ATWINC1500 Problem with HTTPS

Go To Last Post
7 posts / 0 new
Author
Message
#1
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hi,

I have a problem with sending data via https. I set port to 443 and turn on TLS. 

void http_client_get_config_defaults(struct http_client_config *const config)
{
	config->port = 443;
	config->tls = 1;
	config->timeout = 20000;
	config->recv_buffer = NULL;
	config->recv_buffer_size = 8192;
	config->send_buffer_size = MIN_SEND_BUFFER_SIZE;
	config->user_agent = DEFAULT_USER_AGENT;
}

Then I call http_client_send_request method with this url: https://httpbin.org/post and I receive this info:

http_client_callback: disconnection reason:-104

 

 

Anybody can help me?

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hi norbert22,

I was having similar problems with the ATWINC1500 module because it needs to verify the certificate when using SSL/TLS.  If it doesn't verify or the certificate isn't stored in the module, it will disconnect and return an error.  Because I'm using the module in a SPIbus embedded environment without any UART tethered to external world, there is no clear documentation that I found to get the certificate downloaded to the module.  We decided to bypass the X.509 verification process by using the setsockopt() function after establishing SSL socket and it works very well now.

                flag_val = 1U;
                socket_opt_ret = setsockopt(m_tcp_connection_params.client_socket, 
                                            SOL_SSL_SOCKET, 
                                            SO_SSL_BYPASS_X509_VERIF,
                                            (int*)&flag_val,
                                            1U);

Hope this helps you.

 

 

David Ashman
Zone 7 Engineering, LLC
Portland, Oregon USA

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Thank you for your reply, but I don't want use bypass. I tried to download my .pem certificate to module, but it doesn't work. Do you know how to check what certificates are downloaded in module, because maybe I am doing something wrong.

 

I am using RootCertDownload.bat and I am receiving information that All certificates have been downloaded. Then I am trying to connect with my website and getting -104 error.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Sorry norbert22, I don't know how to check/view all downloaded certificates.  I don't have access to the batch files and utilities Atmel provides for desktop UART access to the module.  I just have a direct UART link to embedded uP.  Good luck to you.

David Ashman
Zone 7 Engineering, LLC
Portland, Oregon USA

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hey David,

Could you give me information where did you insert bypass in the code? I inserted it to http_client_send_request in STATE_INIT, but I still getting -104 error.

	case STATE_INIT:
		if (module->config.tls) {
			flag |= SOCKET_FLAGS_SSL;
		}
		mprintf("Creating socket \r\n");
		module->sock = socket(AF_INET, SOCK_STREAM, flag);
		int flag_val = 1U;
		setsockopt(module->sock, SOL_SSL_SOCKET, SO_SSL_BYPASS_X509_VERIF, (int*)&flag_val, 1U);
		if (module->sock >= 0) {
			module_ref_inst[module->sock] = module;
			if (_is_ip(module->host)) {
				addr_in.sin_family = AF_INET;
				addr_in.sin_port = _htons(module->config.port);
				addr_in.sin_addr.s_addr = nmi_inet_addr((char *)module->host);
				mprintf("Connecting to socket \r\n");
				connect(module->sock, (struct sockaddr *)&addr_in, sizeof(struct sockaddr_in));
			} else {
				gethostbyname((uint8*)module->host);
			}
			module->req.state = STATE_TRY_SOCK_CONNECT;
		} else {
			return -ENOSPC;
		}
		break;

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Ok, problem solved. It was a problem with cipher suites. Atmel's documentation say:
 

The current implementation is limited to the following cipher suites: 
 TLS_RSA_WITH_AES_128_CBC_SHA 
 TLS_RSA_WITH_AES_256_CBC_SHA 
 TLS_RSA_WITH_AES_128_CBC_SHA256 
 TLS_RSA_WITH_AES_256_CBC_SHA256 

I checked it in wireshark and it turn out that atwinc1500 tries to tell the server that supports six cipher suites (3 with DHE key exchange). I have to turn off checking DHE cipher suites on server and it works now.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hi norbert22,

 

Can I have your sample code please ?

 

Best regards,

Khoa Tran