CCS/CC3120BOOST: Issue with communication between firebase real time database and CC3120 Boost simplelink and missing root CA

Hi Min Min,

The GTS CA 101 certificate does not appear to be a root CA. It looks like it is signed by the Google Trust Services - GlobalSign Root CA-R2 certificate, which is indeed a root CA. The GlobalSign Root CA-R2 cert is present in the root CA catalog of the CC3220, and so should not pose any issues for TLS connection purposes.

Have you tried providing that GlobalSign Root CA-R2 cert when connecting to your firebase server? If so what error code do you get?

Regards,
Michael

Hi Reymond

Thank you for suggestion. I have updated GlobalSign CA-R2 Root CA in the program in der format. There are a number of errors starting with -456 error(SL_ERROR_BSD_ESECBADCAFILE) and -688 error when GlobalSign CA-R2 is retrieved from another source and finally ends up with -468 error (SL_ERROR_BSD_ESECUNKNOWNROOTCA) in another source. Final source Root CA is retrieved from http://crl.globalsign.net/root-r2.crl. May I know how this error interpret as? According to TI certificate handling document, it mentions "the connection was created (the certificate set by SetSockOpt was accepted), but the server's certificate signature is not found in the installed catalog". Any signature is missing from Root CA?

Any suggestion from you again either to get to correct Root CA or code implementation issue that mention below? Following codes are meant to connect to firebase server. 

#define CA_FILE_NAME "globalsign.der"

uint8_t digicert_root_crt[] ={ //Source retrieved from http://crl.globalsign.net/root-r2.crl
0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49,
0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A, 0x4D, 0x49, 0x49, 0x45,
0x54, 0x44, 0x43, 0x43, 0x41, 0x7A, 0x53, 0x67, 0x41, 0x77, 0x49, 0x42, 0x41, 0x67, 0x49, 0x4C,
0x42, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x42, 0x4C, 0x30, 0x37, 0x68, 0x53, 0x56, 0x49, 0x77,
0x44, 0x51, 0x59, 0x4A, 0x4B, 0x6F, 0x5A, 0x49, 0x68, 0x76, 0x63, 0x4E, 0x41, 0x51, 0x45, 0x46,
0x42, 0x51, 0x41, 0x77, 0x56, 0x7A, 0x45, 0x4C, 0x4D, 0x41, 0x6B, 0x47, 0x0A, 0x41, 0x31, 0x55,
0x45, 0x42, 0x68, 0x4D, 0x43, 0x51, 0x6B, 0x55, 0x78, 0x47, 0x54, 0x41, 0x58, 0x42, 0x67, 0x4E,
0x56, 0x42, 0x41, 0x6F, 0x54, 0x45, 0x45, 0x64, 0x73, 0x62, 0x32, 0x4A, 0x68, 0x62, 0x46, 0x4E,
0x70, 0x5A, 0x32, 0x34, 0x67, 0x62, 0x6E, 0x59, 0x74, 0x63, 0x32, 0x45, 0x78, 0x45, 0x44, 0x41,
0x4F, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41, 0x73, 0x54, 0x42, 0x31, 0x4A, 0x76, 0x0A, 0x62, 0x33,
0x51, 0x67, 0x51, 0x30, 0x45, 0x78, 0x47, 0x7A, 0x41, 0x5A, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41,
0x4D, 0x54, 0x45, 0x6B, 0x64, 0x73, 0x62, 0x32, 0x4A, 0x68, 0x62, 0x46, 0x4E, 0x70, 0x5A, 0x32,
0x34, 0x67, 0x55, 0x6D, 0x39, 0x76, 0x64, 0x43, 0x42, 0x44, 0x51, 0x54, 0x41, 0x65, 0x46, 0x77,
0x30, 0x77, 0x4E, 0x6A, 0x45, 0x79, 0x4D, 0x54, 0x55, 0x77, 0x4F, 0x44, 0x41, 0x77, 0x0A, 0x4D,
0x44, 0x42, 0x61, 0x46, 0x77, 0x30, 0x79, 0x4F, 0x44, 0x41, 0x78, 0x4D, 0x6A, 0x67, 0x78, 0x4D,
0x6A, 0x41, 0x77, 0x4D, 0x44, 0x42, 0x61, 0x4D, 0x45, 0x77, 0x78, 0x49, 0x44, 0x41, 0x65, 0x42,
0x67, 0x4E, 0x56, 0x42, 0x41, 0x73, 0x54, 0x46, 0x30, 0x64, 0x73, 0x62, 0x32, 0x4A, 0x68, 0x62,
0x46, 0x4E, 0x70, 0x5A, 0x32, 0x34, 0x67, 0x55, 0x6D, 0x39, 0x76, 0x64, 0x43, 0x42, 0x44, 0x0A,
0x51, 0x53, 0x41, 0x74, 0x49, 0x46, 0x49, 0x79, 0x4D, 0x52, 0x4D, 0x77, 0x45, 0x51, 0x59, 0x44,
0x56, 0x51, 0x51, 0x4B, 0x45, 0x77, 0x70, 0x48, 0x62, 0x47, 0x39, 0x69, 0x59, 0x57, 0x78, 0x54,
0x61, 0x57, 0x64, 0x75, 0x4D, 0x52, 0x4D, 0x77, 0x45, 0x51, 0x59, 0x44, 0x56, 0x51, 0x51, 0x44,
0x45, 0x77, 0x70, 0x48, 0x62, 0x47, 0x39, 0x69, 0x59, 0x57, 0x78, 0x54, 0x61, 0x57, 0x64, 0x75,
0x0A, 0x4D, 0x49, 0x49, 0x42, 0x49, 0x6A, 0x41, 0x4E, 0x42, 0x67, 0x6B, 0x71, 0x68, 0x6B, 0x69,
0x47, 0x39, 0x77, 0x30, 0x42, 0x41, 0x51, 0x45, 0x46, 0x41, 0x41, 0x4F, 0x43, 0x41, 0x51, 0x38,
0x41, 0x4D, 0x49, 0x49, 0x42, 0x43, 0x67, 0x4B, 0x43, 0x41, 0x51, 0x45, 0x41, 0x70, 0x73, 0x38,
0x6B, 0x44, 0x72, 0x34, 0x75, 0x62, 0x79, 0x69, 0x5A, 0x52, 0x55, 0x4C, 0x45, 0x71, 0x7A, 0x34,
0x68, 0x0A, 0x56, 0x4A, 0x73, 0x4C, 0x30, 0x33, 0x2B, 0x45, 0x63, 0x50, 0x6F, 0x53, 0x73, 0x38,
0x75, 0x2F, 0x68, 0x31, 0x2F, 0x47, 0x66, 0x34, 0x62, 0x54, 0x73, 0x6A, 0x42, 0x63, 0x31, 0x76,
0x32, 0x74, 0x38, 0x58, 0x76, 0x63, 0x35, 0x66, 0x68, 0x67, 0x6C, 0x67, 0x6D, 0x53, 0x45, 0x50,
0x58, 0x51, 0x55, 0x39, 0x37, 0x37, 0x65, 0x33, 0x35, 0x7A, 0x69, 0x4B, 0x78, 0x53, 0x69, 0x48,
0x74, 0x4B, 0x0A, 0x70, 0x73, 0x70, 0x4A, 0x70, 0x6C, 0x36, 0x6F, 0x70, 0x34, 0x78, 0x61, 0x45,
0x62, 0x78, 0x36, 0x67, 0x75, 0x75, 0x2B, 0x6A, 0x4F, 0x6D, 0x7A, 0x72, 0x4A, 0x59, 0x6C, 0x42,
0x35, 0x64, 0x4B, 0x6D, 0x53, 0x6F, 0x48, 0x4C, 0x37, 0x51, 0x65, 0x64, 0x37, 0x2B, 0x4B, 0x44,
0x37, 0x55, 0x43, 0x66, 0x42, 0x75, 0x57, 0x75, 0x4D, 0x57, 0x35, 0x4F, 0x69, 0x79, 0x38, 0x31,
0x68, 0x4B, 0x35, 0x0A, 0x36, 0x31, 0x6C, 0x39, 0x34, 0x74, 0x41, 0x47, 0x68, 0x6C, 0x39, 0x65,
0x53, 0x57, 0x71, 0x31, 0x4F, 0x56, 0x36, 0x49, 0x4E, 0x4F, 0x79, 0x38, 0x65, 0x41, 0x77, 0x49,
0x6D, 0x49, 0x52, 0x73, 0x71, 0x4D, 0x31, 0x4C, 0x74, 0x4B, 0x42, 0x39, 0x44, 0x48, 0x6C, 0x4E,
0x38, 0x4C, 0x67, 0x74, 0x79, 0x79, 0x48, 0x4B, 0x31, 0x57, 0x78, 0x62, 0x66, 0x65, 0x47, 0x67,
0x4B, 0x59, 0x53, 0x68, 0x0A, 0x2B, 0x64, 0x4F, 0x55, 0x53, 0x63, 0x73, 0x6B, 0x59, 0x70, 0x45,
0x67, 0x76, 0x4E, 0x30, 0x4C, 0x31, 0x64, 0x6E, 0x4D, 0x2B, 0x65, 0x6F, 0x6E, 0x43, 0x69, 0x74,
0x7A, 0x6B, 0x63, 0x61, 0x64, 0x47, 0x36, 0x7A, 0x49, 0x79, 0x2B, 0x6A, 0x67, 0x6F, 0x50, 0x51,
0x76, 0x6B, 0x49, 0x74, 0x4E, 0x2B, 0x37, 0x41, 0x32, 0x47, 0x2F, 0x59, 0x5A, 0x65, 0x6F, 0x58,
0x67, 0x62, 0x66, 0x4A, 0x68, 0x0A, 0x45, 0x34, 0x68, 0x63, 0x6E, 0x2B, 0x43, 0x54, 0x43, 0x6C,
0x47, 0x58, 0x69, 0x6C, 0x72, 0x4F, 0x72, 0x36, 0x76, 0x56, 0x39, 0x36, 0x6F, 0x4A, 0x71, 0x6D,
0x43, 0x39, 0x33, 0x4E, 0x6C, 0x66, 0x33, 0x33, 0x4B, 0x70, 0x59, 0x42, 0x4E, 0x65, 0x41, 0x41,
0x48, 0x4A, 0x53, 0x76, 0x6F, 0x2F, 0x70, 0x4F, 0x6F, 0x48, 0x41, 0x79, 0x45, 0x43, 0x6A, 0x6F,
0x4C, 0x4B, 0x41, 0x38, 0x4B, 0x62, 0x0A, 0x6A, 0x77, 0x49, 0x44, 0x41, 0x51, 0x41, 0x42, 0x6F,
0x34, 0x49, 0x42, 0x49, 0x6A, 0x43, 0x43, 0x41, 0x52, 0x34, 0x77, 0x44, 0x67, 0x59, 0x44, 0x56,
0x52, 0x30, 0x50, 0x41, 0x51, 0x48, 0x2F, 0x42, 0x41, 0x51, 0x44, 0x41, 0x67, 0x45, 0x47, 0x4D,
0x41, 0x38, 0x47, 0x41, 0x31, 0x55, 0x64, 0x45, 0x77, 0x45, 0x42, 0x2F, 0x77, 0x51, 0x46, 0x4D,
0x41, 0x4D, 0x42, 0x41, 0x66, 0x38, 0x77, 0x0A, 0x48, 0x51, 0x59, 0x44, 0x56, 0x52, 0x30, 0x4F,
0x42, 0x42, 0x59, 0x45, 0x46, 0x4A, 0x76, 0x69, 0x42, 0x31, 0x64, 0x6E, 0x48, 0x42, 0x37, 0x41,
0x61, 0x67, 0x62, 0x65, 0x57, 0x62, 0x53, 0x61, 0x4C, 0x64, 0x2F, 0x63, 0x47, 0x59, 0x59, 0x75,
0x4D, 0x45, 0x63, 0x47, 0x41, 0x31, 0x55, 0x64, 0x49, 0x41, 0x52, 0x41, 0x4D, 0x44, 0x34, 0x77,
0x50, 0x41, 0x59, 0x45, 0x56, 0x52, 0x30, 0x67, 0x0A, 0x41, 0x44, 0x41, 0x30, 0x4D, 0x44, 0x49,
0x47, 0x43, 0x43, 0x73, 0x47, 0x41, 0x51, 0x55, 0x46, 0x42, 0x77, 0x49, 0x42, 0x46, 0x69, 0x5A,
0x6F, 0x64, 0x48, 0x52, 0x77, 0x63, 0x7A, 0x6F, 0x76, 0x4C, 0x33, 0x64, 0x33, 0x64, 0x79, 0x35,
0x6E, 0x62, 0x47, 0x39, 0x69, 0x59, 0x57, 0x78, 0x7A, 0x61, 0x57, 0x64, 0x75, 0x4C, 0x6D, 0x4E,
0x76, 0x62, 0x53, 0x39, 0x79, 0x5A, 0x58, 0x42, 0x76, 0x0A, 0x63, 0x32, 0x6C, 0x30, 0x62, 0x33,
0x4A, 0x35, 0x4C, 0x7A, 0x41, 0x7A, 0x42, 0x67, 0x4E, 0x56, 0x48, 0x52, 0x38, 0x45, 0x4C, 0x44,
0x41, 0x71, 0x4D, 0x43, 0x69, 0x67, 0x4A, 0x71, 0x41, 0x6B, 0x68, 0x69, 0x4A, 0x6F, 0x64, 0x48,
0x52, 0x77, 0x4F, 0x69, 0x38, 0x76, 0x59, 0x33, 0x4A, 0x73, 0x4C, 0x6D, 0x64, 0x73, 0x62, 0x32,
0x4A, 0x68, 0x62, 0x48, 0x4E, 0x70, 0x5A, 0x32, 0x34, 0x75, 0x0A, 0x62, 0x6D, 0x56, 0x30, 0x4C,
0x33, 0x4A, 0x76, 0x62, 0x33, 0x51, 0x75, 0x59, 0x33, 0x4A, 0x73, 0x4D, 0x44, 0x30, 0x47, 0x43,
0x43, 0x73, 0x47, 0x41, 0x51, 0x55, 0x46, 0x42, 0x77, 0x45, 0x42, 0x42, 0x44, 0x45, 0x77, 0x4C,
0x7A, 0x41, 0x74, 0x42, 0x67, 0x67, 0x72, 0x42, 0x67, 0x45, 0x46, 0x42, 0x51, 0x63, 0x77, 0x41,
0x59, 0x59, 0x68, 0x61, 0x48, 0x52, 0x30, 0x63, 0x44, 0x6F, 0x76, 0x0A, 0x4C, 0x32, 0x39, 0x6A,
0x63, 0x33, 0x41, 0x75, 0x5A, 0x32, 0x78, 0x76, 0x59, 0x6D, 0x46, 0x73, 0x63, 0x32, 0x6C, 0x6E,
0x62, 0x69, 0x35, 0x6A, 0x62, 0x32, 0x30, 0x76, 0x63, 0x6D, 0x39, 0x76, 0x64, 0x48, 0x49, 0x78,
0x4D, 0x42, 0x38, 0x47, 0x41, 0x31, 0x55, 0x64, 0x49, 0x77, 0x51, 0x59, 0x4D, 0x42, 0x61, 0x41,
0x46, 0x47, 0x42, 0x37, 0x5A, 0x68, 0x70, 0x46, 0x44, 0x5A, 0x66, 0x4B, 0x0A, 0x69, 0x56, 0x41,
0x76, 0x66, 0x51, 0x54, 0x4E, 0x4E, 0x4B, 0x6A, 0x2F, 0x2F, 0x50, 0x31, 0x4C, 0x4D, 0x41, 0x30,
0x47, 0x43, 0x53, 0x71, 0x47, 0x53, 0x49, 0x62, 0x33, 0x44, 0x51, 0x45, 0x42, 0x42, 0x51, 0x55,
0x41, 0x41, 0x34, 0x49, 0x42, 0x41, 0x51, 0x43, 0x5A, 0x49, 0x69, 0x76, 0x75, 0x69, 0x6A, 0x4C,
0x54, 0x44, 0x41, 0x64, 0x2B, 0x33, 0x52, 0x73, 0x67, 0x4B, 0x31, 0x42, 0x71, 0x0A, 0x6C, 0x70,
0x45, 0x47, 0x32, 0x72, 0x35, 0x75, 0x31, 0x33, 0x4B, 0x57, 0x72, 0x56, 0x4D, 0x2F, 0x66, 0x76,
0x57, 0x50, 0x51, 0x75, 0x66, 0x51, 0x36, 0x32, 0x53, 0x6C, 0x5A, 0x66, 0x4C, 0x7A, 0x34, 0x7A,
0x30, 0x2F, 0x57, 0x7A, 0x45, 0x4D, 0x66, 0x48, 0x6D, 0x45, 0x4F, 0x70, 0x65, 0x4D, 0x44, 0x78,
0x2B, 0x75, 0x77, 0x62, 0x7A, 0x79, 0x36, 0x37, 0x69, 0x67, 0x37, 0x30, 0x48, 0x39, 0x0A, 0x76,
0x44, 0x47, 0x70, 0x2F, 0x4D, 0x6C, 0x43, 0x35, 0x6B, 0x53, 0x2B, 0x48, 0x6C, 0x62, 0x4B, 0x64,
0x59, 0x75, 0x79, 0x53, 0x54, 0x47, 0x5A, 0x2F, 0x75, 0x72, 0x70, 0x63, 0x57, 0x53, 0x47, 0x65,
0x6F, 0x2F, 0x6C, 0x31, 0x57, 0x45, 0x52, 0x51, 0x2B, 0x68, 0x41, 0x75, 0x7A, 0x45, 0x4D, 0x34,
0x74, 0x73, 0x59, 0x69, 0x35, 0x6C, 0x30, 0x4F, 0x47, 0x47, 0x72, 0x4A, 0x49, 0x43, 0x4D, 0x0A,
0x2B, 0x61, 0x67, 0x37, 0x31, 0x30, 0x6E, 0x57, 0x5A, 0x6F, 0x6F, 0x59, 0x63, 0x38, 0x79, 0x38,
0x42, 0x6A, 0x6D, 0x4C, 0x45, 0x44, 0x49, 0x4F, 0x44, 0x64, 0x4F, 0x78, 0x39, 0x2B, 0x39, 0x6D,
0x45, 0x78, 0x42, 0x5A, 0x53, 0x4D, 0x6A, 0x50, 0x41, 0x63, 0x71, 0x5A, 0x7A, 0x4A, 0x42, 0x79,
0x6D, 0x4E, 0x73, 0x36, 0x37, 0x63, 0x75, 0x6E, 0x75, 0x2B, 0x4A, 0x73, 0x63, 0x49, 0x36, 0x6D,
0x0A, 0x6E, 0x6D, 0x68, 0x6A, 0x37, 0x59, 0x2B, 0x33, 0x4C, 0x51, 0x57, 0x4A, 0x7A, 0x74, 0x6C,
0x55, 0x39, 0x6B, 0x36, 0x72, 0x48, 0x6B, 0x62, 0x62, 0x4D, 0x45, 0x6B, 0x2F, 0x39, 0x6D, 0x72,
0x67, 0x41, 0x66, 0x43, 0x38, 0x7A, 0x59, 0x54, 0x55, 0x4F, 0x66, 0x64, 0x56, 0x6A, 0x67, 0x4D,
0x56, 0x63, 0x64, 0x4F, 0x64, 0x4E, 0x4F, 0x32, 0x64, 0x78, 0x74, 0x48, 0x49, 0x71, 0x73, 0x57,
0x45, 0x0A, 0x4F, 0x54, 0x73, 0x4E, 0x2F, 0x53, 0x6B, 0x6E, 0x55, 0x68, 0x36, 0x44, 0x71, 0x30,
0x67, 0x6A, 0x68, 0x56, 0x68, 0x51, 0x73, 0x35, 0x58, 0x47, 0x43, 0x37, 0x4D, 0x6D, 0x34, 0x78,
0x59, 0x74, 0x71, 0x44, 0x44, 0x63, 0x41, 0x31, 0x42, 0x74, 0x58, 0x4E, 0x45, 0x4D, 0x7A, 0x53,
0x71, 0x68, 0x52, 0x35, 0x72, 0x50, 0x49, 0x42, 0x76, 0x62, 0x51, 0x34, 0x67, 0x66, 0x77, 0x76,
0x7A, 0x67, 0x0A, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x45, 0x4E, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54,
0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A,
};

int digicert_root_crt_len = sizeof(digicert_root_crt);

#define CERT_WRITE_CHUNK_SIZE 1500
int32_t writeCert(uint8_t *data , uint32_t len)
{
int32_t fHdl;
//uint8_t fileName[] = "/cert/iot/cert.der";
int32_t status;
uint32_t offset;
uint32_t writeLen;
fHdl = sl_FsOpen(CA_FILE_NAME, SL_FS_CREATE | SL_FS_OVERWRITE |
SL_FS_CREATE_FAILSAFE | SL_FS_CREATE_MAX_SIZE( len ), NULL);
if( fHdl >= 0 )
{
offset = 0;
do
{
if (len < CERT_WRITE_CHUNK_SIZE)
{
writeLen = len;
}
else
{
writeLen = CERT_WRITE_CHUNK_SIZE;
}
status = sl_FsWrite(fHdl, offset, &(data[offset]), writeLen);
offset += writeLen;
}while (offset < len);
sl_FsClose(fHdl,0,0,0);
return 0;
}
else
{
return -1;
}
}

static int32_t createConnectionforWeather(void)
{
SlSockAddrIn_t Addr;

int16_t sd = 0;
int16_t AddrSize = 0;
int32_t ret_val = 0;

Addr.sin_family = SL_AF_INET;
Addr.sin_port = sl_Htons(443);

/* Change the DestinationIP endianity, to big endian */
Addr.sin_addr.s_addr = sl_Htonl(App_CB.weatherDestinationIP);

AddrSize = sizeof(SlSockAddrIn_t);

sd = sl_Socket(SL_AF_INET,SL_SOCK_STREAM, SL_SEC_SOCKET);
if( sd < 0 )
{
UART_PRINT(" Error creating socket\n\r\n\r");
ASSERT_ON_ERROR(sd);
}

writeCert(digicert_root_crt, digicert_root_crt_len);
/* Set the following to enable Client Authentication */
sl_SetSockOpt(sd,SL_SOL_SOCKET,SL_SO_SECURE_FILES_CA_FILE_NAME,CA_FILE_NAME, strlen(CA_FILE_NAME));
//_i16 status;
//status = sl_SetSockOpt(sd, SL_SOL_SOCKET,_SL_SO_SECURE_DOMAIN_NAME_VERIFICATION, "minmin-68c89.firebaseio.com",strlen("minmin-68c89.firebaseio.com"));

//sl_SetSockOpt(sd,SL_SOL_SOCKET,SL_SO_SECURE_FILES_PRIVATE_KEY_FILE_NAME,PRIVATE_KEY_FILE, strlen(PRIVATE_KEY_FILE));

//sl_SetSockOpt(sd,SL_SOL_SOCKET,SL_SO_SECURE_FILES_CERTIFICATE_FILE_NAME,TRUSTED_CERT_CHAIN, strlen(TRUSTED_CERT_CHAIN));

ret_val = sl_Connect(sd, ( SlSockAddr_t *)&Addr, AddrSize);
if( ret_val < 0 )
{
/* error */
UART_PRINT(" Error connecting to server\n\r\n\r");
ASSERT_ON_ERROR(ret_val);
}

return sd;
}

Regards

Min Min

Hi Min Min,

If you are using the CC3120 in development mode with the playground root CA catalog, then running into error -468 is normal. This is since the playground root CA catalog only contains the development certificates for security reasons. You can ignore error -468, as it is only a warning. The underlying TLS socket is still connected when you get that error.

You should continue using the globalsign certificate that gets you the -468 warning and see if you can send your data through that TLS socket.

Regards,

Michael

Hi Michael

Thanks for help. Error handler is disabled and it can receive data. However there is much delay of about 3s to receive data. Does TLS socket cause delay and any suggestion to reduce delay? Because normal http connection runs much faster than https using TLS socket.

Regards

Min Min

Hi Min Min,

Is this 3s delay the TLS connection delay, or is it the delay between sending a request and the data response?

In general, a delay on the order of ~1-2s is expected when performing a TLS connection, depending on the cipher suites that your server uses and whether it can be accelerated by the dedicated crypto hardware of the CC3220. Assuming that your HTTPS request has the highest priority thread in your code, then there isn't much you will be able to do to speed up the connect time and the full HTTPS request time.

Regards,
Michael

Hi Michael / TI experts

I haven't seen your reply since last week. Can I have your suggestion to receive the data continuously without closing the socket or any good way to expedite?

Regards
Min Min

Hi Min Min,

You can set the keepalive time manually using the sl_setSockOpt() API with the  SL_SOL_SOCKET, SL_SO_KEEPALIVETIME options. 

If setting the TCP keepalive time shorter doesn't solve the issue, you may need to take a look at the API documentation of firebase. It's possible that their TCP keepalive procedure is different from what the CC3220 performs automatically. Our device will send a NULL packet every keepalive interval, but maybe firebase needs you to send a more specific packet, or maybe it forbids long TCP connections altogether.

Regards,

Michael

Hi Machael

Thanks for the problem. I modified it to open socket again when it is closed as it is firebase issue. One more question that I wish to know. I want to connect to a campus network that requires my userid and password. How shall I configure to connect?

Regards

Min Min

Hi,

You mean that your campus network does use Captive portal (webpage where you insert your userid and password)? If so that will be hard to connect any kind of device without human interaction, because captive portal requires such kind of interaction.

Jan

Hi Jan

I think it is not like captive portal redirecting to the webpage but something like we use mobile phone to connect to a wifi which requires only password for normal wifi but need userid and password for campus wifi in this case. Is it possible to connect to it?

Regards

Min Min

Hi,

OK, it looks that this may to be enterprise security type. This type of security is supported by CC3120 devices. But connection into such kind of network requires more setup at CC3120 side. Please contact your IT, they can you provide additional information.

Enterprise security is described at this document chapter 4.6.2.

Jan

Hi 

I'm planning to implement to write data in Firebase Realtime Database. I use  this PATCH to modify value as in below. I requested but the response is having error. May I know how to correct this error?

Request

PATCH /.json HTTP/1.1
Host: minmin-68c89.firebaseio.com
Accept: */*
{"dir":"1"}

Response
HTTP/1.1 400 Bad Request
Server: nginx
Date: Sat, 26 Oct 2019 12:04:48 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 36
Connection: keep-alive
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Strict-Transport-Security: max-age=31556926; includeSubDomains; preload

{
   "error" : "No data supplied."
                                }
                                 ATCH /.json HTTP/1.1
Host: minmin-68c89.firebaseio.com
Accept: */*
{"dir":"1"}

Hi,

For debugging an HTTP request, the most straightforward method would probably to check the contents of the HTTP request right before you send it to the server and compare it to the input that is expected by your firebase server documentation.

While I don't know precisely why your request fails, I suspect that once you see the request itself the cause will probably be apparent. I suggest you put a breakpoint at SlNetSock_send() of sprsend() within httpclient.c. From there, you can see exactly what is sent to the server.

Regards,

Michael

Hi Michael

Is SlNetSock_send() the same as sl_Send()? I use sl_Send to send data. The request shown above is the request message printed upon sending to the server. Following code shows sl_Send() to check whether the data to be sent is correct. If the issue is not resolved, could it be again certificate problem that requires manual installation?

retVal = sl_Send(App_CB.weatherSockID, App_CB.weatherSendBuff,
strlen((const char *)App_CB.weatherSendBuff), 0);

UART_PRINT("%s \n\r", App_CB.weatherSendBuff);

Regards

Min Min

Hi Min Min,

Yes, the implementation of SlNetSock_send() will call sl_Send(). The SlNetSock layer is an abstraction layer for all BSD socket communications, while the sl_* APIs are specific to the CC3xxx Wi-Fi devices.

Given the error message you get on the cloud, it is unlikely that the certificate is causing errors. This is since if you had a bad certificate then you would not be able to perform the TLS connection to send any data, and on the server side you probably wouldn't get any output beyond a simple "connection refused" message.

Have you checked the buffers being passed to SlNetSock_send()/sl_Send() and compared it against what AWS expects? Have you also tried running the same HTTP command with your PC using curl or another simliar HTTP request app, to make sure that the request you built matches the input the server expects?

Regards,

Michael