• State Resolved
  • Locked Locked
  • Replies 4 replies
  • Subscribers 31 subscribers
  • Views 420 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TM4C129ENCPDT: TI-RTOS Network Service and https_Client_Get example enable, how enable SNI (Server Name Indication) Protocol

Krams
Intellectual 595 points
Part Number: TM4C129ENCPDT


Hello TI team,

I wrote a program that exchanges data with different servers via https.
For this program I used the TI https_Client_Get example project.
This sample project works with the TI-RTOS Network Service to transfer data using https GET / POST.
Now I have the problem that our customer has rented a shared IP server and the https request does not send an SNI extension.

If the https request does not use an SNI extension, there will be problems with the certificates.

That's why I talked to the wolfSSL team and they said to me:

Eric Blankenhorn (wolfSSL):

"After speaking with the team, it turns out TI has written an abstraction (TI-RTOS Network Service). We were not involved in that code, so we can't really help with adding custom code to the abstraction layer. Unfortunately you'll need to contact TI support for help. We would be very interested to hear the solution for customizing a TLS connection parameters!"

Now I'm looking for a solution how we can activate the SNI extension. According to wolfSSL
only the function wolfSSL_CTX_UseSNI is required for this.
The transfer parameter ctx is required for this function. However, this structure does not exist in the TI-RTOS Network Service or I cannot access this structure.

#ifdef HAVE_SNI
    if (sniHostName) 
    {
        if (wolfSSL_CTX_UseSNI(ctx, 0, sniHostName,(word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) 
        {
            wolfSSL_CTX_free(ctx); ctx = NULL;
            err_sys("UseSNI failed");
        }
    }

Could you please give me additional help. How can I activate the SNI extension?

My setup is as follows:

TM4C129ENCPDT

TI-RTOS for TivaC Version 2.16.1.14

XDCtools Version: 3.32.0.06_core

wolfSSL Version 4.2.0

  • 0
    TI__Guru**** 191906 points

    Hi,

      Sorry, I'm not able to offer much help here. First of all, I have no knowledge about the SNI extension. Secondly, there is currently no plan and resources to update the TI-RTOS NDK for Tiva device. If there is a need to modify the NDK Network Service to suit your unique application requirement, you will be on your own. Really sorry, I'm not able to provide further guidance here. 

    http://software-dl.ti.com/dsps/dsps_public_sw/sdo_sb/targetcontent/tirtos/2_14_04_31/exports/tirtos_full_2_14_04_31/docs/networkservices/doxygen/html/group__ti__net__http___h_t_t_p_cli.html

  • 0 in reply to Charles Tsai
    Intellectual 595 points

    Hi,

    it can't be that I'm the only one who accesses a sharep ip server with a tiva device.

    Our customer runs his domain on a shared IP server. This means that there are several domains on this one server and the server does not know which server certificate to send back. The reason is that the gateway https request does not send a server name extension (SNI, is an extension of the TLS protocol) and the server uses the standard certificate and not the server certificate of the right domain.

    You say I have to take care of it myself, but maybe you could recommend someone from TI who is familiar with this topic?

    I found the .h and .c files of the network service in the ti-rtos folder. Is there a possibility that I can make the changes myself and recompile the Network Service (or the NDK) myself?

    It would be helpful if you could at least suggest a direction for me to implement the SNI extension.

  • 0 in reply to Krams
    TI__Guru**** 191906 points

    Hi Kram,

      Currently, we don't have anyone who is familiar with the SNI but I will try to see if someone who has the knowledge. In the meantime, if you know what and how to do it yourself you can modify the NDK and rebuilt the library. Or you can copy the .h and .c file (the ones that you want to modify) to the CCS project directory and recompile as part of your application project. I will suggest you make a very simple modification like adding a comment to the .c file. Rebuild the project and look at the .map file and make sure the functions in the .c file is not from the NDK library anymore. 

  • 0 in reply to Charles Tsai
    Intellectual 595 points

    I inserted the wolfssl code, recompiled and linked the NS and now the tls protocol has been expanded with sni.
    Many Thanks