• State Not Answered
  • Replies 9 replies
  • Subscribers 65 subscribers
  • Views 1537 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 309577
Options

TLS handshake error -3b00 on nRF7002

Kyle1

nrfConnect SDK 2.3.0

IDE: VS code

Console Error:

Connecting to HTTP Server:
[00:00:23.982,177] <err> net_sock_tls: TLS handshake error: -3b00

project setup:

I started with the sta example to connect the nrf7002 to wifi Then I pulled in the example for https requests using TLS from zephyr's github, https://github.com/zephyrproject-rtos/zephyr/blob/main/samples/net/sockets/http_get/src/http_get.c

Are there any nrf7002 compatible examples for how to connect to an HTTPS server over port 443 to POST and GET data?

  • 0

    Hi

    The error message "-0x3b00" (MBEDTLS_ERR_PK_INVALID_PUBKEY) points to the pubkey tag or value being invalid. Only RSA and EC are supported here. We don't have an official sample project doing this for the nRF7002 as of yet, but one of the DevZone users posted this link to his GitHub repo that is a simple Zephyr Wi-Fi code that at least can do http_get and has been tested (by this DevZone user to work for the nRF7002 on NCS 2.2.0 and 2.3.0.

    Best regards,

    Simon

  • 0 in reply to Simonr

    Thanks for the response, It looks like the links did not come through though. Is there an ETA for when a official sample project might become available?

  • 0

    Sorry, here's the GitHub link I referred to: https://github.com/craigpeacock/Zephyr_WiFi/blob/main/README.md 

    Here on DevZone we never speculate or discuss future releases or products, as we strive to focus on the currently available solutions. If you want information on future releases, please contact the regional sales manager (RSM) of your area, as they'll be able to share info on what's planned for when, etc. Let me know if you need help reaching out to your local RSM.

    Best regards,

    Simon

  • 0 in reply to Simonr

    Thanks for the link, I already have that code merged in with the STA example for basic HTTP requests and have that working successfully, however for what I am doing I need to added security using HTTPS, which is where the problem seams to be. The server I am connecting to only allows HTTPS requests.

    Would there be something chip side that is not allowing it to connect to any HTTPS server?

    I use tls_credential_add to add the Certificate in the der format for the server I am connecting to and also set socket options (as shown)

    // Create Socket
	sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TLS_1_2); // IPPROTO_TCP //IPPROTO_TLS_1_2
	if (sock < 0) {
		printk("Error creating socket\n");
		return(-1);
	}
	// TLS settings
	sec_tag_t sec_tag_opt[] = {
		CA_CERTIFICATE_TAG,
	};
	setsockopt(sock, SOL_TLS, TLS_SEC_TAG_LIST,
			 sec_tag_opt, sizeof(sec_tag_opt));

	setsockopt(sock, SOL_TLS, TLS_HOSTNAME,
			 SERVER_HOSTNAME, sizeof(SERVER_HOSTNAME));

  • 0

    Hi Kyle

    I'm currently researching and asking around internally if we have any sample projects for connecting to an HTTPS server, but it doesn't seem like it as of yet. I'll dig some more and get back to you. From what I can see the issue seems to be with configuring the mbedtls and its buffers correctly to work with the added security.

    I'll try to get back with more details tomorrow. Thank you for your patience!

    Best regards,

    Simon

Related