Hi all!
Since I do not have a system for updating the certificate when changing the server, I decided to disable certificate verification when connecting to the https server. Here is the code:
static int tls_setup(int fd, const char * _addr) { /* Set up TLS peer verification */ enum { NONE = 0, OPTIONAL = 1, REQUIRED = 2, }; int verify = NONE; int err = setsockopt(fd, SOL_TLS, TLS_PEER_VERIFY, &verify, sizeof(verify)); if (err) { LOG_ERR("Failed to setup peer verification, err %d", errno); return err; } return 0; }
Since the certificate is not needed I do not execute the cert_provision function.
Here is the server connection code:
bool net_connect(const char * _addr, uint16_t _port, Socket_t * _out_socket, struct addrinfo **_out_addrinfo) { int err; err = getaddrinfo(_addr, NULL, &m_Hints, _out_addrinfo); if (err) { LOG_ERR("getaddrinfo() failed, err %d", errno); return false; } ((struct sockaddr_in *)(*_out_addrinfo)->ai_addr)->sin_port = htons(_port); *_out_socket = socket(AF_INET, SOCK_STREAM, IPPROTO_TLS_1_2); if (*_out_socket == -1) { LOG_ERR("Failed to open socket!"); clean_up(*_out_socket, _out_addrinfo); return false; } /* Setup TLS socket options */ err = tls_setup(*_out_socket, _addr); if (err) { clean_up(*_out_socket, _out_addrinfo); return false; } LOG_INF("Connecting to %s", _addr); err = connect(*_out_socket, (*_out_addrinfo)->ai_addr, sizeof(struct sockaddr_in)); if (err) { LOG_ERR("connect() failed, err: %d", errno); clean_up(*_out_socket, _out_addrinfo); return false; } return true; }
I end up getting "connect() failed, err: 95" when I try to connect to the server.
I also noticed one feature, on the nrf9160 into which I previously downloaded the certificate, the connection is successful. However, on the new (clean) nrf9160 I get the error "connect() failed, err: 95". It seems that the certificate remains in the modem and therefore on the old nrf9160 I can connect but not on the new one.
As a result, it is not clear how to work without knowing the CA certificate.
Thanks!