求AWS FreeRTOS/FreeRTOS的DHCP服务器与HTTPS服务器示例代码
2026-5-11
Lightweight DHCP & HTTPS Server for FreeRTOS/AWS FreeRTOS on PIC32MZ-W (WiFi Provisioning)
Hey Marcus, great question—let’s break this down for your PIC32MZ-W setup, since you need lightweight implementations specifically for WiFi provisioning (no Bluetooth option here, so AP-based web provisioning is the way to go).
First: DHCP Server Implementation
FreeRTOS/AWS FreeRTOS don’t include a built-in DHCP server, but since your PIC32MZ-W almost certainly uses lwIP as its TCP/IP stack (Microchip’s official WiFi drivers pair with lwIP), you can leverage lwIP’s lightweight DHCP server module. It’s perfect for provisioning because you only need basic IP assignment for local clients (phones/laptops connecting to your device’s AP).
Key Steps:
- Enable lwIP DHCP Server:
In your lwIP configuration header (lwipopts.h), set:#define LWIP_DHCP_SERVER 1 #define DHCP_SERVER_MAX_NCLIENTS 5 // Limit to a small number (you only need 1-2 for provisioning) - Initialize the DHCP Server in AP Mode:
Once your device’s WiFi is set to AP mode and the network interface is up, initialize the DHCP server with a small IP pool (e.g.,192.168.4.10to192.168.4.20):#include "lwip/netif.h" #include "lwip/dhcp.h" void init_dhcp_server(struct netif *ap_netif) { ip_addr_t start_ip, end_ip; IP4_ADDR(&start_ip, 192, 168, 4, 10); IP4_ADDR(&end_ip, 192, 168, 4, 20); // Set up the IP pool for clients dhcp_server_set_ip_range(ap_netif, &start_ip, &end_ip); // Start the server dhcp_server_start(ap_netif); } - Simplify for Provisioning:
You can skip advanced DHCP features like lease time management or DNS server assignment—since this is only for local provisioning, basic IP assignment is all you need. This keeps the implementation ultra-lightweight.
Second: Lightweight HTTPS Server
For provisioning, you don’t need a full-featured HTTPS server—just enough to serve a simple web form for users to input WiFi SSID/password, and handle form submissions. Here’s how to implement it without bloating your firmware:
Recommended Stack: lwIP Sockets + mbedTLS
The PIC32MZ-W has a built-in Crypto Engine, so you can use mbedTLS (lightweight TLS library) with hardware acceleration to minimize CPU load.
Key Steps:
- Port mbedTLS to Your Project:
Microchip provides mbedTLS ports for PIC32MZ, so use that to enable hardware acceleration for TLS operations (this is critical for keeping the server responsive on a microcontroller). - Implement a Minimal HTTPS Server Task:
Create a FreeRTOS task that runs the HTTPS server only when in AP mode (you can kill the task once provisioning is done to save resources). Here’s a simplified framework:#include "mbedtls/ssl.h" #include "lwip/sockets.h" #include "FreeRTOS.h" #include "task.h" // Pre-loaded self-signed certificate/key (generate with mbedtls cert tool) extern const unsigned char my_cert[]; extern const size_t my_cert_len; extern const unsigned char my_key[]; extern const size_t my_key_len; void https_provisioning_task(void *pvParams) { int sock_fd, client_fd; struct sockaddr_in server_addr; mbedtls_ssl_context ssl_ctx; mbedtls_ssl_config ssl_conf; mbedtls_x509_crt cert; mbedtls_pk_context key; // Initialize mbedTLS components mbedtls_ssl_init(&ssl_ctx); mbedtls_ssl_config_init(&ssl_conf); mbedtls_x509_crt_init(&cert); mbedtls_pk_init(&key); // Load certificate and private key mbedtls_x509_crt_parse(&cert, my_cert, my_cert_len); mbedtls_pk_parse_key(&key, my_key, my_key_len, NULL, 0); // Configure SSL for server mode mbedtls_ssl_config_defaults(&ssl_conf, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); mbedtls_ssl_conf_own_cert(&ssl_conf, &cert, &key); // Create TCP socket sock_fd = socket(AF_INET, SOCK_STREAM, 0); server_addr.sin_family = AF_INET; server_addr.sin_addr.s_addr = INADDR_ANY; server_addr.sin_port = htons(443); // Standard HTTPS port // Bind and listen for connections bind(sock_fd, (struct sockaddr *)&server_addr, sizeof(server_addr)); listen(sock_fd, 1); // Only handle one client at a time (enough for provisioning) while (1) { // Accept incoming client connection struct sockaddr_in client_addr; socklen_t addr_len = sizeof(client_addr); client_fd = accept(sock_fd, (struct sockaddr *)&client_addr, &addr_len); if (client_fd < 0) continue; // Attach SSL context to client socket mbedtls_ssl_setup(&ssl_ctx, &ssl_conf); mbedtls_ssl_set_bio(&ssl_ctx, (void *)client_fd, mbedtls_net_send, mbedtls_net_recv, NULL); // Perform SSL handshake int ret = mbedtls_ssl_handshake(&ssl_ctx); if (ret == 0) { // Read client HTTP request char buffer[512]; ret = mbedtls_ssl_read(&ssl_ctx, (unsigned char *)buffer, sizeof(buffer)-1); if (ret > 0) { buffer[ret] = '\0'; // Parse request: check if it's a GET (serve form) or POST (process credentials) if (strstr(buffer, "GET /") != NULL) { // Serve simple provisioning form const char *form_response = "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\n\r\n" "<!DOCTYPE html>" "<html><body>" "<h3>WiFi Provisioning</h3>" "<form method='POST' action='/'>" "SSID: <input type='text' name='ssid'><br>" "Password: <input type='password' name='password'><br>" "<input type='submit' value='Save'>" "</form></body></html>"; mbedtls_ssl_write(&ssl_ctx, (const unsigned char *)form_response, strlen(form_response)); } else if (strstr(buffer, "POST /") != NULL) { // Extract SSID and password from POST data (simplified parsing) char *ssid_start = strstr(buffer, "ssid="); char *password_start = strstr(buffer, "password="); if (ssid_start && password_start) { // Parse and store credentials (save to non-volatile memory) // ... your storage logic here ... // Return success response const char *success_response = "HTTP/1.1 200 OK\r\nContent-Type: text/html\r\n\r\n" "<!DOCTYPE html><html><body>Config Saved! Rebooting...</body></html>"; mbedtls_ssl_write(&ssl_ctx, (const unsigned char *)success_response, strlen(success_response)); // After saving, exit AP mode and connect to target WiFi vTaskDelay(pdMS_TO_TICKS(2000)); // ... your WiFi switch logic here ... vTaskDelete(NULL); // Kill the server task once done } } } } // Clean up client connection mbedtls_ssl_close_notify(&ssl_ctx); close(client_fd); } // Cleanup (unreachable in normal flow) mbedtls_ssl_free(&ssl_ctx); mbedtls_ssl_config_free(&ssl_conf); mbedtls_x509_crt_free(&cert); mbedtls_pk_free(&key); close(sock_fd); vTaskDelete(NULL); } - Optimize for Size:
- Disable unused mbedTLS features (e.g., TLS 1.0/1.1, unused cipher suites) in
mbedtls_config.h. - Use small buffer sizes (like 512 bytes) since provisioning requests are tiny.
- Only run the HTTPS task when in AP mode—kill it once provisioning completes to free RAM/CPU.
- Disable unused mbedTLS features (e.g., TLS 1.0/1.1, unused cipher suites) in
PIC32MZ-W Specific Tips
- Leverage Microchip’s WiFi Drivers: Microchip provides pre-built FreeRTOS-compatible WiFi drivers for the PIC32MZ-W’s integrated WiFi. Start with their AP mode example and add the DHCP/HTTPS server code on top.
- Hardware Acceleration: Enable the PIC32MZ’s Crypto Engine in mbedTLS to offload TLS encryption/decryption—this drastically reduces CPU usage compared to software-only TLS.
- Non-Volatile Storage: Store the provisioned WiFi credentials in the PIC32MZ’s flash memory (use Microchip’s
nvmemlibrary) so they persist across reboots.
Final Workflow
- Device boots into AP mode, initializes lwIP network interface.
- Starts DHCP server to assign IPs to connecting clients.
- Starts HTTPS provisioning task to serve the WiFi config form.
- User connects to device’s AP, opens
https://192.168.4.1(your device’s static AP IP), enters WiFi credentials. - Device parses the POST request, saves credentials, kills the HTTPS/DHCP tasks, switches to STA mode, and connects to the target WiFi network.
内容的提问来源于stack exchange,提问作者CaptainMJ
