cancel
Showing results for 
Search instead for 
Did you mean: 

SPWF04SA TLS socket connection problem

Antonio Roman
Associate II
Posted on August 31, 2017 at 12:55

I have a couple of weeks trying to make a TLS connection and it has been practically impossible. I am using the SDK for SPWF04A (STM32CubeExpansion_WIFI1_V3.0.2) on a NUCLEO-F401RE, and compiling the code into IAR. I followed all the steps explained in document AN4963 and UM2114. I have tried to obtain the root certificates (CA) of the sites that I have decided to test, and the respective Subject Key Identifier of each certificate. I have placed CA certificates in the code as text string in PEM format and exported from Google Chrome, and I proceeded to do the tests in two modalities, either using sockets, or using the http client.

The issue is that if I establish a socket or http connection to port 80 and without using encryption in the selected test sites (Googleapis, Restipsum, etc) the connection is satisfactory and I get the expected data. On the other hand, if I try to establish the connection in TLS using port 443 for each of these sites, and using its respective certificate and Subject Key Identifier, the connection generates error, usually the errors are: X509 Error 23 (maps.googleapis.com) or X509 Error 19 (restipsum.com).

Here are two examples of console output from NUCLEO-F401RE, in this case, looking for connection to 'googleapis.com' and 'restipsum.com'. They are the standard messages of the example 'Client_Socket' plus some additions that I have added into de code to make it more informative. The presentation of the Certificate and Subjetc Key is for verification purposes.

I would like to know what possible error I am committing, or, if it is a problem in the firmware of the module.

Example output: googleapis.com

--------------------------------

>>model number is SPWF04SA

>>Setting CA certificate

>>UART TX buffer: AT+S.TLSCERT=content,2

+S.TLSCERT=content,2

-S.Clean

-S.OK

<<OK

>>UART TX buffer: AT+S.TIME=1504170338

+S.TIME=1504170338

-S.OK

<<OK

>>UART TX buffer: AT+S.TIME

+S.TIME

-S.Date:17.08.31:00

-S.Time:09.05.38

-S.OK

<<OK

>>UART TX buffer: AT+S.TLSCERT=Ca,1235

-----BEGIN CERTIFICATE-----

MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT

MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i

YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG

EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg

R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9

9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq

fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv

iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU

1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+

bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW

MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA

ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l

uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn

Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS

tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF

PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un

hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV

5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==

-----END CERTIFICATE-----

+S.TLSCERT=Ca,1235

-S.No SubjectKeyId

-S.OK

<<OK

>>UART TX buffer: AT+S.TLSCERT=Auth,40

c07a98688d89fbab05640c117daa7d65b8cacc4e

+S.TLSCERT=Auth,40

-S.OK

<<OK

>>UART TX buffer: AT+S.TLSCERT=content,1

+S.TLSCERT=content,1

-S.List

-S.CA:1

-S.Cert:0

-S.Key:0

-S.Id:1

-S.OK

<<OK

>>TLS set certificate OK

>>UART TX buffer: AT+S.SOCKON=maps.googleapis.com,443,NULL,s

+S.SOCKON=maps.googleapis.com,443,NULL,s

-S.Skip CA

-S.Skip CA

-S.Skip CA

-S.Certificate Error:23

-S.ERROR:74:Failed to open socket

>>ERROR!

Status = 13

>>Socket connection error

Example output: restipsum.com

--------------------------------

>>model number is SPWF04SA

>>Setting CA certificate

>>UART TX buffer: AT+S.TLSCERT=content,2

+S.TLSCERT=content,2

-S.Clean

-S.OK

<<OK

>>UART TX buffer: AT+S.TIME=1504170338

+S.TIME=1504170338

-S.OK

<<OK

>>UART TX buffer: AT+S.TIME

+S.TIME

-S.Date:17.08.31:00

-S.Time:09.05.38

-S.OK

<<OK

>>UART TX buffer: AT+S.TLSCERT=Ca,1219

-----BEGIN CERTIFICATE-----

MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/

MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT

DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow

PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD

Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB

AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O

rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq

OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b

xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw

7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD

aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV

HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG

SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69

ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr

AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz

R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5

JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo

Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ

-----END CERTIFICATE-----

+S.TLSCERT=Ca,1219

-S.No SubjectKeyId

-S.OK

<<OK

>>UART TX buffer: AT+S.TLSCERT=Auth,40

c4a7b1a47b2c71fadbe14b9075ffc41560858910

+S.TLSCERT=Auth,40

-S.OK

<<OK

>>UART TX buffer: AT+S.TLSCERT=content,1

+S.TLSCERT=content,1

-S.List

-S.CA:1

-S.Cert:0

-S.Key:0

-S.Id:1

-S.OK

<<OK

>>TLS set certificate OK

>>UART TX buffer: AT+S.SOCKON=restipsum.com,443,NULL,s

+S.SOCKON=restipsum.com,443,NULL,s

-S.Skip CA

-S.Skip CA

-S.Certificate Error:19

-S.ERROR:74:Failed to open socket

ERROR!

Status = 13

>>Socket connection error

#spwf04sa #socket #certificate #tls #encryption
0 REPLIES 0