• State TI Thinks Resolved
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 1510 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3200: Serial Wifi example / cc3200 SSL server

Tim Redfern
Expert 1360 points
Part Number: CC3200
Other Parts Discussed in Thread: , UNIFLASH, CC3100, CC3120

I'm trying to set up an HTTP server on the cc3200 with SSL.

My code fails during the SSL handshake with an error -458:

I believe it's this:

CC3200SDK_1.2.0//cc3200-sdk/simplelink/include/socket.h:#define SL_ESECBADPRIVATEFILE    (-458)  /* error secure level bad private file */

Does anyone in Ti know if this refers to a bad private key, or if a cert file is rejected because it's not private?

The only example in the SDK that uses an SSL server is the 'Serial Wifi' example: so I attempted to run this.

I generated the keys and flashed them exactly as instructed.

When I start the mDNS server, it repeatedly generates these errors:

[SOCK ERROR] - close socket (80) operation accept failed due to ssl issue

[SOCK ERROR] - close socket (83) operation failed to transmit all queued packets

Can anyone confirm that the Serial Wifi example works with the current hardware, service pack 2.0.7 and SDK 1.2.0?

I suspect that there's something required to make the cert files 'private': could it relate to the release notes for Uniflash where it says:

http://processors.wiki.ti.com/index.php/CC3100_%26_CC3200_UniFlash#Secured_File_System_support

Note: Uniflash version v3.2.0.00123 or earlier had the option to format the device as secured (in case it is not) and also create secured files.

However, secured file system support is deprecated from newer Uniflash versions. The support for secured file system would be added again once new devices fully support this feature.

I can't find any definitive info about generating and flashing certs: a lot of the information in the wiki and forum seem to be contradictory - ie

  • 0
    TI__Guru 61526 points
    Hi Tim,

    The are no restrictions on the certificate (and private key) file names.
    The error refers to the private key format. It should be der format and pair with the server's certificate.
    The uniflash message relates to the file system. It was not secured in the CC3100/CC3200 (gen 1) devices. This feature was added in CC3120/CC3220 (gen 2) devices.
    The SSL security was supported by Gen1 devices.
    I would start by updating to the latest SP (2.9.0.0) and optionally to the latest driver (SDK 1.3.0).

    br,
    Kobi
  • 0 in reply to Kobi Leibovitch
    Expert 1360 points

    Hi Kobi, thanks for the reply.

    You did highlight one problem, I had flashed the private key not the server key.

    I followed the instructions again to generate the certs and keys:

    openssl req -out ca.pem -new -x509 

    openssl genrsa -out server.key 1024

    openssl req -key server.key -new -out server.req

    openssl x509 -req -in server.req -CA CA.pem -CAkey privkey.pem -CAserial file.srl -out server.pem 

    openssl x509 -in ca.pem -inform PEM -out ca.der -outform DER 

    openssl x509 -in server.pem -inform PEM -out server.der -outform DER

    openssl rsa -in server.key -inform PEM -out serverkey.der -outform DER

    I also compiled with SDK 1.3.0 and flashed service pack 2.9.0 although I don't think this is the issue.

    When I run the example on 2 cc3200 boards the devices still don't connect:

                     *************************************************

                           CC3200 SERIAL WiFi Application       

                     *************************************************

    Host Driver Version: 1.0.1.6

    Build Version 2.9.0.0.31.1.4.0.1.1.0.3.37

    Device is configured in default state 

    Started SimpleLink Device: STA Mode

    >>> 

    >>> 

    >>> Attempting to auto connect to AP

    >>> Attempting to acquire IP

    >>> [WLAN EVENT] STA Connected to the AP: adaptics , BSSID: e0:3f:49:a:4f:68

    [NETAPP EVENT] IP acquired by the device

    >>> Entered INTERPRETER mode

    >>> \\<

    >>> Entered LOCAL CONTROL mode

    >>> mDNS 0

    >>> TCP connection established

    >>> [SOCK ERROR] -close socket (81) operationremote side down from secure to unsecure

    on the client side the error is different:

    >>> [SOCK ERROR] - close socket (83) operation failed to transmit all queued packets

    and the devices aren't connected.

    can anyone confirm that they have managed to run the serial wifi example succesfully?

    Thanks

    Tim

  • 0 in reply to Tim Redfern
    Expert 1360 points

    So it turns out the keys and certs generated according to the instructions do work with my SSL server code.

    However the Serial Wifi example seems broken to me.

    It would be very helpful if Ti could write a definitive explanation of what the cc3200 requires to server SSL and publish it along with some sample certs and keys.