Hi all!
Since I do not have a system for updating the certificate when changing the server, I decided to disable certificate verification when connecting to the https server. Here is the code:
static int tls_setup(int fd, const char * _addr)
{
/* Set up TLS peer verification */
enum {
NONE = 0,
OPTIONAL = 1,
REQUIRED = 2,
};
int verify = NONE;
int err = setsockopt(fd, SOL_TLS, TLS_PEER_VERIFY, &verify, sizeof(verify));
if (err) {
LOG_ERR("Failed to setup peer verification, err %d", errno);
return err;
}
return 0;
}
Since the certificate is not needed I do not execute the cert_provision function.
Here is the server connection code:
bool net_connect(const char * _addr, uint16_t _port, Socket_t * _out_socket, struct addrinfo **_out_addrinfo)
{
int err;
err = getaddrinfo(_addr, NULL, &m_Hints, _out_addrinfo);
if (err) {
LOG_ERR("getaddrinfo() failed, err %d", errno);
return false;
}
((struct sockaddr_in *)(*_out_addrinfo)->ai_addr)->sin_port = htons(_port);
*_out_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TLS_1_2);
if (*_out_socket == -1) {
LOG_ERR("Failed to open socket!");
clean_up(*_out_socket, _out_addrinfo);
return false;
}
/* Setup TLS socket options */
err = tls_setup(*_out_socket, _addr);
if (err) {
clean_up(*_out_socket, _out_addrinfo);
return false;
}
LOG_INF("Connecting to %s", _addr);
err = connect(*_out_socket, (*_out_addrinfo)->ai_addr, sizeof(struct sockaddr_in));
if (err) {
LOG_ERR("connect() failed, err: %d", errno);
clean_up(*_out_socket, _out_addrinfo);
return false;
}
return true;
}
I end up getting "connect() failed, err: 95" when I try to connect to the server.
I also noticed one feature, on the nrf9160 into which I previously downloaded the certificate, the connection is successful. However, on the new (clean) nrf9160 I get the error "connect() failed, err: 95". It seems that the certificate remains in the modem and therefore on the old nrf9160 I can connect but not on the new one.
As a result, it is not clear how to work without knowing the CA certificate.
Thanks!
