• State TI Thinks Resolved
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 160 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

LAUNCHXL-CC3235SF: HTTPS connection not working in production mode using playground catalog

Robert James
Prodigy 60 points
Part Number: LAUNCHXL-CC3235SF
Other Parts Discussed in Thread: UNIFLASH

Hi,

I have burned the image in development mode, and I am able to make a successful https connection and get the data from the cloud using playground certificates.

While running the below command, it returned -453 (SLNETERR_ESEC_SNO_VERIFY) 

ret = SlNetSock_startSec(cli->ssock, secAttribs,
SLNETSOCK_SEC_START_SECURITY_SESSION_ONLY |
SLNETSOCK_SEC_BIND_CONTEXT_ONLY);

The error message said the device connected without server verification. but still, it received the data successfully.

If I burn the same image in production mode, the code struck in the above line. It did not throw -453.

Both the case I did not add the root CA.

Any idea, why it is not working in production mode.

Regards,

Robert

  • 0
    TI__Prodigy 540 points

    Hi Robert,

    can you add some more details on how you are connecting to the server and the connection parameters?

    what currently is happing when you program in production mode?

    in you should be using  the Uniflash/ImageCreator (choose one of the LaunchXL-CC32xx) to program the CC32XX devices. 

    Follow instructions in https://www.ti.com/lit/swru469.

    best regards,

    Avi

  • 0 in reply to Avi Epstein
    Prodigy 60 points

    Hi Avi,

    Thanks for the quick reply.

    I have just made a simple POST request from the launch pad. I am not sending any external parameters.

    #define HOSTNAME                    "">https://xxxxxx.site"

    ret = HTTPClient_connect(httpClientHandle,HOSTNAME,0,0);

    In development mode, it gives error i-453 (SLNETERR_ESEC_SNO_VERIFY). but still connection made and receive the data.

    In production mode, it struck on the below line in the httpclient.c file.

    ret = SlNetSock_startSec(cli->ssock, secAttribs,
    SLNETSOCK_SEC_START_SECURITY_SESSION_ONLY |
    SLNETSOCK_SEC_BIND_CONTEXT_ONLY);

    The only change I made was the below one. I would like to skip the server verification in the production mode also.

    Please advice.

    Regards,

    Robert

  • 0 in reply to Robert James
    TI__Prodigy 540 points

    Hi Robert,

    I can see that you are trying to connect to a secure server " #define HOSTNAME                    "">https://xxxxxx.site""

    when the host name is prefixed with https then the httpclient module assumes that you are connecting securely.

    however in your code you have called: "ret = HTTPClient_connect(httpClientHandle,HOSTNAME,0,0);"  which does not contain the "HTTPClient_extSecParams" in the third input meaning that no certificates are loaded.

    in order to connect securely you need to add server root_certifcate to the user files folder(or burn to device via uniflash).

    in code add:

     

    HTTPClient_extSecParams extSecParams =
{
    NULL,/* Private key */
    NULL,/* Client certificate */
    "root_ca.der" /* Root CA */
};

    and set the Root CA to the name of the cert you saved (the others can be set to NULL if you do not require client verification)

    call:

    HTTPClient_connect(httpClientHandle, HOSTNAME, &extSecParams,0);

    best regards,

    Avi.