Need to clarification on nrf http server example

Hello,

Sorry, I was out of the office yesterday, which caused the delay in responding to this issue.

From the shared logs, it looks like Wi-Fi is not connected, although the sample you flashed is working. I believe this is because the Wi-Fi credentials have not been configured. This is mentioned in the documentation for the sample. Please also refer to the Wi-Fi credential library.

The difference between the Zephyr HTTP sample and the Nordic sample is that our SDK sample is tailored for Nordic boards and includes overlays for running on our boards. The Zephyr sample, on the other hand, is a more generic example showcasing the HTTP server library.

Kind regards,
Abhijith

Thanks! I managed to get the Wi-Fi connectivity working successfully. However, I'm now trying to send data over HTTP with TLS-PSK, but I'm encountering an error."

*** Booting nRF Connect SDK v3.1.0-6c6e5b32496e ***
*** Using Zephyr OS v4.1.99-1612683d4010 ***
[00:00:00.513,641] <inf> http_server: HTTP Server sample started
[00:00:00.514,373] <inf> wifi_supplicant: wpa_supplicant initialized
[00:00:00.557,006] <inf> http_server: Network interface brought up
Connected
[00:00:22.569,335] <inf> http_server: Network connected
[00:00:22.570,434] <inf> http_server: Waiting for IPv6 HTTP connections on port 443, sock 12
[00:00:22.571,228] <inf> http_server: Waiting for IPv4 HTTP connections on port 443, sock 15
uart:~$ 
---- Sent utf8 encoded message: "net ipv4\r" ----
net ipv4
IPv4 support                              : enabled
IPv4 fragmentation support                : disabled
IPv4 conflict detection support           : disabled
Path MTU Discovery (PMTU)                 : disabled
Max number of IPv4 network interfaces in the system          : 1
Max number of unicast IPv4 addresses per network interface   : 1
Max number of multicast IPv4 addresses per network interface : 2

IPv4 addresses for interface 1 (0x200013c8) (WiFi)
================================================
Type            State           Ref     Address
DHCP    preferred       1       10.250.23.68/255.255.255.0
[00:01:09.488,677] <err> http_server: Error in accept -2, try again
[00:01:36.104,064] <err> http_server: Error in accept -2, try again
[00:02:34.461,883] <err> http_server: Error in accept -2, try again
[00:03:35.459,259] <err> http_server: Error in accept -2, try again

/*
 * Copyright (c) 2024 Nordic Semiconductor ASA
 *
 * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
 */

#include <zephyr/kernel.h>
#include <zephyr/net/tls_credentials.h>
#include <zephyr/logging/log.h>
#include <zephyr/logging/log_ctrl.h>

static const unsigned char server_certificate[] = {
#if defined(HTTP_SERVER_CA_CERT)
#include HTTP_SERVER_CA_CERT

/* Null terminate certificate */
(0x00)
#else
""
#endif
};

static const unsigned char server_private_key[] = {
#if defined(HTTP_SERVER_PRIVATE_KEY)
#include HTTP_SERVER_PRIVATE_KEY

/* Null terminate certificate */
(0x00)
#else
""
#endif
};

static const unsigned char psk[] = {0x01, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f};
static const char psk_id[] = "PSK_identity";

#define PSK_TAG 42

LOG_MODULE_REGISTER(http_server_credentials_provision, CONFIG_HTTP_SERVER_SAMPLE_LOG_LEVEL);
int credentials_provision(void)
{
	int ret;

	ret = tls_credential_add(PSK_TAG,
				 TLS_CREDENTIAL_PSK_ID,
				 psk_id,
				 sizeof(psk_id));

	if (ret == -EEXIST) {
		LOG_DBG("CA certificate already exists, sec tag: %d",
			CONFIG_HTTP_SERVER_SAMPLE_SERVER_CERTIFICATE_SEC_TAG);
	} else if (ret < 0) {
		LOG_ERR("Failed to register CA certificate: %d", ret);
		return ret;
	}

	ret = tls_credential_add(PSK_TAG,
				 TLS_CREDENTIAL_PSK,
				 psk,
				 sizeof(psk));
	if (ret == -EEXIST) {
		LOG_DBG("Public certificate already exists, sec tag: %d",
			CONFIG_HTTP_SERVER_SAMPLE_SERVER_CERTIFICATE_SEC_TAG);
	} else if (ret < 0) {
		LOG_ERR("Failed to register public certificate: %d", ret);
		return ret;
	}

	// ret = tls_credential_add(CONFIG_HTTP_SERVER_SAMPLE_SERVER_CERTIFICATE_SEC_TAG,
	// 			 TLS_CREDENTIAL_PRIVATE_KEY,
	// 			 server_private_key, sizeof(server_private_key));

	// if (ret == -EEXIST) {
	// 	LOG_DBG("Private key already exists, sec tag: %d",
	// 		CONFIG_HTTP_SERVER_SAMPLE_SERVER_CERTIFICATE_SEC_TAG);
	// } else if (ret < 0) {
	// 	LOG_ERR("Failed to register private key: %d", ret);
	// 	return ret;
	// }

	return 0;
}

openssl s_client -connect 10.250.23.68:443 -tls1_2 \
  -psk 010102030405060708090a0b0c0d0e0f \
  -psk_identity "PSK_identity"
CONNECTED(00000003)
40A7A17E5C790000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:../ssl/record/rec_layer_s3.c:316:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 247 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1757932743
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---

Hello,

I’m glad to hear that your Wi-Fi provisioning problem has been resolved. For this new issue, I recommend creating a separate ticket, as it is different from the original query you raised. This helps keep DevZone organized and makes it easier for others to find relevant information in the future.

Kind regards,
Abhijith