• State Verified Answer
  • +1 person also asked this people also asked this
  • Replies 13 replies
  • Answers 1 answer
  • Subscribers 69 subscribers
  • Views 4837 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 225088
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nRF9160 DK to support https protocol

David Raisfeld

Hi,

I started working with nRF9160 and took AT_Client and added support for my own commands. Additional to that I added HTTP example to it and they are working great together but I need one more thing, I need to add ssl/tls support for http.

I only saw that there are example of mqtt secure socket but I didn't find any documentations about it , Is there a way to add ssl/tls to support https ?

Basically I need to send string to server with https and get response ... ( I prefer that the certificate will got from server instead of hard coded )

Do you have suggestions how to do it best? 

Thanks,

David

Parents
  • 0

    Hi , I finally returned to this problem Slight smile

    My LTE connection work ( I get connection IP ) and http works fine also , but when I try to load my CA certificate this is not working ( this CA certificate work on different platform with the same server ) .

    static int Http_Send(void)
{
	static struct addrinfo hints;
	struct addrinfo *res;
	int st, sock;
        
//#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS)
        if( m_HttpsFlag ){
          tls_credential_add(CA_CERTIFICATE_TAG, TLS_CREDENTIAL_CA_CERTIFICATE, m_Certificate_Total, m_Certificate_Total_Size);
        }
//#endif

        initRequest(m_Request);

	printk("Preparing HTTP GET request\n");

	hints.ai_family = AF_INET;
	hints.ai_socktype = SOCK_STREAM;
	st = getaddrinfo(m_ServerAddress, NULL, NULL, &res);
        ((struct sockaddr_in *)res->ai_addr)->sin_port = htons(m_ServerPort);
	printk("getaddrinfo status: %d\n", st);

	if (st != 0) {
		printk("Unable to resolve address, quitting\n");
		return 1;
	}

	dump_addrinfo(res);


        if( m_HttpsFlag ){
          sock = socket(res->ai_family, res->ai_socktype, IPPROTO_TLS_1_2);
        }else{
          sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
        }

	CHECK(sock);
	printf("sock = %d\n", sock);

        if( m_HttpsFlag ){
          sec_tag_t sec_tag_opt[] = {
                  CA_CERTIFICATE_TAG,
          };
          CHECK(setsockopt(sock, SOL_TLS, TLS_SEC_TAG_LIST,sec_tag_opt, sizeof(sec_tag_opt)));

          CHECK(setsockopt(sock, SOL_TLS, TLS_HOSTNAME,m_ServerAddress, m_serverAddressSize ))
        }
        
        printk("Address Len %d\n",res->ai_addrlen);
        print_string(res->ai_addr,res->ai_addrlen);
	CHECK(connect(sock, res->ai_addr, res->ai_addrlen));
	CHECK(send(sock, m_Request, m_Request_Size, 0));

	printf("Response:\n\n");
	//while (1) {
		int len = recv(sock, m_ServerResponse, sizeof(m_ServerResponse) - 1, 0);

		if (len < 0) {
			printf("Error reading response\n");
			//return 1;
		}else{

                  if (len == 0) {
                          //break;
                  }

                  m_ServerResponse[len] = 0;
                  printf("%s", m_ServerResponse);
                 //break;
                }
	//}
        

	printf("Exit\n");

	(void)close(sock);

	return 0;
}

    When m_HttpsFlag is 0 it work gread on HTTP.

    When m_HttpsFlag is 1 it don't work and get error 

    Preparing HTTP GET request
getaddrinfo status: 0
addrinfo @0x20020478: ai_family=1, ai_socktype=1, ai_protocol=6, sa_family=1, sin_port=bb01
sock = 4
Address Len 8
[01][00][01]»#°פ|
Error: connect(sock, res->ai_addr, res->ai_addrlen)
Error: send(sock, m_Request, m_Request_Size, 0)
Response:

Error reading response
Exit

    Can you help me ?

    Thanks,
    David

  • 0 in reply to Marjeris Romero

    HI, 

    I resovled it using you help ! 

    Instead of using tls_credential_add I used nrf_inbuilt_key_write .

    Also , very important to use nrf_inbuilt_key_write before modem run on. Modem must be turned off.

    Thanks!

    David

Reply Children
No Data
Related