ATWINC1500 Problem with HTTPS

Log in or register to post comments
Go To Last Post
7 posts / 0 new
Author
Message
norbert22
norbert22's picture
Level: Rookie
Joined: Thu. Nov 6, 2014
Posts: 38 View posts
#1
Posted by norbert22: Tue. Jul 18, 2017 - 01:46 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hi,

I have a problem with sending data via https. I set port to 443 and turn on TLS. 

void http_client_get_config_defaults(struct http_client_config *const config)
{
	config->port = 443;
	config->tls = 1;
	config->timeout = 20000;
	config->recv_buffer = NULL;
	config->recv_buffer_size = 8192;
	config->send_buffer_size = MIN_SEND_BUFFER_SIZE;
	config->user_agent = DEFAULT_USER_AGENT;
}

Then I call http_client_send_request method with this url: https://httpbin.org/post and I receive this info:

http_client_callback: disconnection reason:-104

 

 

Anybody can help me?

Tags:

Wireless, General Wireless Discussions
Top
DavidAshman
DavidAshman's picture
Level: New Member
Joined: Wed. Aug 2, 2017
Posts: 3 View posts
Posted by DavidAshman: Wed. Aug 2, 2017 - 07:52 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hi norbert22,

I was having similar problems with the ATWINC1500 module because it needs to verify the certificate when using SSL/TLS.  If it doesn't verify or the certificate isn't stored in the module, it will disconnect and return an error.  Because I'm using the module in a SPIbus embedded environment without any UART tethered to external world, there is no clear documentation that I found to get the certificate downloaded to the module.  We decided to bypass the X.509 verification process by using the setsockopt() function after establishing SSL socket and it works very well now.

                flag_val = 1U;

                socket_opt_ret = setsockopt(m_tcp_connection_params.client_socket, 
                                            SOL_SSL_SOCKET, 
                                            SO_SSL_BYPASS_X509_VERIF,
                                            (int*)&flag_val,
                                            1U);

Hope this helps you.

 

 

David Ashman
Zone 7 Engineering, LLC
Portland, Oregon USA

Top
norbert22
norbert22's picture
Level: Rookie
Joined: Thu. Nov 6, 2014
Posts: 38 View posts
Posted by norbert22: Wed. Aug 9, 2017 - 12:30 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Thank you for your reply, but I don't want use bypass. I tried to download my .pem certificate to module, but it doesn't work. Do you know how to check what certificates are downloaded in module, because maybe I am doing something wrong.

 

I am using RootCertDownload.bat and I am receiving information that All certificates have been downloaded. Then I am trying to connect with my website and getting -104 error.

Top
DavidAshman
DavidAshman's picture
Level: New Member
Joined: Wed. Aug 2, 2017
Posts: 3 View posts
Posted by DavidAshman: Mon. Aug 14, 2017 - 09:51 PM (Reply to #3)
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Sorry norbert22, I don't know how to check/view all downloaded certificates.  I don't have access to the batch files and utilities Atmel provides for desktop UART access to the module.  I just have a direct UART link to embedded uP.  Good luck to you.

David Ashman
Zone 7 Engineering, LLC
Portland, Oregon USA

Top
norbert22
norbert22's picture
Level: Rookie
Joined: Thu. Nov 6, 2014
Posts: 38 View posts
Posted by norbert22: Tue. Aug 29, 2017 - 06:21 AM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hey David,

Could you give me information where did you insert bypass in the code? I inserted it to http_client_send_request in STATE_INIT, but I still getting -104 error.

	case STATE_INIT:
		if (module->config.tls) {
			flag |= SOCKET_FLAGS_SSL;
		}
		mprintf("Creating socket \r\n");
		module->sock = socket(AF_INET, SOCK_STREAM, flag);
		int flag_val = 1U;
		setsockopt(module->sock, SOL_SSL_SOCKET, SO_SSL_BYPASS_X509_VERIF, (int*)&flag_val, 1U);
		if (module->sock >= 0) {
			module_ref_inst[module->sock] = module;
			if (_is_ip(module->host)) {
				addr_in.sin_family = AF_INET;
				addr_in.sin_port = _htons(module->config.port);
				addr_in.sin_addr.s_addr = nmi_inet_addr((char *)module->host);
				mprintf("Connecting to socket \r\n");
				connect(module->sock, (struct sockaddr *)&addr_in, sizeof(struct sockaddr_in));
			} else {
				gethostbyname((uint8*)module->host);
			}
			module->req.state = STATE_TRY_SOCK_CONNECT;
		} else {
			return -ENOSPC;
		}
		break;

 

Top
norbert22
norbert22's picture
Level: Rookie
Joined: Thu. Nov 6, 2014
Posts: 38 View posts
Posted by norbert22: Tue. Aug 29, 2017 - 08:52 AM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Ok, problem solved. It was a problem with cipher suites. Atmel's documentation say:
 

The current implementation is limited to the following cipher suites: 
 TLS_RSA_WITH_AES_128_CBC_SHA 
 TLS_RSA_WITH_AES_256_CBC_SHA 
 TLS_RSA_WITH_AES_128_CBC_SHA256 
 TLS_RSA_WITH_AES_256_CBC_SHA256

I checked it in wireshark and it turn out that atwinc1500 tries to tell the server that supports six cipher suites (3 with DHE key exchange). I have to turn off checking DHE cipher suites on server and it works now.

Top
khoatran
khoatran's picture
Level: New Member
Joined: Wed. Oct 18, 2017
Posts: 1 View posts
Posted by khoatran: Wed. Oct 18, 2017 - 03:15 AM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hi norbert22,

 

Can I have your sample code please ?

 

Best regards,

Khoa Tran
 

Top