• State Resolved
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 40 subscribers
  • Views 759 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3200: SSL demo : error (-456) Bad CA File.

Omar Skander
Intellectual 630 points
Part Number: CC3200
Other Parts Discussed in Thread: UNIFLASH

Hi all,

I tried the SSL demo, but I am always getting the (-456) error : Bad CA File.
Actually, I am not sure that I have flashed the right certificate or maybe it was an invalid format of certificate.

I am using SDK_1.2.0 and ServicePack_1.0.1.6-2.7.0.0.

Here is the code for setting up the socket and some instruction from SSL() demo:

#define APPLICATION_NAME        "SSL"
#define APPLICATION_VERSION     "1.1.1"

#define SERVER_NAME                "www.google.com"
#define GOOGLE_DST_PORT             443

#define SL_SSL_CA_CERT_FILE_NAME        "/cert/testcacert.der"

#define DATE                13    /* Current Date */
#define MONTH               11     /* Month 1-12 */
#define YEAR                2019  /* Current year */
#define HOUR                10    /* Time - hours */
#define MINUTE              26    /* Time - minutes */
#define SECOND              0     /* Time - seconds */


Static long ssl()
{

        SlSockAddrIn_t    Addr;
	int    iAddrSize;
	long lRetVal = -1;
	int iSockID;

	unsigned char    ucMethod = SL_SO_SEC_METHOD_SSLV3;
	unsigned int uiIP,uiCipher = SL_SEC_MASK_SSL_RSA_WITH_RC4_128_SHA;

	lRetVal = InitializeAppVariables();
	ASSERT_ON_ERROR(lRetVal);

	.....................
        .....................
        .....................
        .....................

	//
	// opens a secure socket
	//
	iSockID = sl_Socket(SL_AF_INET,SL_SOCK_STREAM, SL_SEC_SOCKET);
	if( iSockID < 0 )
	{
	    	UART_PRINT("Device unable to create secure socket \n\r");
                return lRetVal;
	}

	 //
	 // configure the socket as SSLV3.0
	 //
	 lRetVal = sl_SetSockOpt(iSockID, SL_SOL_SOCKET, SL_SO_SECMETHOD, &ucMethod,\
	                               sizeof(ucMethod));
	 if(lRetVal < 0)
	 {
	     UART_PRINT("Device couldn't set socket options \n\r");
             return lRetVal;
	 }

	 //
	//configure the socket as RSA with RC4 128 SHA
	//
	lRetVal = sl_SetSockOpt(iSockID, SL_SOL_SOCKET, SL_SO_SECURE_MASK, &uiCipher,\
	                           sizeof(uiCipher));
	if(lRetVal < 0)
	{
	   UART_PRINT("Device couldn't set socket options \n\r");
           return lRetVal;
	}

	//
        //configure the socket with GOOGLE CA certificate - for server verification
	//
	lRetVal = sl_SetSockOpt(iSockID, SL_SOL_SOCKET, \
	                        SL_SO_SECURE_FILES_CA_FILE_NAME, \
	                        SL_SSL_CA_CERT_FILE_NAME, \
	                        strlen(SL_SSL_CA_CERT_FILE_NAME));

	 if(lRetVal < 0)
	 {
	    UART_PRINT("Device couldn't set socket options \n\r");
            return lRetVal;
	 }

	 lRetVal = sl_SetSockOpt(iSockID, SL_SOL_SOCKET, \
	    			 SO_SECURE_DOMAIN_NAME_VERIFICATION, \
				 g_Host, strlen((const char *)g_Host));
	 if( lRetVal < 0 )
	 {
	    UART_PRINT("Device couldn't set socket options \n\r");
            return lRetVal;
	 }

	   
	 /* connect to the peer device - Google server */
	 lRetVal = sl_Connect(iSockID, ( SlSockAddr_t *)&Addr, iAddrSize);

	 if(lRetVal < 0)
	{
	   UART_PRINT("Device couldn't connect to Google server \n\r");
           return lRetVal;
	}
	return SUCCESS;       
}

I downloaded the CA certificate like this way (from windows 10 machine):

Then, I loaded the file using UniFlash:

Thanks.