The OpenThread CoAPS APIs may be invoked via the OpenThread CLI.
Form a network with at least two devices.
CoAPS uses DTLS to establish a secure, end-to-end connection.
This example supports two ciphersuites:
TLS_PSK_WITH_AES_128_CCM_8
> coaps psk <your-psk> <your-psk-id> Done
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
> coaps x509 Done
The X.509 certificate stored in core/cli/x509_cert_key.hpp
.
On node 1, setup CoAPS server with resource test-resource
.
> coaps start Done > coaps resource test-resource Done
> coaps start Done > coaps connect <peer-ip6-address> Done coaps connected > coaps get test-resource Done coaps response from fdde:ad00:beef:0:9903:14b:27e0:5744 with payload: 68656c6c6f576f726c6400 > coaps put test-resource con payload Done coaps response from fdde:ad00:beef:0:9903:14b:27e0:5744
On node 1, you should see output similar to below:
coaps request from fdde:ad00:beef:0:9e68:576f:714c:f395 GET coaps response sent coaps request from fdde:ad00:beef:0:9e68:576f:714c:f395 PUT with payload: 7061796c6f6164 coaps response sent
> openssl ecparam -genkey -name prime256v1 -noout -out ec_private.pem
> openssl req -x509 -new -key ec_private.pem -out x509_cert.pem -days 30
> coaps help connect delete disconnect get isclosed isconnactive isconnected post psk put resource set start stop x509 Done
List the CoAPS CLI commands.
Establish DTLS session.
> coaps connect fdde:ad00:beef:0:9903:14b:27e0:5744 Done coaps connected
> coaps delete test-resource con payload Done
> coaps disconnect coaps disconnected Done
> coaps get test-resource Done
> coaps get test-resource block-1024 Done
> coaps post test-resource con payload Done
> coaps post test-resource block-1024 10 Done
Set DTLS ciphersuite to TLS_PSK_WITH_AES_128_CCM_8
.
> coaps psk 123 pskid Done
> coaps put test-resource con payload Done
> coaps put test-resource block-1024 10 Done
Sets the URI path for the test resource.
> coaps resource test-resource Done > coaps resource test-resource Done
Sets the content sent by the test resource.
> coaps set Testing123 Done
Starts the application coaps service.
The check-peer-cert
parameter determines if the peer-certificate check is enabled (default) or disabled. The max-conn-attempts
parameter sets the maximum number of allowed attempts, successful or failed, to connect to the CoAP Secure server. The default value of this parameter is 0, which means that there is no limit to the number of attempts. The check-peer-cert
and max-conn-attempts
parameters work together in the following combinations, even though you can only specify one argument:
check-peer-cert
to true
: Has the same effect as as omitting the argument, which is that the check-peer-cert
value is true
, and the max-conn-attempts
value is 0.check-peer-cert
to false
: check-peer-cert
value is false
, and the max-conn-attempts
value is 0
.check-peer-cert
is true
, and the max-conn-attempts
value is the number specified in the argument.> coaps start Done
Stops the application coaps service.
> coaps stop Done
Indicates whether or not the CoAP secure service is connected.
> coaps isconnected yes Done
Indicates whether or not the CoAP secure service connection is active (already connected or establishing a connection).
> coaps isconnactive yes Done
Indicates whether or not the CoAP secure service is closed.
> coaps isclosed no Done
Set DTLS ciphersuite to TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
.
The X.509 certificate stored in src/cli/x509_cert_key.hpp
.
> coaps x509 Done