• State Resolved
  • Locked Locked
  • Replies 9 replies
  • Subscribers 40 subscribers
  • Views 337 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

CC3220SF: Need help troubleshooting OTA failure

CC3235SF: OTA Dropbox Failure

Ogulcan
Intellectual 510 points
Part Number: CC3235SF

Hi,

I am experiencing the same issue mentioned in https://e2e.ti.com/support/wireless-connectivity/wifi/f/968/t/970443.

Even though it seems like the issue is solved, it is definitely not. The OTA process using Dropbox fails with the following output from the UART:

[SOCK ERROR] an event received on socket 1<\r><\n>
[SOCK ERROR] Used wrong CA to verify the peer.<\r><\n>
[SOCK EVENT] - Unexpected Event [20x]<\n>
<\n>
HttpClient_Connect: ERROR Socket Connect, status=-688<\r><\n>
CdnClient_ConnectFileServer: ERROR on HttpClient_Connect, Status=-20304<\r><\n>
OTA_run: ERROR CdnClient_ConnectFileServer, Status=-20304<\r><\n>

The solution given within the thread above is to change the code in OTA source files and upload another certificate on the device. This is not possible for the devices that our customers are already using in the field. Is it possible to find another solution such as communicating with Dropbox to revert the recent change of certification?

Best,

Ogulcan

  • 0
    TI__Guru 63006 points

    For devices in the field that only enabled Dropbox as OTA method, you will need to contact Dropbox (to enable the old certificate for limited time). We are trying to contact them in parallel. If we have any success, we'll update.

    If your device also supports local OTA (or other cloud OTA vendor) this would be the right solution to update the root CA.

    Did you follow all the instructions and still got the -688? if so, please enable and send us the OTA logs (see at the top of "otauser.h"  - this will require a rebuild of the lib and app). 

    br,

    Kobi

      

  • 0 in reply to Kobi Leibovitch
    Intellectual 510 points

    Hi Kobi,

    We have been developing the local OTA support but some of our devices in the field do not have this feature yet. It would be great if you could pressure Dropbox, as this is a huge problem for us. I have shared it in their forum as well here. As you can imagine, we can not ask the customers to send the devices back if an update is required.

    I haven't tested your solution in the other thread but I trust that if other user says that it works, it probably works. However I don't think we will use Dropbox OTA after this nonsense, as it could happen anytime again in the future. We are looking into the custom cloud OTA option but we would have to update the devices in the field regardless of that.

    All in all, unfortunately your response did NOT resolve my issue. The solution you have provided is not enough for our devices in the field. Please convince Dropbox to enable the old certificate for at least another month.

    Best,

  • 0 in reply to Ogulcan
    TI__Guru 63006 points

    Thanks, the thread you opened is a good start. We joined the request.

  • 0 in reply to Kobi Leibovitch
    Intellectual 510 points

    Looks like Dropbox team reverted the change but has not given a timeline yet. The OTA procedure works now, however we are still waiting to hear how long it will be effective.

  • 0 in reply to Ogulcan
    TI__Guru 63006 points

    Thanks, We are also following the thread (in addition to opening a direct channel to Dropbox).

    I hope that now they are aware of the impact of such change and will come with a good solution for the future.

    We are thinking of several possible solutions for similar issue in the future. In the meanwhile we recommend that (if possible) you'll add a local OTA (see example in the SDK) that you can activate in such cases (when the cloud vendor access is blocked).

    Br,

    Kobi  

     

  • 0 in reply to Kobi Leibovitch
    Intellectual 510 points

    Indeed we have escalated to release local OTA feature with the next update. In the meantime, we are investigating custom cloud OTA in order to not be limited to Dropbox again.

    Thank you for your help.

    Best,

    Ogulcan

  • 0 in reply to Kobi Leibovitch
    Intellectual 510 points

    Hi,

    Dropbox announced that the certificate will change in August. Do you plan to fix the problem with an SDK update until then?

    I am not sure but it could be that they might switch all certificates, not only content.dropboxapi.com

    Would that be handled in the SDK update as well? Thanks.

  • 0 in reply to Ogulcan
    TI__Guru 63006 points

    We will add a method to set 2 certificates for the OTA (in the next SDK, by e/o March) - according to the instructions we provided before.

    We will also try to add a method that allows supporting both the old and new certificates together (i.e. for the same socket) to eliminate the dependency on the actual date of the change.

    Br,

    Kobi

  • 0 in reply to Kobi Leibovitch
    Intellectual 510 points

    That sounds amazing. Thank you very much for the help.

    Best,

    Ogulcan