I am tried to access the server using http_client .I am tested that my implementation to access the local server works properly but the thing is i am tried to access the .bin file from azure blob storage for that i am gets the server url with SAS token and add the Digicert Global root cert but i got the error -3b00 while connect to the server. why its happened and can you please share is there any procedure to access the blob storage.Thanks in advance.
Best regards,
Goudam
Hi Gaudam
What function exactly is it that returns this -0x3b00 error? It points to the pubkey tag/value that is invalid, so what is this set to in your project?
Best regards,
Simon
Hi simon,
While using connect() fn to the socket i got this error
Please show the full function. What have you set the pubkey tag or value as in the connect() function of your application?
Best regards,
Simon
I am using DigicertGlobalRoot for the handshake
/* Setup TLS options on a given socket */
int tls_setup()
{
int err = tls_credential_add(HTTP_TLS_SEC_TAG, TLS_CREDENTIAL_CA_CERTIFICATE, DigiCertGlobalRootG2_der,
DigiCertGlobalRootG2_der_len);
if (err == -EEXIST){
printk("Certificate already exists, sec tag: %d", HTTP_TLS_SEC_TAG);
} else if (err < 0) {
printk("Failed to provision server certificate: %d", err);
}
int sock, ret;
struct addrinfo *res = NULL;
struct addrinfo hints = {
.ai_family = AF_INET,
.ai_socktype = SOCK_STREAM
};
/* DNS resolve */
ret = getaddrinfo(SERVER_ADDR, SERVER_PORT, &hints, &res);
if (ret != 0 || !res) {
printk("DNS getaddrinfo failed: %d\n", ret);
return -ENOENT;
}
struct sockaddr_in server;
server.sin_addr.s_addr = ((struct sockaddr_in *)res->ai_addr)->sin_addr.s_addr;
server.sin_family = AF_INET;
server.sin_port = ((struct sockaddr_in *)res->ai_addr)->sin_port;
char ipv4_addr[NET_IPV4_ADDR_LEN];
inet_ntop(AF_INET, &server.sin_addr.s_addr, ipv4_addr, sizeof(ipv4_addr));
freeaddrinfo(res);
/* TLS socket */
sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TLS_1_2);
if (sock < 0) {
printk("socket() failed: %d\n", sock);
return -ENOENT;
}
/* Configure the socket with the security tag for the certificate */
sec_tag_t sec_tag_opt[] = {
HTTP_TLS_SEC_TAG,
};
/* Set up TLS peer verification */
enum {
NONE = 0,
OPTIONAL = 1,
REQUIRED = 2,
};
ret = setsockopt(sock, SOL_TLS, TLS_HOSTNAME,SERVER_ADDR,sizeof(SERVER_ADDR));
if (ret) {
printk("Failed to setup TLS hostname, err %d\n", ret);
return -ENOENT;;
}
/* Configure the socket with the hostname of the HTTP server */
int tls_peer_verify = REQUIRED;
ret = setsockopt(sock, SOL_TLS, TLS_PEER_VERIFY, &tls_peer_verify, sizeof(tls_peer_verify));
if (ret) {
printk("Failed to setup peer verification, err %d\n", errno);
return ret;
}
/* Associate the socket with the security tag
* we have provisioned the certificate with.
*/
ret = setsockopt(sock, SOL_TLS, TLS_SEC_TAG_LIST, sec_tag_opt, sizeof(sec_tag_opt));
if (ret) {
printk("Failed to setup TLS sec tag, err %d\n", ret);
return -ENOENT;
}
ret = connect(sock, (struct sockaddr *)&server, sizeof(struct sockaddr_in));
if (ret < 0) {
printk("Failed to connect for check: %d (errno: %d)\n", ret, errno);
close(sock);
return -ENOENT;
}
return 0;
}
Hi
What is the security tags set to in your project then? Most likely it's the HTTP_TLS_SEC_TAG is set to an invalid value.
Best regards,
Simon
Actually i am missed to add one more intermediate CA from microsoft azure RSA 4096 after add that this issue fixed but i in mqtt also i have some CA while add that i got ENOMEM
And what function is it that reports the ENOMEM error? This error points to there not being enough memory allocated to something, and that you need to increase the allocated memory to what is complaining.
Best regards,
Simon
And what function is it that reports the ENOMEM error? This error points to there not being enough memory allocated to something, and that you need to increase the allocated memory to what is complaining.
Best regards,
Simon
While using the tls_add_credentials() function i got the ENOMEM .I have 5 Certificates is it issue because of that.if it is issue means how to add those certificates
Hi
Can you confirm whethert this is tls_credential_add() function, or is tls_add_credentials() a custom function you've made for your project?
In the tls_credential_add() function, the ca_cert_buf is the limiting buffer that is equal to the size of your certificate. Can you confirm this is the case or not for you as well?
If you try adding multiple credentials while the certification buffer is only limited to the length of a single buffer that might explain the ENOMEM error messages you're seeing.
Best regards,
Simon
Hi simon,
I am using tls_credential_add() function and call this function thrice for add 3 different CA ,after that i got ENOMEM error.
Best regards,
Goudam
tls_credential_add() isn't a function in the SDK by default, so this must be a custom function in your project. I assume that one or more of the certificates exceed the certification buffer, so you need to check that towards the CAs you're using.
Best regards,
Simon