How to make an nrf cloud api rest call from the nrf7002dk using only the bearer token?

Question

I am trying to make an nrfcloud api rest call from the nrf7002dk after connecting to my access point.

I combined the sta and http_get examples. run_http_queries is what initiates the https connection and request.

/*
 * Copyright (c) 2017 Linaro Limited
 *
 * SPDX-License-Identifier: Apache-2.0
 */

#include <stdio.h>
#include <stdlib.h>

#if !defined(__ZEPHYR__) || defined(CONFIG_POSIX_API)

#include <netinet/in.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <netdb.h>

#else

#include <zephyr/net/socket.h>
#include <zephyr/kernel.h>

#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS)
#include <zephyr/net/tls_credentials.h>
#include "ca_certificate.h"
#endif

#endif

/* HTTP server to connect to */
#define HTTP_HOST "api.nrfcloud.com"
/* Port to connect to, as string */
#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS)
#define HTTP_PORT "443"
#else
// #define HTTP_PORT "80"
#define HTTP_PORT "443"
#endif
/* HTTP path to request */
#define HTTP_PATH "/v1/account/service-evaluation-token"


#define SSTRLEN(s) (sizeof(s) - 1)
#define CHECK(r) { if (r == -1) { printf("Error: " #r "\n"); exit(1); } }

#define REQUEST "GET " HTTP_PATH " HTTP/1.1\
			\r\nHost: " HTTP_HOST "\
			\r\nContent-Type: text/plain\
			\r\nAuthorization: Bearer xxxxxxx...\
			\r\nContent-Length: 1\r\n\r\n{"

#define GET_REQUEST "GET /v1/account/service-evaluation-token HTTP/1.1\r\n\
Host: api.nrfcloud.com:443\r\n\
Content-Type: text/plain\r\n\
Authorization: Bearer xxxxxxx......\r\n\
Content-Length: 1\r\n\
\r\n\
{"

static char response[1024];

void dump_addrinfo(const struct addrinfo *ai)
{
	printf("addrinfo @%p: ai_family=%d, ai_socktype=%d, ai_protocol=%d, "
	       "sa_family=%d, sin_port=%x\n",
	       ai, ai->ai_family, ai->ai_socktype, ai->ai_protocol,
	       ai->ai_addr->sa_family,
	       ((struct sockaddr_in *)ai->ai_addr)->sin_port);
}

int run_http_queries(void)
{
	static struct addrinfo hints;
	struct addrinfo *res;
	int st, sock;

#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS)
	tls_credential_add(CA_CERTIFICATE_TAG, TLS_CREDENTIAL_CA_CERTIFICATE,
			   ca_certificate, sizeof(ca_certificate));
#endif

	printf("Preparing HTTP GET request for " HTTP_HOST
	       ":" HTTP_PORT HTTP_PATH "\n");

	hints.ai_family = AF_INET;
	hints.ai_socktype = SOCK_STREAM;
	st = getaddrinfo(HTTP_HOST, HTTP_PORT, &hints, &res);
	printf("getaddrinfo status: %d\n", st);

	if (st != 0) {
		printf("Unable to resolve address, quitting\n");
		return 0;
	}

#if 0
	for (; res; res = res->ai_next) {
		dump_addrinfo(res);
	}
#endif

	dump_addrinfo(res);

#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS)
	sock = socket(res->ai_family, res->ai_socktype, IPPROTO_TLS_1_2);
#else
	sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
	// sock = socket(res->ai_family, res->ai_socktype, IPPROTO_TLS_1_2);
#endif
	CHECK(sock);
	printf("sock = %d\n", sock);

#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS)
	sec_tag_t sec_tag_opt[] = {
		CA_CERTIFICATE_TAG,
	};
	// CHECK(setsockopt(sock, SOL_TLS, TLS_SEC_TAG_LIST,
	// 		 sec_tag_opt, sizeof(sec_tag_opt)));
	// int verify = 2;
	// CHECK(setsockopt(sock, SOL_TLS, TLS_PEER_VERIFY, &verify, sizeof(verify)));

	CHECK(setsockopt(sock, SOL_TLS, TLS_HOSTNAME,
			 HTTP_HOST, sizeof(HTTP_HOST)))
#endif

	CHECK(connect(sock, res->ai_addr, res->ai_addrlen));
	// CHECK(send(sock, REQUEST, SSTRLEN(REQUEST), 0));
	CHECK(send(sock, GET_REQUEST, SSTRLEN(GET_REQUEST), 0));

	printf("Response:\n\n");

	while (1) {
		int len = recv(sock, response, sizeof(response) - 1, 0);

		if (len < 0) {
			printf("Error reading response\n");
			return 0;
		}

		if (len == 0) {
			break;
		}

		response[len] = 0;
		printf("%s", response);
	}

	printf("\n");

	(void)close(sock);
	return 0;
}

I've seen nrf9160 examples use the sec_tag to pull the certs and create the https connection before the actual request is sent.

However, with postman I am able to send nrfcloud rest requests without a certificate using the bearer token that I get from the service evaluation token which is what I'm trying to do on the nrf7002dk using just the bearer token.

leo_nam · Accepted Answer

Hello,

I added the required certificates and added the configs in overlay-tls.conf of the htttps_client sample but I was still getting errors.

My connect(... ) function kept returning error 22 or I would get a usage fault, sometimes both:

*** Booting Zephyr OS build v3.3.99-ncs1 ***
[00:00:00.877,136] <inf> net_config: Initializing network
[00:00:00.877,166] <inf> net_config: Waiting interface 1 (0x200014e8) to be up...
[00:00:00.877,410] <inf> net_config: IPv4 address: 192.168.1.99
[00:00:00.877,471] <inf> net_config: Running dhcpv4 client...
Starting nrf7002dk_nrf5340_cpuapp with CPU frequency: 128 MHz
[00:00:02.685,424] <inf> scan: Connection requested
[00:00:07.448,730] <inf> wifi_nrf: wifi_nrf_wpa_supp_authenticate:Authentication request sent successfully

[00:00:07.747,131] <inf> wifi_nrf: wifi_nrf_wpa_supp_associate: Association request sent successfully

[00:00:07.959,594] <inf> scan: Connected
[00:00:08.131,988] <inf> net_dhcpv4: Received: 192.168.10.101
HTTPS client sample started
OK
Looking up api.nrfcloud.com
Resolved 3.223.63.101 (AF_INET)
[00:00:10.027,496] <dbg> net_tcp: tcp_conn_ref: (net_mgmt): conn: 0x200377e4, ref_count: 1
[00:00:10.027,496] <dbg> net_tcp: tcp_conn_alloc: (net_mgmt): conn: 0x200377e4
added cred
Connecting to api.nrfcloud.com:443
[00:00:10.027,740] <dbg> net_tcp: net_tcp_connect: (net_mgmt): context: 0x20004dc8, local: 0.0.0.0, remote: 3.223.63.101
[00:00:10.027,923] <dbg> net_tcp: net_tcp_connect: (net_mgmt): conn: 0x200377e4 src: 192.168.10.101, dst: 3.223.63.101
[00:00:10.027,984] <dbg> net_tcp: tcp_in: (net_mgmt):  [LISTEN Seq=1446880753 Ack=0]
[00:00:10.028,137] <dbg> net_tcp: tcp_out_ext: (net_mgmt): SYN Seq=1446880753 Len=0
[00:00:10.028,198] <dbg> net_tcp: tcp_send_process_no_lock: (net_mgmt): SYN Seq=1446880753 Len=0 
[00:00:10.028,320] <dbg> net_tcp: tcp_send: (net_mgmt): SYN Seq=1446880753 Len=0
[00:00:10.031,127] <dbg> net_tcp: tcp_in: (net_mgmt): LISTEN->SYN_SENT
[00:00:10.101,104] <dbg> net_tcp: tcp_in: (rx_q[0]): SYN,ACK Seq=415337046 Ack=1446880754 Len=0 [SYN_SENT Seq=1446880754 Ack=0]
[00:00:10.101,135] <dbg> net_tcp: tcp_options_check: (rx_q[0]): len=4
[00:00:10.101,135] <dbg> net_tcp: tcp_options_check: (rx_q[0]): opt: 2, opt_len: 4
[00:00:10.101,165] <dbg> net_tcp: tcp_options_check: (rx_q[0]): MSS=1460
[00:00:10.101,165] <dbg> net_tcp: tcp_in: (rx_q[0]): Lowering send window from 26883 to 1280
[00:00:10.101,196] <dbg> net_tcp: tcp_window_full: (rx_q[0]): conn: 0x200377e4 window_full=0
[00:00:10.101,257] <dbg> net_tcp: tcp_send_timer_cancel: (rx_q[0]): SYN Seq=1446880753 Len=0
[00:00:10.101,287] <dbg> net_tcp: tcp_conn_ref: (rx_q[0]): conn: 0x200377e4, ref_count: 2
[00:00:10.101,440] <dbg> net_tcp: tcp_out_ext: (rx_q[0]): ACK Seq=1446880754 Ack=415337047 Len=0
[00:00:10.101,531] <dbg> net_tcp: tcp_send_process_no_lock: (rx_q[0]): ACK Seq=1446880754 Ack=415337047 Len=0 
[00:00:10.101,623] <dbg> net_tcp: tcp_send: (rx_q[0]): ACK Seq=1446880754 Ack=415337047 Len=0
[00:00:10.103,240] <dbg> net_tcp: tcp_in: (rx_q[0]): SYN_SENT->ESTABLISHED
[00:00:10.103,271] <dbg> net_tcp: net_tcp_connect: (net_mgmt): conn: 0x200377e4, ret=0
[00:00:10.103,271] <dbg> net_tcp: net_tcp_recv: (net_mgmt): context: 0x20004dc8, cb: 0x6ec6d, user_data: (nil)
connect() failed, err: 22
[00:00:10.108,764] <dbg> net_tcp: net_tcp_recv: (net_mgmt): context: 0x20004dc8, cb: (nil), user_data: (nil)
[00:00:10.108,856] <dbg> net_tcp: net_tcp_put: (net_mgmt):  [ESTABLISHED Seq=1446880754 Ack=415337047]
[00:00:10.108,886] <dbg> net_tcp: net_tcp_put: (net_mgmt): context 0x20004dc8 CONNECTED
[00:00:10.108,886] <dbg> net_tcp: net_tcp_put: (net_mgmt): TCP connection in active close, not disposing yet (waiting 22753ms)
[00:00:10.109,039] <dbg> net_tcp: tcp_out_ext: (net_mgmt): FIN,ACK Seq=1446880754 Ack=415337047 Len=0
[00:00:10.109,161] <dbg> net_tcp: tcp_send_process_no_lock: (net_mgmt): FIN,ACK Seq=1446880754 Ack=415337047 Len=0 
[00:00:10.109,283] <dbg> net_tcp: tcp_send: (net_mgmt): FIN,ACK Seq=1446880754 Ack=415337047 Len=0
[00:00:10.115,081] <dbg> net_tcp: net_tcp_put: (net_mgmt): ESTABLISHED->FIN_WAIT_1
[00:00:10.115,081] <dbg> net_tcp: tcp_conn_unref: (net_mgmt): conn: 0x200377e4, ref_count=2
[00:00:10.115,142] <inf> net_config: IPv4 address: 192.168.10.101
[00:00:10.115,142] <inf> net_config: Lease time: 86400 seconds
[00:00:10.115,142] <inf> net_config: Subnet: 255.255.255.0
[00:00:10.115,173] <inf> net_config: Router: 192.168.10.1
[00:00:10.390,228] <dbg> net_tcp: tcp_send_process_no_lock: (tcp_work): FIN,ACK Seq=1446880754 Ack=415337047 Len=0 in_retransmission
[00:00:10.390,350] <dbg> net_tcp: tcp_send: (tcp_work): FIN,ACK Seq=1446880754 Ack=415337047 Len=0
[00:00:10.390,472] <err> os: ***** USAGE FAULT *****
[00:00:10.390,472] <err> os:   Stack overflow (context area not valid)
[00:00:10.390,502] <err> os: r0/a1:  0x20000030  r1/a2:  0x200093a8  r2/a3:  0x0009b6d0
[00:00:10.390,502] <err> os: r3/a4:  0x20009480 r12/ip:  0x2002a7a2 r14/lr:  0x00052e79
[00:00:10.390,502] <err> os:  xpsr:  0x21000200
[00:00:10.390,502] <err> os: Faulting instruction address (r15/pc): 0x0004d49c
[00:00:10.390,533] <err> os: >>> ZEPHYR FATAL ERROR 2: Stack overflow on CPU 0
[00:00:10.390,533] <err> os: Current thread: 0x20002ec0 (tcp_work)
[00:00:10.470,611] <err> coredump: #CD:BEGIN#
[00:00:10.475,677] <err> coredump: #CD:5a4501000300050002000000
[00:00:10.482,299] <err> coredump: #CD:4102004400
[00:00:10.487,731] <err> coredump: #CD:30000020a8930020d0b6090080940020a2a70220792e05009cd4040000020021
[00:00:10.497,833] <err> coredump: #CD:6093002000000000000000000000000000000000000000000000000000000000
[00:00:10.507,934] <err> coredump: #CD:00000000
[00:00:10.513,183] <err> coredump: #CD:4d0100c02e0020882f0020
[00:00:10.519,622] <err> coredump: #CD:7064002070640020000000000080f00000000000000000000000000000000000
[00:00:10.529,754] <err> coredump: #CD:0000000000000000000000000000000000000000c02e00200000000000000000
[00:00:10.539,855] <err> coredump: #CD:000000000000000000000000ffffffffd896002000000000182f0020182f0020
[00:00:10.549,987] <err> coredump: #CD:0000000035a00400c02e00200000000000000000583700207463705f776f726b
[00:00:10.560,089] <err> coredump: #CD:0000000000000000000000000000000000000000000000000000000040930020
[00:00:10.570,220] <err> coredump: #CD:0004000000000000381200200000000000000000000000000000000000000000
[00:00:10.580,322] <err> coredump: #CD:0000000000000000
[00:00:10.586,242] <err> coredump: #CD:4d01004093002040970020
[00:00:10.592,712] <err> coredump: #CD:f0f0f0f0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[00:00:10.602,813] <err> coredump: #CD:30000020a8930020d0b6090080940020a2a70220792e05009cd4040000020021
[00:00:10.612,945] <err> coredump: #CD:aaaaaaaa300000203800000064780c008c36012030fa002070f90020c0000000
[00:00:10.623,046] <err> coredump: #CD:647800b0792e050018940020aaaaaaaa4f0000000802ffff189400204f000000
[00:00:10.633,178] <err> coredump: #CD:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[00:00:10.643,280] <err> coredump: #CD:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[00:00:10.653,381] <err> coredump: #CD:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa18f40020d9a00700aaaaaaaaaaaaaaaa
[00:00:10.663,513] <err> coredump: #CD:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[00:00:10.673,614] <err> coredump: #CD:aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa8c0600001000000003000000
[00:00:10.683,746] <err> coredump: #CD:80f0002080f0002038120020699607004000000080940020c7130200d0b60900
[00:00:10.693,847] <err> coredump: #CD:28be090064780c00647800b038000000d0780c00200000000000000000000000
[00:00:10.703,979] <err> coredump: #CD:8ca702200c0000001073012060f2002036000000000101206001012043a50200
[00:00:10.714,080] <err> coredump: #CD:0100000000000000500801208c36012060f20020e8240120d8f00020eda40200
[00:00:10.724,212] <err> coredump: #CD:2095002050080120ffffffffa2a70220d8f00020419a0700eda4020060f20020
[00:00:10.734,313] <err> coredump: #CD:80a702201073012000000000000000005008012053a70200459f070080440220
[00:00:10.744,445] <err> coredump: #CD:60f200208ca70220459f070060f200200600000080a702200100000050080120
[00:00:10.754,547] <err> coredump: #CD:00000000dc9e0900000000004ba8020000000000010000000100000001000000
[00:00:10.764,678] <err> coredump: #CD:0100000060f20020e8f0002000000000e0610020b3a8020060f2002001000000
[00:00:10.774,780] <err> coredump: #CD:000000009fae0700000000000200000060f20020000000000000000010730120
[00:00:10.784,881] <err> coredump: #CD:9c4402203fae0200000000003600000000000000f86b032060f20020c8950020
[00:00:10.795,013] <err> coredump: #CD:080000003d90020024590320612107008c49002034e00900f86b0320f86b0320
[00:00:10.805,114] <err> coredump: #CD:e81400202fdd0000cddc0000e8140020f86b0320000000000896002000000000
[00:00:10.815,246] <err> coredump: #CD:246c0320db0b010000000000b39d040030150020b45903200000000000000000
[00:00:10.825,347] <err> coredump: #CD:f86b0320e81400200000000040960020000000001b330700f86b0320b30d0100
[00:00:10.835,479] <err> coredump: #CD:f86b0320cb280700f86b032070960020382f002070960020c0960020382f0020
[00:00:10.845,581] <err> coredump: #CD:dc9e0900752a0700f86b0320076d0100010302040500000201000000ef4e0700
[00:00:10.855,712] <err> coredump: #CD:00000000dc9e0900cd0c000000000000245f032038570320e4770320806c0320
[00:00:10.865,814] <err> coredump: #CD:0c780320c0960020c0960020e4770320806c03200c780320c096002093720100
[00:00:10.875,946] <err> coredump: #CD:c02e0020060000030103020403050400c02e0020bbeb08000000000000ed00e0
[00:00:10.886,047] <err> coredump: #CD:50640020000000000c780320c02e0020e4770320000000000000000000000000
[00:00:10.896,179] <err> coredump: #CD:00000000f398010074780320c02e002000000000bfa00400ffffffffffffffff
[00:00:10.906,311] <err> coredump: #CD:00000000c02e002035a004000000000000000000fbce060000000000aaaaaaaa
[00:00:10.916,381] <err> coredump: #CD:END#

It wasn't until I changed my prj.conf to the one referenced in this thread in ovrebekk's reply that I was able to resolve my issues.

Below is my overlay-tls.conf/prj.conf before the error and after is was resolved.

At first it would only work if peer_verification was off. It wasn't until the correct certificate (cross-signed starfield services root ca from the link you provided) was referenced that I was able to have peer_verification working.

Before:

# CONFIG_SAMPLE_TFM_MBEDTLS=y

# TFM configuration
CONFIG_TFM_PROFILE_TYPE_NOT_SET=y

# MbedTLS and security
CONFIG_MBEDTLS=y
CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=4096
CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=4096
CONFIG_MBEDTLS_HEAP_SIZE=32768
CONFIG_MBEDTLS_TLS_LIBRARY=y
CONFIG_MBEDTLS_X509_LIBRARY=y
CONFIG_MBEDTLS_PKCS1_V15=y
CONFIG_NRF_SECURITY_ADVANCED=y
CONFIG_NORDIC_SECURITY_BACKEND=y
CONFIG_PSA_WANT_ALG_SHA_1=y
CONFIG_PSA_WANT_ALG_RSA_PKCS1V15_CRYPT=y
CONFIG_PSA_WANT_ALG_RSA_PKCS1V15_SIGN=y

#
# Copyright (c) 2022 Nordic Semiconductor ASA
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#
CONFIG_WIFI=y
CONFIG_WIFI_NRF700X=y

# WPA supplicant
CONFIG_WPA_SUPP=y

# System settings
CONFIG_NEWLIB_LIBC=y
CONFIG_NEWLIB_LIBC_NANO=n

# Networking
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_LOG=y
CONFIG_NET_IPV4=y
CONFIG_NET_UDP=y
CONFIG_NET_TCP=y
CONFIG_NET_DHCPV4=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y
CONFIG_POSIX_MAX_FDS=16

CONFIG_NET_PKT_RX_COUNT=8
CONFIG_NET_PKT_TX_COUNT=8

# Below section is the primary contributor to SRAM and is currently
# tuned for performance, but this will be revisited in the future.
CONFIG_NET_BUF_RX_COUNT=16
CONFIG_NET_BUF_TX_COUNT=16
CONFIG_NET_BUF_DATA_SIZE=128
CONFIG_HEAP_MEM_POOL_SIZE=153600
CONFIG_NET_TC_TX_COUNT=0

CONFIG_NET_IF_UNICAST_IPV4_ADDR_COUNT=1
CONFIG_NET_MAX_CONTEXTS=5
CONFIG_NET_CONTEXT_SYNC_RECV=y

CONFIG_INIT_STACKS=y

CONFIG_NET_L2_ETHERNET=y

CONFIG_NET_CONFIG_SETTINGS=y

CONFIG_NET_SOCKETS_POLL_MAX=4

# Memories
CONFIG_MAIN_STACK_SIZE=4096
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=2048
CONFIG_NET_TX_STACK_SIZE=4096
CONFIG_NET_RX_STACK_SIZE=4096

# Debugging
CONFIG_STACK_SENTINEL=y
CONFIG_DEBUG_COREDUMP=y
CONFIG_DEBUG_COREDUMP_BACKEND_LOGGING=y
CONFIG_DEBUG_COREDUMP_MEMORY_DUMP_MIN=y
CONFIG_SHELL_CMDS_RESIZE=n

CONFIG_MBEDTLS_DEBUG_C=y
# Kernel options
CONFIG_ENTROPY_GENERATOR=y

# Logging
CONFIG_LOG=y
CONFIG_LOG_BUFFER_SIZE=4096
CONFIG_POSIX_CLOCK=y

CONFIG_PM=y

CONFIG_NET_CONFIG_MY_IPV4_ADDR="192.168.1.99"
CONFIG_NET_CONFIG_MY_IPV4_NETMASK="255.255.255.0"
CONFIG_NET_CONFIG_MY_IPV4_GW="192.168.1.1"

# printing of scan results puts pressure on queues in new locking
# design in net_mgmt. So, use a higher timeout for a crowded
# environment.
CONFIG_NET_MGMT_EVENT_QUEUE_SIZE=25
CONFIG_NET_MGMT_EVENT_QUEUE_TIMEOUT=9999
CONFIG_NET_SOCKETS_SOCKOPT_TLS=y

CONFIG_WIFI_LOG_LEVEL_DBG=y
CONFIG_WIFI_LOG_LEVEL_INF=y
CONFIG_NET_TCP_LOG_LEVEL_DBG=y
CONFIG_DEBUG_THREAD_INFO=y
# CONFIG_WPA_SUPP_LOG_LEVEL_DBG=y
# CONFIG_WPA_SUPP_LOG_LEVEL_INF=y

CONFIG_HTTP_CLIENT=y
# Address of HTTP IPv4 server
CONFIG_NET_CONFIG_PEER_IPV4_ADDR="192.0.2.2" #this needs to be changed to server to be connected to
CONFIG_NET_IPV6=y

CONFIG_DNS_RESOLVER=y

After:

# CONFIG_MBEDTLS_DEBUG_C=y
# CONFIG_MBEDTLS_DEBUG_LEVEL=4
# # TLS networking
# CONFIG_POSIX_MAX_FDS=16
# CONFIG_NET_SOCKETS_ENABLE_DTLS=n
# CONFIG_NET_SOCKETS_TLS_MAX_CIPHERSUITES=16
# CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
# CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS=6
# CONFIG_TLS_CREDENTIALS=y

# # mbed TLS and security
# CONFIG_MBEDTLS=y
# CONFIG_MBEDTLS_ENABLE_HEAP=y
# CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=16384
# CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=16384
# CONFIG_MBEDTLS_HEAP_SIZE=128000
# CONFIG_MBEDTLS_TLS_LIBRARY=y
# CONFIG_MBEDTLS_X509_LIBRARY=y
# CONFIG_MBEDTLS_PKCS1_V15=y
# CONFIG_NRF_SECURITY_ADVANCED=y
# CONFIG_NORDIC_SECURITY_BACKEND=y
# CONFIG_PSA_WANT_ALG_SHA_1=y
# CONFIG_PSA_WANT_ALG_RSA_PKCS1V15_CRYPT=y
# CONFIG_PSA_WANT_ALG_RSA_PKCS1V15_SIGN=y
# CONFIG_PSA_WANT_ECC_SECP_R1_256=y
# CONFIG_MBEDTLS_SSL_DEBUG_ALL=y
# CONFIG_MBEDTLS_LOG_LEVEL_DBG=y
# CONFIG_CC3XX_BACKEND=y
# CONFIG_OBERON_BACKEND=n

# CONFIG_MBEDTLS_DEBUG=n
# #CONFIG_MBEDTLS_LOG_LEVEL_INF=y

# CONFIG_MBEDTLS_SSL_RENEGOTIATION=y
# CONFIG_MBEDTLS_SSL_SERVER_NAME_INDICATION=y
# CONFIG_MBEDTLS_KEY_EXCHANGE_ALL_ENABLED=y
# CONFIG_MBEDTLS_ECP_ALL_ENABLED=y
# CONFIG_MBEDTLS_CIPHER_ALL_ENABLED=y
# CONFIG_MBEDTLS_SSL_SESSION_TICKETS=y
# CONFIG_MBEDTLS_SSL_CACHE_C=y
# CONFIG_MBEDTLS_SSL_TICKET_C=y
# CONFIG_PSA_WANT_ECC_TWISTED_EDWARDS_255=y
# CONFIG_PSA_CRYPTO_DRIVER_ECC_TWISTED_EDWARDS_255_OBERON=y
# CONFIG_MBEDTLS_RSA_C=y

# WiFi Console Support.
CONFIG_EARLY_CONSOLE=y

# Network buffers
CONFIG_NET_MAX_CONTEXTS=6
CONFIG_NET_PKT_RX_COUNT=16
CONFIG_NET_PKT_TX_COUNT=16
CONFIG_NET_BUF_RX_COUNT=80
CONFIG_NET_BUF_TX_COUNT=80
CONFIG_NET_BUF_DATA_SIZE=512
CONFIG_HEAP_MEM_POOL_SIZE=120000
CONFIG_NET_TC_TX_COUNT=0

CONFIG_INIT_STACKS=y

CONFIG_NET_SHELL=y

CONFIG_NET_STATISTICS=y
CONFIG_NET_STATISTICS_PERIODIC_OUTPUT=n

# Networking
CONFIG_WIFI=y
CONFIG_WIFI_LOG_LEVEL_ERR=y
CONFIG_NET_L2_WIFI_SHELL=y
CONFIG_NET_CONFIG_SETTINGS=y
CONFIG_NETWORKING=y
CONFIG_NET_LOG=y
CONFIG_NET_IPV6=n
CONFIG_NET_IPV4=y
CONFIG_NET_UDP=y
CONFIG_NET_TCP=y
CONFIG_NET_DHCPV4=y

CONFIG_NET_IF_UNICAST_IPV4_ADDR_COUNT=1
CONFIG_NET_CONTEXT_SYNC_RECV=y

CONFIG_DNS_RESOLVER=y
CONFIG_JSON_LIBRARY=y

# Memories
CONFIG_MAIN_STACK_SIZE=8192
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=4096
CONFIG_NET_TX_STACK_SIZE=4096
CONFIG_NET_RX_STACK_SIZE=4096

CONFIG_IDLE_STACK_SIZE=640
CONFIG_ISR_STACK_SIZE=4096
CONFIG_SHELL_STACK_SIZE=4096

# Debugging
CONFIG_STACK_SENTINEL=y
CONFIG_DEBUG_COREDUMP=y
CONFIG_DEBUG_COREDUMP_BACKEND_LOGGING=y
CONFIG_DEBUG_COREDUMP_MEMORY_DUMP_MIN=y
CONFIG_SHELL_CMDS_RESIZE=n

CONFIG_NET_SOCKETS_LOG_LEVEL_DBG=y
CONFIG_NET_DEBUG_NET_PKT_ALLOC=y
CONFIG_NET_BUF_POOL_USAGE=y
CONFIG_MBEDTLS_DEBUG_C=y
CONFIG_MBEDTLS_DEBUG_LEVEL=4

# Logging
CONFIG_LOG=y
CONFIG_LOG_BUFFER_SIZE=2048
CONFIG_POSIX_CLOCK=y
#CONFIG_LOG_DEFAULT_LEVEL=4

# HTTP
CONFIG_HTTP_CLIENT=y

# Websockets Support.
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y
# TLS networking
CONFIG_POSIX_MAX_FDS=16
CONFIG_NET_SOCKETS_ENABLE_DTLS=n
CONFIG_NET_SOCKETS_TLS_MAX_CIPHERSUITES=16
CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS=6
CONFIG_TLS_CREDENTIALS=y

# mbed TLS and security
CONFIG_MBEDTLS=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=16384
CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=16384
CONFIG_MBEDTLS_HEAP_SIZE=128000
CONFIG_MBEDTLS_TLS_LIBRARY=y
CONFIG_MBEDTLS_X509_LIBRARY=y
CONFIG_MBEDTLS_PKCS1_V15=y
CONFIG_NRF_SECURITY_ADVANCED=y
CONFIG_NORDIC_SECURITY_BACKEND=y
CONFIG_PSA_WANT_ALG_SHA_1=y
CONFIG_PSA_WANT_ALG_RSA_PKCS1V15_CRYPT=y
CONFIG_PSA_WANT_ALG_RSA_PKCS1V15_SIGN=y
CONFIG_PSA_WANT_ECC_SECP_R1_256=y
CONFIG_MBEDTLS_SSL_DEBUG_ALL=y
CONFIG_MBEDTLS_LOG_LEVEL_DBG=y
CONFIG_CC3XX_BACKEND=y
CONFIG_OBERON_BACKEND=n

CONFIG_MBEDTLS_DEBUG=n
#CONFIG_MBEDTLS_LOG_LEVEL_INF=y

CONFIG_MBEDTLS_SSL_RENEGOTIATION=y
CONFIG_MBEDTLS_SSL_SERVER_NAME_INDICATION=y
CONFIG_MBEDTLS_KEY_EXCHANGE_ALL_ENABLED=y
CONFIG_MBEDTLS_ECP_ALL_ENABLED=y
CONFIG_MBEDTLS_CIPHER_ALL_ENABLED=y
CONFIG_MBEDTLS_SSL_SESSION_TICKETS=y
CONFIG_MBEDTLS_SSL_CACHE_C=y
CONFIG_MBEDTLS_SSL_TICKET_C=y
CONFIG_PSA_WANT_ECC_TWISTED_EDWARDS_255=y
CONFIG_PSA_CRYPTO_DRIVER_ECC_TWISTED_EDWARDS_255_OBERON=y
CONFIG_MBEDTLS_RSA_C=y

# SNTP Support.
CONFIG_SNTP=y

# Glue - Fixes documented bugs in nRF7002 implementation.
CONFIG_WIFI_NRF700X=y
CONFIG_NET_L2_ETHERNET=y

# Include WPA Supplement. Requires POSIX_API & NET_SOCKETS.
CONFIG_WPA_SUPP=y

# Required to prevent error in \wifi\nrf700x\zephyr\src\shim.c:14:10: fatal error: sys/time.h: No such file or directory
CONFIG_NEWLIB_LIBC=y
CONFIG_NEWLIB_LIBC_NANO=n

# Required to prevent undefined reference to `z_impl_sys_rand32_get'
CONFIG_ENTROPY_GENERATOR=y
CONFIG_TEST_RANDOM_GENERATOR=y

# printing of scan results puts pressure on queues in new locking
# design in net_mgmt. So, use a higher timeout for a crowded
# environment.
CONFIG_NET_MGMT_EVENT_QUEUE_TIMEOUT=5000

CONFIG_DEBUG_THREAD_INFO=y
CONFIG_DEBUG_OPTIMIZATIONS=y

CONFIG_NET_TCP_WORKQ_STACK_SIZE=4096

So it seems to be a config issue. Will need to look into it more since I don't know which config setting resolved the issue.

Thank you,
Palden

How to make an nrf cloud api rest call from the nrf7002dk using only the bearer token?

Top Replies