WebSocket Connection Failed from Android Application to WICED device Server

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
ViNg_2263746
Level 1
Level 1
First like received

Dear Sir,

Could you help me to check this error when connection websocket using Websocket Server Example on WICED 6.1.2

I just test some application on Windows Client Socket, and the application is okay, it can connect in both ws and wss(tls 1.1).

But when i write it on android application, it can just connect to ws, the feature wss (tls 1.2) can not work. (The android application i try on echo.websocket.org still okay in both mode ws and wss)

The Debug Log i got on WICED device:

Initialising NetX_Duo v5.10_sp3

Creating Packet pools

WLAN MAC Address : 00:25:CA:11:51:97

WLAN Firmware    : wl0: Apr 30 2018 04:14:19 version 7.45.98.50 (r688715 CY) FWID 01-283fcdb9

WLAN CLM         : API: 12.2 Data: 9.10.39 Compiler: 1.29.4 ClmImport: 1.36.3 Creation: 2018-04-11 22:31:21

IPv4 network ready IP: 192.168.0.1

Setting IPv6 link-local address

IPv6 network ready IP: FE80:0000:0000:0000:0225:CAFF:FE11:5197

[App] Network initialized

[App] Read the certificate Key from DCT

Websocket Server console start

> start

[App] WebSocket Server running(listening...)

>   . Setting up the SSL/TLS structure...

TLS library asked for [5] bytes

Received new TCP packet with length [157]

TLS library asked for [152] bytes

Skip [5] no of bytes from TCP received packet with length : [157]

TLS library asked for [5] bytes

Received new TCP packet with length [7]

TLS library asked for [2] bytes

Skip [5] no of bytes from TCP received packet with length : [7]

WICED/security/BESL/mbedtls_open/library/ssl_tls.c:4219: is a fatal alert message (msg 46)

WICED/security/BESL/mbedtls_open/library/ssl_tls.c:3837: mbedtls_ssl_read_record_layer() returned -30592 (-0x7780)

WICED/security/BESL/mbedtls_open/library/ssl_srv.c:3859: mbedtls_ssl_read_record() returned -30592 (-0x7780)

failed

  ! mbedtls_ssl_handshake returned -0xffff8880

[websocket_server_deferred_connect_callback] Failed to accept socket - res:4 @websock: 0x2000ecd0 @sock: 0x2001457c

[App] Error[11] @websocket:0x2000ecd0

disconnect callback @websocket: 0x2000ecd0 @sock: 0x2001457c

  . Setting up the SSL/TLS structure...

TLS library asked for [5] bytes

Received new TCP packet with length [157]

TLS library asked for [152] bytes

Skip [5] no of bytes from TCP received packet with length : [157]

TLS library asked for [5] bytes

Received new TCP packet with length [7]

TLS library asked for [2] bytes

Skip [5] no of bytes from TCP received packet with length : [7]

WICED/security/BESL/mbedtls_open/library/ssl_tls.c:4219: is a fatal alert message (msg 46)

WICED/security/BESL/mbedtls_open/library/ssl_tls.c:3837: mbedtls_ssl_read_record_layer() returned -30592 (-0x7780)

WICED/security/BESL/mbedtls_open/library/ssl_srv.c:3859: mbedtls_ssl_read_record() returned -30592 (-0x7780)

failed

  ! mbedtls_ssl_handshake returned -0xffff8880

[websocket_server_deferred_connect_callback] Failed to accept socket - res:4 @websock: 0x2000ef7c @sock: 0x20015344

[App] Error[11] @websocket:0x2000ef7c

disconnect callback @websocket: 0x2000ef7c @sock: 0x20015344

And on Wireshark side, i got this information:

websocket handshake.PNG

Please check it for me what i do wrong.

Thank you

0 Likes
7 Replies
PriyaM_16
Moderator
Moderator
Moderator
250 replies posted 100 replies posted 50 replies posted

Can you tell me the platform and SDK you are using? Is it WICED 6.2.1 or 6.0.1.85?

0 Likes

I am using WICED 6.2.1

0 Likes

The Websocket application largely depends upon the client libraries used in Andrioid application.  Can you share a sample android application that can be used to replicate the issue?

Besides can you first try to establish a secure connection with a WICED TCP server?

Note: There are known issues in TLS handshake between external client and WICED webscoket server

This is my source client to connect to server. Could you check it for me.

And how about the known issues in TLS handshake? could you describe it for me?

Thank you

package com.example.lmorda.websocketchat;

import android.os.Bundle;

import android.os.Handler;

import android.support.v7.app.AppCompatActivity;

import android.util.Log;

import android.widget.TextView;

import org.apache.http.HttpResponse;

import org.apache.http.client.methods.HttpPost;

import org.apache.http.conn.scheme.Scheme;

import org.apache.http.conn.scheme.SchemeRegistry;

import org.apache.http.conn.ssl.SSLSocketFactory;

import org.apache.http.conn.ssl.X509HostnameVerifier;

import org.apache.http.impl.client.DefaultHttpClient;

import org.apache.http.impl.conn.SingleClientConnManager;

import java.io.IOException;

import javax.net.ssl.HostnameVerifier;

import javax.net.ssl.HttpsURLConnection;

import okhttp3.OkHttpClient;

import okhttp3.Request;

import okhttp3.Response;

import okhttp3.WebSocket;

import okhttp3.WebSocketListener;

import okio.ByteString;

@SuppressWarnings("deprecation")

public class WebSocketActivity extends AppCompatActivity {

    private TextView tvOutput;

    private static final int NORMAL_CLOSURE_STATUS = 1000;

    @Override

    protected void onCreate(Bundle savedInstanceState) {

        super.onCreate(savedInstanceState);

        setContentView(R.layout.activity_main);

        tvOutput = findViewById(R.id.output);

        tvOutput.setText("Connecting: ws://192.168.0.1 ...");

        HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;

        DefaultHttpClient client = new DefaultHttpClient();

        SchemeRegistry registry = new SchemeRegistry();

        SSLSocketFactory socketFactory = SSLSocketFactory.getSocketFactory();

        socketFactory.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);

        registry.register(new Scheme("https", socketFactory, 443));

        SingleClientConnManager mgr = new SingleClientConnManager(client.getParams(), registry);

        DefaultHttpClient httpClient = new DefaultHttpClient(mgr, client.getParams());

        // Set verifier

        HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);

        // Example send http request

//        final String url = "ws://192.168.0.1";

//        HttpPost httpPost = new HttpPost(url);

//        try {

//            HttpResponse response = httpClient.execute(httpPost);

//        } catch (IOException e) {

//            e.printStackTrace();

//        }

//        OkHttpClient client = new OkHttpClient();

//        SSLContext sslContext = SslUtils.getSslContextForCertificateFile(this, "BPClass2RootCA-sha2.cer");

//        client.setSslSocketFactory(sslContext.getSocketFactory());

        // WebSocket

        Request request = new Request.Builder().url("ws://192.168.0.1").build();

        EchoWebSocketListener listener = new EchoWebSocketListener();

        OkHttpClient okHttpClient = new OkHttpClient();

        final WebSocket webSocket = okHttpClient.newWebSocket(request, listener);

        okHttpClient.dispatcher().executorService().shutdown();

        final Handler pingHandler = new Handler();

        Runnable pingRunnable = new Runnable() {

            @Override

            public void run() {

                String ping = "{\"type\":\"ping\",\"message\":\"hello\"}";

                output("Tx: " + ping);

                webSocket.send(ping);

                pingHandler.postDelayed(this, 10000);

            }

        };

        pingHandler.postDelayed(pingRunnable, 10000);

    }

    // WebSocket

    private final class EchoWebSocketListener extends WebSocketListener {

        @Override

        public void onOpen(WebSocket webSocket, Response response) {

            output("WebSocket connected to ws://10.0.2.2:8080/websocket/chat");

            output("Actively listening to localhost port 8080 for WebSocket traffic");

            output("Sending test echo message");

            String json = "{\"type\":\"chat\",\"message\":\"im online, whats up\"}";

            output("Tx: " + json);

            webSocket.send(json);

        }

        @Override

        public void onMessage(WebSocket webSocket, String text) {

            output("Rx: " + text);

            // Check the WebSocket message type

            if (text.contains("chat")) {

                // do something chat related

            }

        }

        @Override

        public void onMessage(WebSocket webSocket, ByteString bytes) {

            output("Rx bytes: " + bytes.hex());

        }

        @Override

        public void onClosing(WebSocket webSocket, int code, String reason) {

            webSocket.close(NORMAL_CLOSURE_STATUS, null);

            output("Closed: " + code + " / " + reason);

        }

        @Override

        public void onFailure(WebSocket webSocket, Throwable t, Response response) {

            output("Error: " + t.getMessage());

        }

    }

    private void output(final String txt) {

        runOnUiThread(new Runnable() {

            @Override

            public void run() {

                Log.d("websocketchat", txt);

                tvOutput.setText(tvOutput.getText().toString() + "\n\n" + txt);

            }

        });

    }

}

riya wrote:

Note: There are known issues in TLS handshake between external client and WICED webscoket server

What is the known issues in TLS handshake?

0 Likes

axel.lin_1746341 wrote:

riya wrote:

Note: There are known issues in TLS handshake between external client and WICED webscoket server

What is the known issues in TLS handshake?

riya

The reason I asked the TLS handshake issue is because it is a common library used by various

applications. I'd like to know the impact of "known issues in TLS handshake" as you mentioned.

Can you elaborate the known issue?

0 Likes

axel.lin_1746341

There are no issues in TLS library. There are issues in connecting an external client(browser/android) to Webscoket of WICED. We have tested TLS with mbed server and WICED implementation for different cipher suites and TLS handshake completed without any error.

I have tried to connect to WICED Webscoket server through web browser but couldn't include the certificates in my client. Websocket application works fine between two WICED boards(one as client and other as server) as the certificates can be easily included in the WICED client application. Need to figure out a way to include certificates in client.

0 Likes