• State Not Answered
  • Replies 62 replies
  • Subscribers 76 subscribers
  • Views 5784 views
  • Users 0 members are here
Attachments (28) Download All
Nordic Case Info
  • Case ID: 345781
Options

Enabling the TLS layer to get a HTTPS connection going.

Tudor B.

7343.nrf7002dk_nrf5340_cpuapp_ns.conf3124.prj.confHello everyone.

WE're trying to make a https connection with google.com and execute a GET request.

Wifi connection is working; DHCP seems to be working (my personal assumption given the log message we get: "Resolved: [(1, 1, 6, '', ('142.250.201.206', 443))]" which indicates that getaddrinfo() works); but when trying to initiate the socket via TLS, something strange happens: we get the error "OSError: 109".

Inserting some debug prints inside subsys/net/lib/sockets/, we found the culprit to be the function "int zsock_setsockopt_ctx(struct net_context *ctx, int level, int optnameconst void *optval, socklen_t optlen)".

The function call that triggers error 109 is:  res = setsockopt(socket->ctx, SOL_TLS, TLS_PEER_VERIFY, &verify, sizeof(verify));

No matter what other option we try to set via setsockopt(), it will fail with the 109 error since the implementation for setsockopt() is somehow set to sockets_inet.c (whose implementation does not recognise SOL_TLS as a valid in its switches) instead of sockets_tls.c (which has handling for SOL_TLS in its switches). My personal hunch is that the config options set in the project are somehow wrong. Can someone please take a look over our .conf files? Maybe we can find the culprit. :)

We can provide any extra code snippets that are necessary for debugging and/ or run any tests. Have a great day and hope to hear from you soon!

  • 0 in reply to Tudor B.

    After injecting A LOT MORE debug code, I've reached this:
    /opt/nordic/ncs/v3.0.0/zephyr/lib/os/fdtable.c: static int _find_fd_entry(void)

    The contents of the function:

    static int _find_fd_entry(void)
{
	int fd;
	for (fd = 0; fd < ARRAY_SIZE(fdtable); fd++) {
		if (!atomic_get(&fdtable[fd].refcount)) {
			return fd;
		}
	}
	printk("Dead here...21\n");
	errno = ENFILE;
	return -1;
}

    Notice the print that I've inserted in the function, because here's the log:

    >>> s = None
>>> s = socket.socket()
Trying to initialize socket...
Family: 1, socktype: 1, proto: 258
Dead here...15
[00:00:58.780,853] <dbg> net_sock_tls: tls_alloc: (mp_main): Allocated TLS context, 0x2000a0d0
Dead here...17
Dead here...21
Dead here...17.5: -1
Dead here...20
Returned value: -1
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
OSError: 23

    So it seems that this function is the one that throws the ENFILE error. Also this answers your question about how certain I am that this is truly an errno. Now we can be certain. :D

    I'll try digging deeper to see what makes this function throw that errno. Any support is much appreciated.

  • 0 in reply to Tudor B.

    A breakthrough happened! It seems that I had to increase CONFIG_ZVFS_OPEN_MAX even more!

    By setting:

    CONFIG_NET_SOCKETS_POLL_MAX=20
CONFIG_ZVFS_OPEN_MAX=20

    I managed to move forward a bit! The new log is:

    >>> s = None
>>> s = socket.socket()
Trying to initialize socket...
Family: 1, socktype: 1, proto: 258
Allocated fd: 15
[00:01:37.937,255] <dbg> net_sock_tls: tls_alloc: (mp_main): Allocated TLS context, 0x2000a190
Allocated fd: 16
[00:01:37.952,911] <dbg> net_sock: zsock_socket_internal: (mp_main): socket: ctx=0x2000b0e8, fd=16
Returned value: 15
Done initializing socket!
>>>
>>>
>>>
>>> print("Connecting to:", result[0][-1])
Connecting to: ('142.250.201.206', 443)
>>> s.connect(result[0][-1])
DNS message size: 44
DNS message content (hex):af 84 81 80 00 01 00 01 00 00 00 00 06 67 6f 6f 67 6c 65 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 4a 00 04 8e fa c9 ce
[00:01:52.708,740] <dbg> mbedtls: zephyr_mbedtls_debug: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:1331: The SSL configuration is tls12 only.
[00:01:52.723,052] <err> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:1401: alloc(zu bytes) failed
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
OSError: [Errno 12] ENOMEM
>>> print("TCP Connected.")
[00:02:02.875,854] <dbg> net_sock: zsock_received_cb: (rx_q[0]): ctx=0x2000b0e8, pkt=(nil), st=0, user_data=(nil)
[00:02:02.886,566] <dbg> net_sock: zsock_received_cb: (rx_q[0]): Marked socket 0x2000b0e8 as peer-closed

    (for brevity's sake, I removed some of the "Dead here..." messages that I've inserted)

  • 0 in reply to Tudor B.

    Slight problem with the library. In the file ssl_tls.c, inside the function "mbedtls_ssl_setup()", the line:

    MBEDTLS_SSL_DEBUG_MSG(1, ("alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len));
    actually prints what you saw in my logs:
    [00:00:36.237,976] <err> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:1402: alloc(zu bytes) failed
    I inserted my own debug code above:
    printk("Dead here...55. Tried to allocate %d bytes and failed\n", in_buf_len);
    and it printed:
    Dead here...55. Tried to allocate 16717 bytes and failed
    The way things are looking, I think we need to find a solution to reduce the RAM usage since we're currently at:
    RAM:      383248 B       416 KB     89.97%
  • 0 in reply to Tudor B.

    Hi!

     

    Great to hear that you fixed the socket issue.

    Tudor B. said:
    actually prints what you saw in my logs:
    [00:00:36.237,976] <err> mbedtls: WEST_TOPDIR/modules/crypto/mbedtls/library/ssl_tls.c:1402: alloc(zu bytes) failed
    I inserted my own debug code above:
    printk("Dead here...55. Tried to allocate %d bytes and failed\n", in_buf_len);
    and it printed:
    Dead here...55. Tried to allocate 16717 bytes and failed

    Could you share the full .config file? I suspect the configured mbedtls heap is too low here.

    Tudor B. said:
    The way things are looking, I think we need to find a solution to reduce the RAM usage since we're currently at:
    RAM:      383248 B       416 KB     89.97%

    You have enabled station and softap, where as only softap uses approx. 222kB RAM, as shown here:

    https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/protocols/wifi/sap_mode/mem_requirements_sap.html

    In addition, mbedtls will add approx. 80 kB.

     

    Your memory fit is tight, especially when adding micropython into the feature list.

     

    Kind regards,

    Håkon

  • 0 in reply to Håkon Alseth

    We can drop the AP mode (comment it out) and make an internal note akin to: "if you want sockets and https communication -> AP off; AP on -> sockets and https off".

    8360.nrf7002dk_nrf5340_cpuapp_ns.conf

    8787.prj.conf

Related
Terms of service