Skip to main content
yoann LBY
yoann LBY
Senior
January 16, 2018
Solved

SPWF04Sx - AT-S.Http Client Error:1

  • January 16, 2018
  • 3 replies
  • 2320 views
Posted on January 16, 2018 at 18:30

Hi,

SPWF04Sx with FW1.1.0, mode miniAP

i loaded certificat in the wifi module

CA, cert and key based on 

ECC (

prime256v1 aka NIST P-256)

and i run cmd

AT+S.HTTPGET

.

I have error:

+WIND:29:DHCP Reply:192.168.0.2:02:A9:D2:A0:FF:A0

AT+S.HTTPGET=192.168.0.2,tls/cert.pem,443,2,,,ServerCert.pem,

AT-S.Http Client Error:1

AT-S.ERROR:111:Request failed

192.168.0.2 is IP of computer connected to wifi of the module wifi and module wifi try to connect (HTTPS client) to the computer to download ServerCert.pem file. 

Do you see a problem?

Thks

Yoann

This topic has been closed for replies.
Best answer by Elio Cometti
Posted on February 20, 2018 at 17:11

Hi Yoann,

my apologizes for the delay.

I was not well informed. Actually the 2.5K limits refer to each certificate in the bundle received from a peer. This apply to certificates received from a server (1way/mutual authentication) and to certificates received from a client (mutual authentication).

Instead, the size of the certificate bundle stored in 'cert' section or in 'tls.cert' file must be limited to 1475 bytes.

Regards,

Elio

3 replies

Elio Cometti
Elio Cometti
Visitor II
January 16, 2018
Posted on January 16, 2018 at 18:50

AT-S.Http Client Error:1 is actually printed when the connection to the specified host (192.168.0.2) is refused, that is not a process listening on the specified port (443) or a firewall is denying the access.

Is this your case?

yoann LBY
yoann LBYAuthor
Senior
January 18, 2018
Posted on January 18, 2018 at 10:33

 ,

 ,

Hi,

first error was because on host (192.168.0.2) path was not good (tls/cert.pem).

Now, i have new error:

AT+S.HTTPGET=192.168.0.2,tls/cert.pem,443,2,,,ServerCert.pem,

 ,

AT-S.Skip CA

 ,

AT-S.Skip CA

 ,

AT-S.Loading:1:2

 ,

AT-S.Loading:2:2

 ,

AT-S.Loading:3:2

 ,

AT-S.Http Server Status Code:400

 ,

AT-S.Http Server Error:400

 ,

AT-S.ERROR:111:Request failed

on host, log server is:

certifs_1 , | 2018/01/17 17:50:32 [info] 6 ♯ 6: *2 client SSL certificate verify error: (21:unable to verify the first certificate) while reading client request headers, client: 192.168.0.1, server: , request: 'GET /tls/cert.pem HTTP/1.1', host: '192.168.0.2'

the problem is it the compatibility with spwf04sx ,supported ciphhers? PEM-encoded long term bundle containing 3 ECC

(

prime256v1 aka NIST P-256) certificates.

Thanks

Yoann

Elio Cometti
Elio Cometti
Visitor II
January 18, 2018
Posted on January 18, 2018 at 11:31

Hi Yoann,

from SPWF04Sx log, it seems the mutual authentication succeeded, whereas the HTTP server has refused the connection (Bad Request). Please note that the Http Server Status Code is received from HTTP server.

A TCP/TLS problem would be reported as Http Client Error/Certificate Error (a TLS error would be propagated back to the client).

Anyway, you can further diagnose the TLS connection by means of the SOCKON command. Following an example I have done on my module (1-way authentication):

- wrong certificate (CA certificate not found):

AT+S.HTTPGET=192.168.1.112,,443,2,,,,

AT-S.Certificate Error:23

AT-S.Http Client Error:2

AT-S.ERROR:111:Request failed

AT+S.SOCKON=192.168.1.112,443,,s

AT-S.Certificate Error:23

AT-S.ERROR:74:Failed to open socket

- good certificate, page not found

AT+S.HTTPGET=192.168.1.129,,443,2,,,,

AT-S.Loading:1:1

AT-S.Http Server Status Code:404

AT-S.Http Server Error:404

AT-S.ERROR:111:Request failed

AT+S.SOCKON=192.168.1.129,443,,s

AT-S.Loading:1:1

AT-S.On:192.168.1.129:0

AT-S.OK

+WIND:58:Socket Closed:0:0  <-- the connection was closed by the Apache HTTP server after a timeout

Hope it helps, otherwise please send a wireshark log of the transaction.

Regards,

Elio

yoann LBY
yoann LBYAuthor
Senior
February 9, 2018
Posted on February 09, 2018 at 17:09

Hi Elio,

did you receive with Gerardo GALLUCCI the certificat set i sent him?

with size <2.5KB ECC bundle x3, what is the problem?

Thanks

Yoann 

Elio Cometti
Elio ComettiAnswer
Visitor II
February 20, 2018
Posted on February 20, 2018 at 17:11

Hi Yoann,

my apologizes for the delay.

I was not well informed. Actually the 2.5K limits refer to each certificate in the bundle received from a peer. This apply to certificates received from a server (1way/mutual authentication) and to certificates received from a client (mutual authentication).

Instead, the size of the certificate bundle stored in 'cert' section or in 'tls.cert' file must be limited to 1475 bytes.

Regards,

Elio

Terms & ConditionsAccessibility statement