4 Replies Latest reply on Apr 7, 2014 10:07 PM by nikvh

    TLS tcp connection error

      Using a client with wiced_tls_init_simple_context() we cannot get an encrypted connection to receive data. The client disconnect after we send data over the connection.


      Is there any more documentation available how to set up a tls tcp connection to a server? Or methods to debug other then tpc_error?






        • 1. Re: TLS tcp connection error
          Can you get the snip.https_client application working?



          Do you have a sniffer trace of the TLS transaction that you can upload?



          Can you provide a URL to a globally accessible server that demonstrates the problem ?



          There are many variables that affect a TLS connection and without further information it will be very difficult to debug.
          • 2. Re: TLS tcp connection error
            I got the wiced_tls_advanced_context working (or parts of it), a Wiced device has a key/certificate  and the server a list of client certificates to check against.



            However I cannot get the Wiced device to verify the server-certificate. It seems to ignore any certificate I initialise (wiced_tls_init_root_ca_certificates) .


            Taking a step back and modifying the https-client example I get the same result. It connects to a self-signed https server without having the certificate validated (eg not added by wiced_tls_init_root_ca_certificates)



            The certificates seem to be succesfully parsed (no errors there) and the SSL handshake is performed there is no check on the validity of the CA.


            Any advise?
            • 3. Re: TLS tcp connection error

              Anybody got this working??

              • 4. Re: TLS tcp connection error

                Let me follow up.

                • 5. Re: TLS tcp connection error

                  SDK 2.4.0 has a bug that fails to correctly verify the CA certificate.

                  This has been fixed in 2.4.1 and we strongly recommend you update, at a minimum, the besl directory from the 2.4.1 release.


                  You should also note that the only the top most root CA certificate is verified. The https_client application in 2.4.1 shows how to use the API correctly for https://www.google.com using Root 1 from the GeoTrust root certificate list (Download Root Certificates - GeoTrust). This was the root CA certificate when accessing Google servers from Australia. Depending on your location in the world the Google servers may have certificates signed by other root CA certificates.