SDK-3.7.0: Bug in wiced_https_get implementation

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
AxLi_1746341
Level 7
Level 7
10 comments on KBA 5 comments on KBA First comment on KBA

Testing a static variable certificate_loaded is simply wrong.

If create 2 threads to connect server with different URL paths,

the fist thread test certificate_loaded and init tls identity, the second

thread will NOT init tls identity.

In additional, use strlen( dct_security->private_key ) and strlen( dct_security->certificate ) are also buggy.

How do you make sure the private_key and certificate read from DCT is NULL terminated?

Think about the case write a longer cert/key to DCT then override it with a shorter cert/key.

Then you got wrong length by strlen().

0 Likes
1 Solution
Anonymous
Not applicable

Hi axel.lin,

To load certificate and private key those changes were added without changing API. But yes I agree with your point in case of multiple

threads.

I suggest you to use new http library which handles both the cases you mentioned. Please use snip/httpbin_org application to make use

of new http library.

Thanks,

Vikas

View solution in original post

2 Replies
Anonymous
Not applicable

Hi axel.lin,

To load certificate and private key those changes were added without changing API. But yes I agree with your point in case of multiple

threads.

I suggest you to use new http library which handles both the cases you mentioned. Please use snip/httpbin_org application to make use

of new http library.

Thanks,

Vikas

Hi vsha​,

I have no problem to fix it in my code.

The reason I post it here is I believe it may be helpful for some new users.

In additional, it's something that can be improved in upcoming SDK release.

0 Likes