This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Getting HTTPCli_ESENDFAIL while doing HTTPS GET in TI-RTOS

Other Parts Discussed in Thread: EK-TM4C1294XL

Hi,

I am using CCS Version: 6.1.0.00104, tirtos_tivac_2_12_01_33, TivaWare_C_Series-2.1.1.71 on EK-TM4C1294XL board.
I wanted to check HTTPS capability and started with HTTPS GET example. I downloaded certificate file as per instructions and able to build the program successfully.
When I run code on the board I am getting following error:
Error! code = -103, desc = httpsTask: send failed

While debugging further I found this error code corresponds to error "HTTPCli_ESENDFAIL" and this is thrown if Ssock_send() is failing in httpcli.c
From browser I am able to download the .csv file. Does anyone have idea about this issue?

Attaching code for more details.

Thanks,
Bhavesh

7455.httpsget_TivaTM4C1294NCPDT.zip

  • Hi Bhavesh,


    Why are you setting server address as proxy

    addr.sin_family = AF_INET;
    addr.sin_port = htons(PORT);
    inet_pton(AF_INET, IP, &addr.sin_addr);

    /* USER STEP: Comment the line if not using proxy */
    HTTPCli_setProxy((struct sockaddr *)&addr); // [Aashish] Setting proxy ip as 206.190.61.107. Do you using proxy server to connect to internet? Is it right proxy server IP or it should be different

    HTTPCli_construct(&cli);

    HTTPCli_setRequestFields(&cli, fields);

    ret = HTTPCli_connect(&cli, (struct sockaddr *)&addr, HTTPCli_TYPE_TLS,NULL); //[Aashish] Using same proxy ip as HTTP server. HTTP server ip should be different


    Regards,
    Aashish
  • Hi Ashish,

    Thanks for pointing out. I am not using any Proxy server. I commented line  HTTPCli_setProxy((struct sockaddr *)&addr); in the code but still getting Error! code = -103, desc = httpsTask: send failed as mentioned above when trying to HTTPCli_sendRequest() is executed.

    HTTPCli_connect() is successful and return '0' with or without proxy server. For a change I created local server with one service which returns unix timestamp with OpenSSL and added Public key in the code. But that is also returning -103. 

    I done more debugging and found that ssock->sec.send() in sscok.c (tiRTOS\packages\ti\net\http) file is giving negative 'nbytes' value and because of that it is failing to send Request URI.

    Can you please check it?

    One more query, IP which is used in inet_pton(AF_INET, IP, &addr.sin_addr); is it just for Proxy or it should be the actual address of the server for HTTPCli_connect() and further commands? This question is asked because I am new to Socket programming and while using LWIP, it is having ResolveDNS() which gives the IP address from URL and that can be used further. IP address is not required if HTTPCli_connect() can directly communicate by providing Server URL. 

    Thanks,
    Bhavesh

     

  • Hi Bhavesh,

    Bhavesh Patel said:
    I done more debugging and found that ssock->sec.send() in sscok.c (tiRTOS\packages\ti\net\http) file is giving negative 'nbytes' value and because of that it is failing to send Request URI.

    What is value of nbytes?

    Bhavesh Patel said:
    One more query, IP which is used in inet_pton(AF_INET, IP, &addr.sin_addr); is it just for Proxy or it should be the actual address of the server for HTTPCli_connect() and further commands? This question is asked because I am new to Socket programming and while using LWIP, it is having ResolveDNS() which gives the IP address from URL and that can be used further. IP address is not required if HTTPCli_connect() can directly communicate by providing Server URL. 

    inet_pton convert ip string into network format and be use for both proxy as well as server address in dot string format. To use server url call sl_NetAppDnsGetHostByName() API. Please refer <3100SDk>\example\http_client.

    Regards,

    Aashish

  • Hi Aashish,

    Value of nbytes is not constant for every HTTPCli_sendRequest(). I tried HTTPCli_sendRequest() for 5-6 times and got values like -138, -301, -182, -82, -230, -123. And if condition after that is expecting nbytes >= 0.
    I will check sl_NetAppDnsGetHostByName() and will update the thread.

    Thanks,
    Bhavesh
  • Hi Bhavesh,


    Please share certificate and other server information to re-create issue at over end.


    Regards,
    Aashish
  • Hi Aashish,

    The code file I shared is having the cert.pem converted to .h file. And I am pointing to "download.finance.yahoo.com:443" and IP I found is 206.190.61.107.

    The same has been given in the zip code file. Attaching code and cert.pem in zip file

    Thanks,
    Bhavesh

    8055.httpsget_TivaTM4C1294NCPDT.zip

  • Moving to TI-RTOS forumRegards,Gigi Joseph.
  • Our TLS expert is on vacation this week. I've asked him to look at this next week when he gets in.

    Todd

  • Hi Bhavesh,

    Have you updated the CURRENTTIME macro in httpsget.c? This is needed for validating the server certificate.

    The error code -103 can occur when the TLS stack fails during TLS handshake. One of the common reasons is the certificate validation fails due to wrong date-time set in the application. In the latest version TI-RTOS for TivaC 2.14.00.10, a new API HTTPCli_getSocketError() has been added which provides the lower level socket error codes for better debugging.

    Vikram
  • Hi Vikram,

    I tried to integrate tirtos_tivac_2_14_00_10 into current project. I changed Compiler and Linker Path but while building it is giving many errors.  Also while browsing demo examples I did not find examples for Ethernet (HTTP, TCP echo etc.) in the list. So I reverted back to old TI-RTOS version (tirtos_tivac_2_12_01_33)

    I was able to build WolfSSL3.6.6 with tirtos_tivac_2_14_00_10 so it was a good start.

    I changed CURRENTTIME to Current Unix Time stamp but still same error is coming. I also checked on local server, request is not reaching server. HTTPCli_connect() is successful so CURRENTTIME is valid. But HTTPCli_sendRequest() is failing with -103 status (more debugging is mentioned in earlier post).

    One query I have is after using CyaSSL functions we will get ctx param and than we are doing HTTPCli_setSecureParams() ,after that we are doing simple HTTP calls. Are these steps giving issue?

    Thanks,
    Bhavesh

  • Hi Bhavesh,

    It looks like the root CA certificate for the yahoo server changed. Can you try with this root CA Certificate?

    Also,you can use openssl  to find the root CA certificate for a server:

    openssl s_client -connect download.finance.yahoo.com:443 -showcerts

    I have filed a bug to fix the readme: https://cqweb.ext.ti.com/cqweb/main?command=GenerateMainFrame&service=CQ&schema=SDO-Web&contextid=SDOWP&entityID=SDOCM00119260&entityDefName=IncidentReport&username=readonly&password=readonly

    Hope this helps

    Vikram