Hello,
I have a issue with the ca certificate verification on the WICED SDK 3.0.1 and 2.4.0 (both FreeRTOS + LwIP).
I have a server at HomeManager and I have the following CA certificate:
"-----BEGIN CERTIFICATE-----\n"\
"MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UE\n"\
"ChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5\n"\
"MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoT\n"\
"B0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCB\n"\
"nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPR\n"\
"fM6fBeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+AcJkVV5MW\n"\
"8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kCAwEAAaOCAQkwggEFMHAG\n"\
"A1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UE\n"\
"CxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoG\n"\
"A1UdEAQTMBGBDzIwMTgwODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvS\n"\
"spXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQFMAMB\n"\
"Af8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GBAFjOKer89961\n"\
"zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y7qj/WsjTVbJmcVfewCHrPSqnI0kB\n"\
"BIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee95\n"\
"70+sB3c4\n"\
"-----END CERTIFICATE-----\n";
On the WICED SDK 2.4.0 when I try to connect and verify the server's certificate the chip goes to hardware fault. I have managed to track the error to the file wiced_tls.c in function wiced_tcp_start_tls. When the board enters the do { ... } while(...) loop, it calls the function ssl_handshake_client_async 3 times and the tls_context->context.state goes from 1 to 2 and 3. After 3 it goes to hardware fault.
On the WICED SDK 3.0.1 when I try to connect I get an error (no hardware fault) but still it doesn't want to connect. The SSL certificate on that server is a wildcard, so it is issued for *.homemanager.tv. I have tried the following wiced_https_get commands and got the following errors:
result = wiced_https_get( &ip_address, SIMPLE_GET_REQUEST, buffer, BUFFER_LENGTH, "www.*.homemanager.tv" ); -> error 2
result = wiced_https_get( &ip_address, SIMPLE_GET_REQUEST, buffer, BUFFER_LENGTH, "*.homemanager.tv" ); -> error 65024
result = wiced_https_get( &ip_address, SIMPLE_GET_REQUEST, buffer, BUFFER_LENGTH, "www.homemanager.tv" ); -> error 2
result = wiced_https_get( &ip_address, SIMPLE_GET_REQUEST, buffer, BUFFER_LENGTH, "homemanager.tv" );-> error 65024
The certificate should be ok. It works fine under Linux where I call the SSL_get_verify_result from OpenSSL. I assume that the board has to do more or less the same thing as that OpenSSL function.
Any suggestions? I would prefer a fix for the 2.4.0 version because the end product is based on the USI09 chip.
