• State Resolved
  • Locked Locked
  • Replies 9 replies
  • Subscribers 41 subscribers
  • Views 4701 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

How to connect securely using HTTP Client Library

Glenn Vassallo
Guru 21435 points


I would like to use the HTTP Client Library to connect securely using TLS.

I cannot find or work out the required steps to get this to function, I always get a -102 error returned when I call HTTPCli_connect

I know all my settings are correct, the certificate is installed and so on, as everything is fine when I use the ssl example (which does not use the HTTP Client Library)

I followed the details provided in the PDF for the http_client_demo example for using TLS, but I still get the -102 error.

What are the steps to get TLS working with the HTTP Client Library?

Here is my code

//*****************************************************************************
//
//! Function to connect to HTTP server
//!
//! \param  httpClient - Pointer to HTTP Client instance
//!
//! \return Error-code or SUCCESS
//!
//*****************************************************************************
static int ConnectToHTTPServer(HTTPCli_Handle httpClient)
{
    long lRetVal = -1;
    struct sockaddr_in addr;
    struct HTTPCli_SecureParams sparams;
  
#ifdef USE_PROXY
    struct sockaddr_in paddr;
    paddr.sin_family = AF_INET;
    paddr.sin_port = htons(PROXY_PORT);
    paddr.sin_addr.s_addr = sl_Htonl(PROXY_IP);
    HTTPCli_setProxy((struct sockaddr *)&paddr);
#endif

    SlDateTime_t dt;

    /* Set current Date to validate certificate */
    dt.sl_tm_day = 28;
    dt.sl_tm_mon = 6;
    dt.sl_tm_year = 2015;
    dt.sl_tm_hour = 4;
    dt.sl_tm_min = 45;
    dt.sl_tm_sec = 0;
    sl_DevSet(SL_DEVICE_GENERAL_CONFIGURATION, SL_DEVICE_GENERAL_CONFIGURATION_DATE_TIME, sizeof(SlDateTime_t), (unsigned char *)(&dt));

    /* Resolve HOST NAME/IP */
    lRetVal = sl_NetAppDnsGetHostByName((signed char *)HOST_NAME,
                                          strlen((const char *)HOST_NAME),
                                          &g_ulDestinationIP,SL_AF_INET);
    if(lRetVal < 0)
    {
        ASSERT_ON_ERROR(GET_HOST_IP_FAILED);
    }

    /* Set secure TLS connection  */
    /* Security parameters */
    sparams.method.secureMethod = SL_SO_SEC_METHOD_TLSV1_2;
    sparams.mask.secureMask = SL_SEC_MASK_SSL_RSA_WITH_RC4_128_SHA; //SL_SEC_MASK_TLS_RSA_WITH_AES_256_CBC_SHA;
    strncpy(sparams.cafile, SL_SSL_CA_CERT, sizeof(SL_SSL_CA_CERT));
    sparams.privkey[0] = 0;
    sparams.cert[0] = 0;
    sparams.dhkey[0] = 0;
    HTTPCli_setSecureParams(&sparams);

    /* Set up the input parameters for HTTP Connection */
    addr.sin_family = AF_INET;
    addr.sin_port = htons(HOST_PORT);
    addr.sin_addr.s_addr = sl_Htonl(g_ulDestinationIP);

    HTTPCli_construct(httpClient);

    lRetVal = HTTPCli_connect(httpClient, (struct sockaddr *)&addr, HTTPCli_TYPE_TLS, NULL);
    if(lRetVal < 0)
    {
        UART_PRINT("Failed to connect securely to server. error(%d)\n\r", lRetVal);
        return lRetVal;
        //ASSERT_ON_ERROR(SERVER_CONNECTION_FAILED);
    }
    else
    {
        UART_PRINT("Connection to server created successfully\r\n");
    }

    return 0;
}

  • 0
    Guru 21435 points
    Some more information

    Failed to receive[SOCK ERROR] - TX FAILED : socket 247 , reason(-9)
    [SOCK ERROR] - TX FAILED : socket 247 , reason(-9)

    I look up -9 in socket.h and it provides he following

    #define SL_EBADF (-9) /* Bad file number */

    What does "Bad file number" mean?
  • 0 in reply to Glenn Vassallo
    TI__Genius 16085 points
    Hi Glenn,


    Which server are you using as same code snippet we tested with www.howmyssl.com without any issue. Using ssl example are you able to connect?


    Regards,
    Aashish
  • 0 in reply to Aashish Bhanawat
    Guru 21435 points
    Hi Aashish,

    Thanks for your help with this.

    I have tried using Microsoft Azure swiftsoftware-ns.servicebus.windows.net and a local Australia Telco Telstra api.telstra.com

    Yes, I can connect when using the SSL example, I have been doing this with Azure for a long time now.

    I just tested with www.howsmyssl.com and I get the same issue. This indicate there is something wrong with my setup. Can you please zip up the project you used in your successful test, and also include the CA you used, and attach to this forum. I should be able to use these to find out what is happening.

    Glenn.
  • 0 in reply to Glenn Vassallo
    TI__Genius 16085 points

    Hi Glenn,

    Please find attached zip file that have tested main.c and certificate. https://e2e.ti.com/cfs-file/__key/communityserver-discussions-components-files/968/secure_5F00_http_5F00_client_5F00_demo.7z

    Regards,

    Aashish

  • 0 in reply to Aashish Bhanawat
    Guru 21435 points

    Thanks Aashish,

    The issue is now resolved.

    The problem is that the define for the certificates needs to be inside the ConnectToHTTPServer function

    #define SL_SSL_CA_CERT "/cert/1.crt" //Needs to be defined inside the ConnectToHTTPServer function.

    Not sure why, I have never come across this issue before.

    Glenn.

  • 0 in reply to Glenn Vassallo
    TI__Genius 16085 points
    Hi Glenn,


    It's not necessary to define SL_SSL_CA_CERT macro inside the ConnectToHTTPServer(). You can define anywhere in any file.


    Regards,
    Aashish
  • 0 in reply to Aashish Bhanawat
    Guru 21435 points
    Hi Aashish,

    You are correct, I didn't add the pre-define Secure in my test. Hence why it was showing success as it was not using the secure features of your code.

    I am now able to get the www.howsmyssl.com working. Sometimes I need to restart the board, before testing hence the reason it failed in my tests yesterday.

    However, I still cannot get api.telstra.com or swiftsoftware-ns.servicebus.windows.net (Azure) working with the HTTP Client Library. There may be issues with my network connection, or perhaps the http client library is having issues with this site, I really am not sure.

    Could you please test the api.telstra.com , as this is the one I am currently trying to get to work.

    Glenn.
  • 0 in reply to Glenn Vassallo
    Guru 21435 points
    Hi Aashish,

    I have found the issue, I seem to have an intermittent network problem that is causing the connection to fail most times. These types of problems drive you crazy and waste many days.

    Thanks for your assistance with this and the sample code!

    Glenn.
  • 0 in reply to Aashish Bhanawat
    Expert 2025 points
    Hi Aashish,

    Your given code is not working for me.
    I get error code -102 (connect fail).

    Dinkar