13 Replies Latest reply on Apr 17, 2018 4:52 AM by axel.lin_1746341

    sdk-5.2.0: snip.https_client test failure

    axel.lin_1746341

      The https_client test fails:

       

      Resolving IP address of HTTPS server␍␊

      Server is at 54.243.145.223␍␊

      Getting '/'...␍␊

      Read the certificate Key from DCT␍␊

      netconn_connect start_tls

      Get failed: 4␍

       

      Note, it was working in sdk-5.1, so this is clearly a regression.

        • 1. Re: sdk-5.2.0: snip.https_client test failure
          grsr

          Error has been reproduced and I have raised a ticket on this. The error code I found was MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE.

          • 2. Re: sdk-5.2.0: snip.https_client test failure
            webmstreric

            I was able to copy https_client from WICED 5.1 into my WICED 5.2 repository and that worked fine. The code is pretty much the same except for the website that is accessed and the CA certificate. www.httpbin.org replaced www.google.com(WICED 5.1). I suspect if you get a new CA certificate from www.httpbin.org that would fix this issue, but there is another problem with TLS in WICED 5.2. After I download about 200 KB the data becomes corrupted. I run the same exact code in WICED 5.1 and I can download a full half MB system image and boot into it.

            • 3. Re: sdk-5.2.0: snip.https_client test failure
              axel.lin_1746341

              webmstreric wrote:

               

              I was able to copy https_client from WICED 5.1 into my WICED 5.2 repository and that worked fine. The code is pretty much the same except for the website that is accessed and the CA certificate. www.httpbin.org replaced www.google.com(WICED 5.1). I suspect if you get a new CA certificate from www.httpbin.org that would fix this issue, but there is another problem with TLS in WICED 5.2. After I download about 200 KB the data becomes corrupted. I run the same exact code in WICED 5.1 and I can download a full half MB system image and boot into it.

              Thanks for testing it.

              There are some issues with TLS in SDK-5.2.

              I'm still waiting for the fix or next release.

              But I'm a little bit nervous about when will the fix available because with such issue SDK-5.2 cannot be used.

              • 4. Re: sdk-5.2.0: snip.https_client test failure
                grsr

                This snip has been removed from WICED SDK 6.0 onwards. It used the https_client library which has been deprecated and replaced by HTTP_client used by snip.httpbin_org.

                1 of 2 people found this helpful
                • 5. Re: sdk-5.2.0: snip.https_client test failure
                  axel.lin_1746341

                  grsr wrote:

                   

                  This snip has been removed from WICED SDK 6.0 onwards. It used the https_client library which has been deprecated and replaced by HTTP_client used by snip.httpbin_org.

                  The snip.https_client uses totally different API set with snip.httpbin_org.

                  The different APIs are design with totally different philosophy.

                  So I believe remove the snip code is another mistake.

                   

                  For example, it's impossible to implement http request with keepalive which can reuse existing

                  session with snip.httpbin_org becasue snip.httpbin_org uses the tcp callback API.

                  • 6. Re: sdk-5.2.0: snip.https_client test failure
                    axel.lin_1746341

                    grsr wrote:

                     

                    This snip has been removed from WICED SDK 6.0 onwards. It used the https_client library which has been deprecated and replaced by HTTP_client used by snip.httpbin_org.

                    snip/https_client still in sdk-6.1 and the test still shows the same error.

                    https_client is just a simple snip code, if it does not work it usually means

                    something wrong in either BESL or the snip code it self.

                     

                    From the reply in 2017/9/27 in this thread, you already found the MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE error,

                    Should fix it rather than remove the snip code.

                    • 7. Re: sdk-5.2.0: snip.https_client test failure
                      grsr

                      We shall not support the old HTTP library and their APIs anymore. It is clearly mentioned in API_updates.txt. We recommend you to move to httpbin_org which uses the new HTTP library. The https_client example must have been added by mistake. It should be removed from the SDK.

                      • 8. Re: sdk-5.2.0: snip.https_client test failure
                        axel.lin_1746341

                        The https_client is just a snip code, I have no objection if you really want to remove it.

                        However, removing a existing library is different.

                        It seems you assume there are no users using the old HTTP library which is obviously wrong.

                        People using new sdk versions usually expect the existing application can still work.

                        Removing a existing library means people need to re-program the existing applications.

                         

                        In additional, you should check if the problem is in the snip code itself or BESL library as you

                        also said you already found the MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE error.

                        I mainly worried about the bug in BESL library.

                        • 9. Re: sdk-5.2.0: snip.https_client test failure
                          grsr

                          The decision to deprecate the old library was taken by management at a high level. I have escalated your concern internally. I will update this thread if and when I receive feedback.

                          • 10. Re: sdk-5.2.0: snip.https_client test failure
                            grsr

                            Here is the feedback. If you really want to use old HTTP library, it is your choice but in the future it is possible that we can remove it. We recommend users to use new library due to some limitations in old library. If you find any functionality which was there in old library but not part of new one, then we can add that in new library.

                            1 of 2 people found this helpful
                            • 11. Re: sdk-5.2.0: snip.https_client test failure
                              axel.lin_1746341

                              grsr wrote:

                               

                              Here is the feedback. If you really want to use old HTTP library, it is your choice but in the future it is possible that we can remove it. We recommend users to use new library due to some limitations in old library. If you find any functionality which was there in old library but not part of new one, then we can add that in new library.

                              What is the limitations in old library?

                              • 12. Re: sdk-5.2.0: snip.https_client test failure
                                grsr

                                The old HTTP library is not efficient in terms of CPU usage. When you call wiced_https_get it would create socket, initialize TLS context, send the request and block till response is received for all the requests (Synchronous). In new library it does create socket, initialize TLS context done once in init and after that you can send as many request as you want without blocking for the response (Asynchronous).

                                 

                                In the old HTTP library, there is no provision to configure HTTP client parameters such as server name indication (SNI), TLS maximum fragment length. But in the new HTTP library, we can do so. httpbin_org expects SNI extension which cannot be configured in old HTTP library. Also we can use event handler thread to handle HTTP responses.

                                • 13. Re: sdk-5.2.0: snip.https_client test failure
                                  axel.lin_1746341

                                  Your statements are not true, I have all the features you mention in my application using old http library.

                                  The original http library was working fine in sdk-5.1. I don't see any good reason to break it before retire it.

                                  But I'll stop bothering you regarding this topic.