Master The Pico WiFi: Simplest HTTPS Client
Written by Harry Fairhead & Mike James   
Monday, 01 May 2023
Article Index
Master The Pico WiFi: Simplest HTTPS Client
A Simple TLS Client

The Simple HTTPS Client Listing

Putting all this together we need to create a project with the following files:

main.c full listing below

lwipopts.h add the lines given earlier to the examples

lwipopts file

mbedtls_config.h full listing given earlier

pico_sdk_import_cmake unmodified standard file in all Pico projects

CmakeLists.txt full listing given earlier

setupWiFi.h standard connection file given earlier

The full main.c is:

#include <stdio.h>
#include "pico/stdlib.h"
#include "pico/cyw43_arch.h"
#include "lwip/altcp.h"
#include "lwip/altcp_tls.h"
#include "setupWifi.h"
#define BUF_SIZE 2048
char myBuff[BUF_SIZE];
char header[] = "GET /index.html HTTP/1.1\r\n
err_t recv(void *arg, struct altcp_pcb *pcb,
struct pbuf *p, err_t err)
{ if (p != NULL)
printf("recv total %d
this buffer %d next %d err %d\n",
p->tot_len, p->len, p->next, err);
pbuf_copy_partial(p, myBuff, p->tot_len, 0);
myBuff[p->tot_len] = 0;
printf("Buffer= %s\n", myBuff);
altcp_recved(pcb, p->tot_len);
return ERR_OK;
static err_t altcp_client_connected(void *arg,
struct altcp_pcb *pcb, err_t err)
err = altcp_write(pcb, header, strlen(header), 0);
err = altcp_output(pcb);
return ERR_OK;
int main()
struct altcp_tls_config *tls_config =
altcp_tls_create_config_client(NULL, 0);
struct altcp_pcb *pcb = altcp_tls_new(tls_config,
altcp_recv(pcb, recv);
ip_addr_t ip;
IP4_ADDR(&ip, 93, 184, 216, 34);
err_t err = altcp_connect(pcb, &ip, 443,
while (true)

In chapter but not in this extract:

Non-blocking HTTPS Request


  • Public key cryptography works with two keys, a private key and a public key, and hence is called asymmetric key cryptography. The public key is not secret and can be used by anyone to encrypt a text. The encrypted text can only be decrypted using the private key which is kept secret.

  • Symmetric key cryptography uses a single key which has to be kept private to the sender and receiver to encrypt and decrypt text.

  • Symmetric key cryptography is much faster than asymmetric and so what happens is that asymmetric keys are used to establish a single secret symmetric key that both the client and server use.

  • A certificate contains identity information and keys.

  • A client and a server can establish encrypted communication in one of two ways. If both have a certificate then the keys are used to exchange a single symmetric key. If only the server has a certificate then this is used by both parties to construct a shared secret key.

  • SSL, which later evolved into TSL, is used to add encryption to sockets. The lwIP RAW doesn’t use sockets but it can still make use of TLS to implement HTTPS via ALTCP.

  • To implement TLS you need to use ALTCP and the mbedtls library. The connection between the two is the altcp_tls library.

  • To configure mbedtls you need to use the mbedtls_config.h file to define the encryption methods you want to use.

  • The most commonly encountered methods are RSA key exchange followed by AES symmetric encryption.

  • Putting all this together it is easy to create an HTTPS client without the need to work with certificates.

Master the Raspberry Pi Pico in C:
WiFiwith lwIP & mbedtls

By Harry Fairhead & Mike James


Buy from Amazon.



  1. The Pico WiFi Stack
  2. Introduction To TCP
    Simplest HTTP Client
  3. More Advanced TCP
  4. SSL/TLS and HTTPS
    Simplest HTTPS Client
  5. Details of Cryptography
    Random Numbers
  6. Servers
          Extract: HTTP Server NEW!!
  7. UDP For Speed
    Basic UDP
  8. SNTP For Time-Keeping
  9. SMTP For Email
  10. MQTT For The IoT

    Appendix 1 Getting Started In C



C book



or email your comment to:

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Last Updated ( Tuesday, 02 May 2023 )