AnsweredAssumed Answered

SPWF04SA TLS socket connection problem

Question asked by Antonio Roman on Aug 31, 2017

I have a couple of weeks trying to make a TLS connection and it has been practically impossible. I am using the SDK for SPWF04A (STM32CubeExpansion_WIFI1_V3.0.2) on a NUCLEO-F401RE, and compiling the code into IAR. I followed all the steps explained in document AN4963 and UM2114. I have tried to obtain the root certificates (CA) of the sites that I have decided to test, and the respective Subject Key Identifier of each certificate. I have placed CA certificates in the code as text string in PEM format and exported from Google Chrome, and I proceeded to do the tests in two modalities, either using sockets, or using the http client.

 

The issue is that if I establish a socket or http connection to port 80 and without using encryption in the selected test sites (Googleapis, Restipsum, etc) the connection is satisfactory and I get the expected data. On the other hand, if I try to establish the connection in TLS using port 443 for each of these sites, and using its respective certificate and Subject Key Identifier, the connection generates error, usually the errors are: X509 Error 23 (maps.googleapis.com) or X509 Error 19 (restipsum.com).

 

Here are two examples of console output from NUCLEO-F401RE, in this case, looking for connection to "googleapis.com" and "restipsum.com". They are the standard messages of the example "Client_Socket" plus some additions that I have added into de code to make it more informative. The presentation of the Certificate and Subjetc Key is for verification purposes.

 

I would like to know what possible error I am committing, or, if it is a problem in the firmware of the module.

 

 

Example output: googleapis.com
--------------------------------

>>model number is SPWF04SA
>>Setting CA certificate
>>UART TX buffer: AT+S.TLSCERT=content,2
+S.TLSCERT=content,2
-S.Clean
-S.OK
<<OK

>>UART TX buffer: AT+S.TIME=1504170338
+S.TIME=1504170338
-S.OK
<<OK
>>UART TX buffer: AT+S.TIME
+S.TIME
-S.Date:17.08.31:00
-S.Time:09.05.38
-S.OK
<<OK

>>UART TX buffer: AT+S.TLSCERT=Ca,1235
-----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
-----END CERTIFICATE-----

+S.TLSCERT=Ca,1235
-S.No SubjectKeyId
-S.OK
<<OK

>>UART TX buffer: AT+S.TLSCERT=Auth,40
c07a98688d89fbab05640c117daa7d65b8cacc4e
+S.TLSCERT=Auth,40
-S.OK
<<OK

>>UART TX buffer: AT+S.TLSCERT=content,1
+S.TLSCERT=content,1
-S.List
-S.CA:1
-S.Cert:0
-S.Key:0
-S.Id:1
-S.OK
<<OK

>>TLS set certificate OK
>>UART TX buffer: AT+S.SOCKON=maps.googleapis.com,443,NULL,s
+S.SOCKON=maps.googleapis.com,443,NULL,s
-S.Skip CA
-S.Skip CA
-S.Skip CA
-S.Certificate Error:23
-S.ERROR:74:Failed to open socket
>>ERROR!
Status = 13
>>Socket connection error



Example output: restipsum.com
--------------------------------

>>model number is SPWF04SA
>>Setting CA certificate
>>UART TX buffer: AT+S.TLSCERT=content,2
+S.TLSCERT=content,2
-S.Clean
-S.OK
<<OK

>>UART TX buffer: AT+S.TIME=1504170338
+S.TIME=1504170338
-S.OK
<<OK
>>UART TX buffer: AT+S.TIME
+S.TIME
-S.Date:17.08.31:00
-S.Time:09.05.38
-S.OK
<<OK

>>UART TX buffer: AT+S.TLSCERT=Ca,1219
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

+S.TLSCERT=Ca,1219
-S.No SubjectKeyId
-S.OK
<<OK

>>UART TX buffer: AT+S.TLSCERT=Auth,40
c4a7b1a47b2c71fadbe14b9075ffc41560858910
+S.TLSCERT=Auth,40
-S.OK
<<OK

>>UART TX buffer: AT+S.TLSCERT=content,1
+S.TLSCERT=content,1
-S.List
-S.CA:1
-S.Cert:0
-S.Key:0
-S.Id:1
-S.OK
<<OK

>>TLS set certificate OK
>>UART TX buffer: AT+S.SOCKON=restipsum.com,443,NULL,s
+S.SOCKON=restipsum.com,443,NULL,s
-S.Skip CA
-S.Skip CA
-S.Certificate Error:19
-S.ERROR:74:Failed to open socket
ERROR!
Status = 13
>>Socket connection error

Outcomes