• State Verified Answer
  • Replies 4 replies
  • Subscribers 73 subscribers
  • Views 1324 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 252399
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Is it possible to skip certificate validation in https ?

DucAnh

Like --insecure option in the curl command, i want to skip certificate validation when make a https connection to server, so i have checked all http files in zephyr and there was nothing about skip certificate validation. (Im using nrf sdk 1.3.0)

Does the sdk support skip certificate validation ?

Thanks you!

Parents Reply Children
  • +1 in reply to Simon

    Hi Simon!

    I have changed verify to 0, but the debug log print "Failed to setup peer verification, , err 109" (im using the code from https_client sample for nrf9160 and remove cert_provision). Do you know what this means ?

    Thanks you!

  • +1 in reply to DucAnh

    I just tested this with the https_client sample in NCS v1.3.0. I simply did the following in <..>\ncs\v1.3.0\nrf\samples\nrf9160\https_client\src\main.c-->tls_setup(..)

    /* Set up TLS peer verification */
enum {
	NONE = 0,
	OPTIONAL = 1,
	REQUIRED = 2,
};

verify = NONE; //Changed it from REQUIRED

err = setsockopt(fd, SOL_TLS, TLS_PEER_VERIFY, &verify, sizeof(verify));
if (err) {
	printk("Failed to setup peer verification, err %d\n", errno);
	return err;
}else{
	printk("Successfully set peer verification to: %d\n", verify);
}

    Why did you remove cert_provision()? Even though the domain name won't be verified, I think you still need the keys to encrypt the connection. 

    I am not too familiar with https/tls, so I may be mistaken.

    Best regards,

    Simon

  • 0 in reply to Simon

    Hi Simon, look like it still needs cert_provision even skip certificate-validation.

Related
Terms of service