• State Verified Answer
  • Replies 7 replies
  • Subscribers 88 subscribers
  • Views 882 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 343824
Options

Cert not being sent as part of http request

dave

Hi,

We're using the nrf9160 with ncs 2.7, modem FW 1.3.6

We're trying to send an HTTP request with TLS 1.2.  We have provisioned our device and verified the key,cert with a python script and that is able to hit our endpoint OK. However, when we try to do the same thing from the nrf9160 we are getting a `400 bad request No requried SSL certificate was sent` error


We are saving the key and cert with 

modem_key_mgmt_write(PROVISIONED_CERT_SEC_TAG, MODEM_KEY_MGMT_CRED_TYPE_PUBLIC_CERT, cert_buffer,
                                   cert_buffer_bytes_written);

modem_key_mgmt_write(PROVISIONED_CERT_SEC_TAG, MODEM_KEY_MGMT_CRED_TYPE_IDENTITY, cert_buffer,
                               cert_buffer_bytes_written);

modem_key_mgmt_write(PROVISIONED_CERT_SEC_TAG, MODEM_KEY_MGMT_CRED_TYPE_PRIVATE_CERT, key_buffer,
                                   key_buffer_bytes_written);

And then sending it with

    get_addr_info_handle = getaddrinfo(STAGING_HTTP_HOST, HTTP_PORT, &hints, &res);

    memset(recv_buf, 0, sizeof(recv_buf));

    if (get_addr_info_handle != 0) {
        LOG_ERR("Unable to resolve address, quitting. Err: %d", get_addr_info_handle);
        return get_addr_info_handle;
    }

    socket_handle = socket(res->ai_family, res->ai_socktype, IPPROTO_TLS_1_2);
    CHECK(socket_handle);
    LOG_DBG("socket_handle = %d\n", socket_handle);

    //Disable hostname verification
    CHECK(setsockopt(socket_handle, SOL_TLS, TLS_HOSTNAME, NULL, 0))

    //Disable peer verify
    int verify = TLS_PEER_VERIFY_NONE;
    CELL_ERR_CHECK(setsockopt(socket_handle, SOL_TLS, TLS_PEER_VERIFY, &verify, sizeof(verify)));

    //Set sec tag
    static sec_tag_t sec_tag_list[] = {STAGING_SEC_TAG};
    CHECK(setsockopt(socket_handle, SOL_TLS, TLS_SEC_TAG_LIST, sec_tag_list, sizeof(sec_tag_list)));

    LOG_DBG("Connecting to server...\n");
    CHECK(connect(socket_handle, res->ai_addr, res->ai_addrlen));
    LOG_DBG("Connected!\r\nSending request...\n");

    CHECK(send(socket_handle, send_buf, SSTRLEN(send_buf), 0));

Parents Reply Children
Related