Hi,
I am working on QCA4020 with SDK3.1. I a working on secure httpc and i am getting following issue.
Net> httpc start
Net> httpc new -sNet: HTTP client created. <client num> = 1Net: secure rxbuf:512 bodybuf:300 headerbuf:200 timeout:5000msNet> httpc conn 1 global-root-ca.chain-demos.digicert.com 443Net: conn to global-root-ca.chain-demos.digicert.com:443 succeeded
Alright, that worked. Now for some failures...
This hangs forever:
Net> httpc new -sNet: HTTP client created. <client num> = 1Net: secure rxbuf:512 bodybuf:300 headerbuf:200 timeout:5000msNet> httpc conn 1 developer.qualcomm.com 443
Also hangs forever:
Net> httpc new -sNet: HTTP client created. <client num> = 1Net: secure rxbuf:512 bodybuf:300 headerbuf:200 timeout:5000msNet> httpc conn 1 www.apple.com 443
Also hangs forever:
Net> httpc new -sNet: HTTP client created. <client num> = 1Net: secure rxbuf:512 bodybuf:300 headerbuf:200 timeout:5000msNet> httpc conn 1 www.microsoft.com 443
Also hangs forever:
Net> httpc new -sNet: HTTP client created. <client num> = 1Net: secure rxbuf:512 bodybuf:300 headerbuf:200 timeout:5000msNet> httpc conn 1 slashdot.org 443
The issue is due to incorrect rootCA, the device hang in SSL handshake process.
However, inorder to verify multiple connections, kinldy use below rootCA files:
https://global-root-ca.chain-demos.digicert.com/info/index.html
net cert get digicertglobalrootca.pem 10.177.245.215 -s digicertglobalrootca -t pem_ca_list
> net httpc conn 1 global-root-ca.chain-demos.digicert.com 443 1500
Net: conn to global-root-ca.chain-demos.digicert.com:443 succeeded
https://global-root-ca.chain-demos.digicert.com/info/index.html
net cert get digicertglobalrootca.pem 10.177.245.215 -s digicertglobalrootca -t pem_ca_list
> net httpc conn 1 developer.qualcomm.com 443
Net: conn to developer.qualcomm.com:443 succeeded
https://www.identrust.com/dst-root-ca-x3
> net cert get DST_root_ca_x3.pem 10.177.245.215 -s DST_root_ca_x3 -t pem_ca_list
> net httpc conn 1 slashdot.org 443
Net: conn to slashdot.org:443 succeeded
https://ev-root.chain-demos.digicert.com/info/index.html
> net cert get digicert_HAEV_rootca.pem 10.177.245.215 -s dc_haev -t pem_ca_list
Net> httpc conn 1 www.apple.com 443
Net: conn to www.apple.com:443 succeeded
https://www.digicert.com/digicert-root-certificates.htm
> net cert get baltimore_CyberTrust_Root.pem 10.177.245.215 -s baltimore_root -t pem_ca_list
> net httpc conn 1 www.microsoft.com 443
Net: conn to www.microsoft.com:443 succeeded
Ignore anything that Qualcomm tells you about this problem because they don't know what the hell they are talking about. I told them about this problem back in October and they still haven't figured it out. I'll save you the months of back-and-forth with Qualcomm where they say you are using the wrong root CA then ignore you and pretend the problem went away.
You are using the wrong 3.1 SDK. You need to use the other 3.1 SDK or move to the 3.2 SDK. You are using the 3.1 SDK that was released in May 2019. In September 2019 Qualcomm released a new SDK with major bug fixes and new features. In their infinite wisdom the geniuses at Qualcomm labeled this new SDK "3.1" because that's not at all confusing. (On a related note, in the SDK there is a qapi_ver.h that reports a version as 2.0.1. If qap_ver.h isn't meant to indicate the SDK version I don't know what it is for since it hasn't been updated in the 3.0, 3.1, 3.1, and 3.2 SDKs.)
You will find that your May 3.1 SDK will fail on any server using OpenSSL 1.1.1. At the time I figured out the problem the Release Notes for the September 3.1 SDK weren't anywhere to be found. Apparently, Qualcomm was hding the release notes from themselves too or they just didn't bother to read it. Had Qualcomm read their own release notes and knew what changes there were in OpenSSL 1.1.1 (which can be found with a 5 second Google search) they would have seen that the September 3.1 SDK fixed 3 or 4 SSL bugs that were triggered by the changes in OpenSSL.
Avoid the confusion with two SDKs labeled 3.1 and move to 3.2 and test everything because I've found some things that behave differently.
Raja, who at Qualcomm do I send the invoice to for my consulting fees?
Hi jesse,
Thanks for reply.
I moved with the SDK 3.2 version and below of the cases are working fine as
www.apple.com able to connect and get by using httpc get 1,
slashdot.org able to connect and get by using httpc get 1,
global-root-ca.chain-demos.digicert.com able to connect and get by using httpc get 1,
but in case of developer.qualcomm.com connection is succeeded but i am getting below error:
Net> httpc new -s -c ca.bin
Net: secure rxbuf:512 bodybuf:300 headerbuf:200 timeout:5000ms
Net: HTTP Client Receive error: -6
Net: Please input 'httpc disconnect 1'
Net: HTTP Client server closed on client[1].
That one might be a root CA problem. What I did was download all the Root CAs that Firefox uses and picked out the one or two I needed plus a few more to cover some popular websites so I could have a general purpose HTTPS client. Check out https://curl.haxx.se/docs/caextract.html You can concateneate all the PEMs you need into a single file. If you go to the website in your browser and poke around at the certificate it uses you can find which root CA you need. I find Firefox makes this the easiest.
Actually, since the connection succeeded the certificate must have validated so it wouldn't be a root CA issue. Does the GET keep failing? It could be a timeout or a bad request. I don't know what error code -6 is.
Hi jesse,
Thanks once again for the quick reply.
I found the reason of that issue ,
that is because of header length of the html file which is more than the
allocated rx_header size.