• State Not Answered
  • Replies 26 replies
  • Subscribers 88 subscribers
  • Views 2981 views
  • Users 0 members are here
Attachments (4) Download All
Nordic Case Info
  • Case ID: 341701
Options

https_client connection results in error 22 on nRF7002dk

Hardware CI

Hi,

I took a HTTPS Client Sample application from nRF SDK v2.6.2 and I cannot make it work.

What I figured out already is that SSL certificate for 'example.com' has changed from Digi Cert Global G2 to DigiCert Global G3. However It still doesn't connect properly.

The only changes that I have done is swapping the SSL certifitacte and adding WIFI credfentials. This is my prj.conf:

#
# Copyright (c) 2023 Nordic Semiconductor ASA
#
# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
#

# General
CONFIG_HEAP_MEM_POOL_SIZE=1024
CONFIG_MAIN_STACK_SIZE=4096

# Logging
CONFIG_LOG=y

# Network
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y
CONFIG_NET_IPV4=y
CONFIG_NET_IPV6=y
CONFIG_NET_CONNECTION_MANAGER=y
CONFIG_NET_CONNECTION_MANAGER_MONITOR_STACK_SIZE=1024

CONFIG_WIFI_CREDENTIALS_STATIC=y
CONFIG_WIFI_CREDENTIALS_STATIC_SSID="abc"
CONFIG_WIFI_CREDENTIALS_STATIC_PASSWORD="xyz"
CONFIG_DNS_RESOLVER=y

The result is as follows:

*** Booting nRF Connect SDK v3.5.99-ncs1-2 ***
HTTPS client sample started
Bringing network interface up
Provisioning certificate
CA certificate already exists, sec tag: 42
Connecting to the network
[00:00:02.095,062] <inf> wifi_mgmt_ext: Connection requested
Network connectivity established and IP address assigned
Looking up example.com
Resolved 23.215.0.136 (AF_INET)
Connecting to example.com:443
connect() failed, err: 22
Network connectivity lost
Disconnected from the network

I also tried it on the latest nRF SDK 2.9.0 and it doesn't connect either.
Please provide a config that works with this sample on nRF7000dk.

I am looking forward for your support!

  • 0 in reply to Sigurd Hellesvik

    Thank you Sigurd, good to see some progress. Do you know why l5_e2_sol works and https_client sample doesn't?

  • 0 in reply to Hardware CI
    Hardware CI said:
    Do you know why l5_e2_sol works and https_client sample doesn't?

    I do not exactly know no. Likely differences in configurations. You can compare build/zephyr/.config for them to check.
    Or perhaps one is built with Sysbuild and one without? Try to explicitly disable Sysbuild when building.

    Hardware CI said:
     some progress.

    Next update:

    Enabling Mbedtls logs as such:

    CONFIG_LOG=y
CONFIG_LOG_MODE_IMMEDIATE=y
CONFIG_MBEDTLS_DEBUG=y
CONFIG_MBEDTLS_SSL_DEBUG_ALL=y
CONFIG_MBEDTLS_LOG_LEVEL_DBG=y
CONFIG_MBEDTLS_DEBUG_C=y
CONFIG_MBEDTLS_DEBUG_LEVEL=4
# Handle the large influx of prints
CONFIG_LOG_BACKEND_UART=y

    I get 

    uart:~$ [00:00:11.063,873] <err> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3308: TLS handshake fragmentation not supported
[00:00:11.063,873] <err> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:3308: TLS handshake fragmentation not supported
uart:~$ [00:00:11.091,522] <err> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:4177: mbedtls_ssl_handle_message_type() returned -28800 (-0x7080)
[00:00:11.091,522] <err> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_msg.c:4177: mbedtls_ssl_handle_message_type() returned -28800 (-0x7080)
uart:~$ [00:00:11.122,314] <err> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:7536: mbedtls_ssl_read_record() returned -28800 (-0x7080)
[00:00:11.122,314] <err> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:7536: mbedtls_ssl_read_record() returned -28800 (-0x7080)
uart:~$ [00:00:11.152,038] <err> Lesson5_Exercise2: Connecting to server failed, err: 113, Software caused connection abort
[00:00:11.152,038] <err> Lesson5_Exercise2: Connecting to server failed, err: 113, Software caused connection abort
uart:~$ [00:00:11.176,330] <err> Lesson5_Exercise2: Failed to initialize client
[00:00:11.176,330] <err> Lesson5_Exercise2: Failed to initialize client

    .

    I have tried some configurations to fix this fragmentation issue so far, but no luck yet.

  • 0 in reply to Sigurd Hellesvik

    Next up, I tried to connect to your webpage with nRF Connect SDK v3.0.0, but still no luck. I am asking around for ideas.

    Do you have a chance to get logs from your webserver, so that we can see if there is any useful information on the failed connection there?

  • 0 in reply to Hardware CI

    Try to configurations suggested in  nRF Connect SDK v2.6.1 - https_client works for example.com but not other hosts such as google.com 

    CONFIG_MBEDTLS_HEAP_SIZE=80000
CONFIG_MBEDTLS_SSL_IN_CONTENT_LEN=8192
CONFIG_MBEDTLS_SSL_OUT_CONTENT_LEN=8192
CONFIG_NET_SOCKETS_TLS_SET_MAX_FRAGMENT_LENGTH=n
CONFIG_PSA_WANT_RSA_KEY_SIZE_4096=y
CONFIG_MBEDTLS_MPI_MAX_SIZE=512

Related
Terms of service