• Locked Locked
  • Replies 6 replies
  • Subscribers 99 subscribers
  • Views 1884 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

HTTPS GET error on EK - TM4C1294XL(TI-RTOS)

Yash Bhan
Prodigy 200 points
Other Parts Discussed in Thread: EK-TM4C1294XL

Hi

I am using CCS version: 6.2.0.00050, tirtos_tivac_2_16_01_14, TivaWare_C_Series-2.1.1.71b, on EK-TM4C1294XL.

I wanted to run the sample program for https get demo(i.e. httpsget_EK_TM4C1294XL_TI), that is bundled with the TI-RTOS for TIva C package, am using Amazon Web Services(AWS) for this. I have created an API from AWS using API Gateway services and have created POST and GET methods.For the GET method the details are: 

Content-Length 36
GET /prod/CreateTableAddRecordsAndRead
HTTP/1.1
Host: 1x9iqf24a3.execute-api.us-west-2.amazonaws.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

The sample code only asked for the host and request URI(i.e. /prod/CreateTableAddRecordsAndRead). I downloaded the root CA certificate, as mentioned in the readme file of the program, pasted the content of the certificate in the 'user step' portion of 'httpsget.c' file. However on executing the program i'm getting the following error:

Error! code = -103, desc = httpsTask: send failed

Have attached the code below.

8103.httpsget_EK_TM4C1294XL_TI.zip

Any help would be greatly appreciated.

Thanks & Regards

Yash Bhan

  • TI__Mastermind 30830 points
    The consensus opinion here is that either your board's wall clock time is not synced with the server, or that you are not using the correct CA certificate for the Amazon server.
  • in reply to Alan DeMars
    Prodigy 200 points
    I tried the program with one of yahoo's server API, was able to connect successfully. Also the time synced with the NTP server is correct, it displays the current date and time. Also, is there a sample program available for an HTTP/HTTPS POST request.

    Yash Bhan
  • in reply to Yash Bhan
    TI__Mastermind 30830 points
    I've asked for help on this one from one of the authors of the httpsget example.
  • in reply to Yash Bhan
    TI__Genius 10825 points
    Yash,

    Can you add the following line to print the underlying socket error? For HTTPS examples, it would give you the error from TLS layer stack (i.e. wolfSSL). After HTTPCli_sendRequest() call in your code, add:

    printError("httpsTask: socket error code", HTTPCli_getSocketError(&cli));

    The most common cases for this error would be TLS handshake failure due to one or more of the following:

    1) Incorrect wall clock time.

    2) Incorrect Root CA certificate.

    3) Incorrect or no client certificate (if it is required by the server. I think AWS may require one).

    4) Unsupported cipher suite required by the server (i.e. your wolfSSL library does not support the cipher required by AWS).

    Looking at the error code from TLS layer would help us figure which one of these errors it may be.

    Vikram
  • in reply to Vikram Adiga
    Prodigy 200 points

    Hello Vikram

    I added the statement to the code and am getting the following error:

    Error! code = -326, desc = httpsTask: socket error code

    Have attached the code for reference.

    4885.httpsget.c

    Thanks

    Yash Bhan

  • in reply to Yash Bhan
    TI__Genius 10825 points
    From the wolfSSL error definitions, -326 is defined as:

    VERSION_ERROR = -326, /* record layer version error */

    From the wolfSSL forums, this error "is typically due to the wolfSSL client trying to connect to the target server with a different version of SSL/TLS than what the server supports". Can you check TLS requirements of the server that you are trying to connect to?

    Also, some servers require client certificates to be sent. Can you check if your server requires one to be sent? If yes, then you will have to add the following TLS code in your appliction.

    TLSParams.cert = <certificate buffer>;
    TLSParams.certLen = <certificate buffer length>;
    TLSParams.key = <key buffer>;
    TLSParams.keyLen = <key buffer length>;

    And lastly, can you capture wireshark logs for the TLS handshake? It may give us more information about the error.

    Vikram