif
  • Non-SSL connections: SSL-Bad.gif

HTTPS_Ref() / HTTP_Ref()

Generates protocol-specific URLs for navigation:

  • Automatically detects host information
  • Constructs proper HTTPS/HTTP links
  • Supports both hostname and IP address formats

Host_Ref()

Provides the current host identifier (hostname or IP address)

Configuration Options

Default Configuration

StartHttps(); // Starts both HTTP (80) and HTTPS (443)
StartHttps
void StartHttps(uint16_t ssl_port, uint16_t http_port)
Start the HTTPS secure web server.

HTTPS-Only Configuration

StartHttps(443, 0); // HTTPS only, disables HTTP port

Network Requirements

  • DHCP: Waits up to 5 seconds for network address assignment
  • Ports:
    • HTTP: 80 (configurable/disableable)
    • HTTPS: 443 (configurable)
  • SSL/TLS: Requires valid SSL certificate configuration

Main Application Flow

  1. Initialization
    • Network stack initialization
    • System diagnostics enablement
    • DHCP address acquisition
  2. Server Startup
    • HTTP/HTTPS web server activation
    • WebSocket endpoint registration
  3. Main Loop
    • WebSocket connection monitoring
    • Bidirectional data handling
    • Error detection and cleanup
    • Connection state management

Development Notes

Memory Management

  • Uses SMPoolPtr for buffer management
  • ETHER_BUFFER_SIZE defines maximum message size
  • Automatic cleanup on connection errors

Concurrency

  • Uses OS_SEM semaphore for WebSocket synchronization
  • select() for non-blocking I/O operations
  • Proper file descriptor management

Error Handling

  • Connection error detection via select()
  • Graceful socket closure
  • Automatic reconnection support

Security Considerations

  1. SSL/TLS Configuration: Ensure proper certificate installation
  2. Access Control: Directory-based restrictions prevent unauthorized access
  3. Connection Validation: All SSL connections verified before serving content
  4. Resource Protection: Sensitive content isolated in httpsdir/

Usage Instructions

  1. Build and Deploy: Compile with NetBurner development tools
  2. Network Setup: Ensure device has network connectivity
  3. Access: Navigate to device IP address via web browser
  4. Test Security: Compare HTTP vs HTTPS access to different resources
  5. WebSocket: Use JavaScript client to connect to echo endpoint

Troubleshooting

  • Connection Issues: Check network configuration and DHCP
  • SSL Errors: Verify certificate installation and validity
  • Access Denied: Ensure proper file placement in directory structure
  • WebSocket Failures: Monitor console output for connection status