Other Parts Discussed in Thread: CC3200
This is a follow-up post related to this post.
In brief: I am attempting to use TI's CC3200 SDK to make a simple socket connection to AWS. Initially I had issues with my certificates which I believe has been resolved: I no longer receive any bad certificate or bad key errors*. This was confirmed by using the same DER formatted certificates I flashed to the CC3200 to connect to AWS using openssl (script formatted here for readability):
openssl s_client
-connect <endpoint>.iot.<region>.amazonaws.com:8443
-cipher 'ECDHE-ECDSA-AES128-SHA256'
-CAfile .\symantecCert.pem
-cert .\cert.der -certform DER
-key .\privateKey.der -keyform DER
Note: I am using a DER formatted CA file (not PEM formatted as implied above) with the CC3200. OpenSSL did not work with DER formatted CA file (though the CC3200 does not throw CA error and I am 99% certain my DER formatted CA file is correct). I have also specified the SL_SO_SEC_METHOD_TLSV1_2 method and SL_SEC_MASK_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 cipher. In fact, I've used both this and the RSA equivalent cipher (1 <<8) .
*openssl fails to convert keys from PEM to DER (Error 0906D06C --> Expecting TRUST CERTIFICATE). I wrote my own program to blindly convert quadruples of base64 encoded values to 3 bytes. This was successful for the CA and certificate files (as compared to successful openssl conversions) and I merely hope the conversion is successful for the keys. Again, I no longer see bad key errors which gives me confidence that the DER formatted keys are correct, but I have no idea how sl_Connect actually works so I could easily be wrong.
My Problem:
While openssl s_client works with these parameters, the CC3200 throws an error -461, which according to the associated comment means 'Connected with certificate date verification error'. I would like to know:
a) what causes this error to be thrown? There does not appear to be an equivalent error from openssl.
b) how do I resolve this issue?
Thanks for your help, in advance!
