- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The https_client test fails:
Resolving IP address of HTTPS server␍␊
Server is at 54.243.145.223␍␊
Getting '/'...␍␊
Read the certificate Key from DCT␍␊
netconn_connect start_tls
Get failed: 4␍
Note, it was working in sdk-5.1, so this is clearly a regression.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Error has been reproduced and I have raised a ticket on this. The error code I found was MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was able to copy https_client from WICED 5.1 into my WICED 5.2 repository and that worked fine. The code is pretty much the same except for the website that is accessed and the CA certificate. www.httpbin.org replaced www.google.com(WICED 5.1). I suspect if you get a new CA certificate from www.httpbin.org that would fix this issue, but there is another problem with TLS in WICED 5.2. After I download about 200 KB the data becomes corrupted. I run the same exact code in WICED 5.1 and I can download a full half MB system image and boot into it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
webmstreric wrote:
I was able to copy https_client from WICED 5.1 into my WICED 5.2 repository and that worked fine. The code is pretty much the same except for the website that is accessed and the CA certificate. www.httpbin.org replaced www.google.com(WICED 5.1). I suspect if you get a new CA certificate from www.httpbin.org that would fix this issue, but there is another problem with TLS in WICED 5.2. After I download about 200 KB the data becomes corrupted. I run the same exact code in WICED 5.1 and I can download a full half MB system image and boot into it.
Thanks for testing it.
There are some issues with TLS in SDK-5.2.
I'm still waiting for the fix or next release.
But I'm a little bit nervous about when will the fix available because with such issue SDK-5.2 cannot be used.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This snip has been removed from WICED SDK 6.0 onwards. It used the https_client library which has been deprecated and replaced by HTTP_client used by snip.httpbin_org.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
grsr wrote:
This snip has been removed from WICED SDK 6.0 onwards. It used the https_client library which has been deprecated and replaced by HTTP_client used by snip.httpbin_org.
The snip.https_client uses totally different API set with snip.httpbin_org.
The different APIs are design with totally different philosophy.
So I believe remove the snip code is another mistake.
For example, it's impossible to implement http request with keepalive which can reuse existing
session with snip.httpbin_org becasue snip.httpbin_org uses the tcp callback API.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
grsr wrote:
This snip has been removed from WICED SDK 6.0 onwards. It used the https_client library which has been deprecated and replaced by HTTP_client used by snip.httpbin_org.
snip/https_client still in sdk-6.1 and the test still shows the same error.
https_client is just a simple snip code, if it does not work it usually means
something wrong in either BESL or the snip code it self.
From the reply in 2017/9/27 in this thread, you already found the MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE error,
Should fix it rather than remove the snip code.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We shall not support the old HTTP library and their APIs anymore. It is clearly mentioned in API_updates.txt. We recommend you to move to httpbin_org which uses the new HTTP library. The https_client example must have been added by mistake. It should be removed from the SDK.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The https_client is just a snip code, I have no objection if you really want to remove it.
However, removing a existing library is different.
It seems you assume there are no users using the old HTTP library which is obviously wrong.
People using new sdk versions usually expect the existing application can still work.
Removing a existing library means people need to re-program the existing applications.
In additional, you should check if the problem is in the snip code itself or BESL library as you
also said you already found the MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE error.
I mainly worried about the bug in BESL library.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The decision to deprecate the old library was taken by management at a high level. I have escalated your concern internally. I will update this thread if and when I receive feedback.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is the feedback. If you really want to use old HTTP library, it is your choice but in the future it is possible that we can remove it. We recommend users to use new library due to some limitations in old library. If you find any functionality which was there in old library but not part of new one, then we can add that in new library.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
grsr wrote:
Here is the feedback. If you really want to use old HTTP library, it is your choice but in the future it is possible that we can remove it. We recommend users to use new library due to some limitations in old library. If you find any functionality which was there in old library but not part of new one, then we can add that in new library.
What is the limitations in old library?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The old HTTP library is not efficient in terms of CPU usage. When you call wiced_https_get it would create socket, initialize TLS context, send the request and block till response is received for all the requests (Synchronous). In new library it does create socket, initialize TLS context done once in init and after that you can send as many request as you want without blocking for the response (Asynchronous).
In the old HTTP library, there is no provision to configure HTTP client parameters such as server name indication (SNI), TLS maximum fragment length. But in the new HTTP library, we can do so. httpbin_org expects SNI extension which cannot be configured in old HTTP library. Also we can use event handler thread to handle HTTP responses.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Your statements are not true, I have all the features you mention in my application using old http library.
The original http library was working fine in sdk-5.1. I don't see any good reason to break it before retire it.
But I'll stop bothering you regarding this topic.