1 Reply Latest reply on Aug 13, 2014 5:46 PM by GregG_16

    CA certificate verification

      Hello,

       

      I have a issue with the ca certificate verification on the WICED SDK 3.0.1 and 2.4.0 (both FreeRTOS + LwIP).

       

      I have a server at HomeManager and I have the following CA certificate:

       

      "-----BEGIN CERTIFICATE-----\n"\

        "MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UE\n"\

        "ChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5\n"\

        "MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoT\n"\

        "B0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCB\n"\

        "nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPR\n"\

        "fM6fBeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+AcJkVV5MW\n"\

        "8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kCAwEAAaOCAQkwggEFMHAG\n"\

        "A1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UE\n"\

        "CxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoG\n"\

        "A1UdEAQTMBGBDzIwMTgwODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvS\n"\

        "spXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQFMAMB\n"\

        "Af8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GBAFjOKer89961\n"\

        "zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y7qj/WsjTVbJmcVfewCHrPSqnI0kB\n"\

        "BIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee95\n"\

        "70+sB3c4\n"\

        "-----END CERTIFICATE-----\n";

       

      On the WICED SDK 2.4.0 when I try to connect and verify the server's certificate the chip goes to hardware fault. I have managed to track the error to the file wiced_tls.c in function wiced_tcp_start_tls. When the board enters the do { ... } while(...) loop, it calls the function ssl_handshake_client_async 3 times and the tls_context->context.state goes from 1 to 2 and 3. After 3 it goes to hardware fault.

       

      On the WICED SDK 3.0.1 when I try to connect I get an error (no hardware fault) but still it doesn't want to connect. The SSL certificate on that server is a wildcard, so it is issued for *.homemanager.tv. I have tried the following wiced_https_get commands and got the following errors:

      result = wiced_https_get( &ip_address, SIMPLE_GET_REQUEST, buffer, BUFFER_LENGTH, "www.*.homemanager.tv" ); -> error 2

      result = wiced_https_get( &ip_address, SIMPLE_GET_REQUEST, buffer, BUFFER_LENGTH, "*.homemanager.tv" ); -> error 65024

      result = wiced_https_get( &ip_address, SIMPLE_GET_REQUEST, buffer, BUFFER_LENGTH, "www.homemanager.tv" ); -> error 2

      result = wiced_https_get( &ip_address, SIMPLE_GET_REQUEST, buffer, BUFFER_LENGTH, "homemanager.tv" );-> error 65024

       

      The certificate should be ok. It works fine under Linux where I call the SSL_get_verify_result from OpenSSL. I assume that the board has to do more or less the same thing as that OpenSSL function.

       

      Any suggestions? I would prefer a fix for the 2.4.0 version because the end product is based on the USI09 chip.