SSL Configuration Mirror
Overview
This NetBurner embedded web server application demonstrates SSL/TLS security implementation with mixed HTTP/HTTPS access control. The application showcases how to create a web server that serves both secure and non-secure content while enforcing SSL requirements for protected resources.
SSL/TLS Server example program with web page redirection for unauthorized access. The example demonstrates how you can have both secure and non-secure access to files and directories.
The application starts the web server with SSL/TLS capability. The directory structure is such that index.html and the files in the images subdirectory can be viewed with a http or https connection. However, files in the httpsdir directory (ie repeat.html) can only be viewed with a secure https connection.
html
|-- index.html
|-- images
|-- (various image files)
|-- httpsdir
|-- repeat.html
The HTTP_ACCESS CheckHttpAccess(int sock, int access_level, HTTP_Request &Req) function is used to authenticate the web page access. It will allow access or redirect depending on the file and access rights.
Application Features
Core Functionality
- Dual Protocol Support: Operates on both HTTP (port 80) and HTTPS (port 443)
- Access Control: Implements granular security policies for different content areas
- SSL Redirection: Automatically redirects HTTP requests to HTTPS for protected content
- Configuration Management: Provides secure configuration interface with JSON API endpoints
- Post Data Logging: Captures and stores HTTP POST requests with timestamps and payloads
Security Implementation
- Certificate-based SSL/TLS: Uses embedded server certificate and private key
- Access Groups: Three-tier authentication system (0=public, 1=SSL required, 2=password protected)
- Automatic Redirection: Non-secure requests to protected content trigger HTTPS redirects
- Authentication: HTTP Basic Auth for password-protected areas
Directory Structure
html/
|-- index.html # Main page (accessible via HTTP/HTTPS)
|-- images/ # Public image assets
|-- NetBurnerSSLDemo.gif
|-- SSL-Good.gif # Shown for HTTPS connections
|-- SSL-Bad.gif # Shown for HTTP connections
|-- httpsdir/ # SSL-only protected directory
|-- repeat.html # Requires HTTPS access
|-- Put.json # Protected JSON endpoint (password required)
|-- robots.txt # Search engine directives
Access Control Levels
Level 0 (Public Access)
- No authentication required
- Accessible via HTTP or HTTPS
- Examples:
index.html, images/ directory
Level 1 (SSL Required)
- Requires HTTPS connection
- HTTP requests receive 302 redirect to HTTPS
- Examples:
httpsdir/ content, configuration endpoints
Level 2 (Password Protected)
- Requires HTTPS + HTTP Basic Authentication
- Default credentials: username="user", password="password"
- Examples:
Put.json, administrative functions
Key Components
Main Application (main.cpp)
- UserMain(): Entry point that initializes network stack, SSL, and web server
- CheckHttpAccess(): Central access control function implementing security policies
- SSL Helper Functions: Utilities for SSL connection detection and certificate management
- Post Handlers: JSON POST request processing with data storage and retrieval
SSL Configuration (HTTPSConfigMirror.cpp)
- CheckSSL(): Validates SSL connections and handles redirections
- Configuration Handlers: Secure endpoints for system configuration management
- Schema Support: JSON schema generation for configuration validation
Certificate Management
- ServerCert.cpp: Embedded SSL certificate data
- ServerKey.cpp: Embedded private key data
- Self-signed certificate valid for IP address access
API Endpoints
Configuration APIs (SSL Required)
GET /Config/* - Retrieve configuration data as JSONPOST /Config/* - Update configuration settingsGET /Schema/* - Get JSON schema for configuration validation
Data APIs
GET /GetJson* - Public JSON endpointGET /PGetJson* - Password-protected JSON endpointPOST /Post* - Accept and log POST dataGET /Show* - Display logged POST data as HTML tableGET /JShow* - Display logged POST data as JSON
Build and Deployment
Prerequisites
- NetBurner development environment
- NNDK (NetBurner Network Development Kit)
- Target NetBurner device with network capability
Compilation
The application uses standard NetBurner build tools. Key dependencies:
Network Configuration
- DHCP client automatically obtains IP address
- NTP time synchronization from pool servers
- Pacific Time Zone configuration (PST8PDT)
Usage Examples
Basic Access
- Connect to device IP via HTTP - shows "NOT secure" indicator
- Access
httpsdir/repeat.html via HTTP - receives FORBIDDEN response
- Click "View index.html with HTTPS" - establishes secure connection
- Access protected content successfully via HTTPS
Configuration Management
- Navigate to
https://device-ip/Config/AppData (requires SSL)
- Authenticate with system credentials if configured
- View/modify JSON configuration data
- Changes automatically saved to persistent storage
POST Data Testing
- Send JSON POST to
/Post* endpoints
- View logged data at
/Show* for HTML table format
- View logged data at
/JShow* for JSON format
- Access individual payloads via
/PlShow* endpoints
Security Considerations
- Self-signed certificate generates browser warnings in production
- Default passwords should be changed for production deployment
- SSL implementation uses industry-standard encryption
- All configuration changes require secure HTTPS connection
- Automatic certificate validation for embedded applications
Technical Notes
- Uses NetBurner RTOS with cooperative multitasking
- Memory-efficient design suitable for embedded systems
- Real-time timestamp logging with timezone support
- Graceful handling of SSL handshake failures
- Configurable reboot capability after configuration changes
Development Features
- Diagnostic monitoring integration
- Build timestamp tracking
- Runtime statistics collection
- Comprehensive error handling and logging
- Extensible callback architecture for custom handlers
