FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SPW04Sx Handshake certificate isue

yoann LBY
Senior

‎2018-04-03 07:27 AM

Posted on April 03, 2018 at 16:27

hi,

SPWF047Sx, mode AP, FW1.1.0

CA, cert, key loading with AT+STLSCERT + datetime

cert 2x ecc bundle (prime256V1)

client connect to the wifi open.

next is AT+S.HTTPGET=192.168.0.2,conf,45061,2,,,config.txt,

AT-S.Skip CA

AT-S.Skip CA

AT-S.Loading:1:2

AT-S.Loading:2:2

AT-S.Loading:3:2

AT-S.Http Client Error:2

On the client (server https node js), i have bad signature and if i check AN4963 the problem is during decoding the CertificateVerify message: 

If the client has sent a digital certificate to the server, the client sends a

CertificateVerify

message signed with the client's private key. By verifying the signature of this message, the server can explicitly verify the ownership of the client digital certificate.

the size of signature sent by server to client (serverKeyexchange) is 71 bytes.

the size of signature sent by client to server (

CertificateVerify) is 70 bytes.

Is it the problem?

(if i use other client (curl) to do same test with same certificate, it works and size of signature for message

CertificateVerify

 is 71 bytes)

Help!

Thanks

Yoann

0 Kudos
2 REPLIES 2
yoann LBY
Senior

‎2018-04-04 09:50 AM

Posted on April 04, 2018 at 18:50

hi,

you continu investigation but have same problem. we replaced server by openssl (server reference) and the result is the same 'bad signature' during

CertificateVerify

.

Signature Algorithm used is:

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 .

a help will be appriciate.

thks

Yoann

0 Kudos
Elio Cometti
Senior II
In response to yoann LBY

‎2018-04-04 12:52 PM

Posted on April 04, 2018 at 19:52

Hello Yoann,

I have just made a connection using a set of keys and certificates generated by me, from SPWF04 to an openssl server. The TLS handshake succeed but the HTTP GET fails because no answer is received to the HTTP request.

The SPWF04 is AP with WPA encryption, the openssl server is forced to use ECDHE-ECDSA-AES128-GCM-SHA256 cipher.

AT+S.HTTPGET=1.112,conf,4433,2,,,config.txt,

AT-S.Loading:1:2

AT-S.Loading:2:2

AT-S.Loading:3:2

AT-S.Http Client Error:4

AT-S.ERROR:111:Request failed

I'm attaching the openssl log. Could you please compare the certificate (dumped in the log) with your in order to highlight sensible differences?

Regards,

Elio

________________

Attachments :

openssl.log.zip : https://st--c.eu10.content.force.com/sfc/dist/version/download/?oid=00Db0000000YtG6&ids=0680X000006HxqB&d=%2Fa%2F0X0000000b1F%2FohPmrFpOjVlRa6vE4PJt92E7hf_MvYbojZSphZDuB48&asPdf=false
0 Kudos
Top