• State Resolved
  • Locked Locked
  • Replies 2 replies
  • Subscribers 41 subscribers
  • Views 870 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3100: EK_TM4C1294XL - HTTPS Error 102

Tim Roadley
Intellectual 730 points

Part Number: CC3100

Hi,

I'm trying to get the HTTPS example going on my CC3100, using a EK_TM4C1294XL board.

The TI-RTOS version for Tiva-C is 2.16.00.08 and in that I'm using <ti/net/http/httpcli.h> v1.11.00.10:

After adding what I'm certain is the correct Digicert root ca as per instructions (for www.example.com:443), I'm still getting an error -102 when the call to HTTPCli_connect is made.

Here is the exact and only code I have changed in the example:

/*

 * USER STEP: Copy the lines in the root CA certificate between

 *            -----BEGIN CERTIFICATE-----

 *            ...

 *            -----END CERTIFICATE-----

 */

uint8_t ca[] =

"MIIF8jCCBNqgAwIBAgIQDmTF+8I2reFLFyrrQceMsDANBgkqhkiG9w0BAQsFADBw\

MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\

d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz\

dXJhbmNlIFNlcnZlciBDQTAeFw0xNTExMDMwMDAwMDBaFw0xODExMjgxMjAwMDBa\

MIGlMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxML\

TG9zIEFuZ2VsZXMxPDA6BgNVBAoTM0ludGVybmV0IENvcnBvcmF0aW9uIGZvciBB\

c3NpZ25lZCBOYW1lcyBhbmQgTnVtYmVyczETMBEGA1UECxMKVGVjaG5vbG9neTEY\

MBYGA1UEAxMPd3d3LmV4YW1wbGUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A\

MIIBCgKCAQEAs0CWL2FjPiXBl61lRfvvE0KzLJmG9LWAC3bcBjgsH6NiVVo2dt6u\

Xfzi5bTm7F3K7srfUBYkLO78mraM9qizrHoIeyofrV/n+pZZJauQsPjCPxMEJnRo\

D8Z4KpWKX0LyDu1SputoI4nlQ/htEhtiQnuoBfNZxF7WxcxGwEsZuS1KcXIkHl5V\

RJOreKFHTaXcB1qcZ/QRaBIv0yhxvK1yBTwWddT4cli6GfHcCe3xGMaSL328Fgs3\

jYrvG29PueB6VJi/tbbPu6qTfwp/H1brqdjh29U52Bhb0fJkM9DWxCP/Cattcc7a\

z8EXnCO+LK8vkhw/kAiJWPKx4RBvgy73nwIDAQABo4ICUDCCAkwwHwYDVR0jBBgw\

FoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFKZPYB4fLdHn8SOgKpUW\

5Oia6m5IMIGBBgNVHREEejB4gg93d3cuZXhhbXBsZS5vcmeCC2V4YW1wbGUuY29t\

ggtleGFtcGxlLmVkdYILZXhhbXBsZS5uZXSCC2V4YW1wbGUub3Jngg93d3cuZXhh\

bXBsZS5jb22CD3d3dy5leGFtcGxlLmVkdYIPd3d3LmV4YW1wbGUubmV0MA4GA1Ud\

DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0f\

BG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2Vy\

dmVyLWc0LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTIt\

aGEtc2VydmVyLWc0LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsG\

AQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCB\

gwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy\

dC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9E\

aWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQC\

MAAwDQYJKoZIhvcNAQELBQADggEBAISomhGn2L0LJn5SJHuyVZ3qMIlRCIdvqe0Q\

6ls+C8ctRwRO3UU3x8q8OH+2ahxlQmpzdC5al4XQzJLiLjiJ2Q1p+hub8MFiMmVP\

PZjb2tZm2ipWVuMRM+zgpRVM6nVJ9F3vFfUSHOb4/JsEIUvPY+d8/Krc+kPQwLvy\

ieqRbcuFjmqfyPmUv1U9QoI4TQikpw7TZU0zYZANP4C/gj4Ry48/znmUaRvy2kvI\

l7gRQ21qJTK5suoiYoYNo3J9T+pXPGU7Lydz/HwW+w0DpArtAaukI8aNX4ohFUKS\

wDSiIIWIWJiJGbEeIO0TIFwEVWTOnbNl/faPXpk5IRXicapqiII=";

uint32_t calen = sizeof(ca);

I haven't changed the sample code besides the ca root cert above, so the call I'm using is exactly HTTPCli_connect(&cli, (struct sockaddr *)&addr, 0, &params);

My questions are as follows:

  1. How do I ensure the correct cipher is used? I need to use ECDHE-RSA-AES128-GCM-SHA256 as per the root ca.
  2. Should I be using TLS_Params_init as per the sample code, or HTTPCli_SecureParams like this post suggests?
  3. Can you think of any other reasons for this error and suggest a fix?

To show that I have done some due diligence, I can verify that the certificate I'm using is 100% correct using the following command:

openssl s_client -state -CAfile d2.pem  -connect www.example.com:443

I've included to complete output below in case it helps.

Thanks in advance for your assistance!

Cheers

----------- output from open ssl -CAfile test --------------

CONNECTED(00000005)

SSL_connect:before/connect initialization

SSL_connect:unknown state

SSL_connect:SSLv3 read server hello A

depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA

verify return:1

depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA

verify return:1

depth=0 C = US, ST = California, L = Los Angeles, O = Internet Corporation for Assigned Names and Numbers, OU = Technology, CN = www.example.org

verify return:1

SSL_connect:SSLv3 read server certificate A

SSL_connect:SSLv3 read server key exchange A

SSL_connect:SSLv3 read server done A

SSL_connect:SSLv3 write client key exchange A

SSL_connect:SSLv3 write change cipher spec A

SSL_connect:SSLv3 write finished A

SSL_connect:SSLv3 flush data

SSL_connect:SSLv3 read server session ticket A

SSL_connect:SSLv3 read finished A

---

Certificate chain

 0 s:/C=US/ST=California/L=Los Angeles/O=Internet Corporation for Assigned Names and Numbers/OU=Technology/CN=www.example.org

   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA

 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA

   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIF8jCCBNqgAwIBAgIQDmTF+8I2reFLFyrrQceMsDANBgkqhkiG9w0BAQsFADBw

MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3

d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz

dXJhbmNlIFNlcnZlciBDQTAeFw0xNTExMDMwMDAwMDBaFw0xODExMjgxMjAwMDBa

MIGlMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxML

TG9zIEFuZ2VsZXMxPDA6BgNVBAoTM0ludGVybmV0IENvcnBvcmF0aW9uIGZvciBB

c3NpZ25lZCBOYW1lcyBhbmQgTnVtYmVyczETMBEGA1UECxMKVGVjaG5vbG9neTEY

MBYGA1UEAxMPd3d3LmV4YW1wbGUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A

MIIBCgKCAQEAs0CWL2FjPiXBl61lRfvvE0KzLJmG9LWAC3bcBjgsH6NiVVo2dt6u

Xfzi5bTm7F3K7srfUBYkLO78mraM9qizrHoIeyofrV/n+pZZJauQsPjCPxMEJnRo

D8Z4KpWKX0LyDu1SputoI4nlQ/htEhtiQnuoBfNZxF7WxcxGwEsZuS1KcXIkHl5V

RJOreKFHTaXcB1qcZ/QRaBIv0yhxvK1yBTwWddT4cli6GfHcCe3xGMaSL328Fgs3

jYrvG29PueB6VJi/tbbPu6qTfwp/H1brqdjh29U52Bhb0fJkM9DWxCP/Cattcc7a

z8EXnCO+LK8vkhw/kAiJWPKx4RBvgy73nwIDAQABo4ICUDCCAkwwHwYDVR0jBBgw

FoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFKZPYB4fLdHn8SOgKpUW

5Oia6m5IMIGBBgNVHREEejB4gg93d3cuZXhhbXBsZS5vcmeCC2V4YW1wbGUuY29t

ggtleGFtcGxlLmVkdYILZXhhbXBsZS5uZXSCC2V4YW1wbGUub3Jngg93d3cuZXhh

bXBsZS5jb22CD3d3dy5leGFtcGxlLmVkdYIPd3d3LmV4YW1wbGUubmV0MA4GA1Ud

DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwdQYDVR0f

BG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NoYTItaGEtc2Vy

dmVyLWc0LmNybDA0oDKgMIYuaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL3NoYTIt

aGEtc2VydmVyLWc0LmNybDBMBgNVHSAERTBDMDcGCWCGSAGG/WwBATAqMCgGCCsG

AQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECAjCB

gwYIKwYBBQUHAQEEdzB1MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy

dC5jb20wTQYIKwYBBQUHMAKGQWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9E

aWdpQ2VydFNIQTJIaWdoQXNzdXJhbmNlU2VydmVyQ0EuY3J0MAwGA1UdEwEB/wQC

MAAwDQYJKoZIhvcNAQELBQADggEBAISomhGn2L0LJn5SJHuyVZ3qMIlRCIdvqe0Q

6ls+C8ctRwRO3UU3x8q8OH+2ahxlQmpzdC5al4XQzJLiLjiJ2Q1p+hub8MFiMmVP

PZjb2tZm2ipWVuMRM+zgpRVM6nVJ9F3vFfUSHOb4/JsEIUvPY+d8/Krc+kPQwLvy

ieqRbcuFjmqfyPmUv1U9QoI4TQikpw7TZU0zYZANP4C/gj4Ry48/znmUaRvy2kvI

l7gRQ21qJTK5suoiYoYNo3J9T+pXPGU7Lydz/HwW+w0DpArtAaukI8aNX4ohFUKS

wDSiIIWIWJiJGbEeIO0TIFwEVWTOnbNl/faPXpk5IRXicapqiII=

-----END CERTIFICATE-----

subject=/C=US/ST=California/L=Los Angeles/O=Internet Corporation for Assigned Names and Numbers/OU=Technology/CN=www.example.org

issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA

---

No client certificate CA names sent

---

SSL handshake has read 3388 bytes and written 444 bytes

---

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

SSL-Session:

    Protocol  : TLSv1.2

    Cipher    : ECDHE-RSA-AES128-GCM-SHA256

    Session-ID: D518BE928503113335A6EFB9EB0CC9FC4C81EAFC769D69D2ACBE5970D544509F

    Session-ID-ctx: 

    Master-Key: A05DA123D88A1E45268B7DF6BB70697A1F8E412D8F55244CF276807E528A9D119A348E5CC27F64DE5197C4CC233728F4

    TLS session ticket lifetime hint: 7200 (seconds)

    TLS session ticket:

    0000 - 9a e1 0e d6 ff cc 59 84-41 fe 9c 56 c2 95 12 2a   ......Y.A..V...*

    0010 - 1b 52 10 03 1e eb 39 d4-cf 79 94 3f 07 d4 7c 74   .R....9..y.?..|t

    0020 - 35 98 c9 a0 6b a2 26 95-79 d8 f0 68 f3 4d fe c7   5...k.&.y..h.M..

    0030 - ee 1e 9e 70 ce 70 af 25-c9 0c fa dd c6 4b 34 48   ...p.p.%.....K4H

    0040 - 9b de 35 99 32 71 59 5e-6e 94 be 43 0a e5 df e9   ..5.2qY^n..C....

    0050 - 0a 78 a5 37 a0 2f 02 d3-7d 0d bd 68 13 d9 cb 03   .x.7./..}..h....

    0060 - 51 41 65 98 76 ed 1c 08-f8 bf 95 2f 41 66 2f 95   QAe.v....../Af/.

    0070 - 3a e9 34 9c d8 ac f6 ad-ba c2 bc 03 45 4e 5d f6   :.4.........EN].

    0080 - 24 de 98 1a 14 36 e1 b6-d7 a9 9a b1 f6 aa 1e b5   $....6..........

    0090 - 94 5e 7e 40 3b 34 d9 86-03 d8 b6 50 f7 2a 39 35   .^~@;4.....P.*95

    Start Time: 1517828428

    Timeout   : 300 (sec)

    Verify return code: 0 (ok)

---

read:errno=0

  • 0
    TI__Mastermind 31030 points
    Hi Tim,

    In order to rule out any errors with the certificate or flashing process, I recommend making a simple example that just creates a secure socket and connects to the server on port 443 before moving to the example with the HTTP client library. For a reference, you can use the ssl example from the CC3100 SDK.

    Otherwise, you should be able to check errno from the HTTP client library to find out what the exact connection error is (generated by the simplelink wi-fi device).

    The post you have linked appears to be based on an older version of the Tiva C SDK. I recommend sticking to TLS_Params_init for this SDK version.

    Best Regards,
    Ben M
  • 0 in reply to Benjamin Moore
    Intellectual 730 points
    Ok, I've solved it. Seems the exported root ca for www.example.com wasn't quite right.

    This is how I got one that worked :

    Use http://ssltools.com to get the root CA as a DER

    Convert the DER to PEM with www.sslshopper.com/ssl-converter.html

    Copy the text from the PEM into the code and then it worked!

    Thanks for your help

    Cheers