4 Replies Latest reply on Mar 16, 2015 10:09 PM by alyoc_1740326

    tls as client public key verification

      Hello,

       

      Can some please advice us how to correctly make a TLS connection to server as a client. In addition we would like the public key to be checked during the handshake.

       

      is this order of calling APIs correct?

       

      //making connection

      wiced_hostname_lookup(cfg->server.host, &server_ip_address, 10000);

      wiced_tls_init_simple_context( &wsTlsContext );

      wiced_tcp_create_socket( &websocket_socket, WICED_STA_INTERFACE );

      wiced_tcp_bind( &websocket_socket, cfg->server.portNo );

      wiced_tls_init_root_ca_certificates( cfg->security.privateKey );

      wiced_tcp_enable_tls( &websocket_socket, &wsTlsContext );

      wiced_tcp_connect( &websocket_socket, &server_ip_address, cfg->server.portNo, WS_CLIENT_CONNECT_TIMEOUT );

       

       

      //disconnecting

       

      wiced_tcp_disconnect( &websocket_socket );

      wiced_tls_deinit_root_ca_certificates( );

      wiced_tls_deinit_context( &wsTlsContext );

      wiced_tcp_delete_socket( &websocket_socket);

       

       

      In the case above we run out of heap after we connect and disconnect 10 times.

       

      Any idea what we are doing wrong?

       

      Best regards,

       

      Martin

        • 1. Re: tls as client public key verification

          adding some additional info on where the code stops


          wiced_assert("Out of dynamic memory heap space", 0 != 0 );


          stack.png

          • 2. Re: tls as client public key verification
            GregG_16

            Please have a look at the files to understand how the TLS APIs can be used.

             

            apps/snip/https_client/https_client.

            libraries/protocols/http.c

             

            This gives overall understanding of how the TLS APIs can be used.

            Let us know if you have follow up question.

            • 3. Re: tls as client public key verification

              Hi

               

              This  apps/snip/https_client project works alone.  But while applying this codes to our application project

              https_get_xxx is not working. we copied ca from the project to our application .

               

              so we also have problem and think memory.

              1] our application

                1. we are using more memory

                2. we are using more socket

                3. we are using more thread.

               

              2] Applying to BCM32362 / BCM4390 module.

                 - While applying BCM43362 module,

                    WPRINT_LIB_INFO( ("Connecting HTTPS.... peer_cn=%s\r\n",peer_cn) );

                    result = wiced_tcp_connect( &socket, address, 443, 10000 );

                    ==> Module is rebooted         

                 - While applying BCM4390 module,

                    WPRINT_LIB_INFO( ("Connecting HTTPS.... peer_cn=%s\r\n",peer_cn) );

                    result = wiced_tcp_connect( &socket, address, 443, 10000 );

                    ==> function does not get returned and application is stuck, no more progress.         

               

               

              wiced_result_t wiced_https_get( wiced_ip_address_t* address, const char* query, void* buffer, uint32_t buffer_length, const char* peer_cn )

              {

                  wiced_tcp_socket_t         socket;

                  wiced_packet_t*            reply_packet;

                  wiced_result_t             rx_result;

                  wiced_tls_simple_context_t context;

                  wiced_result_t             result     = WICED_ERROR;

                  char*                      buffer_ptr = (char*) buffer;

               

               

                  wiced_tls_init_simple_context( &context, peer_cn );

                  wiced_tcp_create_socket( &socket, WICED_STA_INTERFACE );

                  wiced_tcp_enable_tls( &socket, &context );

               

                  WPRINT_LIB_INFO( ("Connecting HTTPS.... peer_cn=%s\r\n",peer_cn) );

                  result = wiced_tcp_connect( &socket, address, 443, 10000 );

                  if ( result != WICED_SUCCESS )

                  {

                      WPRINT_LIB_INFO( ("connection failed....\n") );

                      wiced_tcp_delete_socket( &socket );

                      return ( result );

                  }

              • 4. Re: tls as client public key verification

                Self Answer :

                This is solved.