您好!
我一直在努力与我们感兴趣的服务器(m2.tuyain.com)建立安全连接。
我已使用 CCS 工具将服务器根 CA 证书(Tuya_RootCA.CRT)编程到文件系统中。
PFA 代码片段、我已经按照《简单链接参考手册》中给出的步骤进行了操作。
connect()返回错误-655 (ASN sig 错误,确认失败)。 error.h 中没有太多描述
顺便说一下、我可以使用在 Linux VM (Ubuntu)上运行的客户端与服务器连接。 这将确认我使用的证书是正确的。
请建议我是否遗漏了任何步骤!
供参考,我还尝试了另一种方法‘升级非安全套接字以在连接后进行安全保护’,如参考文档中所述。 服务器似乎不支持此功能。
#define SECURE_SOCKET int network_tls_connect(NetworkContext_t *pNetwork, const TLSConnectParams *params) { int ret = 0; tls_context_t *tlsDataParams = NULL; int32_t sock; int32_t status; SlSockAddrIn_t sAddr; uint8_t nb = FALSE; _u32 dummyVal; if(NULL == pNetwork) { return OPRT_INVALID_PARM; } if(NULL != params) { pNetwork->tlsConnectParams = *params; } tlsDataParams = (tls_context_t*)(pNetwork->context); sAddr.sin_family = SL_AF_INET; sAddr.sin_port = sl_Htons((unsigned short)pNetwork->tlsConnectParams.DestinationPort); sAddr.sin_addr.s_addr = sl_Htonl(SL_IPV4_VAL(13, 234, 126, 217)); sock = sl_Socket(SL_AF_INET, SL_SOCK_STREAM, SL_SEC_SOCKET); tlsDataParams->server_fd.fd = sock; #ifdef SECURE_SOCKET SlDateTime_t dateTime = {0}; dateTime.tm_day = (uint32_t)DEVICE_DATE; dateTime.tm_mon = (uint32_t)DEVICE_MONTH; dateTime.tm_year = (uint32_t)DEVICE_YEAR; dateTime.tm_hour = (uint32_t)HOUR; dateTime.tm_min = (uint32_t)MINUTES; dateTime.tm_sec = (uint32_t)SEC; sl_DeviceSet(SL_DEVICE_GENERAL, SL_DEVICE_GENERAL_DATE_TIME, sizeof(SlDateTime_t), (uint8_t *)(&dateTime)); // method.SecureMethod = SL_SO_SEC_METHOD_TLSV1 | SL_SO_SEC_METHOD_TLSV1_2 | SL_SO_SEC_METHOD_SSLv3_TLSV1_2; // sl_SetSockOpt(sock, SL_SOL_SOCKET, SL_SO_SECMETHOD, &method, sizeof(SlSockSecureMethod_t)); // mask.SecureMask = SL_SEC_MASK_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | // SL_SEC_MASK_TLS_RSA_WITH_AES_256_CBC_SHA | // SL_SEC_MASK_TLS_RSA_WITH_AES_256_CBC_SHA; // sl_SetSockOpt(sock,SL_SOL_SOCKET, SL_SO_SECURE_MASK, &mask, sizeof(SlSockSecureMask_t)); // sl_SetSockOpt(sock, SL_SOL_SOCKET, SL_SO_SECURE_DISABLE_CERTIFICATE_STORE, // &dummyVal,sizeof(dummyVal)); /* Set the following to enable Server Authentication */ if(0 != sl_SetSockOpt(sock, SL_SOL_SOCKET, SL_SO_SECURE_FILES_CA_FILE_NAME, "tuya_rootCA.crt", strlen("tuya_rootCA.crt"))) { UART_PRINT("%s() line:%d sl_SetSockOpt() failed\n\r", __FUNCTION__, __LINE__); } #ifdef CLIENT_AUTHENTICATION /* Set the following to pass Client Authentication */ sl_SetSockOpt(sock,SL_SOL_SOCKET,SL_SO_SECURE_FILES_PRIVATE_KEY_FILE_NAME, PRIVATE_KEY_FILE, strlen( PRIVATE_KEY_FILE)); sl_SetSockOpt(sock,SL_SOL_SOCKET,SL_SO_SECURE_FILES_CERTIFICATE_FILE_NAME, TRUSTED_CERT_CHAIN, strlen( TRUSTED_CERT_CHAIN)); #endif #endif status = -1; while(status < 0) { status = sl_Connect(sock, (SlSockAddr_t *)&sAddr, sizeof(sAddr)); if((status == SL_ERROR_BSD_EALREADY)&& (TRUE == nb)) { sleep(1); continue; } else if(status < 0) { UART_PRINT("[%s() line:%d, error:%d] %s\n\r", __FUNCTION__, __LINE__, status, SL_SOCKET_ERROR); sl_Close(sock); return(-1); } break; } }
此致、
Rohit