• State Verified Answer
  • Replies 13 replies
  • Subscribers 75 subscribers
  • Views 3666 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 302420
Options

TLS Socket connection request return with error number -22(EINVAL)

vipin das

Hi All,

I am trying to setup a thread network to send  RPC message to a remote http server:https://mainnet.incubed.net). I took http_client sample(sdk-zephyr) and modified slightly to adapt to my application. .

I was successful in sending RPC message to the server via TCP socket connection but I am really struggling to open secure channel(TLS) for communicating with the server. When my application tries to connect using TLS socket it throws an error with error number -22(EINVAL). I am not quite sure why and what mistake I did with respect to config options. 

[00:00:58.561,645] <dbg> http_client: in3_register_https_client: in3 register https
[00:00:58.594,177] <dbg> http_client: setup_socket: Server address: fd97:6739:93e:2:0:0:A756:5EF8 
[00:00:58.594,360] <dbg> net_sock_tls: tls_alloc: (main): Allocated TLS context, 0x20003478
[00:00:58.594,665] <dbg> net_tcp: tcp_conn_ref: (main): conn: 0x2002d320, ref_count: 1
[00:00:58.594,696] <dbg> net_tcp: tcp_conn_alloc: (main): conn: 0x2002d320
[00:00:58.594,757] <dbg> net_sock: zsock_socket_internal: (main): socket: ctx=0x2001031c, fd=1
[00:00:58.594,940] <dbg> net_ctx: net_context_bind: (main): Context 0x2001031c binding to TCP [::]:41215 iface 1 (0x20000a98)
[00:00:58.595,031] <dbg> net_tcp: net_tcp_connect: (main): context: 0x2001031c, local: ::, remote: fd97:6739:93e:2::a756:5ef8
[00:00:58.595,214] <dbg> net_tcp: net_tcp_connect: (main): conn: 0x2002d320 src: fd97:6739:93e:1:649e:fad5:e7ab:366d, dst: fd97:6739:93e:2::a756:5ef8
[00:00:58.595,336] <dbg> net_conn: conn_register_debug: (main): [0x200107b8/6/2/0x3f] remote fd97:6739:93e:2::a756:5ef8/443 
[00:00:58.595,397] <dbg> net_conn: conn_register_debug: (main):   local ::/41215 cb 0x16fc9 ud 0x2001031c
[00:00:58.595,520] <dbg> net_tcp: tcp_in: (main):  [LISTEN Seq=548241854 Ack=0]
[00:00:58.595,764] <dbg> net_tcp: tcp_out_ext: (main): SYN Seq=548241854 Len=0
[00:00:58.595,947] <dbg> net_tcp: tcp_send_process_no_lock: (main): SYN Seq=548241854 Len=0 
[00:00:58.596,160] <dbg> net_tcp: tcp_send: (main): SYN Seq=548241854 Len=0
[00:00:58.596,862] <dbg> net_tcp: tcp_in: (main): LISTEN->SYN_SENT
[00:00:58.648,925] <dbg> net_conn: net_conn_input: (rx_q[0]): Check TCP listener for pkt 0x2002c6d0 src port 443 dst port 41215 family 2
[00:00:58.648,956] <dbg> net_conn: net_conn_input: (rx_q[0]): [0x200107b8] match found cb 0x16fc9 ud 0x2001031c rank 0x3f
[00:00:58.649,261] <dbg> net_tcp: tcp_in: (rx_q[0]): SYN,ACK Seq=3167820546 Ack=548241855 Len=0 [SYN_SENT Seq=548241855 Ack=0]
[00:00:58.649,322] <dbg> net_tcp: tcp_options_check: (rx_q[0]): len=4
[00:00:58.649,353] <dbg> net_tcp: tcp_options_check: (rx_q[0]): opt: 2, opt_len: 4
[00:00:58.649,353] <dbg> net_tcp: tcp_options_check: (rx_q[0]): MSS=1460
[00:00:58.649,383] <dbg> net_tcp: tcp_in: (rx_q[0]): Lowering send window from 64240 to 3413
[00:00:58.649,414] <dbg> net_tcp: tcp_window_full: (rx_q[0]): conn: 0x2002d320 window_full=0
[00:00:58.649,597] <dbg> net_tcp: tcp_send_timer_cancel: (rx_q[0]): SYN Seq=548241854 Len=0
[00:00:58.649,902] <dbg> net_tcp: tcp_out_ext: (rx_q[0]): ACK Seq=548241855 Ack=3167820547 Len=0
[00:00:58.650,085] <dbg> net_tcp: tcp_send_process_no_lock: (rx_q[0]): ACK Seq=548241855 Ack=3167820547 Len=0 
[00:00:58.650,268] <dbg> net_tcp: tcp_send: (rx_q[0]): ACK Seq=548241855 Ack=3167820547 Len=0
[00:00:58.650,390] <dbg> net_tcp: tcp_in: (rx_q[0]): SYN_SENT->ESTABLISHED
[00:00:58.650,604] <dbg> net_tcp: net_tcp_connect: (main): conn: 0x2002d320, ret=0
[00:00:58.650,665] <dbg> net_tcp: net_tcp_recv: (main): context: 0x2001031c, cb: 0x8ce1, user_data: (nil)
[00:00:58.662,567] <err> http_client: Cannot connect to IPv6 remote (-22)
[00:00:58.662,597] <err> http_client: Failed to connect to socket
[00:00:58.662,597] <dbg> http_client: run_https_post: starting tcp failed
[00:00:58.718,750] <dbg> main: main: Error sending rpc request: The request could not be send!
[00:01:06.033,477] <inf> net_l2_openthread: State changed! Flags: 0x00000064 Current role: router

#Socket settings
CONFIG_NET_SOCKETS_SOCKOPT_TLS=n
CONFIG_POSIX_MAX_FDS=8
CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS=10

#MBEDTLS and security configuration 
CONFIG_MBEDTLS_CFG_FILE="config-tls-generic.h"
CONFIG_OPENTHREAD_MBEDTLS_CHOICE=y
#CONFIG_MBEDTLS_TLS_VERSION_1_2=y
#CONFIG_MBEDTLS_TLS_LIBRARY=y
#CONFIG_MBEDTLS_SSL_PROTO_TLS1_2=y

# TLS configuration
CONFIG_MBEDTLS=y
CONFIG_MBEDTLS_BUILTIN=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=32768
CONFIG_MBEDTLS_TLS_LIBRARY=y
CONFIG_MBEDTLS_X509_LIBRARY=y
CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT=y
# certificate must fit into one message, fragmenting is not supported
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=4096

Can someone tell me what should I try to resolve this problem. 

Regards

Vipin Das

Parents
  • 0

    Hi,

    Can you post the changes you have made to the sample? As far as I can see, the original sample does not implement OpenThread support.

    Do you get any warnings when building the application?

    Have you done a sniffer trace, to see if there is any error from the on-air traffic?

    Best regards,
    Jørgen

  • 0 in reply to Jørgen Holmefjord

    Hi Jørgen, 

    I didn't make any relevant modification to http_client to harm the working of that (I believe). 

    static int establish_connection(sa_family_t family, const char* ipv6_addr, int port, int* sock, struct sockaddr* addr, socklen_t addr_len) {
  const char* family_str = family == AF_INET ? "IPv4" : "IPv6";
  int         ret        = 0;

  memset(addr, 0, addr_len);

  if (family == AF_INET) {
    net_sin(addr)->sin_family = AF_INET;
    net_sin(addr)->sin_port   = htons(port);
    inet_pton(family, ipv6_addr, &net_sin(addr)->sin_addr);
  }
  else {
    net_sin6(addr)->sin6_family = AF_INET6;
    net_sin6(addr)->sin6_port   = htons(port);
    inet_pton(AF_INET6, ipv6_addr, &net_sin6(addr)->sin6_addr);
    LOG_DBG("Server address: %s ", ipv6_addr);
  }

#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS)
  sec_tag_t sec_tag_list[] = {CA_CERTIFICATE_TAG};

  *sock = socket(family, SOCK_STREAM, IPPROTO_TLS_1_2);
  if (*sock >= 0) {
    ret = setsockopt(*sock, SOL_TLS, TLS_SEC_TAG_LIST, sec_tag_list, sizeof(sec_tag_list));
    if (ret < 0) {
      LOG_ERR("Failed to set %s secure option (%d)", family_str, -errno);
      ret = -errno;
    }

    ret = setsockopt(*sock, SOL_TLS, TLS_HOSTNAME, TLS_PEER_HOSTNAME, sizeof(TLS_PEER_HOSTNAME));
    if (ret < 0) {
      LOG_ERR("Failed to set %s TLS_HOSTNAME "
              "option (%d)",
              family_str, -errno);
      ret = -errno;
    }
  }
#else
  *sock = socket(family, SOCK_STREAM, IPPROTO_TCP);
#endif

  if (*sock < 0) {
    LOG_ERR("Failed to create %s HTTP socket (%d)", family_str, -errno);
  }

  ret = connect(*sock, addr, addr_len);
  if (ret < 0) {
    LOG_ERR("Cannot connect to %s remote (%d)", family == AF_INET ? "IPv4" : "IPv6", -errno);
    ret = -errno;
  }

  return ret;
}

/**
 *
 */
static void server_response_cb(struct http_response* rsp, enum http_final_call final_data, void* user_data) {
  if (final_data == HTTP_DATA_MORE) {
    LOG_DBG("Partial data received (%zd bytes)", rsp->data_len);
  }
  else if (final_data == HTTP_DATA_FINAL) {
    LOG_DBG("All the data received (%zd bytes)", rsp->data_len);
  }

  LOG_DBG("Response to %s", (const char*) user_data);
  LOG_DBG("Response status %s", rsp->http_status);
}

/**
 *
 */
static int setup_socket_connection(sa_family_t family, const char* ipv6_addr, int port,
                                   int* sock, struct sockaddr* addr, socklen_t addr_len) {
  int ret = 0;

  ret = establish_connection(family, ipv6_addr, port, sock, addr, addr_len);
  if (ret < 0 || *sock < 0) {
    LOG_ERR("Setup socket connection failed");
    return -1;
  }
  return ret;
}

    I don't see any critical warnings. 

    /ncs/zephyr/include/zephyr/zephyr.h:13:2: warning: #warning "<zephyr/zephyr.h> is deprecated, include <zephyr/kernel.h> instead" [-Wcpp]
   13 | #warning "<zephyr/zephyr.h> is deprecated, include <zephyr/kernel.h> instead"

    I have tried to setup sniffer but due to some reasons my nrf-sniffer interface is not detected in the Wireshark tool. I tried multiple steps and different version but couldn't succeed. 

    But by just disabling CONFIG_NET_SOCKETS_SOCKOPT_TLS, the same code works for TCP socket connection and able to send and receive RPC message to our remote server. 

    Regards

    Vipin Das

  • 0 in reply to vipin das

    Hi Jørgen,

    I could solve the EINVAL(-22) error wrt to TLS socket connection. 

    But now I am seeing new error. Could you please comment on the below error. 

    [00:00:33.341,827] <err> net_sock_tls: TLS handshake error: -7780
[00:00:33.343,750] <err> http_client: Cannot connect to IPv6 remote (-113)
[00:00:33.343,780] <err> http_client: Setup socket Failed
[00:00:33.343,780] <err> http_client: Failed to connect to socket

    Regards

    Vipin Das

Reply
  • 0 in reply to vipin das

    Hi Jørgen,

    I could solve the EINVAL(-22) error wrt to TLS socket connection. 

    But now I am seeing new error. Could you please comment on the below error. 

    [00:00:33.341,827] <err> net_sock_tls: TLS handshake error: -7780
[00:00:33.343,750] <err> http_client: Cannot connect to IPv6 remote (-113)
[00:00:33.343,780] <err> http_client: Setup socket Failed
[00:00:33.343,780] <err> http_client: Failed to connect to socket

    Regards

    Vipin Das

Children
No Data
Related
Terms of service