Adaption to TCP+TLS on top of OpenThread.

Hi All,

I am currently working on establishing a thread network to communicate to our http server:https://mainnet.incubed.net). In order to setting up that I took echo_client and http_client sample and adapted to our need. Below diagram is my network configuration with RPi connected with ethernet. 

I was successful in pinging the http server from thread network. Here I wanted to send TCP packets to remote server via OT network. 

I am novice to networking topics so it is really hard for me to understand and interpret the logs from the thread device. Below given is the log from the one node:

Fullscreen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[00:00:00.396,331] <inf> ieee802154_nrf5: nRF5 802154 radio initialized
[00:00:00.396,728] <dbg> net_tcp: net_tcp_init: (main): Workq started. Thread ID: 0x20008378
[00:00:00.411,651] <inf> fs_nvs: 2 Sectors of 4096 bytes
[00:00:00.411,682] <inf> fs_nvs: alloc wra: 0, fe8
[00:00:00.411,682] <inf> fs_nvs: data wra: 0, 0
[00:00:00.412,994] <inf> net_l2_openthread: State changed! Flags: 0x00038200 Current role: disabled
[00:00:00.418,487] <inf> net_config: Initializing network
[00:00:00.418,487] <inf> net_config: Waiting interface 1 (0x20000a08) to be up...
[00:00:30.419,189] <err> net_config: Timeout while waiting network interface
[00:00:30.419,219] <err> net_config: Network initialization failed (-115)
[00:00:30.419,525] <inf> in3_ot: Waiting for host to be ready to communicate
[00:00:30.423,675] <inf> usb_cdc_acm: Device suspended
[00:00:30.621,520] <inf> usb_cdc_acm: Device resumed
[00:00:30.737,701] <inf> usb_cdc_acm: Device suspended
[00:00:30.945,312] <inf> usb_cdc_acm: Device resumed
[00:00:31.006,927] <inf> usb_cdc_acm: Device configured
[00:00:44.243,072] <inf> net_l2_openthread: State changed! Flags: 0x00004000 Current role: disabled
[00:00:44.243,713] <inf> net_l2_openthread: State changed! Flags: 0x00020000 Current role: disabled
[00:00:44.243,804] <inf> net_l2_openthread: State changed! Flags: 0x00040000 Current role: disabled
[00:00:44.243,896] <inf> net_l2_openthread: State changed! Flags: 0x00000100 Current role: disabled
[00:00:44.247,131] <inf> net_l2_openthread: State changed! Flags: 0x00010000 Current role: disabled
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Can someone tell me what is happening here and what I did wrong or not taken into my consideration. 

Regards

Vipin Das

Parents
  • Hi,

    Can you share the code where you are sending the packet?

    Did you set CONFIG_OPENTHREAD_TCP_ENABLE=y in prj.conf?

    Best regards,

    Marte

  • Hi Marte,

    Yes I set the CONFIG_OPENTHREAD_TCP_ENABLE=y in my pro.conf. 

    My pro.conf:

    Fullscreen
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    # Network shell
    CONFIG_NET_SHELL=y
    CONFIG_SHELL=y
    CONFIG_SHELL_ARGC_MAX=26
    CONFIG_SHELL_CMD_BUFF_SIZE=416
    CONFIG_ASSERT=y
    CONFIG_ASSERT_NO_COND_INFO=y
    CONFIG_MBEDTLS_SHA1_C=n
    # Default PRNG entropy for nRF53 Series devices is CSPRNG CC312
    # which for that purpose is too slow yet
    # Use Xoroshiro128+ as PRNG
    CONFIG_XOROSHIRO_RANDOM_GENERATOR=y
    # Logging
    CONFIG_NET_LOG=y
    CONFIG_NET_STATISTICS=y
    CONFIG_PRINTK=y
    CONFIG_CONSOLE=y
    CONFIG_LOG=y
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    As I mentioned above, I have tried using echo_client sample as well as http_client sample. 

    code snippet from http_client:

    Fullscreen
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    static int send_https_post(char* msg, int len) {
    struct sockaddr_in6 addr6;
    int sock6 = -1;
    int32_t timeout = 3 * MSEC_PER_SEC;
    int ret = 0;
    int port = HTTP_PORT;
    #if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS)
    ret = tls_credential_add(CA_CERTIFICATE_TAG, TLS_CREDENTIAL_CA_CERTIFICATE, ca_certificate, sizeof(ca_certificate));
    if (ret < 0) {
    LOG_ERR("Failed to register public certificate: %d", ret);
    return ret;
    }
    port = HTTPS_PORT;
    #endif
    if (IS_ENABLED(CONFIG_NET_IPV6)) {
    ret = connect_socket(AF_INET6, SERVER_ADDR6, port, &sock6, (struct sockaddr*) &addr6, sizeof(addr6));
    if (ret < 0) {
    LOG_ERR("Failed to connect to socket");
    return ret;
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    code snippet from echo_client:

    Fullscreen
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    static ssize_t sendall(int sock, const void* buf, size_t len) {
    while (len) {
    ssize_t out_len = send(sock, buf, len, 0);
    if (out_len < 0) {
    return out_len;
    }
    buf = (const char*) buf + out_len;
    len -= out_len;
    }
    return 0;
    }
    static int send_tcp_request(struct netif_info* netif, char* msg, int msg_len) {
    int ret;
    LOG_DBG("send tcp packet");
    do {
    netif->tcp.expecting = sys_rand32_get() % msg_len;
    } while (netif->tcp.expecting == 0U);
    netif->tcp.received = 0U;
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    Adding few more logs from http client sample: 

    1. Log without TLS: 

    Fullscreen
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    [00:00:46.867,492] <dbg> net_tcp: tcp_conn_ref: (main): conn: 0x20031098, ref_count: 1
    [00:00:46.867,553] <dbg> net_tcp: tcp_conn_alloc: (main): conn: 0x20031098
    [00:00:46.867,584] <dbg> net_sock: zsock_socket_internal: (main): socket: ctx=0x200109f8, fd=0
    [00:00:46.867,736] <dbg> net_ctx: net_context_bind: (main): Context 0x200109f8 binding to TCP [::]:41102 iface 1 (0x20000ab0)
    [00:00:46.867,828] <dbg> net_tcp: net_tcp_connect: (main): context: 0x200109f8, local: ::, remote: fd97:6739:93e:2::a756:5ef8
    [00:00:46.867,950] <dbg> net_tcp: net_tcp_connect: (main): conn: 0x20031098 src: fd11:22::b348:1bf4:ff33:58ce, dst: fd97:6739:93e:2::a756:5ef8
    [00:00:46.868,103] <dbg> net_conn: conn_register_debug: (main): [0x20010e94/6/2/0x3f] remote fd97:6739:93e:2::a756:5ef8/80
    [00:00:46.868,133] <dbg> net_conn: conn_register_debug: (main): local ::/41102 cb 0x16e91 ud 0x200109f8
    [00:00:46.868,286] <dbg> net_tcp: tcp_in: (main): [LISTEN Seq=1626007064 Ack=0]
    [00:00:46.868,530] <dbg> net_tcp: tcp_out_ext: (main): SYN Seq=1626007064 Len=0
    [00:00:46.868,713] <dbg> net_tcp: tcp_send_process_no_lock: (main): SYN Seq=1626007064 Len=0
    [00:00:46.868,927] <dbg> net_tcp: tcp_send: (main): SYN Seq=1626007064 Len=0
    [00:00:46.869,049] <dbg> net_tcp: tcp_in: (main): LISTEN->SYN_SENT
    [00:00:46.871,093] <dbg> net_conn: net_conn_input: (rx_q[0]): Check TCP listener for pkt 0x20030448 src port 80 dst port 34062 family 2
    [00:00:46.871,124] <dbg> net_conn: net_conn_input: (rx_q[0]): No match found.
    [00:00:46.922,668] <dbg> net_conn: net_conn_input: (rx_q[0]): Check TCP listener for pkt 0x20030448 src port 80 dst port 41102 family 2
    [00:00:46.922,729] <dbg> net_conn: net_conn_input: (rx_q[0]): [0x20010e94] match found cb 0x16e91 ud 0x200109f8 rank 0x3f
    [00:00:46.923,065] <dbg> net_tcp: tcp_in: (rx_q[0]): SYN,ACK Seq=1973167572 Ack=1626007065 Len=0 [SYN_SENT Seq=1626007065 Ack=0]
    [00:00:46.923,095] <dbg> net_tcp: tcp_options_check: (rx_q[0]): len=4
    [00:00:46.923,126] <dbg> net_tcp: tcp_options_check: (rx_q[0]): opt: 2, opt_len: 4
    [00:00:46.923,156] <dbg> net_tcp: tcp_options_check: (rx_q[0]): MSS=1460
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    2. Log with TLS:

    Fullscreen
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    [00:00:31.012,329] <inf> usb_cdc_acm: Device configured
    [00:00:56.555,480] <inf> net_l2_openthread: State changed! Flags: 0x00004000 Current role: disabled
    [00:00:56.556,121] <inf> net_l2_openthread: State changed! Flags: 0x00020000 Current role: disabled
    [00:00:56.556,213] <inf> net_l2_openthread: State changed! Flags: 0x00040000 Current role: disabled
    [00:00:56.556,304] <inf> net_l2_openthread: State changed! Flags: 0x00000100 Current role: disabled
    [00:00:56.559,539] <inf> net_l2_openthread: State changed! Flags: 0x00010000 Current role: disabled
    [00:00:56.559,631] <inf> net_l2_openthread: State changed! Flags: 0x00008000 Current role: disabled
    [00:00:56.560,150] <inf> net_l2_openthread: State changed! Flags: 0x10000000 Current role: disabled
    [00:00:56.560,394] <inf> net_l2_openthread: State changed! Flags: 0x10000000 Current role: disabled
    [00:00:56.561,462] <inf> net_l2_openthread: State changed! Flags: 0x00001000 Current role: disabled
    [00:00:56.561,798] <inf> net_l2_openthread: State changed! Flags: 0x00000001 Current role: disabled
    [00:00:56.561,981] <inf> net_l2_openthread: State changed! Flags: 0x00000008 Current role: disabled
    [00:00:56.562,133] <inf> net_l2_openthread: State changed! Flags: 0x01000000 Current role: disabled
    [00:00:56.562,255] <inf> net_l2_openthread: State changed! Flags: 0x00000004 Current role: detached
    [00:00:56.562,377] <inf> net_l2_openthread: State changed! Flags: 0x00000001 Current role: detached
    [00:00:56.562,622] <inf> net_l2_openthread: State changed! Flags: 0x00001000 Current role: detached
    [00:00:56.562,866] <inf> net_l2_openthread: State changed! Flags: 0x00001000 Current role: detached
    [00:00:56.563,110] <inf> net_l2_openthread: State changed! Flags: 0x00000010 Current role: detached
    [00:00:56.563,842] <inf> net_l2_openthread: State changed! Flags: 0x10000000 Current role: detached
    [00:00:59.231,292] <inf> net_l2_openthread: State changed! Flags: 0x200012a4 Current role: child
    [00:00:59.231,567] <inf> net_l2_openthread: State changed! Flags: 0x00000001 Current role: child
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    Regards

    VIpin Das

  • Hi Marte,

    Thank you. 

    I fixed the Bad request error also. The problem got solved after removing req.content_type_value="application/json;charset=UTF-8". 

    But now I am getting Response status Internal Server Error(500). I am sharing the log for the new error. 

    Fullscreen
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    [00:00:45.584,472] <dbg> net_tcp: tcp_out_ext: (main): ACK Seq=2585330419 Ack=1588306744 Len=0
    [00:00:45.584,655] <dbg> net_tcp: tcp_send_process_no_lock: (main): ACK Seq=2585330419 Ack=1588306744 Len=0
    [00:00:45.584,869] <dbg> net_tcp: tcp_send: (main): ACK Seq=2585330419 Ack=1588306744 Len=0
    [00:00:45.584,991] <dbg> net_http: on_message_begin: (main): -- HTTP POST response (headers) --
    [00:00:45.585,052] <dbg> net_http: on_status: (main): HTTP response status 500 Internal Server Error
    [00:00:45.585,266] <dbg> net_http: print_header_field: (main): [6] Server
    [00:00:45.585,510] <dbg> net_http: print_header_field: (main): [21] nginx/1.14.0 (Ubuntu)
    [00:00:45.585,693] <dbg> net_http: print_header_field: (main): [4] Date
    [00:00:45.585,937] <dbg> net_http: print_header_field: (main): [29] Fri, 27 Jan 2023 10:46:48 GMT
    [00:00:45.586,120] <dbg> net_http: print_header_field: (main): [12] Content-Type
    [00:00:45.586,303] <dbg> net_http: print_header_field: (main): [31] application/json; charset=utf-8
    [00:00:45.586,486] <dbg> net_http: print_header_field: (main): [14] Content-Length
    [00:00:45.586,639] <dbg> net_http: print_header_field: (main): [3] 115
    [00:00:45.586,822] <dbg> net_http: print_header_field: (main): [10] Connection
    [00:00:45.586,975] <dbg> net_http: print_header_field: (main): [10] keep-alive
    [00:00:45.587,127] <dbg> net_http: print_header_field: (main): [27] Access-Control-Allow-Origin
    [00:00:45.587,280] <dbg> net_http: print_header_field: (main): [1] *
    [00:00:45.587,402] <dbg> net_http: print_header_field: (main): [28] Access-Control-Allow-Headers
    [00:00:45.587,524] <dbg> net_http: print_header_field: (main): [58] Origin, X-Requested-With, Content-Type, Accept, User-Agent
    [00:00:45.587,615] <dbg> net_http: print_header_field: (main): [14] X-Request-Time
    [00:00:45.587,677] <dbg> net_http: print_header_field: (main): [7] 0.65 ms
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    We have checked the logs on the server as well but because of the Bad request we could not catch much information. Hopefully I will get new dongle today to setup sniffer. Will have more update on the issue by Monday. 

    Regards

    Vipin Das 

  • Hi Marte,

    I was trying to setup nRF sniffer tool as per the page: https://infocenter.nordicsemi.com/index.jsp?topic=%2Fug_sniffer_802154%2FUG%2Fsniffer_802154%2Finstalling_sniffer_802154.html. I followed each steps and copied the nrf802154_sniffer.py into Wireshark(3.6.11) ext cap folder. Even I verified the python script

    Fullscreen
    1
    2
    3
    4
    das@Vipins-MBP extcap % python3 nrf802154_sniffer.py --extcap-interfaces
    extcap {version=0.7.2}{help=https://github.com/NordicSemiconductor/nRF-Sniffer-for-802.15.4}{display=nRF Sniffer for 802.15.4}
    interface {value=/dev/cu.usbmodemEC108B497C3D1}{display=nRF Sniffer for 802.15.4}
    control {number=6}{type=button}{role=logger}{display=Log}{tooltip=Show capture log}
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    But nRF Sniffer for 802.15.4 interface is not detecting on the Wireshark. Did I miss any thing here.

    I looked many other discussion but nothing helps in my case. Even I tried with 2 different Wireshark versions(3.6 & 4.0). 

    Any clue? 

    Regards

    Vipin Das

  • Hi,

    Did you restart your computer after installing Wireshark and configuring the sniffer? I have seen several cases where the sniffer does not show up until after a restart. Are you using a dongle or DK as sniffer?

    Best regards,

    Marte

  • Hi,

    Yes I have restarted the my Mac after the installation. I am using a dongle. 

    Thanks 

    Vipin Das

  • Hi Marte, 

    I am able to send/receive RPC request/response to our server using TCP socket connection.

    Now we can focus on TLS. Could you please help me to trace out the issue with TLS socket. 

    For that I am sharing latest log for your reference. 

    Fullscreen
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    [00:02:01.942,169] <dbg> http_client: in3_register_https_client: in3 register https
    [00:02:01.974,884] <dbg> http_client: setup_socket: Setup socket info: Server address: fd97:6739:93e:2:0:0:A756:5EF8
    [00:02:01.975,067] <dbg> net_sock_tls: tls_alloc: (main): Allocated TLS context, 0x20003478
    [00:02:01.975,402] <dbg> net_tcp: tcp_conn_ref: (main): conn: 0x20022920, ref_count: 1
    [00:02:01.975,433] <dbg> net_tcp: tcp_conn_alloc: (main): conn: 0x20022920
    [00:02:01.975,463] <dbg> net_sock: zsock_socket_internal: (main): socket: ctx=0x2001031c, fd=1
    [00:02:01.975,646] <dbg> net_tcp: net_tcp_connect: (main): context: 0x2001031c, local: ::, remote: fd97:6739:93e:2::a756:5ef8
    [00:02:01.975,860] <dbg> net_tcp: net_tcp_connect: (main): conn: 0x20022920 src: fd97:6739:93e:1:aa57:96ae:30b:a5a4, dst: fd97:6739:93e:2::a756:5ef8
    [00:02:01.975,982] <dbg> net_conn: conn_register_debug: (main): [0x200107b8/6/2/0x3f] remote fd97:6739:93e:2::a756:5ef8/443
    [00:02:01.976,043] <dbg> net_conn: conn_register_debug: (main): local ::/40755 cb 0x16b71 ud 0x2001031c
    [00:02:01.976,165] <dbg> net_tcp: tcp_in: (main): [LISTEN Seq=492892335 Ack=0]
    [00:02:01.976,440] <dbg> net_tcp: tcp_out_ext: (main): SYN Seq=492892335 Len=0
    [00:02:01.976,593] <dbg> net_tcp: tcp_send_process_no_lock: (main): SYN Seq=492892335 Len=0
    [00:02:01.976,806] <dbg> net_tcp: tcp_send: (main): SYN Seq=492892335 Len=0
    [00:02:01.977,508] <dbg> net_tcp: tcp_in: (main): LISTEN->SYN_SENT
    [00:02:02.050,292] <dbg> net_conn: net_conn_input: (rx_q[0]): Check TCP listener for pkt 0x20021cd0 src port 443 dst port 40755 family 2
    [00:02:02.050,354] <dbg> net_conn: net_conn_input: (rx_q[0]): [0x200107b8] match found cb 0x16b71 ud 0x2001031c rank 0x3f
    [00:02:02.050,689] <dbg> net_tcp: tcp_in: (rx_q[0]): SYN,ACK Seq=4288225015 Ack=492892336 Len=0 [SYN_SENT Seq=492892336 Ack=0]
    [00:02:02.050,720] <dbg> net_tcp: tcp_options_check: (rx_q[0]): len=4
    [00:02:02.050,750] <dbg> net_tcp: tcp_options_check: (rx_q[0]): opt: 2, opt_len: 4
    [00:02:02.050,781] <dbg> net_tcp: tcp_options_check: (rx_q[0]): MSS=1460
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    Thanks 

    Vipin Das

Reply
  • Hi Marte, 

    I am able to send/receive RPC request/response to our server using TCP socket connection.

    Now we can focus on TLS. Could you please help me to trace out the issue with TLS socket. 

    For that I am sharing latest log for your reference. 

    Fullscreen
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    [00:02:01.942,169] <dbg> http_client: in3_register_https_client: in3 register https
    [00:02:01.974,884] <dbg> http_client: setup_socket: Setup socket info: Server address: fd97:6739:93e:2:0:0:A756:5EF8
    [00:02:01.975,067] <dbg> net_sock_tls: tls_alloc: (main): Allocated TLS context, 0x20003478
    [00:02:01.975,402] <dbg> net_tcp: tcp_conn_ref: (main): conn: 0x20022920, ref_count: 1
    [00:02:01.975,433] <dbg> net_tcp: tcp_conn_alloc: (main): conn: 0x20022920
    [00:02:01.975,463] <dbg> net_sock: zsock_socket_internal: (main): socket: ctx=0x2001031c, fd=1
    [00:02:01.975,646] <dbg> net_tcp: net_tcp_connect: (main): context: 0x2001031c, local: ::, remote: fd97:6739:93e:2::a756:5ef8
    [00:02:01.975,860] <dbg> net_tcp: net_tcp_connect: (main): conn: 0x20022920 src: fd97:6739:93e:1:aa57:96ae:30b:a5a4, dst: fd97:6739:93e:2::a756:5ef8
    [00:02:01.975,982] <dbg> net_conn: conn_register_debug: (main): [0x200107b8/6/2/0x3f] remote fd97:6739:93e:2::a756:5ef8/443
    [00:02:01.976,043] <dbg> net_conn: conn_register_debug: (main): local ::/40755 cb 0x16b71 ud 0x2001031c
    [00:02:01.976,165] <dbg> net_tcp: tcp_in: (main): [LISTEN Seq=492892335 Ack=0]
    [00:02:01.976,440] <dbg> net_tcp: tcp_out_ext: (main): SYN Seq=492892335 Len=0
    [00:02:01.976,593] <dbg> net_tcp: tcp_send_process_no_lock: (main): SYN Seq=492892335 Len=0
    [00:02:01.976,806] <dbg> net_tcp: tcp_send: (main): SYN Seq=492892335 Len=0
    [00:02:01.977,508] <dbg> net_tcp: tcp_in: (main): LISTEN->SYN_SENT
    [00:02:02.050,292] <dbg> net_conn: net_conn_input: (rx_q[0]): Check TCP listener for pkt 0x20021cd0 src port 443 dst port 40755 family 2
    [00:02:02.050,354] <dbg> net_conn: net_conn_input: (rx_q[0]): [0x200107b8] match found cb 0x16b71 ud 0x2001031c rank 0x3f
    [00:02:02.050,689] <dbg> net_tcp: tcp_in: (rx_q[0]): SYN,ACK Seq=4288225015 Ack=492892336 Len=0 [SYN_SENT Seq=492892336 Ack=0]
    [00:02:02.050,720] <dbg> net_tcp: tcp_options_check: (rx_q[0]): len=4
    [00:02:02.050,750] <dbg> net_tcp: tcp_options_check: (rx_q[0]): opt: 2, opt_len: 4
    [00:02:02.050,781] <dbg> net_tcp: tcp_options_check: (rx_q[0]): MSS=1460
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    Thanks 

    Vipin Das

Children
  • Hi,

    Is this the log from after you got TCP to work? Because in your log, I see that TCP is still failing:

    [00:02:02.052,246] <dbg> http_client: run_https_post: starting tcp failed

    Best regards,

    Marte

  • Hi Marte, 

    Yes this is the same log after TCP got worked. For this log I just enabled the CONFIG_NET_SOCKETS_SOCKOPT_TLS=y. Don't get confuse with that particular log. That is something I added. 

    Fullscreen
    1
    2
    3
    4
    5
    ret = connect(*sock, addr, addr_len);
    if (ret < 0) {
    LOG_ERR("Cannot connect to %s remote (%d)", family == AF_INET ? "IPv4" : "IPv6", -errno);
    ret = -errno;
    }
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    This time it fails at this connect to TLS socket but socket creation is success(socket(family, SOCK_STREAM, IPPROTO_TLS_1_2)). 

    Regards

    Vipin Das

  • Hi,

    So your example is unchanged other than enabling CONFIG_NET_SOCKETS_SOCKOPT_TLS?

    Is mbedTLS (CONFIG_MBEDTLS) enabled? Do you have any functionality for TLS? Are you using the correct credentials (certification and private key)?

    Best regards,

    Marte

  • Hi Marte,

    Yes you are right. My config related to TLS shared below. 

    Fullscreen
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    #Socket settings
    CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
    CONFIG_POSIX_MAX_FDS=8
    CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS=10
    #MBEDTLS and security configuration
    CONFIG_MBEDTLS_CFG_FILE="config-tls-generic.h"
    CONFIG_OPENTHREAD_MBEDTLS_CHOICE=y
    CONFIG_MBEDTLS_TLS_VERSION_1_2=y
    CONFIG_MBEDTLS_TLS_LIBRARY=y
    CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=y
    # TLS configuration
    CONFIG_MBEDTLS=y
    CONFIG_MBEDTLS_BUILTIN=y
    CONFIG_MBEDTLS_ENABLE_HEAP=y
    CONFIG_MBEDTLS_HEAP_SIZE=8192
    CONFIG_MBEDTLS_ENTROPY_ENABLED=y
    # certificate must fit into one message, fragmenting is not supported
    CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=8192
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    No I don't think I have any functionality for TLS at the moment. 

    Please consider me a novice user in networking topics. This is 1st time I am working on TLS socket connection. I just followed some of the existing samples and few discussions. I don't really understand about the certification and private key that you mentioned above. I have created the ca_cert.der for the server and it looks similar like below. 

    Fullscreen
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    "-----BEGIN CERTIFICATE-----\n"
    "----------------------------------------------------------------\n"
    "----------------------------------------------------------------\n"
    "----------------------------------------------------------------\n"
    "-----END CERTIFICATE-----\n"
    "-----BEGIN CERTIFICATE-----\n"
    "----------------------------------------------------------------\n"
    "----------------------------------------------------------------\n"
    "----------------------------------------------------------------\n"
    "-----END CERTIFICATE-----\n"
    "-----BEGIN CERTIFICATE-----\n"
    "----------------------------------------------------------------\n"
    "----------------------------------------------------------------\n"
    "----------------------------------------------------------------\n"
    "-----END CERTIFICATE-----\n"
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    You can share me any proper TLS sample where I can take a look and get inspired to make my application working 

    Regards

    Vipin Das

  • Hi Marte,

    I have added the tis_credential_add() to add the downloaded server certificate to authenticate the remote server. After adding that connect error is -22 (EINVAL). 

    Fullscreen
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    [00:01:57.147,583] <dbg> http_client: in3_register_https_client: in3 register https
    [00:01:57.180,664] <dbg> http_client: setup_socket: Setup socket info: Server address: fd97:6739:93e:2:0:0:A756:5EF8
    [00:01:57.180,847] <dbg> net_sock_tls: tls_alloc: (main): Allocated TLS context, 0x20003478
    [00:01:57.181,152] <dbg> net_tcp: tcp_conn_ref: (main): conn: 0x2002d020, ref_count: 1
    [00:01:57.181,182] <dbg> net_tcp: tcp_conn_alloc: (main): conn: 0x2002d020
    [00:01:57.181,274] <dbg> net_sock: zsock_socket_internal: (main): socket: ctx=0x2001031c, fd=1
    [00:01:57.181,457] <dbg> net_tcp: net_tcp_connect: (main): context: 0x2001031c, local: ::, remote: fd97:6739:93e:2::a756:5ef8
    [00:01:57.181,640] <dbg> net_tcp: net_tcp_connect: (main): conn: 0x2002d020 src: fd97:6739:93e:1:8ea6:548e:c791:187, dst: fd97:6739:93e:2::a756:5ef8
    [00:01:57.181,762] <dbg> net_conn: conn_register_debug: (main): [0x200107b8/6/2/0x3f] remote fd97:6739:93e:2::a756:5ef8/443
    [00:01:57.181,823] <dbg> net_conn: conn_register_debug: (main): local ::/35905 cb 0x16c01 ud 0x2001031c
    [00:01:57.181,945] <dbg> net_tcp: tcp_in: (main): [LISTEN Seq=1369800138 Ack=0]
    [00:01:57.182,220] <dbg> net_tcp: tcp_out_ext: (main): SYN Seq=1369800138 Len=0
    [00:01:57.182,373] <dbg> net_tcp: tcp_send_process_no_lock: (main): SYN Seq=1369800138 Len=0
    [00:01:57.182,617] <dbg> net_tcp: tcp_send: (main): SYN Seq=1369800138 Len=0
    [00:01:57.183,319] <dbg> net_tcp: tcp_in: (main): LISTEN->SYN_SENT
    [00:01:57.231,292] <dbg> net_conn: net_conn_input: (rx_q[0]): Check TCP listener for pkt 0x2002c3d0 src port 443 dst port 35905 family 2
    [00:01:57.231,323] <dbg> net_conn: net_conn_input: (rx_q[0]): [0x200107b8] match found cb 0x16c01 ud 0x2001031c rank 0x3f
    [00:01:57.231,658] <dbg> net_tcp: tcp_in: (rx_q[0]): SYN,ACK Seq=3663983358 Ack=1369800139 Len=0 [SYN_SENT Seq=1369800139 Ack=0]
    [00:01:57.231,689] <dbg> net_tcp: tcp_options_check: (rx_q[0]): len=4
    [00:01:57.231,719] <dbg> net_tcp: tcp_options_check: (rx_q[0]): opt: 2, opt_len: 4
    [00:01:57.231,750] <dbg> net_tcp: tcp_options_check: (rx_q[0]): MSS=1460
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    Just to update the present status of my issue. 

    Regards

    Vipin Das