Trying to connect to secure HTTP result in ERROR

Hi Team,

We are using SDK 2.5.2 with MFW 1.3.5

We need to download a secure file from amazon, we first tried to download file from public server connecting to port 80 and succeeded doing so, but when we try to connect to secure server (port 443) with sec tag we burned at slot 120 it result with error:

[17:41, 19/10/2024] : AT#XHTTPCCON=1,"s3.amazonaws.com",80
#XHTTPCCON: 1
OK
(Read data from server)

Port 80 goes OK


[17:43, 19/10/2024] : AT#XHTTPCCON=1,"s3.amazonaws.com",443,120
#XHTTPCCON: 0
ERROR

Sec tag 120 is where the certificate is burned


[17:44, 19/10/2024] : AT#XHTTPCCON=1,"s3.amazonaws.com",443
#XHTTPCCON: 1
OK

If we connect without applying the sec tag it does connect but we can't download the file

#XHTTPCRSP:0,1


[17:49, 19/10/2024] : AT#XHTTPCCON=1,"firmware.v2.staging.s3.us-east-1.amazonaws.com",443,120
#XHTTPCCON: 0
ERROR


[17:50, 19/10/2024] : AT#XHTTPCCON=1,"firmware.v2.staging.s3.us-east-1.amazonaws.com",443
#XHTTPCCON: 1
OK

Hope I managed to explain the problem coherently

We can't provide modem trace because the layout of our product isn't design for that (we tried via UART with no success) 

Parents
  • Hey guys,

    I need help with this, It is blocking us from continuing.
    When we use the TLS sec tag for http cert we get an error for unknown reason.

    I want to reproduce this on the evaluation board but I can't because there is no way to burn root TLS cert, I can only burn normal cert with the certificate manager.

    Please provide me something to continue, If there is a way to burn TLS cert (AT#XCMNG and not AT%CMNG) on the evaluation board this could help us understand more

Reply
  • Hey guys,

    I need help with this, It is blocking us from continuing.
    When we use the TLS sec tag for http cert we get an error for unknown reason.

    I want to reproduce this on the evaluation board but I can't because there is no way to burn root TLS cert, I can only burn normal cert with the certificate manager.

    Please provide me something to continue, If there is a way to burn TLS cert (AT#XCMNG and not AT%CMNG) on the evaluation board this could help us understand more

Children
  • > AT#XHTTPCCON=1,"s3.amazonaws.com",443,60
    [00:00:40.260,681] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x2000cbdc, count: 1, orig prio: -1
    [00:00:40.270,996] <dbg> os: z_impl_k_mutex_unlock: mutex 0x2000cbdc lock_count: 1
    [00:00:40.279,693] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x2000cbdc: 0 (prio: -1000)
    [00:00:40.289,703] <dbg> slm_at_host: cmd_send: RX
    41 54 23 58 48 54 54 50 43 43 4f 4e 3d 31 2c 22 |AT#XHTTP CCON=1,"
    73 33 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d |s3.amazo naws.com
    22 2c 34 34 33 2c 36 30 |",443,60
    [00:00:40.340,637] <dbg> slm_tls: slm_tls_loadcrdl: Load CA cert 600: Len: 2418
    [00:00:40.348,602] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x20010ab8, count: 1, orig prio: -1
    [00:00:40.358,947] <dbg> os: z_impl_k_mutex_unlock: mutex 0x20010ab8 lock_count: 1
    [00:00:40.367,645] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x20010ab8: 0 (prio: -1000)
    [00:00:40.387,603] <wrn> modem_key_mgmt: Key not found
    [00:00:40.393,615] <dbg> slm_tls: slm_tls_loadcrdl: Empty cert at 601:
    [00:00:40.408,050] <wrn> modem_key_mgmt: Key not found
    [00:00:40.414,031] <dbg> slm_tls: slm_tls_loadcrdl: Empty private key at 602:
    [00:00:40.421,905] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x2000cb78, count: 1, orig prio: -1
    [00:00:40.432,250] <dbg> os: z_impl_k_mutex_unlock: mutex 0x2000cb78 lock_count: 1
    [00:00:40.440,948] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x2000cb78: 0 (prio: -1000)
    [00:00:40.450,531] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x20010aa0, count: 1, orig prio: -1
    [00:00:40.461,822] <dbg> os: z_impl_k_mutex_unlock: mutex 0x20010aa0 lock_count: 1
    [00:00:40.470,092] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x20010aa0: 0 (prio: -1000)
    [00:00:40.480,194] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x2000cb78, count: 1, orig prio: -1
    [00:00:40.490,509] <dbg> os: z_impl_k_mutex_unlock: mutex 0x2000cb78 lock_count: 1
    [00:00:40.499,237] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x2000cb78: 0 (prio: -1000)
    [00:00:40.515,655] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x2000cb64, count: 1, orig prio: -1
    [00:00:40.525,939] <dbg> os: z_impl_k_mutex_unlock: mutex 0x2000cb64 lock_count: 1
    [00:00:40.534,606] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x2000cb64: 0 (prio: -1000)
    [00:00:40.544,158] <dbg> os: k_sched_unlock: scheduler unlocked (0x200103a0:0)
    [00:00:40.552,520] <dbg> slm_httpc: do_http_connect: Configuring socket timeout (10 s)
    [00:00:40.561,187] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x200108f0, count: 1, orig prio: -1
    [00:00:40.572,021] <dbg> os: z_impl_k_mutex_unlock: mutex 0x200108f0 lock_count: 1
    [00:00:40.580,230] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x200108f0: 0 (prio: -1000)
    [00:00:40.589,813] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x200108f0, count: 1, orig prio: -1
    [00:00:40.600,524] <dbg> os: z_impl_k_mutex_unlock: mutex 0x200108f0 lock_count: 1
    [00:00:40.609,283] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x200108f0: 0 (prio: -1000)
    [00:00:40.618,865] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x200108f0, count: 1, orig prio: -1
    [00:00:40.629,547] <dbg> os: z_impl_k_mutex_unlock: mutex 0x200108f0 lock_count: 1
    [00:00:40.638,244] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x200108f0: 0 (prio: -1000)
    [00:00:40.647,796] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x200108f0, count: 1, orig prio: -1
    [00:00:40.658,538] <dbg> os: z_impl_k_mutex_unlock: mutex 0x200108f0 lock_count: 1
    [00:00:40.667,297] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x200108f0: 0 (prio: -1000)
    [00:00:40.676,879] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x200108f0, count: 1, orig prio: -1
    [00:00:40.687,622] <dbg> os: z_impl_k_mutex_unlock: mutex 0x200108f0 lock_count: 1
    [00:00:40.696,319] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x200108f0: 0 (prio: -1000)
    [00:00:40.705,932] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x2000cb8c, count: 1, orig prio: -1
    [00:00:41.134,918] <dbg> os: z_impl_k_mutex_unlock: mutex 0x2000cb8c lock_count: 1
    [00:00:41.143,157] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x2000cb8c: 0 (prio: -1000)
    [00:00:41.152,740] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x200108f0, count: 1, orig prio: -1
    [00:00:41.163,452] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x20010918, count: 1, orig prio: -1
    [00:00:41.174,255] <dbg> os: z_impl_k_mutex_unlock: mutex 0x20010918 lock_count: 1
    [00:00:41.182,891] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x20010918: 0 (prio: -1000)
    [00:00:41.192,443] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x20010918, count: 1, orig prio: -1
    [00:00:41.444,641] <dbg> os: z_impl_k_mutex_unlock: mutex 0x20010918 lock_count: 1
    [00:00:41.452,911] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x20010918: 0 (prio: -1000)
    [00:00:41.463,531] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x20010ab8, count: 1, orig prio: -1
    [00:00:41.490,692] <dbg> os: z_impl_k_mutex_unlock: mutex 0x20010ab8 lock_count: 1
    [00:00:41.498,901] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x20010ab8: 0 (prio: -1000)
    [00:00:41.508,453] <dbg> os: z_impl_k_mutex_unlock: mutex 0x200108f0 lock_count: 1
    [00:00:41.517,181] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x200108f0: 0 (prio: -1000)
    [00:00:41.526,733] <err> slm_httpc: connect() failed: -22
    [00:00:41.533,416] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x20010ab8, count: 1, orig prio: -1
    [00:00:41.543,762] <dbg> os: z_impl_k_mutex_unlock: mutex 0x20010ab8 lock_count: 1
    [00:00:41.552,398] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x20010ab8: 0 (prio: -1000)
    [00:00:41.562,408] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x20010ab8, count: 1, orig prio: -1
    [00:00:41.573,211] <dbg> os: z_impl_k_mutex_unlock: mutex 0x20010ab8 lock_count: 1
    [00:00:41.581,451] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x20010ab8: 0 (prio: -1000)
    [00:00:41.591,003] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x20010ab8, count: 1, orig prio: -1
    [00:00:41.601,684] <dbg> os: z_impl_k_mutex_unlock: mutex 0x20010ab8 lock_count: 1
    [00:00:41.610,321] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x20010ab8: 0 (prio: -1000)
    [00:00:41.619,903] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x200108f0, count: 1, orig prio: -1
    [00:00:41.631,286] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x20010918, count: 1, orig prio: -1
    [00:00:41.642,211] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x2000cb64, count: 1, orig prio: -1
    [00:00:41.652,526] <dbg> os: z_impl_k_mutex_unlock: mutex 0x2000cb64 lock_count: 1
    [00:00:41.661,254] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x2000cb64: 0 (prio: -1000)
    [00:00:41.670,806] <dbg> os: z_impl_k_mutex_unlock: mutex 0x20010918 lock_count: 1
    [00:00:41.679,443] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x20010918: 0 (prio: -1000)
    [00:00:41.689,422] <dbg> os: z_impl_k_mutex_unlock: mutex 0x200108f0 lock_count: 1
    [00:00:41.697,723] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x200108f0: 0 (prio: -1000)
    [00:00:41.707,275] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x2000cbf0, count: 1, orig prio: -1
    [00:00:41.718,505] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x2000cc04, count: 1, orig prio: -1
    [00:00:41.728,820] <dbg> os: z_impl_k_mutex_unlock: mutex 0x2000cc04 lock_count: 1
    [00:00:41.737,457] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x2000cc04: 0 (prio: -1000)

    #XHTTPCCON: 0
    [00:00:41.748,809] <dbg> os: z_tick_sleep: thread 0x200103a0 for 33 ticks
    [00:00:41.748,535] <dbg> os: z_tick_sleep: thread 0x200103a0 for 33 ticks
    [00:00:41.748,291] <dbg> os: z_tick_sleep: thread 0x200103a0 for 33 ticks
    [00:00:41.748,016] <dbg> os: z_tick_sleep: thread 0x200103a0 for 33 ticks
    [00:00:41.747,741] <dbg> os: z_tick_sleep: thread 0x200103a0 for 33 ticks
    [00:00:41.747,467] <dbg> slm_uart_handler: slm_uart_tx_write: TX
    0d 0a 23 58 48 54 54 50 43 43 4f 4e 3a 20 30 0d |..#XHTTP CCON: 0.
    0a |.
    [00:00:41.818,328] <dbg> os: z_impl_k_mutex_unlock: mutex 0x2000cbf0 lock_count: 1
    [00:00:41.826,599] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x2000cbf0: 0 (prio: -1000)
    [00:00:41.836,151] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x2000cc04, count: 1, orig prio: -1
    [00:00:41.846,832] <dbg> os: z_impl_k_mutex_unlock: mutex 0x2000cc04 lock_count: 1
    [00:00:41.855,560] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x2000cc04: 0 (prio: -1000)

    ERROR
    [00:00:41.865,875] <dbg> os: z_tick_sleep: thread 0x200103a0 for 33 ticks
    [00:00:41.865,112] <dbg> slm_uart_handler: slm_uart_tx_write: TX
    0d 0a 45 52 52 4f 52 0d 0a |..ERROR. .
    [00:00:41.891,082] <dbg> os: z_impl_k_mutex_lock: 0x200103a0 took mutex 0x2000cbdc, count: 1, orig prio: -1
    [00:00:41.901,397] <dbg> os: z_impl_k_mutex_unlock: mutex 0x2000cbdc lock_count: 1
    [00:00:41.910,003] <dbg> os: z_impl_k_mutex_unlock: new owner of mutex 0x2000cbdc: 0 (prio: -1000)

    why does it fail to connect?

    On Wi-Fi it is connecting with this certificate

  • Ofir_A said:
    Please provide me something to continue, If there is a way to burn TLS cert (AT#XCMNG and not AT%CMNG) on the evaluation board this could help us understand more

    I'm not sure, I believe both commands should be able to write CA cert, although one writes it to the modem and the other writes it to Zephyr setting storage.

Related