Problem with certificates on a Raptor after updating firmware to 4.3.7.10

We have a problem with certificates on a Raptor after updating to 4.3.7.10 firmware. The code worked on the previous firmware (4.3.6.0).

Initially the Raptor just failed and rebooted with an error “Undef Inst” on the display. After changing the X509Certificate constructor parameter from PEM formatted data to raw binary data the error and rebooting was changed to an ArgumentException. Have tried different formats and certificates, but the result is the same. Our code seems to work also on the emulator…

[b]Code:[em]
using System.Security.Cryptography.X509Certificates;

byte[] b64Arr = Resources.GetBytes(Resources.BinaryResources.aventra_sec_ca2); //Base64 encoded certificate in on continues string
string b64Str =Conv.ToString(b64Arr).Trim();
byte[] cert = Convert.FromBase64String(b64Str); // Binary certificate

X509Certificate cer = new X509Certificate(cert);// Throws an ArgumentException
[/em][/b]
Do anyone know what could be done to fix this? Would greatly appreciate any help.

Have you tried updating the ssl seed using mfdeploy?

@ JaS73 - Did you also update TinyBooter?

Ah yes, I also remember having problems surrounding the use of certificates when I wasn’t using the beta version of tinybooter with 2015R1

@ networkfusion -
Thank you for your reply and suggestion. Yes I have now tested to re-seed the SSL using mfdeploy. The udate seed was successful, but it did not help with the problem…
[em]X509Certificate cer = new X509Certificate(cert);// Throws an ArgumentException[/em] with cert param = binary certificate data. If I use the PEM (base64 encoded) format, that works with the 4.3.6.0 firmware, it just hangs and then reboots with display error “Undef Instr” and some additional lines:
Build Date:
Jul 31 2015
07:42:01
cps=0x2000…

@ John -
[em]
Loader (TinyBooter) version information:
4.3.7.7 on this computer.
4.3.7.7 on this device.

The Loader (TinyBooter) is up to date. <<<

Firmware (TinyCLR) version information:
4.3.7.10 on this computer.
4.3.7.10 on this device.

The Firmware (TinyCLR) is up to date. <<<
[/em]
Is this the correct/newest?

@ JaS73 - That is the newest. You shouldn’t need to do any conversion. Just export the certificate on your PC to Base-64 encoded X.509 (.CER) and pass that result directly to the constructor.

@ John -

Yes, that is exactly what we did successfully with the previous firmware version, but I did not work with the new one :frowning:
The reason to convert has been to try something when the “normal” way is not working :slight_smile:

Have double and tripple checked the code. We have a separate developmen environment using the older SDK. Used a second Raptor, still running the old firmware, to verify that there is no other reasons for the problem…

@ JaS73 - Can you try again with the pre-release from earlier today?

@ John - Thank you John and a really great new year!

It seems to work correctly now 8). Will test the hole functionality later this week because I’m traveling and without possibility to test the rest.

When is the next version to be released?

BTW: Here below is the original source code and the one I’m have also now tested. The resource data is a standard PEM (Base64) encoded X509 v3 certificate.
[em]_cfg.CACerts = new X509Certificate[] { new X509Certificate(Resources.GetBytes(Resources.BinaryResources.aventra_sec_ca)) };[/em]

@ JaS73 - We do not have a date for the final release yet.

Have now tested also the HTTPS communication using SSL with the certificates and everything seems to work correctly 8)

Thank you John and networkfusion for your help!