Re: tls as client public key verification - Infineon Developer Community

Hello,

Can some please advice us how to correctly make a TLS connection to server as a client. In addition we would like the public key to be checked during the handshake.

is this order of calling APIs correct?

//making connection

wiced_hostname_lookup(cfg->server.host, &server_ip_address, 10000);

wiced_tls_init_simple_context( &wsTlsContext );

wiced_tcp_create_socket( &websocket_socket, WICED_STA_INTERFACE );

wiced_tcp_bind( &websocket_socket, cfg->server.portNo );

wiced_tls_init_root_ca_certificates( cfg->security.privateKey );

wiced_tcp_enable_tls( &websocket_socket, &wsTlsContext );

wiced_tcp_connect( &websocket_socket, &server_ip_address, cfg->server.portNo, WS_CLIENT_CONNECT_TIMEOUT );

//disconnecting

wiced_tcp_disconnect( &websocket_socket );

wiced_tls_deinit_root_ca_certificates( );

wiced_tls_deinit_context( &wsTlsContext );

wiced_tcp_delete_socket( &websocket_socket);

In the case above we run out of heap after we connect and disconnect 10 times.

Any idea what we are doing wrong?

Best regards,

Martin

Subscribe

4 Replies

adding some additional info on where the code stops

wiced_assert("Out of dynamic memory heap space", 0 != 0 );

50 sign-ins

25 sign-ins

25 comments on KBA

Please have a look at the files to understand how the TLS APIs can be used.

apps/snip/https_client/https_client.

libraries/protocols/http.c

This gives overall understanding of how the TLS APIs can be used.

Let us know if you have follow up question.

Hi

This apps/snip/https_client project works alone. But while applying this codes to our application project

https_get_xxx is not working. we copied ca from the project to our application .

so we also have problem and think memory.

1] our application

1. we are using more memory

2. we are using more socket

3. we are using more thread.

2] Applying to BCM32362 / BCM4390 module.

- While applying BCM43362 module,

WPRINT_LIB_INFO( ("Connecting HTTPS.... peer_cn=%s\r\n",peer_cn) );

result = wiced_tcp_connect( &socket, address, 443, 10000 );

==> Module is rebooted

- While applying BCM4390 module,

WPRINT_LIB_INFO( ("Connecting HTTPS.... peer_cn=%s\r\n",peer_cn) );

result = wiced_tcp_connect( &socket, address, 443, 10000 );

==> function does not get returned and application is stuck, no more progress.

wiced_result_t wiced_https_get( wiced_ip_address_t* address, const char* query, void* buffer, uint32_t buffer_length, const char* peer_cn )

{

wiced_tcp_socket_t socket;

wiced_packet_t* reply_packet;

wiced_result_t rx_result;

wiced_tls_simple_context_t context;

wiced_result_t result = WICED_ERROR;

char* buffer_ptr = (char*) buffer;

wiced_tls_init_simple_context( &context, peer_cn );

wiced_tcp_create_socket( &socket, WICED_STA_INTERFACE );

wiced_tcp_enable_tls( &socket, &context );

WPRINT_LIB_INFO( ("Connecting HTTPS.... peer_cn=%s\r\n",peer_cn) );

result = wiced_tcp_connect( &socket, address, 443, 10000 );

if ( result != WICED_SUCCESS )

{

WPRINT_LIB_INFO( ("connection failed....\n") );

wiced_tcp_delete_socket( &socket );

return ( result );

}

Self Answer :

This is solved.