Announcements
IMPORTANT: Cypress Developer Community is transitioning on October 20th. To learn more and be prepared for this change, check out our latest announcement.
cancel
Showing results for 
Search instead for 
Did you mean: 

WICED Studio Wi-Fi Combo

Anonymous
Not applicable

Hello,

I have a issue with the ca certificate verification on the WICED SDK 3.0.1 and 2.4.0 (both FreeRTOS + LwIP).

I have a server at HomeManager and I have the following CA certificate:

"-----BEGIN CERTIFICATE-----\n"\

  "MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UE\n"\

  "ChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5\n"\

  "MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoT\n"\

  "B0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCB\n"\

  "nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPR\n"\

  "fM6fBeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+AcJkVV5MW\n"\

  "8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kCAwEAAaOCAQkwggEFMHAG\n"\

  "A1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UE\n"\

  "CxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoG\n"\

  "A1UdEAQTMBGBDzIwMTgwODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvS\n"\

  "spXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQFMAMB\n"\

  "Af8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GBAFjOKer89961\n"\

  "zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y7qj/WsjTVbJmcVfewCHrPSqnI0kB\n"\

  "BIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee95\n"\

  "70+sB3c4\n"\

  "-----END CERTIFICATE-----\n";

On the WICED SDK 2.4.0 when I try to connect and verify the server's certificate the chip goes to hardware fault. I have managed to track the error to the file wiced_tls.c in function wiced_tcp_start_tls. When the board enters the do { ... } while(...) loop, it calls the function ssl_handshake_client_async 3 times and the tls_context->context.state goes from 1 to 2 and 3. After 3 it goes to hardware fault.

On the WICED SDK 3.0.1 when I try to connect I get an error (no hardware fault) but still it doesn't want to connect. The SSL certificate on that server is a wildcard, so it is issued for *.homemanager.tv. I have tried the following wiced_https_get commands and got the following errors:

result = wiced_https_get( &ip_address, SIMPLE_GET_REQUEST, buffer, BUFFER_LENGTH, "www.*.homemanager.tv" ); -> error 2

result = wiced_https_get( &ip_address, SIMPLE_GET_REQUEST, buffer, BUFFER_LENGTH, "*.homemanager.tv" ); -> error 65024

result = wiced_https_get( &ip_address, SIMPLE_GET_REQUEST, buffer, BUFFER_LENGTH, "www.homemanager.tv" ); -> error 2

result = wiced_https_get( &ip_address, SIMPLE_GET_REQUEST, buffer, BUFFER_LENGTH, "homemanager.tv" );-> error 65024

The certificate should be ok. It works fine under Linux where I call the SSL_get_verify_result from OpenSSL. I assume that the board has to do more or less the same thing as that OpenSSL function.

Any suggestions? I would prefer a fix for the 2.4.0 version because the end product is based on the USI09 chip.

0 Likes
1 Solution
GregG_16
Employee

Please see my message on trying with new SDK.

Also, let if be known that "wildcards" are not supported in the certificates.  This may be an important detail for you.

View solution in original post

0 Likes
1 Reply
GregG_16
Employee

Please see my message on trying with new SDK.

Also, let if be known that "wildcards" are not supported in the certificates.  This may be an important detail for you.

View solution in original post

0 Likes