nRF7002DK and TLS Sockets -7100 error

Hey everyone,

We have been struggling to get our nRF7002DK connected to any HTTPS server. We've stripped back our evaluation setup to use "google.com" with the example "globalsign_r1" cert and are still running into the same -7100 TLS handshake error. This project is compiled using NCS v2.4.0.

Our evaluation code is based on the WiFi Shell example and pulls in code from other samples. After we have successfully connected to a WiFi network, the device goes through the following routine:

  • We retrieve and set the system time using the SNTP and POSIX clocks modules. This always works fine.
  • We use the DNS resolver module to populate the addr_info struct for "google.com"
  • Afterwards we successfully allocate the socket in the fd table, register credentials with the TLS module, and give the cert data to the socket.
  • We call "connect" on the socket. This always fails with the -7100 error.
  • If the connection succeeded, we would send one HTTPS request.

Here's our console output.

Fullscreen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
uart:~$ Server time is: 1686687543
[00:00:16.668,304] <dbg> net_sock: zsock_socket_internal: (main): socket: ctx=0x20005aa4, fd=7
[00:00:16.668,487] <inf> wifi: Sending SNTP IPv4 request...
[00:00:16.721,160] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20005964, pkt=0x2004fb2c, st=0, user_data=(nil)
[00:00:16.721,282] <dbg> net_sock: zsock_received_cb: (rx_q[0]): ctx=0x20005aa4, pkt=0x2004fb6c, st=0, user_data=(nil)
[00:00:16.721,862] <inf> wifi: status: 0
[00:00:16.721,862] <inf> wifi: time since Epoch: high word: 0, low word: 1686687543
[00:00:16.721,893] <dbg> net_sock: z_impl_zsock_close: (main): close: ctx=0x20005aa4, fd=7
uart:~$ Current time is now: Tue Jun 13 20:19:05 2023
print_addrinfo_results v4: 1 v6: 2 UNS: 0
ipFamily 47568
ipFamily 1
IPv4: 142.251.40.238
[00:00:23.747,100] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20005964, pkt=0x2004fb2c, st=0, user_data=(nil)
[00:00:23.747,375] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -100
[00:00:23.747,467] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -103
Connecting to HTTP Server:
[00:00:23.756,805] <dbg> net_sock_tls: tls_alloc: (main): Allocated TLS context, 0x20001bd0
[00:00:23.757,049] <dbg> net_sock: zsock_socket_internal: (main): socket: ctx=0x20005aa4, fd=8
[00:00:23.788,269] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20005964, pkt=0x2004faec, st=0, user_data=(nil)
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Here's a code snippet corresponding to the console output, in case it is helpful.

Fullscreen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
k_sleep(K_SECONDS(2));
set_time(); // This function uses the Zephyr SNTP module to open an HTTP socket and retrieve a valid system time.
// The socket is closed afterwards.
k_sleep(K_SECONDS(2));
print_time();
k_sleep(K_SECONDS(5));
int sock;
int err;
struct sockaddr_in *sa;
struct addrinfo *rp;
nslookup("google.com", &rp); // This function is from the "http_get" sample, it performs a DNS lookup for "google.com" and formats the address.
print_addrinfo_results(&rp);
printk("Connecting to HTTP Server:\n");
// Load in the TLS cert for HTTPS
tls_credential_add(CA_CERTIFICATE_TAG, TLS_CREDENTIAL_CA_CERTIFICATE,
ca_certificate, sizeof(ca_certificate));
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Here's our prj.conf. We don't use any additional overlays.

Fullscreen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# WiFi Console Support.
CONFIG_EARLY_CONSOLE=y
# Network buffers
CONFIG_NET_MAX_CONTEXTS=6
CONFIG_NET_PKT_RX_COUNT=16
CONFIG_NET_PKT_TX_COUNT=16
CONFIG_NET_BUF_RX_COUNT=80
CONFIG_NET_BUF_TX_COUNT=80
CONFIG_NET_BUF_DATA_SIZE=512
CONFIG_HEAP_MEM_POOL_SIZE=120000
CONFIG_NET_TC_TX_COUNT=0
CONFIG_INIT_STACKS=y
CONFIG_NET_SHELL=y
CONFIG_NET_STATISTICS=y
CONFIG_NET_STATISTICS_PERIODIC_OUTPUT=n
# Networking
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Thanks in advance!