• State
  • Locked Locked
  • Replies 5 replies
  • Subscribers 43 subscribers
  • Views 1573 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Using ssl example to connect to yahoo.com fails

Tom Roberts
Expert 1155 points
Other Parts Discussed in Thread: CC3200, UNIFLASH

Hi,

I am trying to connect to www.yahoo.com using the ssl sample app for cc3200, but all I get is sl_Connect returns error -155.

I can connect to www.google.com. I have also tried several other CA certificates.

Here is code snippet:

#define SERVER_NAME	            "www.yahoo.com"//www.google.com"
#define GOOGLE_DST_PORT		     443
#define SL_SSL_CA_CERT		     129	/* CA certificate file ID */

	  SlSockAddrIn_t    Addr;
	  int    iAddrSize;
	  unsigned char    ucMethod = SL_SO_SEC_METHOD_SSLV3; //SL_SO_SEC_METHOD_TLSV1
	  unsigned int uiIP,uiCipher = SL_SEC_MASK_SSL_RSA_WITH_RC4_128_SHA;

Thanks, Tom

  • 0
    Guru 21435 points

    -155 is the following error

    #define SL_ESEC_ASN_SIG_CONFIRM_E             (-155)  /* ASN sig error, confirm failure */

    You can find these error codes in the headers of the SimpleLink API....this one is inside of sockets.h

    Glenn.

  • 0 in reply to Glenn Vassallo
    TI__Expert 7215 points

    Hi Tom,

    Can you check that yahoo certificate is downloaded onto serial flash and is in .cer format.

  • 0 in reply to Kaushal Kukkar
    TI__Expert 7215 points

    Hi,

    I am closing the thread, if issue still exist please open a new thread and add a link to this one for reference

  • 0 in reply to Kaushal Kukkar
    Prodigy 190 points

    Sorry still confused as to which file and file extensions are needed...

    For example,

    I found some online documentation that .cer applies to both a PEM file and a DER file.  

    http://myonlineusb.wordpress.com/2011/06/19/what-are-the-differences-between-pem-der-p7bpkcs7-pfxpkcs12-certificates/

    It seems erroneous to have a DER file is needed with a .cer extension.  

    DB

  • 0 in reply to David Baughman1
    Intellectual 440 points

    David -

    If you attempt to export the Verisign CA cert for Yahoo from a Chrome browser, you are presented with the following options where .cer is used for X.509 format, whether DER or base64 encoded:

    The CA cert name and extension (filename) used in your program are named "by convention" only - or by convenience, as you desire.  Your program could name (in Flash memory) the Verisign CA cert for Yahoo connection verification as "abc.xyz" if you so desired, so long as this matched the filename that you used when writing the cert file to the CC3200 Flash using Uniflash.

    Watch out for trying to use SSLv3 for validation - aside from the security hole it represents, it seems that everyone is in a big hurry to drop support of SSLv3 due to POODLE. Go with TLS 1.2 (SL_SO_SEC_METHOD_TLSV1_2).