• State Not Answered
  • Replies 4 replies
  • Subscribers 74 subscribers
  • Views 104 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 344117
Options

nRF5340 + download_client + HTTPS guide needed

Tamas Selmeci

Hello!

I need to use download_client to get files from an HTTPS server. I'm stuck in the implementation process - I'm lost when it comes to TLS etc. I tried to extract some precious details from the example in samples/net/sockets/http_client. MBEDTLS etc are enabled in Kconfig.

The following steps were taken:

1. generated a CA certificate:

openssl genrsa 2048 > ca-key.pem

openssl req -new -x509 -nodes -days 365000 -key ca-key.pem -out ca-cert.pem

2. generated the .DER file:

openssl base64 -d -in ca-cert.pem -out ca-cert.der

3. with my tool (which is quite similar to file2hex.py) it was converted to a C array (static const uint8_t ca_cert[] = {...});

4. included in my source (#include "ca_cert.h");

5. initiated the download:

int cfg_sec_tag_list[] = {1};
struct download_client_cfg cfg = {
 .sec_tag_list = cfg_sec_tag_list,
 .sec_tag_count = ARRAY_SIZE(cfg_sec_tag_list),
 .pdn_id = 0,
 .frag_size_override = 0,
 .set_tls_hostname = 0,
};

...
...

tls_credential_add(cfg_sec_tag_list[0],
 TLS_CREDENTIAL_CA_CERTIFICATE,
 ca_cert,
 sizeof(ca_cert));
download_client_init(&dlc, c_cb);
download_client_get(&dlc, "">https://my.url/file", &cfg, NULL, 0);

6. got these results:

[00:00:28.969,543] <dbg> download_client: set_state: state = 1
[00:00:28.969,573] <inf> download_client: Downloading: https://my.url/file [0]
[00:00:29.183,044] <dbg> download_client: client_connect: Port not specified, using default: 443
[00:00:29.183,074] <dbg> download_client: client_connect: family: 1, type: 1, proto: 258
[00:00:29.183,715] <inf> download_client: Setting up TLS credentials, sec tag count 1
[00:00:29.183,746] <inf> download_client: Connecting to https://my.url/file
[00:00:29.183,776] <dbg> download_client: client_connect: fd 5, addrlen 8, fam IPv4, port 443
[00:00:29.412,231] <err> download_client: Unable to connect, errno 22
[00:00:29.412,658] <dbg> download_client: set_state: state = 0

--------------------------------------------------------------------

I believe this must be something TLS-related, but I'm very rookie in this field.

Please give me a guide how to setup download_client to be able to get files via HTTPS on the simplest way. 

Parents
  • 0

    Hi,

    First, try to run the HTTPS Client sample out of the box. Does this work?
    Then, I can suggest some things depending on how this goes.

    Regards,
    Sigurd Hellesvik

  • 0 in reply to Sigurd Hellesvik

    Hello Sigurd!

    Thanks for the hint. Some hardening conditions:

    • I can't run it, because we don't have such a HW (nRF91);
    • our modem is based on a custom driver, so can't use nRF modem lib;
    • we're using the oldish ncs-2.4.1, so the sample you referred to doesn't exist, instead there's something probably similar in nrf/samples/nrf9160/https_client/src.  Please confirm if I'm looking at the right program;
      • however, there are some interesting steps in tls_setup(...) which appear to setup up socket with TLS;
    • so this all must be working with our custom modem driver (based on top of gsm_ppp.c) + without modemlib + without nRF modem tools + with MbedTLS + with download client;
    • I had another glance on download_client code, appears to do the same steps as the sample;

    As I mentioned before, I'm very rookie in the field of TLS etc. From what I've found I believe that I need to provide download_client the appropriate root certificate for each HTTPS site I want to connect to. This explains why download_client was unable to connect to an HTTPS-site with my self-generated cert :D Please confirm if I'm right.

    Additionally, if I'm not totally wrong, I can use my browser to download the CA cert from the HTTPS site I want to connect to with download_client. Then this PEM must be converted to DER (binary format), which must be included in my program and must be passed to TLS subsystem (tls_credential_add(...)), and finally download_client will be able to make use of it? Is it correct?

    ---------------------------------------------------------------------

    UPDATE

    I tried to connect to example.com with the CA cert from NCS and got the following:

    [00:00:23.333,282] <dbg> download_client: set_state: state = 1
    [00:00:23.333,312] <inf> download_client: Downloading: www.example.com/index.html [0]
    [00:00:23.526,885] <dbg> download_client: client_connect: Port not specified, using default: 443
    [00:00:23.526,916] <dbg> download_client: client_connect: family: 1, type: 1, proto: 258
    [00:00:23.527,496] <inf> download_client: Setting up TLS credentials, sec tag count 1
    [00:00:23.527,526] <inf> download_client: Connecting to www.example.com/index.html
    [00:00:23.527,557] <dbg> download_client: client_connect: fd 5, addrlen 8, fam IPv4, port 443
    [00:00:23.637,054] <wrn> mbedtls: ssl_msg.c:2937: <= write record
    --- 33 messages dropped ---
    [00:00:23.637,084] <wrn> mbedtls: ssl_msg.c:2754: <= write handshake message
    [00:00:23.637,145] <wrn> mbedtls: ssl_client.c:0996: <= write client hello
    [00:00:23.637,176] <wrn> mbedtls: ssl_msg.c:2177: => flush output
    [00:00:23.637,268] <wrn> mbedtls: ssl_msg.c:2194: message length: zu, out_left: zu
    [00:00:23.637,817] <wrn> mbedtls: ssl_msg.c:2201: ssl->f_send() returned 77 (-0xffffffb3)
    [00:00:23.637,878] <wrn> mbedtls: ssl_msg.c:2229: <= flush output
    [00:00:23.637,939] <wrn> mbedtls: ssl_tls.c:3709: client state: MBEDTLS_SSL_SERVER_HELLO
    [00:00:23.638,000] <wrn> mbedtls: ssl_tls12_client.c:1231: => parse server hello
    [00:00:23.638,031] <wrn> mbedtls: ssl_msg.c:4002: => read record
    [00:00:23.638,061] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:23.638,153] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:23.638,214] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:23.638,275] <wrn> mbedtls: ssl_tls.c:3801: <= handshake
    [00:00:23.776,672] <wrn> mbedtls: ssl_msg.c:4002: => read record
    --- 41 messages dropped ---
    [00:00:23.776,733] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:23.776,794] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:23.777,038] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:23.777,130] <wrn> mbedtls: ssl_msg.c:2144: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
    [00:00:23.777,160] <wrn> mbedtls: ssl_msg.c:2164: <= fetch input
    [00:00:23.777,465] <inf> mbedtls: ssl_msg.c:3733: input record: msgtype = 22, version = [0x303], msglen = zu
    [00:00:23.777,526] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:23.777,587] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:23.777,923] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:23.778,015] <wrn> mbedtls: ssl_msg.c:2144: ssl->f_recv(_timeout)() returned 544 (-0xfffffde0)
    [00:00:23.778,106] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:23.778,167] <wrn> mbedtls: ssl_tls.c:3801: <= handshake
    00:00:00:23.863|GCT|DEV main.c:1724 !!! conn klozet
    00:00:00:23.864|GCT|DEV main.c:1715 !!! DL error -113
    [00:00:23.843,322] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    --- 11 messages dropped ---
    [00:00:23.843,719] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:23.843,811] <wrn> mbedtls: ssl_msg.c:2144: ssl->f_recv(_timeout)() returned 480 (-0xfffffe20)
    [00:00:23.843,872] <wrn> mbedtls: ssl_msg.c:2164: <= fetch input
    [00:00:23.861,572] <inf> mbedtls: ssl_msg.c:3088: handshake message: msglen = zu, type = 1024, hslen = zu
    [00:00:23.861,633] <err> mbedtls: ssl_msg.c:3162: TLS handshake fragmentation not supported
    [00:00:23.861,724] <err> mbedtls: ssl_msg.c:4060: mbedtls_ssl_handle_message_type() returned -28800 (-0x7080)
    [00:00:23.861,816] <err> mbedtls: ssl_tls.c:7348: mbedtls_ssl_read_record() returned -28800 (-0x7080)
    [00:00:23.861,877] <wrn> mbedtls: ssl_tls.c:3801: <= handshake
    [00:00:23.862,823] <err> download_client: Unable to connect, errno 113
    [00:00:23.862,854] <wrn> mbedtls: ssl_msg.c:5953: => write close notify
    [00:00:23.862,915] <wrn> mbedtls: ssl_msg.c:5966: <= write close notify
    [00:00:23.864,135] <dbg> download_client: set_state: state = 0

    See the bolded lines. Momentarily I'm unable to enable TLS handshake fragmentation...

    Thanks,

  • 0 in reply to Tamas Selmeci
    Tamas Selmeci said:
    I tried to connect to example.com with the CA cert from NCS and got the following:

    Ah. In future versions of the NCS, the https client sample is generic, and works for both nRF9160 and nRF5340+nRF7002 (Wi-Fi).

    However, since you are on an older version and has a custom setup, I understand that you cannot test this sample.

    Tamas Selmeci said:
    tried to connect to example.com with the CA cert from NCS and got the following

    22 is in my experience often that the certs are wrong.

    And yes, I agree that your understanding is correct, you need the root CA certificate for the webpage you want to connect to, so that your application can verify the trust of the webpage.

    However, from the fragmentation error you got, try perhaps to change CONFIG_MBEDTLS_SSL_MAX_FRAGMENT_LENGTH

  • 0 in reply to Sigurd Hellesvik

    There's unfortunately no such Kconfig option in NCS-2.4.1.

    Today I've figured out that the CA cert in NCS-2.4.1 for example.com is out-of-date and got the most recent CA cert from NCS on github. With the old CA cert I was unable to get index.html with wget, but was able with the new CA cert - so that must be definitely correct.

    The report I've posted earlier was generated with the outdated CA cert. It must not be working either.

    --------------------------------------------------------------------------

    It's quite weird that using the outdated CA cert I've got the following output:

    [00:00:33.673,431] <dbg> download_client: set_state: state = 1
    [00:00:33.673,461] <inf> download_client: Downloading: index.html [0]
    [00:00:33.858,734] <dbg> download_client: client_connect: Port not specified, using default: 443
    [00:00:33.858,734] <dbg> download_client: client_connect: family: 1, type: 1, proto: 258
    [00:00:33.859,313] <inf> download_client: Setting up TLS credentials, sec tag count 1
    [00:00:33.859,344] <inf> download_client: Connecting to https://example.com
    [00:00:33.859,375] <dbg> download_client: client_connect: fd 5, addrlen 8, fam IPv4, port 443
    [00:00:34.211,242] <wrn> mbedtls: ssl_msg.c:2937: <= write record
    --- 33 messages dropped ---
    [00:00:34.211,303] <wrn> mbedtls: ssl_msg.c:2754: <= write handshake message
    [00:00:34.211,364] <wrn> mbedtls: ssl_client.c:0996: <= write client hello
    [00:00:34.211,395] <wrn> mbedtls: ssl_msg.c:2177: => flush output
    [00:00:34.211,456] <wrn> mbedtls: ssl_msg.c:2194: message length: zu, out_left: zu
    [00:00:34.212,310] <wrn> mbedtls: ssl_msg.c:2201: ssl->f_send() returned 77 (-0xffffffb3)
    [00:00:34.212,371] <wrn> mbedtls: ssl_msg.c:2229: <= flush output
    [00:00:34.212,432] <wrn> mbedtls: ssl_tls.c:3709: client state: MBEDTLS_SSL_SERVER_HELLO
    [00:00:34.212,493] <wrn> mbedtls: ssl_tls12_client.c:1231: => parse server hello
    [00:00:34.212,524] <wrn> mbedtls: ssl_msg.c:4003: => read record
    [00:00:34.212,554] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:34.212,646] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:34.212,738] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:34.212,768] <wrn> mbedtls: ssl_tls.c:3801: <= handshake
    [00:00:34.509,918] <wrn> mbedtls: ssl_msg.c:4003: => read record
    --- 41 messages dropped ---
    [00:00:34.509,979] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:34.510,040] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:34.510,253] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:34.510,375] <wrn> mbedtls: ssl_msg.c:2144: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
    [00:00:34.510,406] <wrn> mbedtls: ssl_msg.c:2164: <= fetch input
    [00:00:34.510,711] <inf> mbedtls: ssl_msg.c:3734: input record: msgtype = 22, version = [0x303], msglen = zu
    [00:00:34.510,742] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:34.510,925] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:34.511,169] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:34.511,260] <wrn> mbedtls: ssl_msg.c:2144: ssl->f_recv(_timeout)() returned 544 (-0xfffffde0)
    [00:00:34.511,352] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:34.511,383] <wrn> mbedtls: ssl_tls.c:3801: <= handshake
    [00:00:34.684,112] <wrn> mbedtls: ssl_tls.c:3709: client state: MBEDTLS_SSL_SERVER_CERTIFICATE
    --- 3 messages dropped ---
    [00:00:34.684,173] <wrn> mbedtls: ssl_tls.c:7325: => parse certificate
    [00:00:34.684,204] <wrn> mbedtls: ssl_msg.c:4003: => read record
    [00:00:34.684,234] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:34.684,326] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:34.684,356] <wrn> mbedtls: ssl_msg.c:2164: <= fetch input
    [00:00:34.684,631] <inf> mbedtls: ssl_msg.c:3734: input record: msgtype = 22, version = [0x303], msglen = zu
    [00:00:34.684,692] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:34.684,753] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:34.685,180] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:34.685,302] <wrn> mbedtls: ssl_msg.c:2144: ssl->f_recv(_timeout)() returned 640 (-0xfffffd80)
    [00:00:34.685,363] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:34.685,424] <wrn> mbedtls: ssl_tls.c:3801: <= handshake
    [00:00:34.963,653] <wrn> mbedtls: ssl_tls.c:3709: client state: MBEDTLS_SSL_SERVER_CERTIFICATE
    --- 3 messages dropped ---
    [00:00:34.963,714] <wrn> mbedtls: ssl_tls.c:7325: => parse certificate
    [00:00:34.963,745] <wrn> mbedtls: ssl_msg.c:4003: => read record
    [00:00:34.963,897] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:34.963,989] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:34.964,019] <wrn> mbedtls: ssl_msg.c:2164: <= fetch input
    [00:00:34.964,324] <inf> mbedtls: ssl_msg.c:3734: input record: msgtype = 22, version = [0x303], msglen = zu
    [00:00:34.964,355] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:34.964,447] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:34.964,996] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:34.965,087] <wrn> mbedtls: ssl_msg.c:2144: ssl->f_recv(_timeout)() returned 640 (-0xfffffd80)
    [00:00:34.965,301] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:34.965,362] <wrn> mbedtls: ssl_tls.c:3801: <= handshake
    [00:00:35.028,778] <wrn> mbedtls: ssl_tls.c:3709: client state: MBEDTLS_SSL_SERVER_CERTIFICATE
    --- 3 messages dropped ---
    [00:00:35.028,839] <wrn> mbedtls: ssl_tls.c:7325: => parse certificate
    [00:00:35.028,869] <wrn> mbedtls: ssl_msg.c:4003: => read record
    [00:00:35.028,930] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:35.028,991] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:35.029,052] <wrn> mbedtls: ssl_msg.c:2164: <= fetch input
    [00:00:35.029,357] <inf> mbedtls: ssl_msg.c:3734: input record: msgtype = 22, version = [0x303], msglen = zu
    [00:00:35.029,418] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:35.029,510] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:35.029,968] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:35.030,090] <wrn> mbedtls: ssl_msg.c:2144: ssl->f_recv(_timeout)() returned 640 (-0xfffffd80)
    [00:00:35.030,181] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:35.030,242] <wrn> mbedtls: ssl_tls.c:3801: <= handshake
    [00:00:35.671,386] <inf> mbedtls: ssl_msg.c:5033: send alert level=2 message=42
    --- 90 messages dropped ---
    [00:00:35.671,417] <wrn> mbedtls: ssl_msg.c:2793: => write record
    [00:00:35.671,539] <inf> mbedtls: ssl_msg.c:2881: output record: msgtype = 21, version = [3:3], msglen = zu
    [00:00:35.671,783] <wrn> mbedtls: ssl_msg.c:2177: => flush output
    [00:00:35.671,875] <wrn> mbedtls: ssl_msg.c:2194: message length: zu, out_left: zu
    [00:00:35.672,332] <wrn> mbedtls: ssl_msg.c:2201: ssl->f_send() returned 7 (-0xfffffff9)
    [00:00:35.672,363] <wrn> mbedtls: ssl_msg.c:2229: <= flush output
    [00:00:35.672,424] <wrn> mbedtls: ssl_msg.c:2937: <= write record
    [00:00:35.672,454] <wrn> mbedtls: ssl_msg.c:5045: <= send alert message
    [00:00:35.672,546] <inf> mbedtls: ssl_tls.c:7245: ! Certificate verification flags 00000004
    [00:00:35.672,882] <wrn> mbedtls: ssl_tls.c:3801: <= handshake
    [00:00:35.674,865] <err> download_client: Unable to connect, errno 113
    [00:00:35.674,926] <wrn> mbedtls: ssl_msg.c:5954: => write close notify
    [00:00:35.674,957] <wrn> mbedtls: ssl_msg.c:5967: <= write close notify
    [00:00:35.676,696] <dbg> download_client: set_state: state = 0

    (see the bold lines: verification flags may refer to MBEDTLS_X509_BADCERT_CN_MISMATCH, errno = 113 is ECONNABRT, all reasonable)

    ... but using the up-to-date CA cert this is the only output:

    [00:00:29.529,907] <dbg> download_client: set_state: state = 1
    [00:00:29.529,968] <inf> download_client: Downloading: index.html [0]
    [00:00:29.612,030] <dbg> download_client: client_connect: Port not specified, using default: 443
    [00:00:29.612,030] <dbg> download_client: client_connect: family: 1, type: 1, proto: 258
    [00:00:29.612,731] <inf> download_client: Setting up TLS credentials, sec tag count 1
    [00:00:29.612,762] <inf> download_client: Connecting to https://example.com
    [00:00:29.612,792] <dbg> download_client: client_connect: fd 5, addrlen 8, fam IPv4, port 443

    Not that talkative! MbedTLS doesn't even seem the enter the game. Why is it more verbose when using the bad CA cert?

    This is my current config (remember, I'm using a gsm_ppp-based modem driver):

    CONFIG_HEAP_MEM_POOL_SIZE=300000
    CONFIG_PINCTRL=y
    CONFIG_PM_DEVICE=y
    CONFIG_SYS_CLOCK_TICKS_PER_SEC=1024
    CONFIG_FPU=y
    CONFIG_SERIAL=y
    CONFIG_MAIN_STACK_SIZE=1536
    CONFIG_DOWNLOAD_CLIENT=y
    CONFIG_DOWNLOAD_CLIENT_BUF_SIZE=4096
    CONFIG_DOWNLOAD_CLIENT_STACK_SIZE=4096
    # CONFIG_DOWNLOAD_CLIENT_RANGE_REQUESTS is not set
    CONFIG_DOWNLOAD_CLIENT_LOG_LEVEL_DBG=y
    CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=5000
    CONFIG_MBEDTLS_DEBUG=y
    CONFIG_NRF_CC3XX_PLATFORM=y
    CONFIG_NET_DRIVERS=y
    CONFIG_NET_PPP=y
    CONFIG_NET_PPP_ASYNC_UART=y
    CONFIG_NET_PPP_RINGBUF_SIZE=1536
    # CONFIG_NET_PPP_VERIFY_FCS is not set
    CONFIG_PPP_NET_IF_NO_AUTO_START=y
    CONFIG_NET_PPP_LOG_LEVEL_INF=y
    CONFIG_POSIX_API=y
    CONFIG_NET_BUF_LOG_LEVEL_DBG=y
    CONFIG_NETWORKING=y
    CONFIG_NET_L2_PPP=y
    CONFIG_NET_L2_PPP_OPTION_DNS_USE=y
    CONFIG_NET_L2_PPP_PAP=y
    CONFIG_NET_L2_PPP_OPTION_MRU=y
    CONFIG_NET_L2_PPP_MGMT=y
    CONFIG_NET_IPV4=y
    CONFIG_NET_IPV4_HDR_OPTIONS=y
    CONFIG_NET_TCP=y
    CONFIG_NET_MAX_CONN=6
    CONFIG_NET_MAX_CONTEXTS=8
    CONFIG_NET_CONTEXT_RCVTIMEO=y
    CONFIG_NET_CONTEXT_SNDTIMEO=y
    CONFIG_NET_BUF_RX_COUNT=24
    CONFIG_NET_BUF_TX_COUNT=30
    CONFIG_NET_BUF_DATA_SIZE=160
    CONFIG_NET_MGMT_EVENT_INFO=y
    CONFIG_DNS_RESOLVER=y
    CONFIG_NET_SOCKETS=y
    CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
    CONFIG_TLS_CREDENTIALS_LOG_LEVEL_DBG=y
    CONFIG_PM_DEVICE_RUNTIME=y

    ------------------------------------------------------------------

    Meanwhile I've got inspired by this ticket:

     RE: HTTPS without T-FM and PSA  

    It's a little bit confusing to me what to use if I want to have TLS sockets (HTTPS):

    • use Zephyr's builtin MbedTLS?
    • use NRF_SECURITY?
      • additionally, NORDIC_SECURITY_BACKEND?
    • why to use Oberon?
    • do I need PSA (I don't think so)?;

    In the first try I've decided to enable NRF_SECURITY only. MBEDTLS_ENABLE_HEAP, MBEDTLS_PSA_CRYPTO_C, PSA_WANT_ALG_STREAM_CIPHER, PSA_CRYPTO_DRIVER_OBERON are off. So having this config the output is still the same:

    CONFIG_DOWNLOAD_CLIENT=y
    CONFIG_DOWNLOAD_CLIENT_BUF_SIZE=4096
    CONFIG_DOWNLOAD_CLIENT_STACK_SIZE=4096
    # CONFIG_DOWNLOAD_CLIENT_RANGE_REQUESTS is not set
    CONFIG_DOWNLOAD_CLIENT_LOG_LEVEL_DBG=y
    CONFIG_MBEDTLS_CFG_FILE="config-tls-generic.h"
    CONFIG_MBEDTLS_TLS_VERSION_1_2=y
    # CONFIG_MBEDTLS_SSL_EXPORT_KEYS is not set
    # CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED is not set
    # CONFIG_MBEDTLS_ECP_C is not set
    CONFIG_MBEDTLS_AES_ROM_TABLES=y
    CONFIG_MBEDTLS_SHA256_SMALLER=y
    CONFIG_MBEDTLS_CTR_DRBG_ENABLED=y
    # CONFIG_MBEDTLS_PKCS5_C is not set
    CONFIG_MBEDTLS_DEBUG=y
    # CONFIG_PSA_WANT_ALG_HMAC_DRBG is not set
    # CONFIG_PSA_WANT_ALG_TLS12_PRF is not set
    # CONFIG_PSA_WANT_ALG_TLS12_PSK_TO_MS is not set
    # CONFIG_PSA_WANT_ALG_STREAM_CIPHER is not set
    CONFIG_MBEDTLS_TLS_LIBRARY=y
    CONFIG_MBEDTLS_LEGACY_CRYPTO_C=y
    CONFIG_NRF_CC3XX_PLATFORM=y
    CONFIG_NRF_SECURITY=y
    CONFIG_MBEDTLS_DEBUG_C=y
    # CONFIG_PSA_CRYPTO_DRIVER_OBERON is not set
    CONFIG_NRF_SECURITY_ADVANCED=y
    CONFIG_POSIX_API=y
    # CONFIG_POSIX_MQUEUE is not set
    # CONFIG_EVENTFD is not set
    # CONFIG_FNMATCH is not set
    CONFIG_NETWORKING=y
    CONFIG_NET_L2_PPP=y
    CONFIG_NET_L2_PPP_OPTION_DNS_USE=y
    CONFIG_NET_L2_PPP_PAP=y
    CONFIG_NET_L2_PPP_OPTION_MRU=y
    CONFIG_NET_L2_PPP_MGMT=y
    CONFIG_NET_IPV4=y
    CONFIG_NET_IPV4_HDR_OPTIONS=y
    CONFIG_NET_TCP=y
    CONFIG_NET_MAX_CONN=6
    CONFIG_NET_MAX_CONTEXTS=8
    CONFIG_NET_CONTEXT_RCVTIMEO=y
    CONFIG_NET_CONTEXT_SNDTIMEO=y
    CONFIG_NET_BUF_RX_COUNT=24
    CONFIG_NET_BUF_TX_COUNT=30
    CONFIG_NET_BUF_DATA_SIZE=160
    CONFIG_NET_MGMT_EVENT_INFO=y
    CONFIG_DNS_RESOLVER=y
    CONFIG_NET_SOCKETS=y
    CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
    CONFIG_TLS_CREDENTIALS_LOG_LEVEL_DBG=y
    CONFIG_PM_DEVICE_RUNTIME=y

    And the output:

    [00:00:31.152,496] <dbg> download_client: set_state: state = 1
    [00:00:31.152,526] <inf> download_client: Downloading: index.html [0]
    [00:00:31.337,249] <dbg> download_client: client_connect: Port not specified, using default: 443
    [00:00:31.337,280] <dbg> download_client: client_connect: family: 1, type: 1, proto: 258
    [00:00:31.337,860] <inf> download_client: Setting up TLS credentials, sec tag count 1
    [00:00:31.337,890] <inf> download_client: Connecting to https://example.com
    [00:00:31.337,890] <dbg> download_client: client_connect: fd 5, addrlen 8, fam IPv4, port 443
    [00:00:31.699,371] <err> download_client: Unable to connect, errno 22
    [00:00:31.705,261] <dbg> download_client: set_state: state = 0

    ---------------------------------------------------------

    After enabling NORDIC_SECURITY_BACKEND nothing has changed.

    I'm stuck and would appreciate any help.

    Thanks,

Reply
  • 0 in reply to Sigurd Hellesvik

    There's unfortunately no such Kconfig option in NCS-2.4.1.

    Today I've figured out that the CA cert in NCS-2.4.1 for example.com is out-of-date and got the most recent CA cert from NCS on github. With the old CA cert I was unable to get index.html with wget, but was able with the new CA cert - so that must be definitely correct.

    The report I've posted earlier was generated with the outdated CA cert. It must not be working either.

    --------------------------------------------------------------------------

    It's quite weird that using the outdated CA cert I've got the following output:

    [00:00:33.673,431] <dbg> download_client: set_state: state = 1
    [00:00:33.673,461] <inf> download_client: Downloading: index.html [0]
    [00:00:33.858,734] <dbg> download_client: client_connect: Port not specified, using default: 443
    [00:00:33.858,734] <dbg> download_client: client_connect: family: 1, type: 1, proto: 258
    [00:00:33.859,313] <inf> download_client: Setting up TLS credentials, sec tag count 1
    [00:00:33.859,344] <inf> download_client: Connecting to https://example.com
    [00:00:33.859,375] <dbg> download_client: client_connect: fd 5, addrlen 8, fam IPv4, port 443
    [00:00:34.211,242] <wrn> mbedtls: ssl_msg.c:2937: <= write record
    --- 33 messages dropped ---
    [00:00:34.211,303] <wrn> mbedtls: ssl_msg.c:2754: <= write handshake message
    [00:00:34.211,364] <wrn> mbedtls: ssl_client.c:0996: <= write client hello
    [00:00:34.211,395] <wrn> mbedtls: ssl_msg.c:2177: => flush output
    [00:00:34.211,456] <wrn> mbedtls: ssl_msg.c:2194: message length: zu, out_left: zu
    [00:00:34.212,310] <wrn> mbedtls: ssl_msg.c:2201: ssl->f_send() returned 77 (-0xffffffb3)
    [00:00:34.212,371] <wrn> mbedtls: ssl_msg.c:2229: <= flush output
    [00:00:34.212,432] <wrn> mbedtls: ssl_tls.c:3709: client state: MBEDTLS_SSL_SERVER_HELLO
    [00:00:34.212,493] <wrn> mbedtls: ssl_tls12_client.c:1231: => parse server hello
    [00:00:34.212,524] <wrn> mbedtls: ssl_msg.c:4003: => read record
    [00:00:34.212,554] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:34.212,646] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:34.212,738] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:34.212,768] <wrn> mbedtls: ssl_tls.c:3801: <= handshake
    [00:00:34.509,918] <wrn> mbedtls: ssl_msg.c:4003: => read record
    --- 41 messages dropped ---
    [00:00:34.509,979] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:34.510,040] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:34.510,253] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:34.510,375] <wrn> mbedtls: ssl_msg.c:2144: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
    [00:00:34.510,406] <wrn> mbedtls: ssl_msg.c:2164: <= fetch input
    [00:00:34.510,711] <inf> mbedtls: ssl_msg.c:3734: input record: msgtype = 22, version = [0x303], msglen = zu
    [00:00:34.510,742] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:34.510,925] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:34.511,169] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:34.511,260] <wrn> mbedtls: ssl_msg.c:2144: ssl->f_recv(_timeout)() returned 544 (-0xfffffde0)
    [00:00:34.511,352] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:34.511,383] <wrn> mbedtls: ssl_tls.c:3801: <= handshake
    [00:00:34.684,112] <wrn> mbedtls: ssl_tls.c:3709: client state: MBEDTLS_SSL_SERVER_CERTIFICATE
    --- 3 messages dropped ---
    [00:00:34.684,173] <wrn> mbedtls: ssl_tls.c:7325: => parse certificate
    [00:00:34.684,204] <wrn> mbedtls: ssl_msg.c:4003: => read record
    [00:00:34.684,234] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:34.684,326] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:34.684,356] <wrn> mbedtls: ssl_msg.c:2164: <= fetch input
    [00:00:34.684,631] <inf> mbedtls: ssl_msg.c:3734: input record: msgtype = 22, version = [0x303], msglen = zu
    [00:00:34.684,692] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:34.684,753] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:34.685,180] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:34.685,302] <wrn> mbedtls: ssl_msg.c:2144: ssl->f_recv(_timeout)() returned 640 (-0xfffffd80)
    [00:00:34.685,363] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:34.685,424] <wrn> mbedtls: ssl_tls.c:3801: <= handshake
    [00:00:34.963,653] <wrn> mbedtls: ssl_tls.c:3709: client state: MBEDTLS_SSL_SERVER_CERTIFICATE
    --- 3 messages dropped ---
    [00:00:34.963,714] <wrn> mbedtls: ssl_tls.c:7325: => parse certificate
    [00:00:34.963,745] <wrn> mbedtls: ssl_msg.c:4003: => read record
    [00:00:34.963,897] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:34.963,989] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:34.964,019] <wrn> mbedtls: ssl_msg.c:2164: <= fetch input
    [00:00:34.964,324] <inf> mbedtls: ssl_msg.c:3734: input record: msgtype = 22, version = [0x303], msglen = zu
    [00:00:34.964,355] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:34.964,447] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:34.964,996] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:34.965,087] <wrn> mbedtls: ssl_msg.c:2144: ssl->f_recv(_timeout)() returned 640 (-0xfffffd80)
    [00:00:34.965,301] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:34.965,362] <wrn> mbedtls: ssl_tls.c:3801: <= handshake
    [00:00:35.028,778] <wrn> mbedtls: ssl_tls.c:3709: client state: MBEDTLS_SSL_SERVER_CERTIFICATE
    --- 3 messages dropped ---
    [00:00:35.028,839] <wrn> mbedtls: ssl_tls.c:7325: => parse certificate
    [00:00:35.028,869] <wrn> mbedtls: ssl_msg.c:4003: => read record
    [00:00:35.028,930] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:35.028,991] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:35.029,052] <wrn> mbedtls: ssl_msg.c:2164: <= fetch input
    [00:00:35.029,357] <inf> mbedtls: ssl_msg.c:3734: input record: msgtype = 22, version = [0x303], msglen = zu
    [00:00:35.029,418] <wrn> mbedtls: ssl_msg.c:1962: => fetch input
    [00:00:35.029,510] <wrn> mbedtls: ssl_msg.c:2116: in_left: zu, nb_want: zu
    [00:00:35.029,968] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:35.030,090] <wrn> mbedtls: ssl_msg.c:2144: ssl->f_recv(_timeout)() returned 640 (-0xfffffd80)
    [00:00:35.030,181] <wrn> mbedtls: ssl_msg.c:2141: in_left: zu, nb_want: zu
    [00:00:35.030,242] <wrn> mbedtls: ssl_tls.c:3801: <= handshake
    [00:00:35.671,386] <inf> mbedtls: ssl_msg.c:5033: send alert level=2 message=42
    --- 90 messages dropped ---
    [00:00:35.671,417] <wrn> mbedtls: ssl_msg.c:2793: => write record
    [00:00:35.671,539] <inf> mbedtls: ssl_msg.c:2881: output record: msgtype = 21, version = [3:3], msglen = zu
    [00:00:35.671,783] <wrn> mbedtls: ssl_msg.c:2177: => flush output
    [00:00:35.671,875] <wrn> mbedtls: ssl_msg.c:2194: message length: zu, out_left: zu
    [00:00:35.672,332] <wrn> mbedtls: ssl_msg.c:2201: ssl->f_send() returned 7 (-0xfffffff9)
    [00:00:35.672,363] <wrn> mbedtls: ssl_msg.c:2229: <= flush output
    [00:00:35.672,424] <wrn> mbedtls: ssl_msg.c:2937: <= write record
    [00:00:35.672,454] <wrn> mbedtls: ssl_msg.c:5045: <= send alert message
    [00:00:35.672,546] <inf> mbedtls: ssl_tls.c:7245: ! Certificate verification flags 00000004
    [00:00:35.672,882] <wrn> mbedtls: ssl_tls.c:3801: <= handshake
    [00:00:35.674,865] <err> download_client: Unable to connect, errno 113
    [00:00:35.674,926] <wrn> mbedtls: ssl_msg.c:5954: => write close notify
    [00:00:35.674,957] <wrn> mbedtls: ssl_msg.c:5967: <= write close notify
    [00:00:35.676,696] <dbg> download_client: set_state: state = 0

    (see the bold lines: verification flags may refer to MBEDTLS_X509_BADCERT_CN_MISMATCH, errno = 113 is ECONNABRT, all reasonable)

    ... but using the up-to-date CA cert this is the only output:

    [00:00:29.529,907] <dbg> download_client: set_state: state = 1
    [00:00:29.529,968] <inf> download_client: Downloading: index.html [0]
    [00:00:29.612,030] <dbg> download_client: client_connect: Port not specified, using default: 443
    [00:00:29.612,030] <dbg> download_client: client_connect: family: 1, type: 1, proto: 258
    [00:00:29.612,731] <inf> download_client: Setting up TLS credentials, sec tag count 1
    [00:00:29.612,762] <inf> download_client: Connecting to https://example.com
    [00:00:29.612,792] <dbg> download_client: client_connect: fd 5, addrlen 8, fam IPv4, port 443

    Not that talkative! MbedTLS doesn't even seem the enter the game. Why is it more verbose when using the bad CA cert?

    This is my current config (remember, I'm using a gsm_ppp-based modem driver):

    CONFIG_HEAP_MEM_POOL_SIZE=300000
    CONFIG_PINCTRL=y
    CONFIG_PM_DEVICE=y
    CONFIG_SYS_CLOCK_TICKS_PER_SEC=1024
    CONFIG_FPU=y
    CONFIG_SERIAL=y
    CONFIG_MAIN_STACK_SIZE=1536
    CONFIG_DOWNLOAD_CLIENT=y
    CONFIG_DOWNLOAD_CLIENT_BUF_SIZE=4096
    CONFIG_DOWNLOAD_CLIENT_STACK_SIZE=4096
    # CONFIG_DOWNLOAD_CLIENT_RANGE_REQUESTS is not set
    CONFIG_DOWNLOAD_CLIENT_LOG_LEVEL_DBG=y
    CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=5000
    CONFIG_MBEDTLS_DEBUG=y
    CONFIG_NRF_CC3XX_PLATFORM=y
    CONFIG_NET_DRIVERS=y
    CONFIG_NET_PPP=y
    CONFIG_NET_PPP_ASYNC_UART=y
    CONFIG_NET_PPP_RINGBUF_SIZE=1536
    # CONFIG_NET_PPP_VERIFY_FCS is not set
    CONFIG_PPP_NET_IF_NO_AUTO_START=y
    CONFIG_NET_PPP_LOG_LEVEL_INF=y
    CONFIG_POSIX_API=y
    CONFIG_NET_BUF_LOG_LEVEL_DBG=y
    CONFIG_NETWORKING=y
    CONFIG_NET_L2_PPP=y
    CONFIG_NET_L2_PPP_OPTION_DNS_USE=y
    CONFIG_NET_L2_PPP_PAP=y
    CONFIG_NET_L2_PPP_OPTION_MRU=y
    CONFIG_NET_L2_PPP_MGMT=y
    CONFIG_NET_IPV4=y
    CONFIG_NET_IPV4_HDR_OPTIONS=y
    CONFIG_NET_TCP=y
    CONFIG_NET_MAX_CONN=6
    CONFIG_NET_MAX_CONTEXTS=8
    CONFIG_NET_CONTEXT_RCVTIMEO=y
    CONFIG_NET_CONTEXT_SNDTIMEO=y
    CONFIG_NET_BUF_RX_COUNT=24
    CONFIG_NET_BUF_TX_COUNT=30
    CONFIG_NET_BUF_DATA_SIZE=160
    CONFIG_NET_MGMT_EVENT_INFO=y
    CONFIG_DNS_RESOLVER=y
    CONFIG_NET_SOCKETS=y
    CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
    CONFIG_TLS_CREDENTIALS_LOG_LEVEL_DBG=y
    CONFIG_PM_DEVICE_RUNTIME=y

    ------------------------------------------------------------------

    Meanwhile I've got inspired by this ticket:

     RE: HTTPS without T-FM and PSA  

    It's a little bit confusing to me what to use if I want to have TLS sockets (HTTPS):

    • use Zephyr's builtin MbedTLS?
    • use NRF_SECURITY?
      • additionally, NORDIC_SECURITY_BACKEND?
    • why to use Oberon?
    • do I need PSA (I don't think so)?;

    In the first try I've decided to enable NRF_SECURITY only. MBEDTLS_ENABLE_HEAP, MBEDTLS_PSA_CRYPTO_C, PSA_WANT_ALG_STREAM_CIPHER, PSA_CRYPTO_DRIVER_OBERON are off. So having this config the output is still the same:

    CONFIG_DOWNLOAD_CLIENT=y
    CONFIG_DOWNLOAD_CLIENT_BUF_SIZE=4096
    CONFIG_DOWNLOAD_CLIENT_STACK_SIZE=4096
    # CONFIG_DOWNLOAD_CLIENT_RANGE_REQUESTS is not set
    CONFIG_DOWNLOAD_CLIENT_LOG_LEVEL_DBG=y
    CONFIG_MBEDTLS_CFG_FILE="config-tls-generic.h"
    CONFIG_MBEDTLS_TLS_VERSION_1_2=y
    # CONFIG_MBEDTLS_SSL_EXPORT_KEYS is not set
    # CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED is not set
    # CONFIG_MBEDTLS_ECP_C is not set
    CONFIG_MBEDTLS_AES_ROM_TABLES=y
    CONFIG_MBEDTLS_SHA256_SMALLER=y
    CONFIG_MBEDTLS_CTR_DRBG_ENABLED=y
    # CONFIG_MBEDTLS_PKCS5_C is not set
    CONFIG_MBEDTLS_DEBUG=y
    # CONFIG_PSA_WANT_ALG_HMAC_DRBG is not set
    # CONFIG_PSA_WANT_ALG_TLS12_PRF is not set
    # CONFIG_PSA_WANT_ALG_TLS12_PSK_TO_MS is not set
    # CONFIG_PSA_WANT_ALG_STREAM_CIPHER is not set
    CONFIG_MBEDTLS_TLS_LIBRARY=y
    CONFIG_MBEDTLS_LEGACY_CRYPTO_C=y
    CONFIG_NRF_CC3XX_PLATFORM=y
    CONFIG_NRF_SECURITY=y
    CONFIG_MBEDTLS_DEBUG_C=y
    # CONFIG_PSA_CRYPTO_DRIVER_OBERON is not set
    CONFIG_NRF_SECURITY_ADVANCED=y
    CONFIG_POSIX_API=y
    # CONFIG_POSIX_MQUEUE is not set
    # CONFIG_EVENTFD is not set
    # CONFIG_FNMATCH is not set
    CONFIG_NETWORKING=y
    CONFIG_NET_L2_PPP=y
    CONFIG_NET_L2_PPP_OPTION_DNS_USE=y
    CONFIG_NET_L2_PPP_PAP=y
    CONFIG_NET_L2_PPP_OPTION_MRU=y
    CONFIG_NET_L2_PPP_MGMT=y
    CONFIG_NET_IPV4=y
    CONFIG_NET_IPV4_HDR_OPTIONS=y
    CONFIG_NET_TCP=y
    CONFIG_NET_MAX_CONN=6
    CONFIG_NET_MAX_CONTEXTS=8
    CONFIG_NET_CONTEXT_RCVTIMEO=y
    CONFIG_NET_CONTEXT_SNDTIMEO=y
    CONFIG_NET_BUF_RX_COUNT=24
    CONFIG_NET_BUF_TX_COUNT=30
    CONFIG_NET_BUF_DATA_SIZE=160
    CONFIG_NET_MGMT_EVENT_INFO=y
    CONFIG_DNS_RESOLVER=y
    CONFIG_NET_SOCKETS=y
    CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
    CONFIG_TLS_CREDENTIALS_LOG_LEVEL_DBG=y
    CONFIG_PM_DEVICE_RUNTIME=y

    And the output:

    [00:00:31.152,496] <dbg> download_client: set_state: state = 1
    [00:00:31.152,526] <inf> download_client: Downloading: index.html [0]
    [00:00:31.337,249] <dbg> download_client: client_connect: Port not specified, using default: 443
    [00:00:31.337,280] <dbg> download_client: client_connect: family: 1, type: 1, proto: 258
    [00:00:31.337,860] <inf> download_client: Setting up TLS credentials, sec tag count 1
    [00:00:31.337,890] <inf> download_client: Connecting to https://example.com
    [00:00:31.337,890] <dbg> download_client: client_connect: fd 5, addrlen 8, fam IPv4, port 443
    [00:00:31.699,371] <err> download_client: Unable to connect, errno 22
    [00:00:31.705,261] <dbg> download_client: set_state: state = 0

    ---------------------------------------------------------

    After enabling NORDIC_SECURITY_BACKEND nothing has changed.

    I'm stuck and would appreciate any help.

    Thanks,

Children
No Data
Related
Terms of service