• State Not Answered
  • Replies 7 replies
  • Subscribers 75 subscribers
  • Views 286 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 344117
Options

nRF5340 + download_client + HTTPS guide needed

Tamas Selmeci

Hello!

I need to use download_client to get files from an HTTPS server. I'm stuck in the implementation process - I'm lost when it comes to TLS etc. I tried to extract some precious details from the example in samples/net/sockets/http_client. MBEDTLS etc are enabled in Kconfig.

The following steps were taken:

1. generated a CA certificate:

openssl genrsa 2048 > ca-key.pem

openssl req -new -x509 -nodes -days 365000 -key ca-key.pem -out ca-cert.pem

2. generated the .DER file:

openssl base64 -d -in ca-cert.pem -out ca-cert.der

3. with my tool (which is quite similar to file2hex.py) it was converted to a C array (static const uint8_t ca_cert[] = {...});

4. included in my source (#include "ca_cert.h");

5. initiated the download:

int cfg_sec_tag_list[] = {1};
struct download_client_cfg cfg = {
 .sec_tag_list = cfg_sec_tag_list,
 .sec_tag_count = ARRAY_SIZE(cfg_sec_tag_list),
 .pdn_id = 0,
 .frag_size_override = 0,
 .set_tls_hostname = 0,
};

...
...

tls_credential_add(cfg_sec_tag_list[0],
 TLS_CREDENTIAL_CA_CERTIFICATE,
 ca_cert,
 sizeof(ca_cert));
download_client_init(&dlc, c_cb);
download_client_get(&dlc, "">https://my.url/file", &cfg, NULL, 0);

6. got these results:

[00:00:28.969,543] <dbg> download_client: set_state: state = 1
[00:00:28.969,573] <inf> download_client: Downloading: https://my.url/file [0]
[00:00:29.183,044] <dbg> download_client: client_connect: Port not specified, using default: 443
[00:00:29.183,074] <dbg> download_client: client_connect: family: 1, type: 1, proto: 258
[00:00:29.183,715] <inf> download_client: Setting up TLS credentials, sec tag count 1
[00:00:29.183,746] <inf> download_client: Connecting to https://my.url/file
[00:00:29.183,776] <dbg> download_client: client_connect: fd 5, addrlen 8, fam IPv4, port 443
[00:00:29.412,231] <err> download_client: Unable to connect, errno 22
[00:00:29.412,658] <dbg> download_client: set_state: state = 0

--------------------------------------------------------------------

I believe this must be something TLS-related, but I'm very rookie in this field.

Please give me a guide how to setup download_client to be able to get files via HTTPS on the simplest way. 

  • 0 in reply to Simonr
    Simonr said:
    I see you're on NCS v2.4.1, which is indeed from before we added support for this into the SDK

    So if I'm getting this right, NCS-2.4.1 doesn't even support HTTPS despite it contains NRF Securtiy, MbedTLS etc?

    Simonr said:
    Have you gotten anywhere with the case over the last days or are you still struggling with TLS sockets?

    I was redirected to a more urgent project during the recent days. What I did before is traced down the socket operations and got some partial success, but honestly, I've spent many hours trying to assemble the proper Kconfig combination of MbedTLS, NRF_Security, PSA, Oberon etc. and it's still quite confusing to me which one to use if I just want some X509 handling + TLS sockets.

    If you can confirm that NCS-2.4.1 is definitely inappropriate for HTTPS sockets (using download_client), I stop wasting my time and consider moving to NCS-2.7.0 or later.

    By the way, I'd also think it's a good idea to switch to the latest NCS, but I'm worried that too many things have changed since 2.4.1 and have to spend a lot of time setting up everything again (build system, our applications)...

  • 0

    Hi

    Correct, NCS 2.4.1 did not have support for https. You should move to a later version. While you're at migrating to a newer SDK you should consider moving to the latest version (NCS v3.0.0) as we have migration guides for each of the major releases available. Important to note that we migrated to sysbuild in NCS 2.7.0. In 2.7.0 you can use both sysbuild and the multi-image builds, but in the latest versions only sysbuild will be supported.

    Best regards,

    Simon

Related
Terms of service