Arduino firmware that listens for OSC messages and recalls Matrox ConductIP presets via the ConductIP REST API over HTTPS.
- Receives OSC on
/ipmx/preset(single string arg = the preset label). - On boot,
GET /api/rooms/infoprimes a label → preset-ID cache. - On each message it re-runs
GET /api/rooms/infoto refresh the cache, thenPOST /api/salvos/{id}applies the matching preset. Refreshing every time means presets added, removed, or renamed in ConductIP take effect without rebooting; if the refresh fails, the last good cache is reused. The trade-off is two TLS connections (fetch + recall) per recall.
- Arduino Uno R4 Minima + W5500 Ethernet shield (or W5100/W5200).
RAND_PIN(defaultA5) must be left unconnected — BearSSL uses its floating-pin noise to seed the TLS PRNG.
| Library | Author / source |
|---|---|
| Ethernet | built-in (or EthernetENC for ENC28J60) |
| ArduinoJson | Benoit Blanchon (>= 7.x) |
| OSC | CNMAT — https://github.com/CNMAT/OSC |
| SSLClient | Noah Koontz / OPEnSLab (bundles BearSSL) |
All per-site settings live in a single secrets.h (git-ignored). Copy the
template and fill in your values — this is the only file you need to edit:
cp secrets.h.example secrets.h
# then edit secrets.h:
# SECRET_USER / SECRET_PASS — your ConductIP login
# SECRET_LOCAL_IP — this device's static IP
# SECRET_CONDUCTIP_IP — the ConductIP server's IP (connection is by IP)The IP addresses are written as comma-separated octets (e.g. 192, 168, 19, 11),
since they expand directly into the IPAddress(...) constructor.
If you run multiple units on the same network, also bump the last byte of MAC
in ConductIP_OSC_Bridge.ino so each device has a unique hardware address.
secrets.h is listed in .gitignore, so real credentials are never committed.
Note: this keeps secrets out of shared/version-controlled source, but they are
still stored in plaintext in the device's flash — anyone with physical access
and a flash reader can extract them.
ConductIP serves HTTPS with a certificate issued by its own ConductIP CA
root. That CA is pinned in trust_anchors.h, and BearSSL verifies the server
certificate chains to it. Because we connect by IP, SSLClient skips SAN
hostname matching but still fully validates the chain — appropriate for a
fixed-IP appliance on an isolated VLAN.
The repo ships a ready-to-use trust_anchors.h for the standard ConductIP CA
(CN=ConductIP CA, RSA-2048, valid to 2043), so the sketch compiles as-is.
This file holds only public certificate data — the CA's distinguished name
and RSA public key, no private key — so it is safe to commit and publish (the
same way browsers ship public root CAs). If your unit presents a different CA,
regenerate it as below.
Download your CA from the ConductIP web UI:
Settings → Security → Server certificate — download the Root CA
.crt(PEM or DER both work).
Save it next to the sketch as matrox-conduct-ip-certificate.crt (git-ignored,
since it's the raw per-site download), then regenerate the pinned anchor:
python3 gen_trust_anchor.py matrox-conduct-ip-certificate.crt > trust_anchors.hgen_trust_anchor.py is pure standard-library Python — it parses the cert's
DER, extracts the subject DN + RSA modulus/exponent, and emits the
br_x509_trust_anchor table SSLClient expects.
- SRAM: BearSSL is memory-heavy. The R4 Minima (32 KB) is the same class as the SAMD21 boards SSLClient supports, so it fits, but watch the "Global variables use … bytes" line after compiling.
- Handshake debugging: if the first connection fails, raise SSLClient's
debug level (last constructor arg →
SSL_INFO) to print the BearSSL error code over Serial. - The device boots headless:
setup()waits up to 2 s for a serial monitor, then continues without one.
Released under the MIT License — free to use, modify, and redistribute, including commercially.