https_client connection results in error 22 on nRF7002dk

Hi,

I took a HTTPS Client Sample application from nRF SDK v2.6.2 and I cannot make it work.

What I figured out already is that SSL certificate for 'example.com' has changed from Digi Cert Global G2 to DigiCert Global G3. However It still doesn't connect properly.

The only changes that I have done is swapping the SSL certifitacte and adding WIFI credfentials. This is my prj.conf:

#
# Copyright (c) 2023 Nordic Semiconductor ASA
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#

# General
CONFIG_HEAP_MEM_POOL_SIZE=1024
CONFIG_MAIN_STACK_SIZE=4096

# Logging
CONFIG_LOG=y

# Network
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y
CONFIG_NET_IPV4=y
CONFIG_NET_IPV6=y
CONFIG_NET_CONNECTION_MANAGER=y
CONFIG_NET_CONNECTION_MANAGER_MONITOR_STACK_SIZE=1024

CONFIG_WIFI_CREDENTIALS_STATIC=y
CONFIG_WIFI_CREDENTIALS_STATIC_SSID="abc"
CONFIG_WIFI_CREDENTIALS_STATIC_PASSWORD="xyz"
CONFIG_DNS_RESOLVER=y

The result is as follows:

*** Booting nRF Connect SDK v3.5.99-ncs1-2 ***
HTTPS client sample started
Bringing network interface up
Provisioning certificate
CA certificate already exists, sec tag: 42
Connecting to the network
[00:00:02.095,062] <inf> wifi_mgmt_ext: Connection requested
Network connectivity established and IP address assigned
Looking up example.com
Resolved 23.215.0.136 (AF_INET)
Connecting to example.com:443
connect() failed, err: 22
Network connectivity lost
Disconnected from the network

I also tried it on the latest nRF SDK 2.9.0 and it doesn't connect either.
Please provide a config that works with this sample on nRF7000dk.

I am looking forward for your support!

Parents Reply Children
  • Net credendials (ssid+password) are fine. You can tell by the successful DNS resolve of the hostname.
    I am providing detailed net logs as requested:

    • SDK 2.6.2 + DigiCertGlobalG3.pem
      *** Booting nRF Connect SDK v3.5.99-ncs1-3 ***
      HTTPS client sample started
      Bringing network interface up
      Provisioning certificate
      Connecting to the network
      [00:00:04.688,171] <inf> wifi_mgmt_ext: Connection requested
      [00:00:08.780,609] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x2000e900, pkt=0x20050e28, st=0, user_data=(nil)
      [00:00:08.814,453] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x2000e900, pkt=0x20050e6c, st=0, user_data=(nil)
      [00:00:08.869,812] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x2000e900, pkt=0x20050e28, st=0, user_data=(nil)
      [00:00:08.898,040] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x2000e900, pkt=0x20050e6c, st=0, user_data=(nil)
      [00:00:08.898,345] <inf> net_dhcpv4: Received: 10.213.127.217
      Network connectivity established and IP address assigned
      Looking up example.com
      [00:00:08.931,701] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x2000e900, pkt=0x20050e28, st=0, user_data=(nil)
      [00:00:08.931,915] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -100
      [00:00:08.931,945] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -100
      [00:00:08.931,976] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -100
      [00:00:08.932,006] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): getaddrinfo entries overflow
      [00:00:08.932,037] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -100
      [00:00:08.932,067] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): getaddrinfo entries overflow
      [00:00:08.932,098] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -100
      [00:00:08.932,098] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): getaddrinfo entries overflow
      [00:00:08.932,128] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -100
      [00:00:08.932,159] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): getaddrinfo entries overflow
      [00:00:08.932,189] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -103
      [00:00:08.947,753] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x2000e900, pkt=0x20050e6c, st=0, user_data=(nil)
      [00:00:08.947,937] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -100
      [00:00:08.947,967] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): getaddrinfo entries overflow
      [00:00:08.947,998] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -100
      [00:00:08.948,028] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): getaddrinfo entries overflow
      [00:00:08.948,059] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -100
      [00:00:08.948,089] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): getaddrinfo entries overflow
      [00:00:08.948,120] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -100
      [00:00:08.948,150] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): getaddrinfo entries overflow
      [00:00:08.948,150] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -100
      [00:00:08.948,181] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): getaddrinfo entries overflow
      [00:00:08.948,211] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -100
      [00:00:08.948,242] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): getaddrinfo entries overflow
      [00:00:08.948,272] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -103
      Resolved 23.192.228.84 (AF_INET)
      [00:00:08.949,096] <dbg> net_sock_tls: tls_alloc: (main): Allocated TLS context, 0x2000dce0
      [00:00:08.949,645] <dbg> net_sock: zsock_socket_internal: (main): socket: ctx=0x2000ea70, fd=10
      Connecting to example.com:443
      [00:00:09.397,033] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x2000e900, pkt=0x20050de4, st=0, user_data=(nil)
      connect() failed, err: 22
      [00:00:09.415,191] <dbg> net_sock: z_impl_zsock_close: (main): close: ctx=0x2000dce0, fd=9
      [00:00:09.415,374] <dbg> net_sock: z_impl_zsock_close: (main): close: ctx=0x2000ea70, fd=10
      [00:00:09.465,881] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x2000e900, pkt=0x20050e28, st=0, user_data=(nil)
      [00:00:09.707,916] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x2000e900, pkt=0x20050de4, st=0, user_data=(nil)
      [00:00:09.722,564] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x2000e900, pkt=0x20050e28, st=0, user_data=(nil)
      [00:00:09.735,443] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x2000e900, pkt=0x20050de4, st=0, user_data=(nil)
      [00:00:09.736,694] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x2000e900, pkt=0x20050e28, st=0, user_data=(nil)
      Network connectivity lost
      Disconnected from the network
      [00:00:10.457,611] <dbg> net_sock: z_impl_zsock_close: (): close: ctx=0x2000e900, fd=4
      [00:00:10.467,742] <dbg> net_sock: z_impl_zsock_close: (net_mgmt): close: ctx=0x20044980, fd=6
      [00:00:10.468,444] <dbg> net_sock: z_impl_zsock_close: (net_mgmt): close: ctx=0x20046a70, fd=8
      [00:00:10.469,085] <dbg> net_sock: z_impl_zsock_close: (net_mgmt): close: ctx=0x200459f8, fd=7
      [00:00:10.470,886] <dbg> net_sock: z_impl_zsock_close: (): close: ctx=0x20043908, fd=5
    • SDK 2.6.2 + fullchain.pem
      *** Booting nRF Connect SDK v3.5.99-ncs1-3 ***
      HTTPS client sample started
      Bringing network interface up
      Provisioning certificate
      Failed to register CA certificate: -5
    • SDK 2.9.0 + DigiCertGlobalG3.pem
      *** Booting nRF Connect SDK v2.9.0-7787b2649840 ***
      *** Using Zephyr OS v3.7.99-1f8f3dc29142 ***
      HTTPS client sample started
      Bringing network interface up
      [00:00:00.548,126] <dbg> net_sock_svc: socket_service_thread: (net_socket_service): Service WEST_TOPDIR/zephyr/subsys/net/lib/dns/resolve.c:38 has 1 pollable sockets
      [00:00:00.548,156] <dbg> net_sock_svc: socket_service_thread: (net_socket_service): Monitoring 1 socket entries
      Provisioning certificate
      CA certificate already exists, sec tag: 42
      Connecting to the network
      [00:00:08.706,115] <inf> wifi_mgmt_ext: Connection requested
      --- 2 messages dropped ---
      [00:00:13.017,913] <dbg> net_sock: zsock_socket_internal: (rx_q[0]): socket: ctx=0x2000f200, fd=13
      [00:00:13.020,721] <dbg> net_sock_svc: socket_service_thread: (net_socket_service): Received restart event.
      [00:00:13.030,242] <inf> net_dhcpv4: Received: 10.213.127.217
      Network connectivity established and IP address assigned
      Looking up example.com
      [00:00:13.031,066] <dbg> net_sock_addr: exec_query: (main): Timeout 5000
      [00:00:13.349,884] <dbg> net_sock: zsock_received_cb: (rx_q[0]): ctx=0x2000f200, pkt=0x200560b0, st=0, user_data=0
      --- 5 messages dropped ---
      [00:00:13.350,677] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): dns status: -100
      [00:00:13.350,708] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): dns status: -100
      [00:00:13.350,738] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): dns status: -100
      [00:00:13.350,769] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): getaddrinfo entries overflow
      [00:00:13.350,799] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): dns status: -100
      [00:00:13.350,830] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): getaddrinfo entries overflow
      [00:00:13.350,860] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): dns status: -100
      [00:00:13.350,891] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): getaddrinfo entries overflow
      [00:00:13.410,491] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): dns status: -100
      [00:00:13.410,522] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): getaddrinfo entries overflow
      [00:00:13.410,552] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): dns status: -100
      [00:00:13.410,583] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): getaddrinfo entries overflow
      [00:00:13.410,614] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): dns status: -100
      [00:00:13.410,644] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): getaddrinfo entries overflow
      [00:00:13.410,675] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): dns status: -100
      [00:00:13.410,705] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): getaddrinfo entries overflow
      [00:00:13.410,736] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): dns status: -100
      [00:00:13.410,766] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): getaddrinfo entries overflow
      [00:00:13.410,797] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): dns status: -100
      [00:00:13.410,827] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): getaddrinfo entries overflow
      [00:00:13.410,858] <dbg> net_sock_addr: dns_resolve_cb: (net_socket_service): dns status: -103
      Resolved 23.192.228.84 (AF_INET)
      [00:00:13.411,132] <dbg> net_sock_tls: tls_alloc: (main): Allocated TLS context, 0x2000e438
      [00:00:13.411,712] <dbg> net_sock: zsock_socket_internal: (main): socket: ctx=0x2000f2b8, fd=15
      Connecting to example.com:443
      [00:00:13.708,740] <err> net_sock_tls: Failed to parse CA certificate, err: -0x3a00
      connect() failed, err: 22
      [00:00:13.709,014] <dbg> net_sock: z_impl_zsock_close: (main): close: ctx=0x2000f2b8, fd=15
      [00:00:13.861,267] <dbg> net_sock: z_impl_zsock_close: (rx_q[0]): close: ctx=0x2000f200, fd=13
      [00:00:13.861,572] <dbg> net_sock: zsock_socket_internal: (rx_q[0]): socket: ctx=0x2000f200, fd=13
      [00:00:13.866,088] <dbg> net_sock_svc: socket_service_thread: (net_socket_service): Received restart event.
      Network connectivity lost
      Disconnected from the network
    • SDK 2.9.0 + fullchain.pem
      *** Booting nRF Connect SDK v2.9.0-7787b2649840 ***
      *** Using Zephyr OS v3.7.99-1f8f3dc29142 ***
      HTTPS client sample started
      Bringing network interface up
      [00:00:00.595,123] <dbg> net_sock_svc: socket_service_thread: (net_socket_service): Service WEST_TOPDIR/zephyr/subsys/net/lib/dns/resolve.c:38 has 1 pollable sockets
      [00:00:00.595,153] <dbg> net_sock_svc: socket_service_thread: (net_socket_service): Monitoring 1 socket entries
      Provisioning certificate
      Failed to register CA certificate: -5

    I also provide zip with modified examples from both SDK versions:
    6521.https_client.zip
    I included up-to-date pem files:

    • DigiCertGlobalG3.pem
    • fullchain.pem (DigiCertGlobalG3 + DigiCert Global G3 TLS ECC SHA384 2020 CA1).

    Both pem files you can positively verify using python script (certs/test.py). 

    For 'https_client_2_6_2' I use NRF SDK 2.6.2 and toolchain 2.6.2.
    For 'https_client_2_9_0' I use NRF SDK 2.9.0 and toolchain 2.9.0.

  • It fails in a somewhat similar way for me as well. 

    I've forwarded this to the relevant R&D team, and will update you when I hear from them.

    Regards,

    Elfving

  • Thank you Elfving,
    This is a blocker for me at the moment, so I’d be grateful for any guidance.

  • Understood.

    I'm a bit unclear about whether or not this solves it all for me, but could you try this fix? I've heard claims that this should be the problem.

    Regards,

    Elfving

  • Yes, I've already replaced the certificate with the proper one (DigiCertGlobalG3.pem)
    I included this information in my original post.

    "What I figured out already is that SSL certificate for 'example.com' has changed from Digi Cert Global G2 to DigiCert Global G3. However It still doesn't connect properly."

Related