This is the same basic problem as I tried outlining here: https://developer.qualcomm.com/forum/qdn-forums/hardware/qca4020-qca4024...
Now I have more information that points to flaws in the QAPI/SSL library.
First to prove that SSL works - I'm leaving out loading the CA list because it is irrelevent for this test.
Net> httpc start
Net> httpc new -sNet: HTTP client created. <client num> = 1Net: secure rxbuf:512 bodybuf:300 headerbuf:200 timeout:5000msNet> httpc conn 1 global-root-ca.chain-demos.digicert.com 443Net: conn to global-root-ca.chain-demos.digicert.com:443 succeeded
Net> httpc new -sNet: HTTP client created. <client num> = 1Net: secure rxbuf:512 bodybuf:300 headerbuf:200 timeout:5000msNet> httpc conn 1 developer.qualcomm.com 443
Net> httpc new -sNet: HTTP client created. <client num> = 1Net: secure rxbuf:512 bodybuf:300 headerbuf:200 timeout:5000msNet> httpc conn 1 www.apple.com 443
Net> httpc new -sNet: HTTP client created. <client num> = 1Net: secure rxbuf:512 bodybuf:300 headerbuf:200 timeout:5000msNet> httpc conn 1 www.microsoft.com 443
Net> httpc new -sNet: HTTP client created. <client num> = 1Net: secure rxbuf:512 bodybuf:300 headerbuf:200 timeout:5000msNet> httpc conn 1 slashdot.org 443Net: conn failed -8
I tried to use the same examples as described in the forum, I am able to successfully connect and do not observer any hang issue:
> wlan enable
> wlan setdevice 1
> wlan SetWpaPassphrase 123456789
> wlan SetWpaParameters WPA2 CCMP CCMP
> wlan connect DemoAP_1
WLAN: devid - 1 1 CONNECTED MAC addr *********
WLAN: 4 way handshake success for device=1
> net dhcpv4c wlan1
Net: DHCPv4c: IP=10.177.239.18 Subnet Mask=255.255.254.0 Gateway=10.177.238.1
> net dnsc start
> net sntpc start
Net> cert get digiCertRoot.bin 10.177.245.215 -s ca.bin -t ca_list
Net: Successfully downloaded digiCertRoot.bin
Net: Successfully stored CA list
Net: ca.bin is stored in NV memory
> net httpc start
Net> httpc stop
Kindly refer to qapi_net_status.h for more information on SSL related errors.
The expected behaviour is SSL connection should return error when trying to connect to multiple websites if case the rootCA authentication fails.
I have tried to run SSL traffic between remote Linux PC with openSSL 1.1.1 version /MAC book using LibreSSL 3.0.1 and QCA4020 device and do not observe any issue.
Can you share us your serial console logs during the issue ?
Are you using a real certificate issued from a Certificate Provider? My self-signed certificate that I have used for testing the past few years works with either version of OpenSSL. The QCA4020 connecting to a server using the real certificate issued from DigiCert on a server with OpenSSL 1.1.1 does not work. The same setup on a server with OpenSSL 1.0.2 does work. I don't know why my self-signed certificate works. The only thing I can think of is my self-signed certiciate was created with weaker encryption that results in smaller buffers being sent back to the client.
I have seen references that clients fail to handshake with servers running OpenSSL 1.1.1 because 1.1.1 sends back more data than 1.0.2. I have no idea if that is the case or if that is the same problem the QAPI is running into.
For the record, I have never run into a problem with any other client having SSL connection issues with my server.
No Raja, you verified QCA works with OpenSSL 1.1.1 when using a self-signed certificate. I already knew this. If I didn't mention it in this thread it was in an email you received. Get a real certificate from a CA and do your test again.
I gave you real websites that fail. You verified those websites failed for you also.
From your post on Mon, 2019-11-11 19:01:
Hi Jesse,
You need to have CA for the real website you want to conect . Browser has by default (e.g Microsift/Apple)
Would it be possible for you to share your real CA with website details for testing and sniffer capture . We will analyse them too .