Our implementation provides the ability to Skip Certificate Data Verification but the module mqtt_net_func.c incorrectly closes the socket when -461 (SLNETERR_ESEC_DATE_ERROR) is returned from SlNetSock_startSec.
In simplelink_cc32xx_sdk_3_40_00_05, back to simplelink_cc32xx_sdk_3_20_00_06 module mqtt_net_func.c, routine: MQTTNet_commOpen:
...
if ((nwconnOpts & MQTT_DEV_NETCONN_OPT_SEC) != 0)
{
status = SlNetSock_startSec(socketFd, NULL, SLNETSOCK_SEC_START_SECURITY_SESSION_ONLY);
if (status < 0)
{
SlNetSock_close(socketFd);
return (status);
}
}
...
The status check should be expanded to:
When status is SLNETERR_ESEC_DATE_ERROR and nwconnOpts has the flag MQTT_DEV_NETCONN_OPT_SKIP_DATE_VERIFICATION do not treat as an error/close the socket.
Regarding the code right above this, the status check after "SlNetSock_connect", example:
status = SlNetSock_connect(socketFd, (SlNetSock_Addr_t *)&LocalAddr, LocalAddrSize);
if (status < 0)
{
/* ERROR: SlNetSock_connect failed */
if ((SLNETERR_ESEC_SNO_VERIFY != status) || ((SLNETERR_ESEC_DATE_ERROR != status) && (nwconnOpts & MQTT_DEV_NETCONN_OPT_SKIP_DATE_VERIFICATION)))
{
/* ERROR: Could not establish connection to server, Closing the socket */
SlNetSock_close(socketFd);
return (status);
}
// else - SLNETERR_ESEC_SNO_VERIFY == status or SLNETERR_ESEC_DATE_ERROR == status
/* ERROR: Could not establish secure connection to server,
Continuing with unsecured connection to server */
}
This is incorrect logic, if SLNETERR_ESEC_DATE_ERROR was returned from SlNetSock_connect (which I believe it never is) the socket would be closed. The first part of the OR logic statement would be true and as an optimization the remaining check would not even be performed; Hence not matching the comment that says "else - SLNETERR_ESEC_SNO_VERIFY == status or SLNETERR_ESEC_DATE_ERROR == status".
Thanks,
/David
