1*1c60b9acSAndroid Build Coastguard Worker# lws minimal http client JIT Trust 2*1c60b9acSAndroid Build Coastguard Worker 3*1c60b9acSAndroid Build Coastguard WorkerThis example turns off any existing trusted CAs and then tries to connect to a server, by default, warmcat.com. 4*1c60b9acSAndroid Build Coastguard Worker 5*1c60b9acSAndroid Build Coastguard WorkerIt validates the remote certificates using trusted CAs from a JIT Trust blob compiled into the code. 6*1c60b9acSAndroid Build Coastguard Worker 7*1c60b9acSAndroid Build Coastguard Worker## build 8*1c60b9acSAndroid Build Coastguard Worker 9*1c60b9acSAndroid Build Coastguard Worker``` 10*1c60b9acSAndroid Build Coastguard Worker $ cmake . && make 11*1c60b9acSAndroid Build Coastguard Worker``` 12*1c60b9acSAndroid Build Coastguard Worker 13*1c60b9acSAndroid Build Coastguard Worker## usage 14*1c60b9acSAndroid Build Coastguard Worker 15*1c60b9acSAndroid Build Coastguard WorkerCommandline option|Meaning 16*1c60b9acSAndroid Build Coastguard Worker---|--- 17*1c60b9acSAndroid Build Coastguard Worker-d <loglevel>|Debug verbosity in decimal, eg, -d15 18*1c60b9acSAndroid Build Coastguard Worker-l| Connect to https://localhost:7681 and accept selfsigned cert 19*1c60b9acSAndroid Build Coastguard Worker--h1|Specify http/1.1 only using ALPN, rejects h2 even if server supports it 20*1c60b9acSAndroid Build Coastguard Worker--server <name>|set server name to connect to 21*1c60b9acSAndroid Build Coastguard Worker-k|Apply tls option LCCSCF_ALLOW_INSECURE 22*1c60b9acSAndroid Build Coastguard Worker-j|Apply tls option LCCSCF_ALLOW_SELFSIGNED 23*1c60b9acSAndroid Build Coastguard Worker-m|Apply tls option LCCSCF_SKIP_SERVER_CERT_HOSTNAME_CHECK 24*1c60b9acSAndroid Build Coastguard Worker-e|Apply tls option LCCSCF_ALLOW_EXPIRED 25*1c60b9acSAndroid Build Coastguard Worker-v|Connection validity use 3s / 10s instead of default 5m / 5m10s 26*1c60b9acSAndroid Build Coastguard Worker--nossl| disable ssl connection 27*1c60b9acSAndroid Build Coastguard Worker--user <username>| Set Basic Auth username 28*1c60b9acSAndroid Build Coastguard Worker--password <password> | Set Basic Auth password 29*1c60b9acSAndroid Build Coastguard Worker 30*1c60b9acSAndroid Build Coastguard Worker``` 31*1c60b9acSAndroid Build Coastguard Worker $ ./bin/lws-minimal-http-client-jit-trust --h1 --server ebay.com --path / 32*1c60b9acSAndroid Build Coastguard Worker==1302866== 33*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:54:7500] U: LWS minimal http client JIT Trust [-d<verbosity>] [-l] [--h1] 34*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:54:7956] N: LWS: 4.2.99-v4.2.0-70-g80e7e39bae, loglevel 1031 35*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:54:7960] N: NET CLI SRV H1 H2 WS MbedTLS ConMon IPv6-absent 36*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:54:8165] N: ++ [wsi|0|pipe] (1) 37*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:54:8227] N: ++ [vh|0|netlink] (1) 38*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:54:8319] N: ++ [vh|1|default||-1] (2) 39*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:55:0107] N: ++ [wsicli|0|GET/h1/ebay.com] (1) 40*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:56:0291] N: ++ [vh|2|jitt-7F69A044||-1] (3) 41*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:56:0355] E: CLIENT_CONNECTION_ERROR: server's cert didn't look good, invalidca (use_ssl 0x20000061) X509_V_ERR = 24: CA is not trusted 42*1c60b9acSAndroid Build Coastguard Worker 43*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:56:0376] N: ++ [wsicli|1|GET/h1/ebay.com] (2) 44*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:56:0746] N: -- [wsicli|0|GET/h1/ebay.com] (1) 1.061s 45*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:56:7555] N: lws_client_reset: REDIRECT www.ebay.com:443, path='/', ssl = 1, alpn='http/1.1' 46*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:57:0205] N: ++ [vh|3|jitt-DFF2B5B4||-1] (4) 47*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:57:0208] E: CLIENT_CONNECTION_ERROR: server's cert didn't look good, invalidca (use_ssl 0x1) X509_V_ERR = 24: CA is not trusted 48*1c60b9acSAndroid Build Coastguard Worker 49*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:57:0210] N: ++ [wsicli|2|GET/h1/ebay.com] (2) 50*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:57:0288] N: -- [wsicli|1|GET/h1/ebay.com] (1) 991.119ms 51*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:57:7528] N: lws_client_reset: REDIRECT www.ebay.com:443, path='/', ssl = 1, alpn='http/1.1' 52*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:1564] U: Connected to 195.95.193.127, http response: 200 53*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:1637] U: RECEIVE_CLIENT_HTTP_READ: read 209 54*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:1796] U: RECEIVE_CLIENT_HTTP_READ: read 197 55*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:1822] U: RECEIVE_CLIENT_HTTP_READ: read 1014 56*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:1847] U: RECEIVE_CLIENT_HTTP_READ: read 1024 57*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:1851] U: RECEIVE_CLIENT_HTTP_READ: read 1022 58*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:2748] U: RECEIVE_CLIENT_HTTP_READ: read 242 59*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:2782] U: RECEIVE_CLIENT_HTTP_READ: read 1014 60*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:2784] U: RECEIVE_CLIENT_HTTP_READ: read 1024 61*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:2785] U: RECEIVE_CLIENT_HTTP_READ: read 1024 62*1c60b9acSAndroid Build Coastguard Worker... 63*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4661] U: RECEIVE_CLIENT_HTTP_READ: read 1024 64*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4662] U: RECEIVE_CLIENT_HTTP_READ: read 1024 65*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4663] U: RECEIVE_CLIENT_HTTP_READ: read 1024 66*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4664] U: RECEIVE_CLIENT_HTTP_READ: read 1024 67*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4665] U: RECEIVE_CLIENT_HTTP_READ: read 1024 68*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4666] U: RECEIVE_CLIENT_HTTP_READ: read 1024 69*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4667] U: RECEIVE_CLIENT_HTTP_READ: read 1024 70*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4668] U: RECEIVE_CLIENT_HTTP_READ: read 1024 71*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4669] U: RECEIVE_CLIENT_HTTP_READ: read 1024 72*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4670] U: RECEIVE_CLIENT_HTTP_READ: read 1024 73*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4671] U: RECEIVE_CLIENT_HTTP_READ: read 1024 74*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4672] U: RECEIVE_CLIENT_HTTP_READ: read 1024 75*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4673] U: RECEIVE_CLIENT_HTTP_READ: read 286 76*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4690] U: LWS_CALLBACK_COMPLETED_CLIENT_HTTP 77*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4712] E: main: destroying context, interrupted = 1 78*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4774] N: -- [wsi|0|pipe] (0) 3.661s 79*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4780] N: callback_http: LWS_CALLBACK_CLOSED_CLIENT_HTTP 80*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4829] N: -- [vh|3|jitt-DFF2B5B4||-1] (3) 1.462s 81*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4833] N: -- [wsicli|2|GET/h1/ebay.com] (0) 1.462s 82*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4834] N: -- [vh|0|netlink] (2) 3.660s 83*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4858] N: -- [vh|1|default||-1] (1) 3.654s 84*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4860] N: -- [vh|2|jitt-7F69A044||-1] (0) 2.456s 85*1c60b9acSAndroid Build Coastguard Worker[2021/06/17 14:33:58:4974] U: Completed: OK (seen expected 0) 86*1c60b9acSAndroid Build Coastguard Worker``` 87*1c60b9acSAndroid Build Coastguard Worker 88*1c60b9acSAndroid Build Coastguard WorkerYou can also test the client Basic Auth support against the http-server/minimal-http-server-basicauth 89*1c60b9acSAndroid Build Coastguard Workerexample. In one console window run the server and in the other 90*1c60b9acSAndroid Build Coastguard Worker 91*1c60b9acSAndroid Build Coastguard Worker``` 92*1c60b9acSAndroid Build Coastguard Worker$ lws-minimal-http-client -l --nossl --path /secret/index.html --user user --password password 93*1c60b9acSAndroid Build Coastguard Worker``` 94*1c60b9acSAndroid Build Coastguard Worker 95*1c60b9acSAndroid Build Coastguard WorkerThe Basic Auth credentials for the test server are literally username "user" and password "password". 96*1c60b9acSAndroid Build Coastguard Worker 97