sdk-5.2.0: snip.https_client test failure

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
AxLi_1746341
Level 7
Level 7
10 comments on KBA 5 comments on KBA First comment on KBA

The https_client test fails:

Resolving IP address of HTTPS server␍␊

Server is at 54.243.145.223␍␊

Getting '/'...␍␊

Read the certificate Key from DCT␍␊

netconn_connect start_tls

Get failed: 4␍

Note, it was working in sdk-5.1, so this is clearly a regression.

0 Likes
13 Replies
GauravS_31
Moderator
Moderator
Moderator
10 questions asked 250 solutions authored 250 sign-ins

Error has been reproduced and I have raised a ticket on this. The error code I found was MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE.

Anonymous
Not applicable

I was able to copy https_client from WICED 5.1 into my WICED 5.2 repository and that worked fine. The code is pretty much the same except for the website that is accessed and the CA certificate. www.httpbin.org replaced www.google.com(WICED 5.1). I suspect if you get a new CA certificate from www.httpbin.org that would fix this issue, but there is another problem with TLS in WICED 5.2. After I download about 200 KB the data becomes corrupted. I run the same exact code in WICED 5.1 and I can download a full half MB system image and boot into it.

0 Likes

webmstreric wrote:

I was able to copy https_client from WICED 5.1 into my WICED 5.2 repository and that worked fine. The code is pretty much the same except for the website that is accessed and the CA certificate. www.httpbin.org replaced www.google.com(WICED 5.1). I suspect if you get a new CA certificate from www.httpbin.org that would fix this issue, but there is another problem with TLS in WICED 5.2. After I download about 200 KB the data becomes corrupted. I run the same exact code in WICED 5.1 and I can download a full half MB system image and boot into it.

Thanks for testing it.

There are some issues with TLS in SDK-5.2.

I'm still waiting for the fix or next release.

But I'm a little bit nervous about when will the fix available because with such issue SDK-5.2 cannot be used.

0 Likes

This snip has been removed from WICED SDK 6.0 onwards. It used the https_client library which has been deprecated and replaced by HTTP_client used by snip.httpbin_org.

grsr wrote:

This snip has been removed from WICED SDK 6.0 onwards. It used the https_client library which has been deprecated and replaced by HTTP_client used by snip.httpbin_org.

The snip.https_client uses totally different API set with snip.httpbin_org.

The different APIs are design with totally different philosophy.

So I believe remove the snip code is another mistake.

For example, it's impossible to implement http request with keepalive which can reuse existing

session with snip.httpbin_org becasue snip.httpbin_org uses the tcp callback API.

0 Likes

grsr wrote:

This snip has been removed from WICED SDK 6.0 onwards. It used the https_client library which has been deprecated and replaced by HTTP_client used by snip.httpbin_org.

snip/https_client still in sdk-6.1 and the test still shows the same error.

https_client is just a simple snip code, if it does not work it usually means

something wrong in either BESL or the snip code it self.

From the reply in 2017/9/27 in this thread, you already found the MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE error,

Should fix it rather than remove the snip code.

We shall not support the old HTTP library and their APIs anymore. It is clearly mentioned in API_updates.txt. We recommend you to move to httpbin_org which uses the new HTTP library. The https_client example must have been added by mistake. It should be removed from the SDK.

0 Likes

The https_client is just a snip code, I have no objection if you really want to remove it.

However, removing a existing library is different.

It seems you assume there are no users using the old HTTP library which is obviously wrong.

People using new sdk versions usually expect the existing application can still work.

Removing a existing library means people need to re-program the existing applications.

In additional, you should check if the problem is in the snip code itself or BESL library as you

also said you already found the MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE error.

I mainly worried about the bug in BESL library.

0 Likes

The decision to deprecate the old library was taken by management at a high level. I have escalated your concern internally. I will update this thread if and when I receive feedback.

0 Likes

Here is the feedback. If you really want to use old HTTP library, it is your choice but in the future it is possible that we can remove it. We recommend users to use new library due to some limitations in old library. If you find any functionality which was there in old library but not part of new one, then we can add that in new library.

grsr wrote:

Here is the feedback. If you really want to use old HTTP library, it is your choice but in the future it is possible that we can remove it. We recommend users to use new library due to some limitations in old library. If you find any functionality which was there in old library but not part of new one, then we can add that in new library.

What is the limitations in old library?

0 Likes

The old HTTP library is not efficient in terms of CPU usage. When you call wiced_https_get it would create socket, initialize TLS context, send the request and block till response is received for all the requests (Synchronous). In new library it does create socket, initialize TLS context done once in init and after that you can send as many request as you want without blocking for the response (Asynchronous).

In the old HTTP library, there is no provision to configure HTTP client parameters such as server name indication (SNI), TLS maximum fragment length. But in the new HTTP library, we can do so. httpbin_org expects SNI extension which cannot be configured in old HTTP library. Also we can use event handler thread to handle HTTP responses.

0 Likes

Your statements are not true, I have all the features you mention in my application using old http library.

The original http library was working fine in sdk-5.1. I don't see any good reason to break it before retire it.

But I'll stop bothering you regarding this topic.

0 Likes