ATWINC1500 HTTPS Problems

Go To Last Post
2 posts / 0 new
Author
Message
#1
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hello all,

 

I'm using a custom board with an ATSAMD21E18A and an ATWINC1510-MR210PB1954 module. I have cobbled together some code that at least can apparently talk to the module without error, cause it to connect to the WiFi in my office, and can successfully make http get requests to http://example.com and to a simple test http server. When I attempt to GET from an https server however I am getting ECONNRESET in my http client callback.

 

I have read about updating ssl certificates on the WINC module and I think maybe that's got something to do with my issue. I am really struggling with understanding the types of certificates, what they're used for, and how to install them on the WINC module.

 

I have found a directory "firmware_upgrade" in a START example project called "WINC1500 Firmware Upgrade". As far as I can tell this example project shows how to update the firmware and certificates on the WINC module. After modifying the "samd21_xplained_pro_firmware_update.bat" to work with my board, and programming my host mcu with a ported version of the "serial bridge" application, I was able to make the batch file run and report success. What it was successful with I couldn't tell you.

 

I'm hoping someone can enlighten me on this whole process.

Does the "samd21_xplained_pro_firmware_update.bat" update the firmware in the WINC module?

Does it update the certificates?

Why are there so many different certificates in the "firmware_upgrade" directory? (certs located at firmware_upgrade/firmware/tls_cert_store and also firmware_upgrade\firmware\Tools\root_certificate_downloader\binary)

What are the certificates used for and do I need them to "GET" from an https server?

 

Please, someone help me understand this.

 

Thanks.

 

Edit: I used the function setsockopt to enable the socket option SO_SSL_BYPASS_X509_VERIF, and now I can GET from an https server. As I understand it this is essentially defeating the purpose of https and should only be used for testing.

 

Does this mean that the issue is certificate related?

Last Edited: Thu. Dec 6, 2018 - 06:58 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

I think I figured this out. I downloaded the certificate, "DigiCert Global Root CA" in this case, for https://example.com using my browser. This came from Firefox at least as a .pem x509 certificate file. I saved it to "$PROJECTPATH/firmware_upgrade/firmware/Tools/root_certificate_downloader/binary/". In this case I also removed the other files that were present but this isn't strictly necessary I don't think. Then I ran "samd21_xplained_pro_firmware_update.bat", modified to use the appropriate COM port, on my pc while it's connected with my board which is running the ported serial bridge app. Ok it says, the one certificate programmed. Then I run my app and it GETs from https://example.com just fine.