Main Site Documentation

FEZ with SPWF04SA: Failed to open secure socket to Webpages while https request works


#1

I’m exploring the FEZ-WiFi Board with the GHI driver and the examples:
-https://gist.github.com/Arke64/d5439537c76ba67bd28609f31ada4572

I’m able to download this site using TLS socket:

wifi.SetTlsServerRootCertificate(caStackExcange);
TestSocket(“meta.stackoverflow.com”, “/”, 443, SPWF04SxConnectionType.Tcp, SPWF04SxConnectionSecurityType.Tls, “*.stackexchange.com”);

When I try to download my own site -www.roschmionline.de using the ‘OpenSocket’ command of the driver it fails as it doesn’t get the expected response from the SPWF04SA module.
When I use the ‘SendHttpGet’ command of the driver the site is downloaded so that I can be quite sure to have the right certificate.
What can be the reason for this behavior. Can it be that a site refuses to open a socket that can be accessed with the https protocol?
Does anybody know how the network traffic of the module can be monitored with e.g. wireshark?
Regards
Roschmi


#2

image


#3

HaHa, it exists and it exists not :joy:
But thats not the answer to my question :disappointed:


#4

Not looked into it, but just a quickie just for something…

Do you know if you get a ‘400’ Response back (‘Bad request’)
Just looking at the two sites you listed stackoverflow and your site the only obv thing can see is that your site returns 400 if you try and do a HTTP: GET on port 443
Where stackover flow does a redirect to a https page.

Wonder if you add https: to the connection URL or put in a redirect on your web server for any http connections on port 443 to redirect


#5

@PTSS thanks for your answer. Unfortunatley with the WiFi SPWF04Sx module I can not directly see if I get a Http 400 response.
From my TinyCLR C# Code I send the command ‘wifi.OpenSocket’ of the SPWF04Sx driver. This command normally returns the ID of the opened socket.
When I look in the code of the driver I can see that when the operation was successful the SPWF04Sx module returns the IP-Address of the target server
and a socket ID (the module supports several sockets at a time). In the case of my Webpage an empty string is returned. So I guess that a socket could not be opened.
Which tool did you use to send the GET request to test the response?
No, I did not add https to the url. If I add it in my C# code nothing is changed. There is no redirect on the Webpage. I can open the page with http and https.
Perhaps the reason is, that the DNS server returns the IP of the not secure page, which than can not be opened with a secure socket on port 443.

PS: In the meantime I tried the page of google.de. The socket could be opened with TLS.


#6

I now added a redirect to the site with https protocol for requests using port 80 but I still cannot open the socket to my Webpage with FEZ and the SPWF04Sx driver. When I go to the site with the browser and look up the used IP-address with Fiddler I can see an IP6 address of my Webspace provider but I couldn’t manage to come to my page with a browser using this IP6 address (add which other parts of my url ?)


#7

Are you connecting to your site on ports 443? What’s your OpenSocket call look like?

If you can, add the driver to your project instead of the NuGet, https://github.com/ghi-electronics/TinyCLR-Drivers/blob/dev/STMicroelectronics/SPWF04Sx/, and step through the OpenSocket call. What do the four calls to ReadString return?


#8

Hi, @John_Brochue thanks for your answer.
It’s not clear to me why opening a socket to some sites work and for some sites doesn’t work

For example this works:

wifi.SetTlsServerRootCertificate(caGoogle);
TestSocket("www.google.de", "/", 443, SPWF04SxConnectionType.Tcp, SPWF04SxConnectionSecurityType.Tls);

This works not:

wifi.SetTlsServerRootCertificate(Resources.GetBytes(Resources.BinaryResources.Digicert___GHI));
wifi.ForceSocketsTls = true;
wifi.ForceSocketsTlsCommonName = "*.ghielectronics.com";
TestSocket("www.ghielectronics.com", "/robots.txt", 443, SPWF04SxConnectionType.Tcp, SPWF04SxConnectionSecurityType.Tls, "*.ghielectronics.com");

The code of ‘TestSocket’ is:

private static void TestSocket(string host, string url, int port, SPWF04SxConnectionType connectionType, SPWF04SxConnectionSecurityType connectionSecurity, string commonName = null)
    {
        var buffer = new byte[512];
        int id = 0;
        try
        {
            id = wifi.OpenSocket(host, port, connectionType, connectionSecurity, commonName);
        }
        catch (Exception ex)
        {
            var result = ex.Message;
        }
        var cont = true;

        while (cont)
        {
            var start = DateTime.UtcNow;

            wifi.WriteSocket(id, Encoding.UTF8.GetBytes($"GET {url} HTTP/1.1\r\nHost: {host}\r\n\r\n"));

            Thread.Sleep(100);
            var total = 0;

            var first = true;

            while ((wifi.QuerySocket(id) is var avail && avail > 0) || first || total < 120)
            {
                if (avail > 0)
                {
                    first = false;
                    var read = wifi.ReadSocket(id, buffer, 0, Math.Min(avail, buffer.Length));
                    total += read;
                    Debugger.Log(0, "", Encoding.UTF8.GetString(buffer, 0, read));
                }
                Thread.Sleep(100);
            }
            Debug.WriteLine($"\r\nRead: {total:N0} in {(DateTime.UtcNow - start).TotalMilliseconds:N0}ms");
            WaitForButton();
            cont = false;
        }
        wifi.CloseSocket(id);
    }

I have added the driver to my code.

When opening the socket works for example I get:
First: a = ,b = Loading:1:2
Second: a = On:216.58.212.227:0,b =

When opening the socket doesn’t work, both variables a and b stay empty.

The line:

this.FinishCommand(cmd);

is never reached and I get a Type 0x03 message with indication code 0x4A which seems to mean ‘failed to open socket’


#9

To confirm, when you say the above, that is when you try to read robots.txt from our site?


#10

Yes, but only when using TLS.


#11

We did recently renew our SSL cert, try passing null for the common name (this is only needed for certain sites anyway, for many, passing TLS for the connection type is enough).


#12

Thank you @John_Brochue for your advice. ‘Passing null for the common name’ did the trick.
In the meantime I’m making good progress with the SPWF04Sx writing Sensor data to Azure Storage Table service. I’ll post it when I got it ready.
Regards
RoSchmi


#13

Do you write to the table directly or pass through iot hub?


#14

@Gus_Issa I write directly to Azure Stoage Table Service since it only costs some cents per month. It’s easy to use when you can use the Microsoft libraries.
I have examples for Windows WPF and the Beaglebone on Hackster


and on GitHub
-https://github.com/RoSchmi/AzureDataSender_WPF
-https://github.com/RoSchmi/AzureDataSender_Beaglebone
The coming version for FEZ/TinyCLR will use the actually most inexpensive hardware for this purpose which provides TLS secured transmission.


#15

@John_Brochue For the case that you are still working on the SPWF04Sx driver (STM actually unfortunately seems to have abandoned the module)
First to say: In my opinion the driver is really going to be a masterpiece!
However I have one point: If opening of a socket fails because of not choosing the right parameters (arguments) , shouldn’t the method return with an error message?


#16

Ideally it should, yes, there’s still some work that could be done around error handling and recovery. This is certainly something we’ll keep in mind.