This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

[参考译文] CC3235SF:连接到安全服务器时出现问题

Guru**** 1800230 points
请注意,本文内容源自机器翻译,可能存在语法或其它翻译错误,仅供参考。如需获取准确内容,请参阅链接中的英语原文或自行翻译。

https://e2e.ti.com/support/wireless-connectivity/wi-fi-group/wifi/f/wi-fi-forum/1009245/cc3235sf-issue-in-connecting-to-a-secure-server

器件型号:CC3235SF

您好!  

我一直在努力与我们感兴趣的服务器(m2.tuyain.com)建立安全连接。

我已使用 CCS 工具将服务器根 CA 证书(Tuya_RootCA.CRT)编程到文件系统中。

PFA 代码片段、我已经按照《简单链接参考手册》中给出的步骤进行了操作。

connect()返回错误-655 (ASN sig 错误,确认失败)。 error.h 中没有太多描述

顺便说一下、我可以使用在 Linux VM (Ubuntu)上运行的客户端与服务器连接。 这将确认我使用的证书是正确的。

请建议我是否遗漏了任何步骤!

供参考,我还尝试了另一种方法‘升级非安全套接字以在连接后进行安全保护’,如参考文档中所述。 服务器似乎不支持此功能。

 

#define SECURE_SOCKET

int network_tls_connect(NetworkContext_t *pNetwork, const TLSConnectParams *params) {
  int ret = 0;
  tls_context_t *tlsDataParams = NULL;
  int32_t sock;
  int32_t status;        
  SlSockAddrIn_t sAddr;
  uint8_t nb = FALSE; 
  _u32 dummyVal;

  if(NULL == pNetwork) {
    return OPRT_INVALID_PARM;
  }

  if(NULL != params) {
    pNetwork->tlsConnectParams = *params;
  }

  tlsDataParams = (tls_context_t*)(pNetwork->context);  
   
  sAddr.sin_family = SL_AF_INET;
  sAddr.sin_port = sl_Htons((unsigned short)pNetwork->tlsConnectParams.DestinationPort);
  sAddr.sin_addr.s_addr = sl_Htonl(SL_IPV4_VAL(13, 234, 126, 217));

  sock = sl_Socket(SL_AF_INET, SL_SOCK_STREAM, SL_SEC_SOCKET);  
  tlsDataParams->server_fd.fd = sock;
  
#ifdef SECURE_SOCKET
  SlDateTime_t dateTime = {0};
  dateTime.tm_day =  (uint32_t)DEVICE_DATE;
  dateTime.tm_mon =  (uint32_t)DEVICE_MONTH;
  dateTime.tm_year = (uint32_t)DEVICE_YEAR;
  dateTime.tm_hour = (uint32_t)HOUR;
  dateTime.tm_min =  (uint32_t)MINUTES;
  dateTime.tm_sec =  (uint32_t)SEC;
  
  sl_DeviceSet(SL_DEVICE_GENERAL, SL_DEVICE_GENERAL_DATE_TIME, sizeof(SlDateTime_t), (uint8_t *)(&dateTime));
  
//  method.SecureMethod = SL_SO_SEC_METHOD_TLSV1 | SL_SO_SEC_METHOD_TLSV1_2 | SL_SO_SEC_METHOD_SSLv3_TLSV1_2;
//  sl_SetSockOpt(sock, SL_SOL_SOCKET, SL_SO_SECMETHOD, &method, sizeof(SlSockSecureMethod_t));  
  
//  mask.SecureMask = SL_SEC_MASK_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
//                    SL_SEC_MASK_TLS_RSA_WITH_AES_256_CBC_SHA |
//                    SL_SEC_MASK_TLS_RSA_WITH_AES_256_CBC_SHA;   
//  sl_SetSockOpt(sock,SL_SOL_SOCKET, SL_SO_SECURE_MASK, &mask, sizeof(SlSockSecureMask_t));
  
//  sl_SetSockOpt(sock, SL_SOL_SOCKET, SL_SO_SECURE_DISABLE_CERTIFICATE_STORE,
//                &dummyVal,sizeof(dummyVal));

  /* Set the following to enable Server Authentication */
  if(0 != sl_SetSockOpt(sock, SL_SOL_SOCKET, SL_SO_SECURE_FILES_CA_FILE_NAME,
                        "tuya_rootCA.crt", strlen("tuya_rootCA.crt"))) {
    UART_PRINT("%s() line:%d sl_SetSockOpt() failed\n\r", __FUNCTION__, __LINE__); 
  }

#ifdef CLIENT_AUTHENTICATION
  /* Set the following to pass Client Authentication */
  sl_SetSockOpt(sock,SL_SOL_SOCKET,SL_SO_SECURE_FILES_PRIVATE_KEY_FILE_NAME,
                PRIVATE_KEY_FILE, strlen(
                    PRIVATE_KEY_FILE));
  sl_SetSockOpt(sock,SL_SOL_SOCKET,SL_SO_SECURE_FILES_CERTIFICATE_FILE_NAME,
                TRUSTED_CERT_CHAIN, strlen(
                    TRUSTED_CERT_CHAIN));
#endif
#endif

  status = -1;

  while(status < 0) {
      status = sl_Connect(sock, (SlSockAddr_t *)&sAddr, sizeof(sAddr));
      if((status == SL_ERROR_BSD_EALREADY)&& (TRUE == nb)) {
          sleep(1);
          continue;
      }
      else if(status < 0) {
          UART_PRINT("[%s() line:%d, error:%d] %s\n\r", __FUNCTION__, __LINE__, status,
                     SL_SOCKET_ERROR);
          sl_Close(sock);
          return(-1);
      }
      break;
  }    
}

此致、

Rohit