Other Parts Discussed in Thread: UNIFLASH, CC3220SF
Tool/software: TI-RTOS
Hi,
A P12 format certificate was used to connect to a server from Windows environment without issue.
Below is the steps what we tried and the issue we got:
1) We convert the P12 format certificate to x509 with OpenSSL commands as below.
>OpenSSL pkcs12 -in A.p12 -nocerts -nodes -out FILE_KEY1
>OpenSSL pkcs12 -in A.p12 -nokeys -nodes -cacerts -out FILE_CA
>OpenSSL pkcs12 -in A.p12 -nokeys -nodes -clcerts -out FILE_CERT
>OpenSSL ec -in FILE_KEY1 -out FILE_KEY
2) Using Uniflash to burn such files into CC3220SF
3) The connect function returns with -1 and the errno gets -458(ESECBADPRIVATEFILE).
In this case, the setsockopt function always succeeded without any error.
Part of my code:
struct sockaddr_in sa;
sa.sin_family = AF_INET;
sa.sin_port = htons(443);
sa.sin_addr.s_addr = htonl(DestinationIP);
int sock = socket(AF_INET, SOCK_STREAM,
SL_SEC_SOCKET);
SlSockSecureMethod_t method;
method.SecureMethod = 3; // SL_SO_SEC_METHOD_TLSV1_2
ret = setsockopt(sock, SL_SOL_SOCKET, SL_SO_SECMETHOD, &method,sizeof(method));
ret = setsockopt(sock, SL_SOL_SOCKET, SL_SO_SECURE_FILES_CA_FILE_NAME,FILE_CA , strlen(FILE_CA));
ret = setsockopt(sock, SL_SOL_SOCKET, SL_SO_SECURE_FILES_CERTIFICATE_FILE_NAME, FILE_CERT, strlen(FILE_CERT));
ret = setsockopt(sock, SL_SOL_SOCKET, SL_SO_SECURE_FILES_PRIVATE_KEY_FILE_NAME, FILE_KEY, strlen(FILE_KEY));
ret = connect(sock, &sa,
sizeof(struct sockaddr_in));
if(ret == -1){
printf("err:%d\r\n",errno);
}
return 0;
--
And then, we had tried to replace FILE_KEY with FILE_KEY1 but still got same error in connect function.
Could anyone provide advise or hint for what is the reason makes the "connect" function failed?
Best Regards,
