Peer review fixes and demo fixes.

Author: dgarske

.github/workflows/stm32h563-m33mu.yml

@@ -120,13 +120,13 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Clone wolfSSL, wolfSSH, wolfMQTT
+      - name: Clone wolfSSL, wolfSSH, wolfMQTT (pinned to stable tags)
         run: |
           set -euo pipefail
           cd ..
-          git clone --depth 1 https://github.com/wolfSSL/wolfssl.git
-          git clone --depth 1 https://github.com/wolfSSL/wolfssh.git
-          git clone --depth 1 https://github.com/wolfSSL/wolfMQTT.git wolfmqtt
+          git clone --depth 1 --branch v5.8.4-stable https://github.com/wolfSSL/wolfssl.git
+          git clone --depth 1 --branch v1.4.22-stable https://github.com/wolfSSL/wolfssh.git
+          git clone --depth 1 --branch v1.21.0 https://github.com/wolfSSL/wolfMQTT.git wolfmqtt
 
       - name: Install host tools
         run: |

src/port/stm32h563/demo.sh

@@ -9,7 +9,7 @@
 #   board-ip defaults to 192.168.12.11
 #
 
-BOARD_IP="${1:-1192.168.12.11}"
+BOARD_IP="${1:-192.168.12.11}"
 
 # Colors
 BLD='\033[1m'
@@ -115,15 +115,17 @@ pause
 # ---------------------------------------------------------------------------
 banner "3. HTTPS Web Server (Port 443) - TLS 1.3"
 
-step "Fetch the status page with curl"
-run_cmd "curl -s -k https://${BOARD_IP}/ | sed 's/<[^>]*>//g; s/^[[:space:]]*//; /^$/d'"
-
+step "Fetch the status page and inspect TLS 1.3 handshake"
+cmd_show "curl -vsk https://${BOARD_IP}/ 2>&1"
 echo ""
-step "Inspect the TLS 1.3 handshake"
-cmd_show "echo | openssl s_client -connect ${BOARD_IP}:443 -tls1_3 -brief 2>&1"
+# Single connection: extract TLS info from stderr, page from stdout
+CURL_OUT=$(curl -vsk "https://${BOARD_IP}/" 2>&1)
+# Show TLS handshake details
+echo "$CURL_OUT" | grep -E '^\*\s*(SSL|TLS|subject|issuer|expire|server certificate)' | sed 's/^/    /'
 echo ""
-echo | openssl s_client -connect "${BOARD_IP}":443 -tls1_3 -brief 2>&1 | \
-    grep -E '(Protocol|Ciphersuite|Peer certificate|Server certificate|subject|issuer|Verification)' | \
+# Show page content (strip HTML tags, add newlines between table cells)
+echo "$CURL_OUT" | grep -v '^\*\s' | grep -v '^[<>{}]' | \
+    sed 's/<\/\(tr\|h1\|title\)>/\n/g; s/<[^>]*>//g; s/^[[:space:]]*//; /^$/d' | \
     sed 's/^/    /'
 echo ""
 

src/port/stm32h563/main.c

@@ -331,12 +331,15 @@ static void uart_puts(const char *s)
  * Uses vsnprintf from newlib-nano + uart_puts. */
 void wolfmqtt_log(const char *fmt, ...)
 {
-    char buf[128];
+    char buf[256];
     va_list ap;
+    int n;
     va_start(ap, fmt);
-    vsnprintf(buf, sizeof(buf), fmt, ap);
+    n = vsnprintf(buf, sizeof(buf), fmt, ap);
     va_end(ap);
     uart_puts(buf);
+    if (n >= (int)sizeof(buf))
+        uart_puts("...[truncated]\n");
 }
 
 static void uart_puthex(uint32_t val)

src/port/stm32h563/mqtt_broker.c

@@ -108,7 +108,7 @@ static int broker_tls_init(void)
     /* Load server certificate from embedded PEM */
     if (wolfSSL_CTX_use_certificate_buffer(ctx.ssl_ctx,
             (const unsigned char *)server_cert_pem,
-            (long)server_cert_pem_len,
+            (long)strlen(server_cert_pem),
             WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
         debug_print("MQTT Broker: Load cert failed\n");
         wolfSSL_CTX_free(ctx.ssl_ctx);
@@ -119,7 +119,7 @@ static int broker_tls_init(void)
     /* Load server private key from embedded PEM */
     if (wolfSSL_CTX_use_PrivateKey_buffer(ctx.ssl_ctx,
             (const unsigned char *)server_key_pem,
-            (long)server_key_pem_len,
+            (long)strlen(server_key_pem),
             WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
         debug_print("MQTT Broker: Load key failed\n");
         wolfSSL_CTX_free(ctx.ssl_ctx);

src/port/stm32h563/tls_server.c

@@ -139,7 +139,7 @@ int tls_server_init(struct wolfIP *stack, uint16_t port,
     debug_print("TLS: Loading certificate\n");
     ret = wolfSSL_CTX_use_certificate_buffer(server.ctx,
             (const unsigned char *)server_cert_pem,
-            server_cert_pem_len - 1, /* exclude null terminator */
+            (long)strlen(server_cert_pem),
             WOLFSSL_FILETYPE_PEM);
     if (ret != WOLFSSL_SUCCESS) {
         debug_print("TLS: Failed to load certificate\n");
@@ -152,7 +152,7 @@ int tls_server_init(struct wolfIP *stack, uint16_t port,
     debug_print("TLS: Loading private key\n");
     ret = wolfSSL_CTX_use_PrivateKey_buffer(server.ctx,
             (const unsigned char *)server_key_pem,
-            server_key_pem_len - 1, /* exclude null terminator */
+            (long)strlen(server_key_pem),
             WOLFSSL_FILETYPE_PEM);
     if (ret != WOLFSSL_SUCCESS) {
         debug_print("TLS: Failed to load private key\n");

src/port/stm32h563/user_settings.h

@@ -244,7 +244,7 @@ int custom_rand_gen_block(unsigned char* output, unsigned int sz);
  * wolfmqtt_log() is implemented in main.c using vsnprintf + uart_puts. */
 #define WOLFMQTT_CUSTOM_PRINTF
 extern void wolfmqtt_log(const char *fmt, ...);
-#define PRINTF(_f_, ...) wolfmqtt_log(_f_ "\n", ##__VA_ARGS__)
+#define PRINTF(_f_, ...) wolfmqtt_log(_f_, ##__VA_ARGS__)
 
 /* Disable error strings to save space */
 #define WOLFMQTT_NO_ERROR_STRINGS

src/port/stm32h753/mqtt_broker.c

@@ -108,7 +108,7 @@ static int broker_tls_init(void)
     /* Load server certificate from embedded PEM */
     if (wolfSSL_CTX_use_certificate_buffer(ctx.ssl_ctx,
             (const unsigned char *)server_cert_pem,
-            (long)server_cert_pem_len,
+            (long)strlen(server_cert_pem),
             WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
         debug_print("MQTT Broker: Load cert failed\n");
         wolfSSL_CTX_free(ctx.ssl_ctx);
@@ -119,7 +119,7 @@ static int broker_tls_init(void)
     /* Load server private key from embedded PEM */
     if (wolfSSL_CTX_use_PrivateKey_buffer(ctx.ssl_ctx,
             (const unsigned char *)server_key_pem,
-            (long)server_key_pem_len,
+            (long)strlen(server_key_pem),
             WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
         debug_print("MQTT Broker: Load key failed\n");
         wolfSSL_CTX_free(ctx.ssl_ctx);