User Manual

void usePacketBuffering (bool enable)

This will enable or disable packet buffering with AdafruitTCP data.

Parameters:

enable: Set this to 'true' (1) to enable packet buffering, otherwise 'false' (0)

Returns: Nothing

TLS/SSL Certificate Verification

When opening a secure TCP connection to a TCP server, the client and server will begin to communicate with each

other in an open connection to choose their cipher suite (AES, etc.), and the server will then send the client it's

certificate and public key data to start the secure connection.

Normally at this point, the client will verify the server's certificate using it's root certificate chains. If verification is OK,

the connection will continue, otherwise the connection will be rejected since the server has probably provided a false

or invalid certificate and can't be trusted.

The problem with this approach on small embedded systems is that it takes a great deal of space (in embedded terms)

to store all root certificate chains to verify server certificates against all certificate issuing authorities. We do store a

default list of the most common root certificate chains, but it isn't possible on a small MCU with limited flash storage

space to store every possible root certificate option.

The WICED Feather proposes two solutions to this problem, depending on if you prefer a more secure or a simpler

solution:

Verifying Certificates with the WICED Feather (Safer)

Instead of storing all root certificates, the WICED Feather allows you to generate a certificate chain for a specific

domain, and then use that in your sketch, which typically requries 1-4KB of flash memory or less per domain.

This is the most secure choice but requires some additional work on your part, and you have to know in advance which

sites you will access.

The procedure to convert, load and use a custom root certificate list is as follows:

1. You use a python script (provided in the '/tools/pycert' folder) to read the root certificate data for your target

domain. The script then converts the binary .der format data into a byte array in a C header (.h) file.

2. You then pass the root certificate data into the WICED API via Feather.addRootCA (from AdafruitFeather), which

allows you to add your root certificate chain to the list of default certificates used when verifying the target

domain

3. You can then enable certificate verification via tlsRequireVerification(true) in this class, which means that all

server certificates must pass verification against the root certificate list on the WICED Feather or the certificate

and connection will be rejected.

Ignoring Certificate Verification (Easier)

If you aren't able to store the certificate data for a specific site, or don't know which sites you will access, you can

also ignore the verification process which has the effect of accepting every certificate as valid.

By default packet buffering is DISABLED in AdafruitTCP