• State Not Answered
  • Replies 26 replies
  • Subscribers 88 subscribers
  • Views 2980 views
  • Users 0 members are here
Attachments (4) Download All
Nordic Case Info
  • Case ID: 341701
Options

https_client connection results in error 22 on nRF7002dk

Hardware CI

Hi,

I took a HTTPS Client Sample application from nRF SDK v2.6.2 and I cannot make it work.

What I figured out already is that SSL certificate for 'example.com' has changed from Digi Cert Global G2 to DigiCert Global G3. However It still doesn't connect properly.

The only changes that I have done is swapping the SSL certifitacte and adding WIFI credfentials. This is my prj.conf:

#
# Copyright (c) 2023 Nordic Semiconductor ASA
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#

# General
CONFIG_HEAP_MEM_POOL_SIZE=1024
CONFIG_MAIN_STACK_SIZE=4096

# Logging
CONFIG_LOG=y

# Network
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y
CONFIG_NET_IPV4=y
CONFIG_NET_IPV6=y
CONFIG_NET_CONNECTION_MANAGER=y
CONFIG_NET_CONNECTION_MANAGER_MONITOR_STACK_SIZE=1024

CONFIG_WIFI_CREDENTIALS_STATIC=y
CONFIG_WIFI_CREDENTIALS_STATIC_SSID="abc"
CONFIG_WIFI_CREDENTIALS_STATIC_PASSWORD="xyz"
CONFIG_DNS_RESOLVER=y

The result is as follows:

*** Booting nRF Connect SDK v3.5.99-ncs1-2 ***
HTTPS client sample started
Bringing network interface up
Provisioning certificate
CA certificate already exists, sec tag: 42
Connecting to the network
[00:00:02.095,062] <inf> wifi_mgmt_ext: Connection requested
Network connectivity established and IP address assigned
Looking up example.com
Resolved 23.215.0.136 (AF_INET)
Connecting to example.com:443
connect() failed, err: 22
Network connectivity lost
Disconnected from the network

I also tried it on the latest nRF SDK 2.9.0 and it doesn't connect either.
Please provide a config that works with this sample on nRF7000dk.

I am looking forward for your support!

  • 0 in reply to Jason

      ,

    It seems to me that you're working on a different platform — the nRF91.
    My issue occurs on the nRF5340 with the nRF7002 Wi-Fi module.
    I just tried disabling TFM in my case, but I'm still getting error 22 with the DigiCert Global G3 certificate.

     ,

    I’ve attached my entire project to this ticket. I haven’t made any progress in a long time.
    Could you please try running it on your end and investigate the issue?

    To summarize the topic...

    Ultimate Goal
    Establish an HTTPS connection to ci-global-uat-emhuapeeakcrbpb2.z01.azurefd.net/ using the nRF5340 + nRF7002 DK platform (ideally with TFM enabled).

    First Step Toward the Goal
    Begin with the HTTPS sample from the SDK, which is designed to connect to example.com.

    Problem
    I'm unable to connect to either endpoint using SDK version 2.6.2. Replacing the root CA certificate (from DigiCert Global G2 to DigiCert Global G3) did not help. Enabling specific cipher suites also had no effect.

  • 0 in reply to Hardware CI 
    CONFIG_LOG=y
    CONFIG_NET_LOG=y
    CONFIG_NET_SOCKETS_LOG_LEVEL_DBG=y

    can you add this config to turn on socket log?
  • 0 in reply to Jason

     here are logs with TFM disabled and DigiCert Global G3:

    *** Booting nRF Connect SDK v3.5.99-ncs1-3 ***
HTTPS client sample started
Bringing network interface up
Provisioning certificate
Connecting to the network
[00:00:01.768,951] <inf> wifi_mgmt_ext: Connection requested
[00:00:05.793,121] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046598, st=0, user_data=(nil)
[00:00:05.808,380] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x200465dc, st=0, user_data=(nil)
[00:00:05.842,132] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046598, st=0, user_data=(nil)
[00:00:05.853,668] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x200465dc, st=0, user_data=(nil)
[00:00:05.853,881] <inf> net_dhcpv4: Received: 172.16.0.195
Network connectivity established and IP address assigned
Looking up example.com
[00:00:05.880,676] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046598, st=0, user_data=(nil)
[00:00:05.883,697] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x200465dc, st=0, user_data=(nil)
[00:00:05.884,979] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046598, st=0, user_data=(nil)
[00:00:05.887,023] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x200465dc, st=0, user_data=(nil)
[00:00:05.887,207] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -100
[00:00:05.887,237] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -100
[00:00:05.887,268] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -100
[00:00:05.887,298] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): getaddrinfo entries overflow
[00:00:05.887,329] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -100
[00:00:05.887,359] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): getaddrinfo entries overflow
[00:00:05.887,420] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -100
[00:00:05.887,451] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): getaddrinfo entries overflow
[00:00:05.887,481] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -100
[00:00:05.887,512] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): getaddrinfo entries overflow
[00:00:05.887,542] <dbg> net_sock_addr: dns_resolve_cb: (rx_q[0]): dns status: -103
Resolved 23.215.0.138
[00:00:05.888,549] <dbg> net_sock_tls: tls_alloc: (main): Allocated TLS context, 0x20001d30
[00:00:05.889,038] <dbg> net_sock: zsock_socket_internal: (main): socket: ctx=0x20002ab8, fd=10
Connecting to example.com:443
[00:00:06.009,887] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046554, st=0, user_data=(nil)
connect() failed, err: 22
[00:00:06.012,756] <dbg> net_sock: z_impl_zsock_close: (main): close: ctx=0x20001d30, fd=9
[00:00:06.012,939] <dbg> net_sock: z_impl_zsock_close: (main): close: ctx=0x20002ab8, fd=10
[00:00:06.084,838] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046598, st=0, user_data=(nil)
[00:00:06.085,998] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046554, st=0, user_data=(nil)
[00:00:06.260,040] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046598, st=0, user_data=(nil)
[00:00:06.288,940] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046554, st=0, user_data=(nil)
[00:00:06.290,069] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046598, st=0, user_data=(nil)
[00:00:06.291,259] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046554, st=0, user_data=(nil)
[00:00:06.494,689] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046598, st=0, user_data=(nil)
[00:00:06.496,093] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046554, st=0, user_data=(nil)
[00:00:06.498,260] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046598, st=0, user_data=(nil)
[00:00:06.499,511] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046554, st=0, user_data=(nil)
[00:00:06.700,012] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046598, st=0, user_data=(nil)
[00:00:06.701,263] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046554, st=0, user_data=(nil)
[00:00:06.702,423] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046598, st=0, user_data=(nil)
[00:00:06.703,552] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046554, st=0, user_data=(nil)
[00:00:06.704,742] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046598, st=0, user_data=(nil)
[00:00:06.705,871] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046554, st=0, user_data=(nil)
[00:00:06.903,472] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046598, st=0, user_data=(nil)
[00:00:06.904,632] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046554, st=0, user_data=(nil)
[00:00:06.907,867] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046598, st=0, user_data=(nil)
[00:00:06.909,057] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046554, st=0, user_data=(nil)
[00:00:06.919,769] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046598, st=0, user_data=(nil)
[00:00:06.920,989] <dbg> net_sock_packet: zpacket_received_cb: (rx_q[0]): ctx=0x20002948, pkt=0x20046554, st=0, user_data=(nil)
Network connectivity lost
Disconnected from the network
[00:00:07.054,077] <dbg> net_sock: z_impl_zsock_close: (): close: ctx=0x20002948, fd=4
[00:00:07.064,178] <dbg> net_sock: z_impl_zsock_close: (net_mgmt): close: ctx=0x2003a0f0, fd=6
[00:00:07.064,666] <dbg> net_sock: z_impl_zsock_close: (net_mgmt): close: ctx=0x2003c1e0, fd=8
[00:00:07.065,124] <dbg> net_sock: z_impl_zsock_close: (net_mgmt): close: ctx=0x2003b168, fd=7
[00:00:07.066,711] <dbg> net_sock: z_impl_zsock_close: (): close: ctx=0x20039078, fd=5

  • 0 in reply to Hardware CI

    Hi Kacper,

    I will continue to help with this ticket.

    I did a quick test today and was not able to get the https_client example to work for v2.6.2, indeed.
    I will see if I can find the correct configuration to get the connection.

  • 0 in reply to Sigurd Hellesvik

    Status: I was able to make l5_e2_sol work with DigiCert Global G2, for digicert.com. However, it still fails with ci-global-uat-emhuapeeakcrbpb2.z01.azurefd.net/ .

    l5_e2_sol_digicert_g2.zip

    I suspect that we need to enable crypto support for intermediate certs as well. My next step is to try to use the direct cert of the azure page instead of the root CA cert.

Related
Terms of service