NETMF 4.3, SSL issue, EMX

Hi,

I’m a bit new to this platform and experiencing the following problem:

I’m trying to setup a secure websocket (wss). This used to work on 4.2.11.0.
Now (4.3.6.0) I am getting a not supported exception from the SslNative class SecureClientInit(…).

Message: Exception was thrown: System.NotSupportedException
Stack:
JDI.WebSockets.Net.SslStream::Authenticate
JDI.WebSockets.Net.SslStream::AuthenticateAsClient
JDI.WebSockets.Net.SslStream::AuthenticateAsClient
JDI.WebSockets.Net.SslStreamEx::AuthenticateAsClient
JDI.WebSockets.Client.WebSocketClient::smConnect
JDI.WebSockets.Client.WebSocketClient::WSStateMachine

So I have looked on the forum and see that I need to update ssl seed. So I tried using the FEZ Config -> Deployment (Advanced) -> Update SSL Seed button. When done, I still get the error.
Then I tried using the Microsoft deployment tool (C:\Program Files (x86)\Microsoft .NET Micro Framework\v4.3\Tools\MFDeploy.exe) It says:
Updating SSL seed…
Update Complete!
Still no success (I have restarted/repowered/… no change)
So I tried again and the tool said:
Updating SSL seed…
Created EE.
Update Complete!

I also have tried to add the certifciate (pxf) with it’s password but that didn’t change anything as well.

Can anyone please help me?

@ mrh4x - I would first try to completely reflash the board, including TinyBooter. If that doesn’t fix it, can you post a complete and minimal example that reliably reproduces the error?

Please see:
https://www.ghielectronics.com/community/forum/topic?id=17363&page=1\

I am having trouble with updating the booter.

I have tried Windows 7 and Windows XP and I am still unable to update the SSL seed.

The FEZ Config tool (and MSDeploy) both say that the Update SSL Seed has succeeded. After that I try to use SSL but it shows an error with the Native SSL stream.

Can someone help me please?

@ mrh4x - Can you post a complete and minimal example that shows the issue? Were you able to update your board to the latest SDK?

I update the board to .NET 4.3

https://www.ghielectronics.com/support/netmf
This succeeds and works.

Then I go to:
FEZ Config -> Deployment (Advanced) -> Update SSL Seed button.

This says it succeeded as well.

Then in code I try to setup a secure websocket using: https://jdiwebsocketclient.codeplex.com/

The error it throws Exception System.NotSupportedException - CLR_E_NOT_SUPPORTED (1)
(And please see the post above, the full stacktrace)

@ mrh4x - It is quickest for us to work on the issue for you when you can post a minimal example that shows the issue reliably with nothing else in the project.

protected void DoOpenTcpConnection()
{
// create and init socket
this.socket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
this.socket.SetSocketOption(SocketOptionLevel.Tcp, SocketOptionName.NoDelay, true);
this.socket.SendTimeout = WSConst.SendTimeout;
this.socket.ReceiveTimeout = WSConst.ReceiveTimeout;

        // connect to server
        this.socket.Connect(this.serverEndpoint);

        // get data stream
        if (this.serverUri.Scheme == WSConst.SchemeWSS)
        {
            this.socketStream = new SslStreamEx(this.socket);
            ((SslStreamEx)this.socketStream).AuthenticateAsClient(this.serverUri.Host);
        }
        else
        {
            this.socketStream = new NetworkStream(this.socket, true);
        }

        // go to next state
        this.subState = SubState.SendHandshake;
    }

It crashes on the ssl part.

@ IwantToKnowItAll - I see you are using my Web Socket Client code from codeplex. The code you quoted in your comment above uses my SslStreamEx class, which is a thin wrapper around the Microsoft.SPOT.Net.Security.SslStream class.

A couple of months ago, I tried to upgrade this code to use NETMF 4.3, but ran into the same issue with the AuthenticateAsClient method.


	public class SslStreamEx : Stream
	{
		#region Constructors and IDispose

		public SslStreamEx(Socket socket)
		{
			this.sslStream = new SslStream(socket);
		}

		...

		public void AuthenticateAsClient(string targetHost)
		{
			this.sslStream.AuthenticateAsClient(targetHost);
		}

		...

		private SslStream sslStream;

		...
	}

Hello jasdev,

Okay thanks for the reply. Does that mean that it’s just not possible anymore?

The thing is that I ran the websocket client once on 4.2 which worked (but not stable). So I upgraded to 4.3 and it seems now (even when going back to 4.2) it does not work anymore.

@ IwantToKnowItAll - It should work on 4.3. Perhaps someone on this forum will provide a suggestion. Regarding going back to 4.2, you need to downgrade everything (TinyBooter, the GHI firmware, all the project references, etc) in order to go back to 4.2. I think I tried that and it worked, but I’m not 100% sure.

@ IwantToKnowItAll - I’ve got the connectingthedots running over an SSL connection via AMQP and communicating with AzureServiceBus just kind of fine. I had that message as well and after an error return in MFDeploy SSL Feed update I tried to do it with FezConfig that returned in itself no response at all. Returning to MfDeploy and clicking the update again resulted in a Completed OK message.

After that it ran fine. I used the R5 SDK from GHI, so 4.3.6.0 netmf is on 4.3.1.0 and gadgeteer is on 2.43.1.0.

You can see it here working -> http://dollydots.azurewebsites.net/

Or look at this thread -> https://www.ghielectronics.com/community/forum/topic?id=17946

Or go to this github for another example to try -> https://github.com/MSOpenTech/connectthedots

Edit: Oh, it is on a raptor + enc28 + temphumid (old model)

1 Like