• State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 74 subscribers
  • Views 965 views
  • Users 0 members are here
Attachments (2) Download All
Nordic Case Info
  • Case ID: 283578
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot Connect to Googleapis.com

jdorn

Hello,

I am trying to use googleapis.com to perform cell and wifi geolocation and am having trouble connecting.

I am using a custom board with a nRF9160 chip and the 1.6.1 version of the sdk. The latest VS Code pack is my IDE/compiler.

My code is based off of the https_client sample.

I am able to connect to Skyhookwireless and UnwiredLabs and use their services to geolocate, but whenever I try to connect to Googleapis, the connect() function gives me one of the following errors:

#define  EOPNOTSUPP      95  /* Operation not supported on transport endpoint */
#define  ECONNREFUSED   111  /* Connection refused */

I considered that it might be a certificate issue so I attempted to use a certificate returned by openssl s_client www.googleapis.com:443. I was unable connect to google with that certificate, but I was able to connect to skyhook with it.

Any assistance would be much appreciated. 

Parents
  • 0

    Hi Jeremy,

    I also feel it is a certificate issue, but I do not quite understand your attempt.

    Like the HTPPS client sample, you need to replace the certificate in the samples/nrf9160/https_client/cert with the root CA used by google API in order to build HTTPS connection. I did not find a document specifically for IoT devices. You can find the introduction document and root CA resources from the following links provided by Google:

    Google Online Security Blog: Google, HTTPS, and device compatibility (googleblog.com)

    Google Trust Services | Repository (pki.goog)

    I also suggest you play the API on PC first to make sure it works, it is much easier to debug on nRF9160 when you get familiar with the API.

    Best regards,

    Charlie

  • 0 in reply to Charlie

    I have attempted half a dozen different certificates from the source you linked (from different levels and of different types), and none of them worked. all gave the EOPNOTSUPP 95 error. 

    I (again) was able to use some (all of the ones I tested) of them to connect to Skyhook, so I know I loaded them onto my device successfully.


    I am not at the point of using their REST API, but I am fully confident in my ability to do so once I can connect to the website.

Reply
  • 0 in reply to Charlie

    I have attempted half a dozen different certificates from the source you linked (from different levels and of different types), and none of them worked. all gave the EOPNOTSUPP 95 error. 

    I (again) was able to use some (all of the ones I tested) of them to connect to Skyhook, so I know I loaded them onto my device successfully.


    I am not at the point of using their REST API, but I am fully confident in my ability to do so once I can connect to the website.

Children
  • 0 in reply to jdorn

    Here is how I reproduced my issue using the HTTPS_Client example:

    1) change the Host section in the HTTP_HEAD to www.googleapis.com:443
    #define HTTP_HEAD                                                              \
    "HEAD / HTTP/1.1\r\n"                                                  \
    "Host: www.googleapis.com:443\r\n"                                            \
    "Connection: close\r\n\r\n"
    2) use one of google's root certificates (I used the GTS R1 Root CA from the google trust services linked above).
    static const char cert[] = {
    #include "../cert/gtsr1.pem"
};
    3) set getaddrinfo to use googleapis.com

        err = getaddrinfo("www.googleapis.com", NULL, &hints, &res);
    if (err) {
        printk("getaddrinfo() failed, err %d\n", errno);
        return;
    }

    4) run the program and get the "connect() failed, err: 95" error message.
    note: attached is the certificate I used.
  • 0 in reply to jdorn

    Also, I have tested the google API using a program on my PC called Postman and was able to do so without any issue.

  • +1 in reply to jdorn

    Hi Jeremy,

    I did some tests on my device and it works without issue. Here are some key points:

    1. GTS Root R1 Root CA from Google Trust Services | Repository (pki.goog) is the correct choice.
    2. You POST request format should be correct like the following example, also pay attention when you need to add data to the body.
      #define HTTP_HEAD  \
	"POST /geolocation/v1/geolocate?key=AIzaSyDTWlOdSDqsIp9txDnIqzD9UFBKe8xcmfs HTTP/1.1\r\n"\
	"Host: www.googleapis.com\r\n"  \
	"Content-Length: 0\r\n"  \
	"Connection: close\r\n\r\n"

    You can test with the attached project file and remember to replace the API key with your own and enable the Geolocation service(https://console.cloud.google.com/apis). You will get something like this from the printout:

    2022-02-09T14:27:42.878Z DEBUG modem << *** Booting Zephyr OS build v2.7.0-ncs1  ***
2022-02-09T14:27:42.884Z DEBUG modem << HTTPS client sample started
2022-02-09T14:27:42.952Z DEBUG modem << Certificate match
2022-02-09T14:27:44.584Z DEBUG modem << Waiting for network.. OK
2022-02-09T14:27:44.658Z DEBUG modem << Connecting to www.googleapis.com
2022-02-09T14:27:46.568Z DEBUG modem << Sent 151 bytes
2022-02-09T14:27:46.783Z DEBUG modem << Received 661 bytes
2022-02-09T14:27:46.786Z DEBUG modem << HTTP/1.1 200 OK
2022-02-09T14:27:46.793Z DEBUG modem << Content-Type: application/json; charset=UTF-8
2022-02-09T14:27:46.794Z DEBUG modem << Vary: X-Origin
2022-02-09T14:27:46.794Z DEBUG modem << Vary: Referer
2022-02-09T14:27:46.795Z DEBUG modem << Date: Wed, 09 Feb 2022 14:27:46 GMT
2022-02-09T14:27:46.798Z DEBUG modem << Server: scaffolding on HTTPServer2
2022-02-09T14:27:46.800Z DEBUG modem << Cache-Control: private
2022-02-09T14:27:46.801Z DEBUG modem << X-XSS-Protection: 0
2022-02-09T14:27:46.804Z DEBUG modem << X-Frame-Options: SAMEORIGIN
2022-02-09T14:27:46.812Z DEBUG modem << X-Content-Type-Options: nosniff
2022-02-09T14:27:46.827Z DEBUG modem << Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
2022-02-09T14:27:46.828Z DEBUG modem << Accept-Ranges: none
2022-02-09T14:27:46.829Z DEBUG modem << Vary: Origin,Accept-Encoding
2022-02-09T14:27:46.830Z DEBUG modem << Connection: close
2022-02-09T14:27:46.832Z DEBUG modem << Transfer-Encoding: chunked
2022-02-09T14:27:46.833Z DEBUG modem << 66
2022-02-09T14:27:46.833Z DEBUG modem << {
2022-02-09T14:27:46.834Z DEBUG modem <<   "location": {
2022-02-09T14:27:46.836Z DEBUG modem <<     "lat": xx.0389059,
2022-02-09T14:27:46.844Z DEBUG modem <<     "lng": xx.7253719
2022-02-09T14:27:46.846Z DEBUG modem <<   },
2022-02-09T14:27:46.847Z DEBUG modem <<   "accuracy": 96092.638112573768
2022-02-09T14:27:46.848Z DEBUG modem << }
2022-02-09T14:27:46.849Z DEBUG modem << 0
2022-02-09T14:27:46.850Z DEBUG modem << > HTTP/1.1 200 OK
2022-02-09T14:27:46.851Z DEBUG modem << Finished, closing socket.

    ncs180_nrf9160_https_client_googleapis.zip

    Best regards,

    Charlie

Related
Terms of service