Wi-Fi Combo Forum Discussions

Does Wicked MFI SDK support: iCloud, TLS1.2 and HTTP/2 ? If no, do you have plan to support it?

WICED SDK 3.5.2  using the Broadcom BCM9WCD1EVAL1 demo board with the apps/demo/aws_iot/pub_sub/publisher project

Using the AWS IoT publisher sample project.  I have generated my client cert and priv key and loaded into resources in project.  These have been tested externally so I know they are good.  The root CA cert is also known to be good.

I modified mqtt_network.c mqtt_network_init() function call and its call to wiced_tls_init_context() and changed the NULL for peer CN to a server name that is totally different than the once I am actually connecting to, and TLS verification is required.

I then placed a lot of WPRINT_APP_INFO() function calls to output debug info to the console to trace out the various return values and determine what paths are being taken.   See below for a trace.

Everything appears okay as we move along the code until run the wiced_tcp_start_tls() function which in turn calls wiced_generic_start_tls_with_ciphers() where in the do while loop for the ssl handshake we have a problem.

The mqtt_network_connect() function will make multiple attempts to connect before giving up.  The first pass the handshake fails with error code 5037 = CERTIFICATE_NAME_MISMATCH.  Okay, that is what I expected using my settings below.  However the do while loop in the mqtt_network_connect() function says that we should try again, so it does.  The problem is that the second attempt PASSES.  Crazy!

Something is not being properly initialized before the next pass is my guess.  Or there is some counter getting maxed out (not reset) and a default return code of success is being returned.  Whatever is going on, I am stuck trying to debug this because there is no source code for the ssl_handshake_client_async() function.

And if I use the proper name in the peer cn parameter in the wiced_tls_init_context() function call, it is exactly the same result for AWS IoT connection.  First pass through is error 5037, second pass is success.  While that seems good, the fact that I can do this with a bad peer cn name means that this verify is not trustworthy and I cannot protect against MITM attacks.

When can we expect a fix?  This was reported back on Aug 18 2015 and it is still not answered or fixed?  Why?

https://community.broadcom.com/message/18777#18777

wiced_tls_init_context( &socket->tls_context, &socket->tls_identity, "www.google.com" );

Starting WICED v3.5.2

Platform BCM943362WCD4 initialised

Started ThreadX v5.6

Initialising NetX_Duo v5.7_sp2

Creating Packet pools

WWD SDIO interface initialised

WLAN MAC Address : 40:2C:F4:AF:32:91

WLAN Firmware    : wl0: Oct 22 2015 15:05:09 version 5.90.230.15 FWID 01-47a517a

Joining : XXX

Successfully joined : XXX

Obtaining IPv4 address via DHCP

DHCP CLIENT hostname WICED IP

IPv4 network ready IP: 192.168.1.68

Setting IPv6 link-local address

IPv6 network ready IP: FE80:0000:0000:0000:422C:F4FF:FEAF:3291

Resolving IP address of MQTT broker...

Resolved Broker IP: 54.85.255.214

[MQTT] Opening connection...

[mqtt_network.c] mqtt_network_init() wiced_tcp_create_socket() success...

[mqtt_network.c] mqtt_network_init() using security...

[mqtt_network.c] mqtt_network_init() wiced_tls_init_root_ca_certificates() success...

[mqtt_network.c] mqtt_network_init() - wiced_tls_init_identity() success...

[mqtt_network.c] mqtt_network_init() - wiced_tls_init_context() success...

[mqtt_network.c] mqtt_network_init() - wiced_tcp_enable_tls() success...

[mqtt_network.c] mqtt_network_init() - mqtt_network_connect()

        [mqtt_network.c] mqtt_network_connect() try 0

                [tcpip.c] wiced_tcp_connect() wiced_tcp_start_tls()

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - root_ca_certificates exist

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - identity does exist

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() error 5037...

error 5037...

result = 5037...

        [mqtt_network.c] mqtt_network_connect() try 1

                [tcpip.c] wiced_tcp_connect() wiced_tcp_start_tls()

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - root_ca_certificates exist

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - identity does exist

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - do while loop ( tls_context->context.state != SSL_HANDSHAKE_OVER

                        [wiced_tls.c] wiced_generic_start_tls_with_ciphers() - ssl_handshake_client_async() success...

success...

result = 0...

success...

[mqtt_network.c] mqtt_network_init() - wiced_tcp_register_callbacks() success...

Success

vik86​ abirjepatil​

Hi, I using a WICED version 3.3.1 with Threadx.NetX duo and send tcp stream with function "wiced_tcp_send_buffer()" the function is return "WICED_SUCCESS" but the wireshark capture is not OK

when PC is not receive packet and it answer with TCP dup ack but Netx duo is not retransmit a loss packet, it send the next packet forward.

i open socket with default in " nx_tcp_socket_transmit_configure(&socket->socket, WICED_TCP_TX_DEPTH_QUEUE, WICED_TCP_SEND_TIMEOUT/WICED_TCP_TX_RETRIES, WICED_TCP_TX_RETRIES, 0);"

can any one help me to configuration NetX duo?

or

NetX duo has a callback function to handler this error?