This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3235SF: Issue in connecting to a secure server

Part Number: CC3235SF

Hi, 

I have been struggling to establish a secure connection with a server of our interest (m2.tuyain.com).

I have programmed the server root CA certificate (tuya_rootCA.crt) into the filesystem using ccs tool.

PFA code snippet, I have followed the steps as given in the Reference Manual for Simple Link.

connect() returns the error -655 (ASN sig error, confirm failure). There is no much description available in error.h.

By the way, I am able to connect with the server with a client running on a Linux VM (Ubuntu). This confirms the certificate that I’m using is right.

Please suggest whether I’m missing out any step!

Fyi, I also tried another approach ‘upgrading nonsecure socket to secure after connection’ as described in the Ref Man. It seems the server doesn’t support this.

 

#define SECURE_SOCKET

int network_tls_connect(NetworkContext_t *pNetwork, const TLSConnectParams *params) {
  int ret = 0;
  tls_context_t *tlsDataParams = NULL;
  int32_t sock;
  int32_t status;        
  SlSockAddrIn_t sAddr;
  uint8_t nb = FALSE; 
  _u32 dummyVal;

  if(NULL == pNetwork) {
    return OPRT_INVALID_PARM;
  }

  if(NULL != params) {
    pNetwork->tlsConnectParams = *params;
  }

  tlsDataParams = (tls_context_t*)(pNetwork->context);  
   
  sAddr.sin_family = SL_AF_INET;
  sAddr.sin_port = sl_Htons((unsigned short)pNetwork->tlsConnectParams.DestinationPort);
  sAddr.sin_addr.s_addr = sl_Htonl(SL_IPV4_VAL(13, 234, 126, 217));

  sock = sl_Socket(SL_AF_INET, SL_SOCK_STREAM, SL_SEC_SOCKET);  
  tlsDataParams->server_fd.fd = sock;
  
#ifdef SECURE_SOCKET
  SlDateTime_t dateTime = {0};
  dateTime.tm_day =  (uint32_t)DEVICE_DATE;
  dateTime.tm_mon =  (uint32_t)DEVICE_MONTH;
  dateTime.tm_year = (uint32_t)DEVICE_YEAR;
  dateTime.tm_hour = (uint32_t)HOUR;
  dateTime.tm_min =  (uint32_t)MINUTES;
  dateTime.tm_sec =  (uint32_t)SEC;
  
  sl_DeviceSet(SL_DEVICE_GENERAL, SL_DEVICE_GENERAL_DATE_TIME, sizeof(SlDateTime_t), (uint8_t *)(&dateTime));
  
//  method.SecureMethod = SL_SO_SEC_METHOD_TLSV1 | SL_SO_SEC_METHOD_TLSV1_2 | SL_SO_SEC_METHOD_SSLv3_TLSV1_2;
//  sl_SetSockOpt(sock, SL_SOL_SOCKET, SL_SO_SECMETHOD, &method, sizeof(SlSockSecureMethod_t));  
  
//  mask.SecureMask = SL_SEC_MASK_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
//                    SL_SEC_MASK_TLS_RSA_WITH_AES_256_CBC_SHA |
//                    SL_SEC_MASK_TLS_RSA_WITH_AES_256_CBC_SHA;   
//  sl_SetSockOpt(sock,SL_SOL_SOCKET, SL_SO_SECURE_MASK, &mask, sizeof(SlSockSecureMask_t));
  
//  sl_SetSockOpt(sock, SL_SOL_SOCKET, SL_SO_SECURE_DISABLE_CERTIFICATE_STORE,
//                &dummyVal,sizeof(dummyVal));

  /* Set the following to enable Server Authentication */
  if(0 != sl_SetSockOpt(sock, SL_SOL_SOCKET, SL_SO_SECURE_FILES_CA_FILE_NAME,
                        "tuya_rootCA.crt", strlen("tuya_rootCA.crt"))) {
    UART_PRINT("%s() line:%d sl_SetSockOpt() failed\n\r", __FUNCTION__, __LINE__); 
  }

#ifdef CLIENT_AUTHENTICATION
  /* Set the following to pass Client Authentication */
  sl_SetSockOpt(sock,SL_SOL_SOCKET,SL_SO_SECURE_FILES_PRIVATE_KEY_FILE_NAME,
                PRIVATE_KEY_FILE, strlen(
                    PRIVATE_KEY_FILE));
  sl_SetSockOpt(sock,SL_SOL_SOCKET,SL_SO_SECURE_FILES_CERTIFICATE_FILE_NAME,
                TRUSTED_CERT_CHAIN, strlen(
                    TRUSTED_CERT_CHAIN));
#endif
#endif

  status = -1;

  while(status < 0) {
      status = sl_Connect(sock, (SlSockAddr_t *)&sAddr, sizeof(sAddr));
      if((status == SL_ERROR_BSD_EALREADY)&& (TRUE == nb)) {
          sleep(1);
          continue;
      }
      else if(status < 0) {
          UART_PRINT("[%s() line:%d, error:%d] %s\n\r", __FUNCTION__, __LINE__, status,
                     SL_SOCKET_ERROR);
          sl_Close(sock);
          return(-1);
      }
      break;
  }    
}

Regards,

Rohit