This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nRF9160 DK to support https protocol

Hi,

I started working with nRF9160 and took AT_Client and added support for my own commands. Additional to that I added HTTP example to it and they are working great together but I need one more thing, I need to add ssl/tls support for http.

I only saw that there are example of mqtt secure socket but I didn't find any documentations about it , Is there a way to add ssl/tls to support https ?

Basically I need to send string to server with https and get response ... ( I prefer that the certificate will got from server instead of hard coded )

Do you have suggestions how to do it best? 

Thanks,

David

Parents
  • Hi , I finally returned to this problem Slight smile

    My LTE connection work ( I get connection IP ) and http works fine also , but when I try to load my CA certificate this is not working ( this CA certificate work on different platform with the same server ) .

    static int Http_Send(void)
    {
    	static struct addrinfo hints;
    	struct addrinfo *res;
    	int st, sock;
            
    //#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS)
            if( m_HttpsFlag ){
              tls_credential_add(CA_CERTIFICATE_TAG, TLS_CREDENTIAL_CA_CERTIFICATE, m_Certificate_Total, m_Certificate_Total_Size);
            }
    //#endif
    
            initRequest(m_Request);
    
    	printk("Preparing HTTP GET request\n");
    
    	hints.ai_family = AF_INET;
    	hints.ai_socktype = SOCK_STREAM;
    	st = getaddrinfo(m_ServerAddress, NULL, NULL, &res);
            ((struct sockaddr_in *)res->ai_addr)->sin_port = htons(m_ServerPort);
    	printk("getaddrinfo status: %d\n", st);
    
    	if (st != 0) {
    		printk("Unable to resolve address, quitting\n");
    		return 1;
    	}
    
    	dump_addrinfo(res);
    
    
            if( m_HttpsFlag ){
              sock = socket(res->ai_family, res->ai_socktype, IPPROTO_TLS_1_2);
            }else{
              sock = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
            }
    
    	CHECK(sock);
    	printf("sock = %d\n", sock);
    
            if( m_HttpsFlag ){
              sec_tag_t sec_tag_opt[] = {
                      CA_CERTIFICATE_TAG,
              };
              CHECK(setsockopt(sock, SOL_TLS, TLS_SEC_TAG_LIST,sec_tag_opt, sizeof(sec_tag_opt)));
    
              CHECK(setsockopt(sock, SOL_TLS, TLS_HOSTNAME,m_ServerAddress, m_serverAddressSize ))
            }
            
            printk("Address Len %d\n",res->ai_addrlen);
            print_string(res->ai_addr,res->ai_addrlen);
    	CHECK(connect(sock, res->ai_addr, res->ai_addrlen));
    	CHECK(send(sock, m_Request, m_Request_Size, 0));
    
    	printf("Response:\n\n");
    	//while (1) {
    		int len = recv(sock, m_ServerResponse, sizeof(m_ServerResponse) - 1, 0);
    
    		if (len < 0) {
    			printf("Error reading response\n");
    			//return 1;
    		}else{
    
                      if (len == 0) {
                              //break;
                      }
    
                      m_ServerResponse[len] = 0;
                      printf("%s", m_ServerResponse);
                     //break;
                    }
    	//}
            
    
    	printf("Exit\n");
    
    	(void)close(sock);
    
    	return 0;
    }

    When m_HttpsFlag is 0 it work gread on HTTP.

    When m_HttpsFlag is 1 it don't work and get error 

    Preparing HTTP GET request
    getaddrinfo status: 0
    addrinfo @0x20020478: ai_family=1, ai_socktype=1, ai_protocol=6, sa_family=1, sin_port=bb01
    sock = 4
    Address Len 8
    [01][00][01]»#°פ|
    Error: connect(sock, res->ai_addr, res->ai_addrlen)
    Error: send(sock, m_Request, m_Request_Size, 0)
    Response:
    
    Error reading response
    Exit
    

    Can you help me ?

    Thanks,
    David

  • HI, 

    I resovled it using you help ! 

    Instead of using tls_credential_add I used nrf_inbuilt_key_write .

    Also , very important to use nrf_inbuilt_key_write before modem run on. Modem must be turned off.

    Thanks!

    David

Reply Children
No Data
Related