• State Resolved
  • Locked Locked
  • Replies 6 replies
  • Subscribers 40 subscribers
  • Views 856 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3100: Disable HTTPS Root CA Certificate Verification

Soumyajit Das
Genius 3340 points

Part Number: CC3100
Other Parts Discussed in Thread: CC3200,

Hi,

  I am using Service Pack (CC3100_CC3200_ServicePack_1.0.1.11-2.10.0.0) in CC3100, does this service pack support HTTPS connection with Root CA certificate verification disabled?

-

Thanks

-

Regards

Soumyajit

  • 0
    TI__Mastermind 40965 points
    Hi Soumyajit,

    If you do an sl_Connect() without first specifying a root CA with which to verify the server using sl_SetSockOpt(), then you'll get the SL_ESECSNOVERIFY error. However, all this error indicates is that the server's certificate could not be verified. The socket connection to the server actually succeeded in that error case, and so you can continue using that socket as if there is no error.

    Regards,
    Michael
  • 0 in reply to Michael Reymond
    Genius 3340 points

    Hi Michael,
      Thanks for the quick reply. As per your statement, I have commented out calling
    sl_SetSockOpt(g_SockID, SL_SOL_SOCKET, SL_SO_SECURE_FILES_CA_FILE_NAME, SL_SSL_CA_CERT, pal_Strlen(SL_SSL_CA_CERT));
     from the code. This is resulting into
    sl_SetSockOpt(g_SockID, SL_SOL_SOCKET, SO_SECURE_DOMAIN_NAME_VERIFICATION, gbl_ServerName_ps8, pal_Strlen(gbl_ServerName_ps8));// returns 0
     returning 0 &
    sl_Connect(SockID, ( SlSockAddr_t *)&Addr, AddrSize);// returns -111
     returning -111.

      Now, since sl_connect() returned -111 (SL_ECONNREFUSED), hence the socket connection cannot be established.
    -
    Thanks
    -
    Regards
    Soumyajit

  • 0 in reply to Michael Reymond
    Genius 3340 points
    Hi Michael,
    Thanks for the quick reply. As per your statement, I have commented out calling
    sl_SetSockOpt(g_SockID, SL_SOL_SOCKET, SL_SO_SECURE_FILES_CA_FILE_NAME, SL_SSL_CA_CERT, pal_Strlen(SL_SSL_CA_CERT));
    from the code. This is resulting into
    sl_SetSockOpt(g_SockID, SL_SOL_SOCKET, SO_SECURE_DOMAIN_NAME_VERIFICATION, gbl_ServerName_ps8, pal_Strlen(gbl_ServerName_ps8));// returns 0
    returning 0 &
    sl_Connect(SockID, ( SlSockAddr_t *)&Addr, AddrSize);// returns -111
    returning -111.

    Now, since sl_connect() returned -111 (SL_ECONNREFUSED), hence the socket connection cannot be established.
    -
    Thanks
    -
    Regards
    Soumyajit
  • 0 in reply to Soumyajit Das
    Genius 3340 points
    Hi Michael,
    Any update on this?
    -
    Thanks
    -
    Regards
    Soumyajit
  • 0 in reply to Soumyajit Das
    TI__Mastermind 40965 points
    Hi Soumyajit,

    Do you get the same error if you remove the sl_setSockOpt() call to enable server domain name verification?

    Regards,
    Michael
  • 0 in reply to Michael Reymond
    Genius 3340 points

    Thanks a lot Michael, this worked!! (sl_Connect() now returns -453 [SL_ESECSNOVERIFY])
    -
    Regards
    Soumyajit