When nrf9160 is https_client, can I connect to the server without validating the server certificate?

Question

Hi all, 
 
 In the nRF9160 https_Client sample, I was able to connect to the server by provisioning a server-matched root certificate to the nRF9160. 
 Can I connect to an https server without provisioning a certificate on the NRF9160 when security is not a concern? 
 
 When not provisioning a certificate to the nRF9160, it seems to be failing. However, I think I can communicate encrypted with the https server using only the public key provided by the server. 
 Is my idea wrong? 
 Again, I'm not going to discuss security. I would like to know if there is a way to communicate with the https server despite the lack of a certificate on the client side. 
 For example, I think the -k option in Curl is actually doing that. 
 If that is possible, please tell me the procedure in nRF9160. Thank you. 
 
 HW:nRF9160DK 
 FW:modem v1.3.1 
 SDK v1.9.1 
 
 Best Regards, 
 Yukio Oyama

OYAMA YUKIO · Accepted Answer

Hi &Oslash;yvind-san, 
 
 I referred to the thread below. 
 
 https://devzone.nordicsemi.com/f/nordic-q-a/63282/is-it-possible-to-skip-certificate-validation-in-https 
 
 I changed "verify" in tls_setup () to NONE. 
 verify = NONE; //Changed it from REQUIRED 
 I was able to communicate using "https_client" sample without using a root certificate. Thank you. 
 
 Best Regards, 
 Yukio Oyama

OYAMA YUKIO · Answer

Hi &Oslash;yvind-san, 
 
 Thank you for your advice. 
 I followed your advice and changed TLS_PEER_VERIFY to TLS_PEER_VERIFY_NONE. 
 For now, I don't feel any difference from changing only verify. But I will change both verify and TLS_PEER_VERIFY_NONE and proceed with the work. Thank you. 
 
 Best Regards, 
 Yukio Oyama

When nrf9160 is https_client, can I connect to the server without validating the server certificate?

Top Replies