TLS tcp connection error

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
Anonymous
Not applicable

Using a client with wiced_tls_init_simple_context() we cannot get an encrypted connection to receive data. The client disconnect after we send data over the connection.

Is there any more documentation available how to set up a tls tcp connection to a server? Or methods to debug other then tpc_error?

regards,

Jasper

0 Likes
5 Replies
Anonymous
Not applicable
Can you get the snip.https_client application working?

Do you have a sniffer trace of the TLS transaction that you can upload?

Can you provide a URL to a globally accessible server that demonstrates the problem ?

There are many variables that affect a TLS connection and without further information it will be very difficult to debug.
0 Likes
Anonymous
Not applicable
I got the wiced_tls_advanced_context working (or parts of it), a Wiced device has a key/certificate  and the server a list of client certificates to check against.

However I cannot get the Wiced device to verify the server-certificate. It seems to ignore any certificate I initialise (wiced_tls_init_root_ca_certificates) .

Taking a step back and modifying the https-client example I get the same result. It connects to a self-signed https server without having the certificate validated (eg not added by wiced_tls_init_root_ca_certificates)

The certificates seem to be succesfully parsed (no errors there) and the SSL handshake is performed there is no check on the validity of the CA.

Any advise?
0 Likes
Anonymous
Not applicable

Anybody got this working??

0 Likes

Let me follow up.

0 Likes
Anonymous
Not applicable

SDK 2.4.0 has a bug that fails to correctly verify the CA certificate.

This has been fixed in 2.4.1 and we strongly recommend you update, at a minimum, the besl directory from the 2.4.1 release.

You should also note that the only the top most root CA certificate is verified. The https_client application in 2.4.1 shows how to use the API correctly for https://www.google.com using Root 1 from the GeoTrust root certificate list (Download Root Certificates - GeoTrust). This was the root CA certificate when accessing Google servers from Australia. Depending on your location in the world the Google servers may have certificates signed by other root CA certificates.

0 Likes