• State Resolved
  • Locked Locked
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 40 subscribers
  • Views 316 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3200: https client connection throws -102 error

Sundaresan Thangeswaran1
Intellectual 410 points
Part Number: CC3200
Other Parts Discussed in Thread: UNIFLASH,

Hi,

I have uploaded the root CA to the C3200 using uniflash. 

I have tried with der, cer, crt and pem file, but it always throwing -102 error

Am I doing anything wrong. 

Could you share any sample code or step by step configuration guide for set up HTTPS.

Regards,

Sundar

  • 0
    TI__Guru 63006 points

    It is hard to tell from the -102 error code what exactly is the problem.

    If you can add a print or set a breakpoint in the HTTPCli_connect() (in webclient/httpcli.c) just after the call the "ret = connect(...)", the return value ("ret") should be more informative.

    A der format should work if the ca is correct and you set the right path to the file ("/cert/129.cer") in secParams  when calling HTTPCli_setSecureParams() in the application.

    Br,

    Kobi

  • 0 in reply to Kobi Leibovitch
    Intellectual 410 points

    Hi

    Could you share any sample code or step by step configuration guide for set up HTTPS.

    We are struggling to implement HTTPS  

     You asked:

    “If you can add a print or set a breakpoint in the HTTPCli_connect() (in webclient/httpcli.c) just after the call the "ret = connect(...)", the return value ("ret") should be more informative

    I can not find “the "ret = connect(...)" in the “in webclient/httpcli.c)” !?? can you be more specific please ?

    .

    A der format should work if the ca is correct and you set the right path to the file ("/cert/129.cer") in secParams  when calling HTTPCli_setSecureParams() in the application.”

    Should the certificate file extension be .der or .cer  ?  or should the certificate format have extension.der and the path have extension .cer?

     

     

     

    Please be more detail and specific    

     

    I don’t understand your question about setting Would you please be more clear and more detail ?

     

     

    Here is my code :

     

    #define SL_SSL_CA_CERT      "/cert/129.cer"

     

    static int ConnectToHTTPServer(HTTPCli_Handle httpClient)

    {

        long lRetVal = -1;

        struct sockaddr_in addr;

     

        SlDateTime_t dt;

           struct HTTPCli_SecureParams sparams;

           /* Set current date to validate certificate */

           dt.sl_tm_day = 12;

           dt.sl_tm_mon = 2;

           dt.sl_tm_year = 2021;

           dt.sl_tm_hour = 9;

           dt.sl_tm_min = 0;

           dt.sl_tm_sec = 0;

           sl_DevSet(SL_DEVICE_GENERAL_CONFIGURATION,

           SL_DEVICE_GENERAL_CONFIGURATION_DATE_TIME,

           sizeof(SlDateTime_t), (unsigned char *)(&dt));

     

           /* Security parameters */

           sparams.method.secureMethod = SL_SO_SEC_METHOD_TLSV1_2;

           sparams.mask.secureMask  = SL_SEC_MASK_TLS_RSA_WITH_AES_256_CBC_SHA;

           strncpy(sparams.cafile, SL_SSL_CA_CERT, sizeof(SL_SSL_CA_CERT));

           sparams.privkey[0] = 0;

           sparams.cert[0] = 0;

           sparams.dhkey[0] = 0;

            HTTPCli_setSecureParams(&sparams);

     

     

    #ifdef USE_PROXY

        struct sockaddr_in paddr;

        paddr.sin_family = AF_INET;

        paddr.sin_port = htons(PROXY_PORT);

        paddr.sin_addr.s_addr = sl_Htonl(PROXY_IP);

        HTTPCli_setProxy((struct sockaddr *)&paddr);

    #endif

     

        /* Resolve HOST NAME/IP */

        lRetVal = sl_NetAppDnsGetHostByName((signed char *)HOST_NAME,

                                              strlen((const char *)HOST_NAME),

                                              &g_ulDestinationIP,SL_AF_INET);

        if(lRetVal < 0)

        {

           UART_PRINT("ConnectToHTTPServer Failed 111 ");

     

          ASSERT_ON_ERROR(GET_HOST_IP_FAILED);

        }

        UART_PRINT("\r\nConnectToHTTPServer 222");

     

     

        /* Set up the input parameters for HTTP Connection */

        addr.sin_family = AF_INET;

        addr.sin_port = htons(HOST_PORT);

        addr.sin_addr.s_addr = sl_Htonl(g_ulDestinationIP);

        UART_PRINT("\r\nConnectToHTTPServer 333 ");

      

       HTTPCli_construct(httpClient);

     

     

        UART_PRINT("\r\nConnectToHTTPServer 444");

        UART_PRINT("\r\nHTTPServer HostName:%s  IP Addr: %d.%d.%d.%d ",

     

          HOST_NAME,SL_IPV4_BYTE(g_ulDestinationIP,3),

                           SL_IPV4_BYTE(g_ulDestinationIP,2),

                           SL_IPV4_BYTE(g_ulDestinationIP,1),

                           SL_IPV4_BYTE(g_ulDestinationIP,0));

     

     

       

        lRetVal = HTTPCli_connect(httpClient, (struct sockaddr *)&addr, HTTPCli_TYPE_TLS, NULL);

        if (lRetVal < 0)

        {

            UART_PRINT("\r\nConnection to server failed. error(%d)", lRetVal);

            ASSERT_ON_ERROR(SERVER_CONNECTION_FAILED);

     

        }

        else

        {

            UART_PRINT("\r\nConnection to server created successfully");

        }

     

        return lRetVal ;

    }

    Do I need to add the der file in the Users file or system file section in Uniflash? Please confirm

    Regards,

    Sundar

  • 0 in reply to Sundaresan Thangeswaran1
    TI__Guru 63006 points

    The certificate should be added as a user file.

    The code looks ok - i guess you are based on the "http client demo" which is a good reference.

    The app is linked with the webclient library which is included (pre-build and sources are available) under the netapp/http folder in the SDK installation.

    You can open the webclient project and find and change the code i was referring before - in such case you will need to rebuild the library and then build the app with the new lib (or you can copy relevant files from the library and add them to your app project - in such case you will need add the webclient folder to the project's include path).

    The HTTP library uses the NWP driver's API (e.g. sl_Connect). We will need to get the return code of the sl_Connect to better understand the issue.

    BTW. I assume this is a new design. Why did you choose the CC3200? 

    The SDK for the next generation CC3220 device is much easier to use and and it gets regular SW updates (SDK update every quarter). 

    Br,

    Kobi

  • 0 in reply to Kobi Leibovitch
    Intellectual 410 points

    Hi Kobi,

    Thanks for the input. It really helps a lot. I have made below 2 changes and make it fixed.

    I have changed my cloud server from Window Server 2019 to Window Server 2016

    I have bought different Certificate from different vendor (Digi Cert)

    Now I am having trouble in setting up the date time for HTTPS certificate validation.

    I can buy only 2 years validity certificate. If I hard code the date and time, I have to re flash the program after 2 years.

    Is there any other way to find the datetime. One of our customer only allow port 443. He blocked port 80.

    Please help us to complete this final stage of our project.

    Regards,

    Sundar

  • 0 in reply to Sundaresan Thangeswaran1
    TI__Guru 63006 points

    Please check the get_time example that uses sntp protocol to retrieve the system time.

    Br,

    Kobi

  • 0 in reply to Kobi Leibovitch
    Intellectual 410 points

    Hi Kobi,

    Thanks for the answer. We implemented the same and it is working fine. Do I need to follow the get_time example for CC3235 also?

    Regards,

    Sundar

  • 0 in reply to Sundaresan Thangeswaran1
    TI__Guru 63006 points

    Yes, check the local_time example from the CC3235 SDK.

    Br,

    Kobi

  • 0 in reply to Kobi Leibovitch
    Intellectual 410 points

    Thanks Kobi.

    Regards,

    Sundar