20170223_jeffrey - silenceuncrio/diary GitHub Wiki
0920
今天先跟 shin 協調一下 M300 燒錄 的事宜
0935
shin 表示他是怕後續事情一起來的時候他們沒時間學
但下禮拜他們在忙別的事情
pilot run 回來的十套應該也是我先幫忙燒錄了
不過倒是可以請負責燒錄的同仁過來一起進行
我也可以根據和 負責同仁 的互動來修改 燒錄 SOP 文檔
0945
icos trace 的差不多了
再回頭看一下 mongoose 這一套 embedded web library 怎麼來實作 HTTPS
參考 https://github.com/cesanta/mongoose/tree/master/examples/simplest_web_server_ssl
直接一個現成的範例
搭配 ca.pem, server,key 和 server.pem
參考 http://bryceknowhow.blogspot.tw/2014/06/mongoosehttp-web-server-mongoose-http.html
這一篇有教學
包含怎麼利用 openssl 來產生 Key
1105
直接看 官網 - Mongoose - a networking library 的說明文件
Enabling HTTPS
To enable SSL on the server side, please follow these steps:
- Obtain SSL certificate file and private key file
- Declare struct mg_bind_opts, initialize ssl_cert and ssl_key
- Use mg_bind_opt() to create listening socket
Example:
int main(void) {
struct mg_mgr mgr;
struct mg_connection *c;
struct mg_bind_opts bind_opts;
mg_mgr_init(&mgr, NULL);
memset(&bind_opts, 0, sizeof(bind_opts));
bind_opts.ssl_cert = "server.pem";
bind_opts.ssl_key = "key.pem";
// Use bind_opts to specify SSL certificate & key file
c = mg_bind_opt(&mgr, "443", ev_handler, bind_opts);
mg_set_protocol_http_websocket(c);
...
}
1130
試著解析 Obtain SSL certificate file and private key file
由以上的 example 得知
- SSL certificate file - server.pem
- private key file - key.pem
再參考 https://github.com/cesanta/mongoose/tree/master/examples/simplest_web_server_ssl
得到
server.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=test.cesanta.com, O=Cesanta, OU=testing
Validity
Not Before: Nov 13 13:18:01 2016 GMT
Not After : Aug 13 13:18:01 2026 GMT
Subject: CN=localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ae:8f:02:5b:55:f4:c5:a1:a6:1a:40:da:33:12:
9b:5d:60:39:2f:0f:ac:78:0e:b5:b6:2a:06:ad:22:
10:ce:ea:8b:61:e2:68:16:7c:15:80:5d:23:07:93:
d3:8f:ed:c4:88:63:01:70:0f:e6:87:bd:d5:02:d8:
53:16:62:41:c6:3f:9a:80:8a:7b:fd:cb:d4:06:98:
1f:2c:29:66:49:82:f6:7d:98:ba:16:87:73:f9:ff:
66:72:bc:b7:5d:1c:3b:3b:ab:e5:6a:6b:56:7d:35:
fc:4c:09:8c:49:1e:8f:5d:50:47:2e:08:ec:e6:90:
ce:14:59:ab:34:0b:0c:e6:c2:d8:53:5f:f5:30:5b:
c4:d9:9f:48:9d:32:39:1b:8d:fb:20:4d:56:72:14:
52:6e:96:1d:1d:c8:42:df:d5:f3:a4:31:a8:22:76:
41:d5:ad:ce:85:c1:e6:fb:15:2d:2e:93:09:d0:6d:
28:13:95:45:13:29:d9:ad:e6:68:10:86:38:27:1b:
29:43:b2:cf:b1:ac:bd:7f:1d:d3:96:4d:3d:80:43:
10:81:50:9e:08:d8:90:c1:4c:59:76:d2:da:bb:6c:
7a:d4:b3:5c:75:90:8a:37:b1:5b:14:b2:6c:ce:fd:
54:da:e8:2e:10:bb:13:9a:2e:c4:ea:91:eb:4f:38:
a8:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
X509v3 Key Usage:
Digital Signature, Key Encipherment, Key Agreement
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Subject Alternative Name:
IP Address:127.0.0.1
Signature Algorithm: sha256WithRSAEncryption
54:c3:48:5b:4d:c4:fa:72:bc:ce:0c:ee:10:01:75:3b:cf:85:
f1:9f:42:e4:c5:b5:c4:b2:84:e1:1b:54:02:56:03:1c:e0:18:
69:c7:c8:32:cf:90:8b:c8:76:33:02:22:4e:04:51:1e:57:45:
c4:aa:81:93:34:c3:05:7a:54:77:43:94:e0:f7:2d:53:60:ed:
ea:c3:00:16:c5:ee:bf:6e:b5:73:a6:db:3a:36:21:b5:b8:43:
01:9c:11:60:a0:dd:71:dc:8f:71:e0:da:4e:c5:4e:4c:53:57:
65:23:1b:ca:b3:91:d0:0a:83:49:f0:3d:12:a8:e5:fd:05:5f:
e9:66:ac:04:82:20:9b:b9:60:d6:40:09:71:90:5a:67:88:ba:
27:96:45:48:e6:14:ee:c9:b0:92:06:c6:bd:14:42:3d:33:a2:
49:9f:d2:d9:9a:51:fd:d0:56:07:79:2e:2d:e8:ff:1e:38:90:
9e:7a:41:cb:d2:35:06:e0:86:9e:0c:c3:f5:da:1f:12:77:4c:
b1:20:a9:a6:67:e4:3f:a7:f0:ff:06:4b:87:7f:92:1d:bf:78:
60:c8:b9:19:e2:63:73:9e:32:b8:f7:01:da:60:cf:81:80:1a:
0b:dd:97:a0:80:9d:ac:5a:35:25:a2:4a:db:1e:cc:12:04:b2:
db:50:92:05
-----BEGIN CERTIFICATE-----
MIIDDjCCAfagAwIBAgIBBDANBgkqhkiG9w0BAQsFADA/MRkwFwYDVQQDDBB0ZXN0
LmNlc2FudGEuY29tMRAwDgYDVQQKDAdDZXNhbnRhMRAwDgYDVQQLDAd0ZXN0aW5n
MB4XDTE2MTExMzEzMTgwMVoXDTI2MDgxMzEzMTgwMVowFDESMBAGA1UEAwwJbG9j
YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAro8CW1X0xaGm
GkDaMxKbXWA5Lw+seA61tioGrSIQzuqLYeJoFnwVgF0jB5PTj+3EiGMBcA/mh73V
AthTFmJBxj+agIp7/cvUBpgfLClmSYL2fZi6Fodz+f9mcry3XRw7O6vlamtWfTX8
TAmMSR6PXVBHLgjs5pDOFFmrNAsM5sLYU1/1MFvE2Z9InTI5G437IE1WchRSbpYd
HchC39XzpDGoInZB1a3OhcHm+xUtLpMJ0G0oE5VFEynZreZoEIY4JxspQ7LPsay9
fx3Tlk09gEMQgVCeCNiQwUxZdtLau2x61LNcdZCKN7FbFLJszv1U2uguELsTmi7E
6pHrTziosQIDAQABo0AwPjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDqDATBgNVHSUE
DDAKBggrBgEFBQcDATAPBgNVHREECDAGhwR/AAABMA0GCSqGSIb3DQEBCwUAA4IB
AQBUw0hbTcT6crzODO4QAXU7z4Xxn0LkxbXEsoThG1QCVgMc4Bhpx8gyz5CLyHYz
AiJOBFEeV0XEqoGTNMMFelR3Q5Tg9y1TYO3qwwAWxe6/brVzpts6NiG1uEMBnBFg
oN1x3I9x4NpOxU5MU1dlIxvKs5HQCoNJ8D0SqOX9BV/pZqwEgiCbuWDWQAlxkFpn
iLonlkVI5hTuybCSBsa9FEI9M6JJn9LZmlH90FYHeS4t6P8eOJCeekHL0jUG4Iae
DMP12h8Sd0yxIKmmZ+Q/p/D/BkuHf5Idv3hgyLkZ4mNznjK49wHaYM+BgBoL3Zeg
gJ2sWjUlokrbHswSBLLbUJIF
-----END CERTIFICATE-----
key.pem
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCujwJbVfTFoaYa
QNozEptdYDkvD6x4DrW2KgatIhDO6oth4mgWfBWAXSMHk9OP7cSIYwFwD+aHvdUC
2FMWYkHGP5qAinv9y9QGmB8sKWZJgvZ9mLoWh3P5/2ZyvLddHDs7q+Vqa1Z9NfxM
CYxJHo9dUEcuCOzmkM4UWas0CwzmwthTX/UwW8TZn0idMjkbjfsgTVZyFFJulh0d
yELf1fOkMagidkHVrc6Fweb7FS0ukwnQbSgTlUUTKdmt5mgQhjgnGylDss+xrL1/
HdOWTT2AQxCBUJ4I2JDBTFl20tq7bHrUs1x1kIo3sVsUsmzO/VTa6C4QuxOaLsTq
ketPOKixAgMBAAECggEAI+uNwpnHirue4Jwjyoqzqd1ZJxQEm5f7UIcJZKsz5kBh
ej0KykWybv27bZ2/1UhKPv6QlyzOdXRc1v8I6fxCKLeB5Z2Zsjo1YT4AfCfwwoPO
kT3SXTx2YyVpQYcP/HsIvVi8FtALtixbxJHaall9iugwHYr8pN17arihAE6d0wZC
JXtXRjUWwjKzXP8FoH4KhyadhHbDwIbbJe3cyLfdvp54Gr0YHha0JcOxYgDYNya4
OKxlCluI+hPF31iNzOmFLQVrdYynyPcR6vY5XOiANKE2iNbqCzRb54CvW9WMqObX
RD9t3DMOxGsbVNIwyzZndWy13HoQMGnrHfnGak9ueQKBgQDiVtOqYfLnUnTxvJ/b
qlQZr2ZmsYPZztxlP+DSqZGPD+WtGSo9+rozWfzjTv3KGIDLvf+GFVmjVHwlLQfd
u7eTemWHFc4HK68wruzPO/FdyVpQ4w9v3Usg+ll4a/PDEId0fDMjAr6kk4LC6t8y
9fJR0HjOz57jVnlrDt3v50G8BwKBgQDFbw+jRiUxXnBbDyXZLi+I4iGBGdC+CbaJ
CmsM6/TsOFc+GRsPwQF1gCGqdaURw76noIVKZJOSc8I+yiwU6izyh/xaju5JiWQd
kwbU1j4DE6GnxmT3ARmB7VvCxjaEZEAtICWs1QTKRz7PcTV8yr7Ng1A3VIy+NSpo
LFMMmk83hwKBgQDVCEwpLg/mUeHoNVVw95w4oLKNLb+gHeerFLiTDy8FrDzM88ai
l37yHly7xflxYia3nZkHpsi7xiUjCINC3BApKyasQoWskh1OgRY653yCfaYYQ96f
t3WjEH9trI2+p6wWo1+uMEMnu/9zXoW9/WeaQdGzNg+igh29+jxCNTPVuQKBgGV4
CN9vI5pV4QTLqjYOSJvfLDz/mYqxz0BrPE1tz3jAFAZ0PLZCCY/sBGFpCScyJQBd
vWNYgYeZOtGuci1llSgov4eDQfBFTlDsyWwFl+VY55IkoqtXw1ZFOQ3HdSlhpKIM
jZBgApA7QYq3sjeqs5lHzahCKftvs5XKgfxOKjxtAoGBALdnYe6xkDvGLvI51Yr+
Dy0TNcB5W84SxUKvM7DVEomy1QPB57ZpyQaoBq7adOz0pWJXfp7qo4950ZOhBGH1
hKbZ6c4ggwVJy2j49EgMok5NGCKvPAtabbR6H8Mz8DW9aXURxhWJvij+Qw1fWK4b
7G/qUI9iE5iUU7MkIcLIbTf/
-----END PRIVATE KEY-----
1300
我們應該先看 key.pem
參考 http://bryceknowhow.blogspot.tw/2014/06/mongoosehttp-web-server-mongoose-http.html
我們可以利用以下的命令得到 key.pem
openssl genrsa -out key.pem 1024
參考 https://www.openssl.org/docs/manmaster/man1/genrsa.html
這個 command 的意思是 - generates an RSA private key with size 1024 bits
實際上在 m300 的 shell 操作看看
root@Mobile Router:/tmp# openssl genrsa -out key.pem 1024
Generating RSA private key, 1024 bit long modulus
.......................................++++++
..++++++
e is 65537 (0x10001)
檢查一下內容
root@Mobile Router:/tmp# cat key.pem
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDO3/6UFQteynlWFKzRc0tnDYZucoBERl5YPZT/kVI/oKERJKon
MY8xcuVz9Q2TuyGcH60+GZp9MmHWVp8Vo9Fl1o6Gpw7PRORSx01t9u7kOoKZxqgL
11egqRPl3nuFoX2khKCFSyQ2Y5X9swLxLoTtG7wNJKcz5xpXwnmGwi4/hQIDAQAB
AoGBALDJQF/BgB74PipurqSqt0QQjdHyrWQrElKsBZlE0ZmoJhxlTbcCphCm1Ch8
wKZ/YyBs/Xo1HQ1iMbOeAILYpIauMugbWuCLc+3DjQgQnDB9fRdf02HcDUnAFED/
YXQ6upzn9tZrM6/5S7CDRbvpWDhgZcsXt0SLdCpIM7+YOZ3dAkEA6NT5SyaQJHmf
tEPI/X/5Mdw1B5ueNQM+PhIYiSPauZvHM1L7fNg+CCUGglvqSLOTY9B8tiVTT0ot
cpoZiXxkdwJBAON1zupXHNHSDJ5TpXzptqpCpAqlK5u5TL2T83K9vq3fR2wLZgFk
IbrFfTxC/5tJZCySY/ZjbuGKW50EiikkpuMCQQCQARlnB6TjSm4iekJXt80Sr5YE
7JT/SNA4Z8zRFWH0poqgDdUJtF05gFz0R5EyAg9JDuvzZEaQpdpSJUliJZOlAkBs
0h3uK0MUdwOmc6pGuqGzjzJgDWlxlRNL146vJGwnTx0iacmhfMBOVNF3lS4ootIU
KO0+IZAYw1LVKijXSju1AkEAocui2ZhEgjaWf8zB7Pw7A5Vw2WFC0J1eTDgUrUQn
an0UAnyAZ65jx8E5i2qHN27YThN4C1pVWqr4/qK6sEblsw==
-----END RSA PRIVATE KEY-----
1315
再來看 server.pem
參考 http://bryceknowhow.blogspot.tw/2014/06/mongoosehttp-web-server-mongoose-http.html
有了 key.pem 之後
我們可以利用以下的命令得到 server.pem
openssl req -new -x509 -key key.pem -out server.pem -days 365
實際上在 m300 的 shell 操作看看
root@Mobile Router:/tmp# openssl req -new -x509 -key key.pem -out server.pem -days 365
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
過程當中會需要輸入一些資訊
目前我都直接按 enter 使用預設值
檢查一下內容
root@Mobile Router:/tmp# cat server.pem
-----BEGIN CERTIFICATE-----
MIICWDCCAcGgAwIBAgIJAL7SAvEixHM6MA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTcwMjIwMDYzNDM4WhcNMTgwMjIwMDYzNDM4WjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDO3/6UFQteynlWFKzRc0tnDYZucoBERl5YPZT/kVI/oKERJKonMY8xcuVz9Q2T
uyGcH60+GZp9MmHWVp8Vo9Fl1o6Gpw7PRORSx01t9u7kOoKZxqgL11egqRPl3nuF
oX2khKCFSyQ2Y5X9swLxLoTtG7wNJKcz5xpXwnmGwi4/hQIDAQABo1AwTjAdBgNV
HQ4EFgQUGWB55PfpwLQj9AEx1thEYQNXlPQwHwYDVR0jBBgwFoAUGWB55PfpwLQj
9AEx1thEYQNXlPQwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQAJ+K2t
Rmy/bjVmIN88x1K5LLfvTL9ENv4ijATLhimS1gl9ZG8CvKXj7t9ol+w7sirlCaCY
Cs1kHdOVJelMjKRLYAxA0QFSCavDAIpfwC0Dv4dFeL17PockjsVjEDPxTI/fesWO
3Vuu1vWmA170V8vNN/NF/jaGqJz9JGwJtBMOfw==
-----END CERTIFICATE-----
這邊需要克服的是怎麼利用 shell script 來產生 server.pem
shell script 在呼叫 openssl req -new -x509 -key key.pem -out server.pem -days 365 後
怎麼回應 openssl 要求的輸入
參考 https://www.openssl.org/docs/manmaster/man1/req.html
我可以利用 -config filename 這個 option 來帶入 x509 相關的 extensions
-x509
this option outputs a self signed certificate instead of a certificate request. This is typically used to generate a test certificate or a self signed root CA. The extensions added to the certificate (if any) are specified in the configuration file. Unless specified using the set_serial option, a large random number will be used for the serial number.
1440
什麼是 x509 相關的 extensions 可以參考
1605
為了後續 M300 的燒錄事宜
網路購買的兩台 KTNET USB2.0 4port HUB 已經到貨了
mfgtool 文件有寫到燒錄時如果使用 外接 USB HUB 要有 獨立的電源
一次最多不可以接超過 4 個 待燒錄的 device
目前手上的設備只夠我一次試三台
修改 UICfg.ini
[UICfg]
PortMgrDlg=3
使用 mfgtool2-yocto-mx6ul-evk-nand.vbs 開啟 mfgtool
目前的 USB HUB 使用起來非常的不穩定
試著直接接電腦上的 USB port
一樣是接三個 device 來做實驗
反覆做了幾次都相當正常
看來要把這兩台 KTNET USB2.0 4port HUB 退貨了
1720
已經在 pchome 24 小時 辦理這兩台 KTNET USB2.0 4port HUB 退貨事宜