Improvements to the STM32 ports

src/http/httpd.c

@@ -119,9 +119,9 @@ void http_send_response_headers(struct http_client *hc, int status_code, const c
     } else {
         snprintf(txt_response, sizeof(txt_response), "HTTP/1.1 %d %s\r\n"
             "Content-Type: %s\r\n"
-            "Content-Length: %zu\r\n"
+            "Content-Length: %lu\r\n"
             "\r\n",
-            status_code, status_text, content_type, content_length);
+            status_code, status_text, content_type, (unsigned long)content_length);
     }
     if (hc->ssl) {
         rc = wolfSSL_write(hc->ssl, txt_response, strlen(txt_response));

src/port/stm32h563/certs.h → src/port/certs.h

@@ -1,6 +1,6 @@
 /* certs.h
  *
- * Embedded TLS certificates for STM32H563 wolfIP example
+ * Embedded TLS test certificates for wolfIP examples
  *
  * Copyright (C) 2024 wolfSSL Inc.
  *

src/port/stm32h563/Makefile

@@ -11,15 +11,29 @@ TZEN ?= 0
 # Requires wolfSSL cloned alongside wolfip (or set WOLFSSL_ROOT)
 ENABLE_TLS ?= 0
 
-# HTTPS web server: set ENABLE_HTTPS=1 to include HTTPS web server (requires TLS)
+# HTTPS web server: set ENABLE_HTTPS=1 to include HTTPS web server
+# Automatically enables TLS if needed
 ENABLE_HTTPS ?= 0
 
-# SSH support: set ENABLE_SSH=1 to include wolfSSH server (requires TLS)
+# SSH support: set ENABLE_SSH=1 to include wolfSSH server
+# Automatically enables TLS if needed
 ENABLE_SSH ?= 0
 
-# MQTT support: set ENABLE_MQTT=1 to include wolfMQTT client (requires TLS)
+# MQTT support: set ENABLE_MQTT=1 to include wolfMQTT client
+# Automatically enables TLS if needed
 ENABLE_MQTT ?= 0
 
+# Auto-enable TLS when any feature that requires it is enabled
+ifeq ($(ENABLE_HTTPS),1)
+  ENABLE_TLS = 1
+endif
+ifeq ($(ENABLE_SSH),1)
+  ENABLE_TLS = 1
+endif
+ifeq ($(ENABLE_MQTT),1)
+  ENABLE_TLS = 1
+endif
+
 # Library paths - default to sibling directories (clone alongside pattern)
 WOLFSSL_ROOT ?= $(ROOT)/../wolfssl
 WOLFSSH_ROOT ?= $(ROOT)/../wolfssh
@@ -28,7 +42,7 @@ WOLFMQTT_ROOT ?= $(ROOT)/../wolfmqtt
 # Base compiler flags
 CFLAGS := -mcpu=cortex-m33 -mthumb -mcmse -Os -ffreestanding -fdata-sections -ffunction-sections
 CFLAGS += -g -ggdb -Wall -Wextra -Werror
-CFLAGS += -I. -I$(ROOT) -I$(ROOT)/src -I$(ROOT)/src/port/stm32
+CFLAGS += -I. -I$(ROOT) -I$(ROOT)/src -I$(ROOT)/src/port -I$(ROOT)/src/port/stm32
 CFLAGS += -DSTM32H5
 
 # Relaxed warnings for external libraries (wolfSSL has many unused var warnings)
@@ -70,14 +84,8 @@ SRCS += tls_server.c
 SRCS += tls_client.c
 SRCS += $(ROOT)/src/port/wolfssl_io.c
 
-# HTTPS web server (requires TLS) - uses existing wolfIP httpd
+# HTTPS web server - uses existing wolfIP httpd
 ifeq ($(ENABLE_HTTPS),1)
-
-# HTTPS requires TLS
-ifeq ($(ENABLE_TLS),0)
-  $(error ENABLE_HTTPS=1 requires ENABLE_TLS=1)
-endif
-
 CFLAGS += -DENABLE_HTTPS
 SRCS += $(ROOT)/src/http/httpd.c
 endif
@@ -127,15 +135,10 @@ SRCS += $(WOLFSSL_SRCS)
 endif # ENABLE_TLS
 
 # -----------------------------------------------------------------------------
-# SSH Support (wolfSSH) - requires TLS
+# SSH Support (wolfSSH)
 # -----------------------------------------------------------------------------
 ifeq ($(ENABLE_SSH),1)
 
-# SSH requires TLS
-ifeq ($(ENABLE_TLS),0)
-  $(error ENABLE_SSH=1 requires ENABLE_TLS=1)
-endif
-
 # Validate wolfSSH exists
 ifeq ($(wildcard $(WOLFSSH_ROOT)/wolfssh/ssh.h),)
   $(error wolfSSH not found at $(WOLFSSH_ROOT). Clone it: git clone https://github.com/wolfSSL/wolfssh.git)
@@ -167,15 +170,10 @@ $(WOLFSSH_ROOT)/%.o: $(WOLFSSH_ROOT)/%.c
 endif # ENABLE_SSH
 
 # -----------------------------------------------------------------------------
-# MQTT Support (wolfMQTT) - requires TLS
+# MQTT Support (wolfMQTT)
 # -----------------------------------------------------------------------------
 ifeq ($(ENABLE_MQTT),1)
 
-# MQTT requires TLS
-ifeq ($(ENABLE_TLS),0)
-  $(error ENABLE_MQTT=1 requires ENABLE_TLS=1)
-endif
-
 # Validate wolfMQTT exists
 ifeq ($(wildcard $(WOLFMQTT_ROOT)/wolfmqtt/mqtt_client.h),)
   $(error wolfMQTT not found at $(WOLFMQTT_ROOT). Clone it: git clone https://github.com/wolfSSL/wolfMQTT.git)

src/port/stm32h563/README.md

@@ -8,7 +8,7 @@ This directory contains a bare-metal port of wolfIP for the STM32H563 microcontr
    ```bash
    cd src/port/stm32h563
    CC=arm-none-eabi-gcc OBJCOPY=arm-none-eabi-objcopy \
-   make ENABLE_TLS=1 ENABLE_HTTPS=1 ENABLE_SSH=1 ENABLE_MQTT=1
+   make ENABLE_HTTPS=1 ENABLE_SSH=1 ENABLE_MQTT=1
    ```
 
 2. **Flash to board:**
@@ -321,37 +321,39 @@ make ENABLE_TLS=1 WOLFSSL_ROOT=/path/to/wolfssl
 
 ### Building with HTTPS Web Server
 
-The HTTPS web server provides a status page accessible via browser:
+The HTTPS web server provides a status page accessible via browser.
+TLS is automatically enabled:
 
 ```bash
-make ENABLE_TLS=1 ENABLE_HTTPS=1
+make ENABLE_HTTPS=1
 ```
 
 ### Building with SSH Server
 
-SSH server requires both wolfSSL and wolfSSH:
+SSH server requires wolfSSH. TLS is automatically enabled:
 
 ```bash
 # Clone wolfSSH alongside wolfip
 cd /path/to/parent
 git clone https://github.com/wolfSSL/wolfssh.git
 
 # Build with SSH support
-make ENABLE_TLS=1 ENABLE_SSH=1
+make ENABLE_SSH=1
 ```
 
 Or specify a custom wolfSSH path:
 
 ```bash
-make ENABLE_TLS=1 ENABLE_SSH=1 WOLFSSH_ROOT=/path/to/wolfssh
+make ENABLE_SSH=1 WOLFSSH_ROOT=/path/to/wolfssh
 ```
 
 ### Full Featured Build
 
-Build with all features (TLS echo, HTTPS web server, and SSH shell):
+Build with all features (TLS echo, HTTPS web server, and SSH shell).
+TLS is automatically enabled when any feature that requires it is set:
 
 ```bash
-make ENABLE_TLS=1 ENABLE_HTTPS=1 ENABLE_SSH=1
+make ENABLE_HTTPS=1 ENABLE_SSH=1
 ```
 
 This provides:
@@ -434,7 +436,7 @@ The self-signed certificate warning is expected for development. Replace with a
 
 ### TLS Client (Google Test)
 
-The TLS build includes a client example that connects to Google over HTTPS to verify outbound TLS connectivity. This runs automatically ~5 seconds after boot.
+The TLS build includes a client example that connects to Google over HTTPS to verify outbound TLS connectivity. This runs automatically after boot.
 
 **Example Output:**
 ```
@@ -472,7 +474,7 @@ The TLS configuration is in `user_settings.h`:
 | File | Description |
 |------|-------------|
 | `user_settings.h` | wolfSSL compile-time configuration |
-| `certs.h` | Embedded ECC P-256 test certificate |
+| `../certs.h` | Embedded ECC P-256 test certificate (shared) |
 | `tls_server.c/h` | TLS echo server implementation |
 | `tls_client.c/h` | TLS client (for outbound connections) |
 
@@ -497,7 +499,7 @@ When built with `ENABLE_HTTPS=1`, the device serves a status web page on port 44
 ### Building HTTPS Mode
 
 ```bash
-make ENABLE_TLS=1 ENABLE_HTTPS=1
+make ENABLE_HTTPS=1
 ```
 
 ### Expected Serial Output (HTTPS Mode)
@@ -567,9 +569,9 @@ When built with `ENABLE_SSH=1`, the device provides an SSH shell on port 22.
 cd /path/to/parent
 git clone https://github.com/wolfSSL/wolfssh.git
 
-# Build with SSH support (requires TLS)
+# Build with SSH support (TLS automatically enabled)
 cd wolfip/src/port/stm32h563
-make ENABLE_TLS=1 ENABLE_SSH=1
+make ENABLE_SSH=1
 ```
 
 ### Expected Serial Output (SSH Mode)
@@ -671,14 +673,14 @@ git clone https://github.com/wolfSSL/wolfMQTT.git
 ### Building MQTT Mode
 
 ```bash
-# MQTT requires TLS
-make ENABLE_TLS=1 ENABLE_MQTT=1
+# TLS is automatically enabled
+make ENABLE_MQTT=1
 ```
 
 Or specify a custom wolfMQTT path:
 
 ```bash
-make ENABLE_TLS=1 ENABLE_MQTT=1 WOLFMQTT_ROOT=/path/to/wolfmqtt
+make ENABLE_MQTT=1 WOLFMQTT_ROOT=/path/to/wolfmqtt
 ```
 
 ### Expected Serial Output (MQTT Mode)
@@ -730,7 +732,7 @@ mosquitto_sub -h test.mosquitto.org -t "wolfip/status" -v
 Build with all features (TLS, HTTPS, SSH, and MQTT):
 
 ```bash
-make ENABLE_TLS=1 ENABLE_HTTPS=1 ENABLE_SSH=1 ENABLE_MQTT=1
+make ENABLE_HTTPS=1 ENABLE_SSH=1 ENABLE_MQTT=1
 ```
 
 This provides:
@@ -763,7 +765,7 @@ This provides:
 | `config.h` | Build configuration |
 | `Makefile` | Build system |
 | `user_settings.h` | wolfSSL/wolfSSH/wolfMQTT configuration |
-| `certs.h` | Embedded TLS certificates (TLS builds only) |
+| `../certs.h` | Embedded TLS certificates, shared (TLS builds only) |
 | `tls_server.c/h` | TLS echo server (TLS builds only) |
 | `tls_client.c/h` | TLS client for outbound connections (TLS builds only) |
 | `../http/httpd.c` | HTTPS web server - wolfIP httpd (HTTPS builds only) |
@@ -799,7 +801,7 @@ If you don't see "Initializing TLS/HTTPS/SSH/MQTT" messages in UART output:
 **Solution:** Rebuild with required flags:
 ```bash
 CC=arm-none-eabi-gcc OBJCOPY=arm-none-eabi-objcopy \
-make clean && make ENABLE_TLS=1 ENABLE_HTTPS=1 ENABLE_SSH=1 ENABLE_MQTT=1
+make clean && make ENABLE_HTTPS=1 ENABLE_SSH=1 ENABLE_MQTT=1
 ```
 
 **Verify build:** Check that strings exist in binary:

src/port/stm32h563/main.c

@@ -689,7 +689,19 @@ int main(void)
 #endif
 
     uart_puts("Entering main loop. Ready for connections!\n");
-    uart_puts("Loop starting...\n");
+    uart_puts("  TCP Echo: port 7\n");
+#ifdef ENABLE_TLS
+    uart_puts("  TLS Client: will connect to Google after ~2s\n");
+#endif
+#ifdef ENABLE_HTTPS
+    uart_puts("  HTTPS Server: port 443\n");
+#endif
+#ifdef ENABLE_SSH
+    uart_puts("  SSH Server: port 22\n");
+#endif
+#ifdef ENABLE_MQTT
+    uart_puts("  MQTT Client: connecting to broker\n");
+#endif
 
     for (;;) {
         (void)wolfIP_poll(IPStack, tick++);

src/port/stm32h753/Makefile

@@ -3,21 +3,34 @@ OBJCOPY ?= arm-none-eabi-objcopy
 
 ROOT := ../../..
 
-# TLS support: set ENABLE_TLS=1 to include wolfSSL TLS client
+# TLS support: set ENABLE_TLS=1 to include wolfSSL
 # Requires wolfSSL cloned alongside wolfip (or set WOLFSSL_ROOT)
 ENABLE_TLS ?= 0
 
-# HTTPS web server: set ENABLE_HTTPS=1 to include HTTPS web server (requires TLS)
+# TLS client test: set ENABLE_TLS_CLIENT=1 to include TLS client (Google test)
+# Automatically enables TLS if needed
+ENABLE_TLS_CLIENT ?= 0
+
+# HTTPS web server: set ENABLE_HTTPS=1 to include HTTPS web server
+# Automatically enables TLS if needed
 ENABLE_HTTPS ?= 0
 
+# Auto-enable TLS when any feature that requires it is enabled
+ifeq ($(ENABLE_TLS_CLIENT),1)
+  ENABLE_TLS = 1
+endif
+ifeq ($(ENABLE_HTTPS),1)
+  ENABLE_TLS = 1
+endif
+
 # Library paths - default to sibling directories
 WOLFSSL_ROOT ?= $(ROOT)/../wolfssl
 
 # STM32H753ZI - Cortex-M7 with FPU
 CFLAGS := -mcpu=cortex-m7 -mthumb -mfpu=fpv5-d16 -mfloat-abi=hard
 CFLAGS += -Os -ffreestanding -fdata-sections -ffunction-sections
 CFLAGS += -g -ggdb -Wall -Wextra -Werror
-CFLAGS += -I. -I$(ROOT) -I$(ROOT)/src -I$(ROOT)/src/port/stm32
+CFLAGS += -I. -I$(ROOT) -I$(ROOT)/src -I$(ROOT)/src/port -I$(ROOT)/src/port/stm32
 CFLAGS += -DSTM32H7
 
 # Relaxed warnings for external libraries
@@ -46,14 +59,13 @@ CFLAGS += -DWOLFSSL_USER_SETTINGS
 CFLAGS += -DWOLFSSL_WOLFIP
 CFLAGS += -I$(WOLFSSL_ROOT)
 
-# TLS client and wolfIP-wolfSSL glue
-SRCS += tls_client.c
+# wolfIP-wolfSSL glue
 SRCS += $(ROOT)/src/port/wolfssl_io.c
 
-# HTTPS web server (requires TLS)
-ifeq ($(ENABLE_HTTPS),1)
-CFLAGS += -DENABLE_HTTPS
-SRCS += $(ROOT)/src/http/httpd.c
+# TLS client (Google test)
+ifeq ($(ENABLE_TLS_CLIENT),1)
+CFLAGS += -DENABLE_TLS_CLIENT
+SRCS += tls_client.c
 endif
 
 # wolfSSL source files (minimal set for TLS 1.3 client with ECC)
@@ -105,13 +117,21 @@ SRCS += $(WOLFSSL_SRCS)
 
 endif # ENABLE_TLS
 
+# -----------------------------------------------------------------------------
+# HTTPS web server (requires TLS) - uses existing wolfIP httpd
+# -----------------------------------------------------------------------------
+ifeq ($(ENABLE_HTTPS),1)
+CFLAGS += -DENABLE_HTTPS
+SRCS += $(ROOT)/src/http/httpd.c
+endif
+
 # -----------------------------------------------------------------------------
 # Build rules
 # -----------------------------------------------------------------------------
 OBJS := $(patsubst %.c,%.o,$(SRCS))
 
 all: app.bin
-	@echo "Built with ENABLE_TLS=$(ENABLE_TLS) ENABLE_HTTPS=$(ENABLE_HTTPS)"
+	@echo "Built with ENABLE_TLS=$(ENABLE_TLS) ENABLE_TLS_CLIENT=$(ENABLE_TLS_CLIENT) ENABLE_HTTPS=$(ENABLE_HTTPS)"
 ifeq ($(ENABLE_TLS),1)
 	@echo "  wolfSSL: $(WOLFSSL_ROOT)"
 endif
@@ -172,15 +192,17 @@ help:
 	@echo "  help     Show this help"
 	@echo ""
 	@echo "Options:"
-	@echo "  ENABLE_TLS=1    Enable TLS 1.3 client (requires wolfSSL)"
-	@echo "  ENABLE_HTTPS=1  Enable HTTPS web server (requires TLS)"
-	@echo "  WOLFSSL_ROOT=   Path to wolfSSL (default: ../wolfssl)"
-	@echo "  CC=             C compiler (default: arm-none-eabi-gcc)"
+	@echo "  ENABLE_TLS=1         Enable wolfSSL TLS support"
+	@echo "  ENABLE_TLS_CLIENT=1  Enable TLS client test (Google)"
+	@echo "  ENABLE_HTTPS=1       Enable HTTPS web server (port 443)"
+	@echo "  WOLFSSL_ROOT=        Path to wolfSSL (default: ../wolfssl)"
+	@echo "  CC=                  C compiler (default: arm-none-eabi-gcc)"
 	@echo ""
 	@echo "Examples:"
-	@echo "  make                              # Basic TCP echo (port 7)"
-	@echo "  make ENABLE_TLS=1                 # TLS 1.3 client"
-	@echo "  make ENABLE_TLS=1 ENABLE_HTTPS=1  # TLS + HTTPS server"
+	@echo "  make                                        # Basic TCP echo (port 7)"
+	@echo "  make ENABLE_HTTPS=1                         # HTTPS web server"
+	@echo "  make ENABLE_TLS_CLIENT=1                    # TLS client (Google test)"
+	@echo "  make ENABLE_TLS_CLIENT=1 ENABLE_HTTPS=1    # All features"
 	@echo ""
 	@echo "Testing:"
 	@echo "  nc <ip> 7                         # TCP echo test"