- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I have a issue with the ca certificate verification on the WICED SDK 3.0.1 and 2.4.0 (both FreeRTOS + LwIP).
I have a server at HomeManager and I have the following CA certificate:
"-----BEGIN CERTIFICATE-----\n"\
"MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UE\n"\
"ChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5\n"\
"MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoT\n"\
"B0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCB\n"\
"nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPR\n"\
"fM6fBeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+AcJkVV5MW\n"\
"8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kCAwEAAaOCAQkwggEFMHAG\n"\
"A1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UE\n"\
"CxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoG\n"\
"A1UdEAQTMBGBDzIwMTgwODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvS\n"\
"spXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQFMAMB\n"\
"Af8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GBAFjOKer89961\n"\
"zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y7qj/WsjTVbJmcVfewCHrPSqnI0kB\n"\
"BIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee95\n"\
"70+sB3c4\n"\
"-----END CERTIFICATE-----\n";
On the WICED SDK 2.4.0 when I try to connect and verify the server's certificate the chip goes to hardware fault. I have managed to track the error to the file wiced_tls.c in function wiced_tcp_start_tls. When the board enters the do { ... } while(...) loop, it calls the function ssl_handshake_client_async 3 times and the tls_context->context.state goes from 1 to 2 and 3. After 3 it goes to hardware fault.
On the WICED SDK 3.0.1 when I try to connect I get an error (no hardware fault) but still it doesn't want to connect. The SSL certificate on that server is a wildcard, so it is issued for *.homemanager.tv. I have tried the following wiced_https_get commands and got the following errors:
result = wiced_https_get( &ip_address, SIMPLE_GET_REQUEST, buffer, BUFFER_LENGTH, "www.*.homemanager.tv" ); -> error 2
result = wiced_https_get( &ip_address, SIMPLE_GET_REQUEST, buffer, BUFFER_LENGTH, "*.homemanager.tv" ); -> error 65024
result = wiced_https_get( &ip_address, SIMPLE_GET_REQUEST, buffer, BUFFER_LENGTH, "www.homemanager.tv" ); -> error 2
result = wiced_https_get( &ip_address, SIMPLE_GET_REQUEST, buffer, BUFFER_LENGTH, "homemanager.tv" );-> error 65024
The certificate should be ok. It works fine under Linux where I call the SSL_get_verify_result from OpenSSL. I assume that the board has to do more or less the same thing as that OpenSSL function.
Any suggestions? I would prefer a fix for the 2.4.0 version because the end product is based on the USI09 chip.
Solved! Go to Solution.
- Labels:
-
RegulatoryCertification
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please see my message on trying with new SDK.
Also, let if be known that "wildcards" are not supported in the certificates. This may be an important detail for you.