ThreadX NetXDuo https client post request problem(NX_SECURE_TLS_UNSUPPORTED_TLS_VERSION 0x110)

Uğur Tümer 0 Reputation points
2024-12-18T14:43:22.2833333+00:00

I'm currently working on sending an HTTPS POST request using NetX Duo. However, I encounter a TLS-related error during the process. i am using cloudflare CA cert(CA works ok i did mqtts).

#define NX_SECURE_TLS_UNSUPPORTED_TLS_VERSION 0x110 /* An incoming record had a valid TLS version, but one that isn't supported. */

Below is the relevant part of my code:

tls_setup_callback

static NX_SECURE_X509_CERT trusted_certificate;
static NX_SECURE_X509_CERT remote_certificate, remote_issuer;
static UCHAR remote_cert_buffer[4096];
static UCHAR remote_issuer_buffer[4096];
static UINT tls_setup_callback(NX_WEB_HTTP_CLIENT *client_ptr, NX_SECURE_TLS_SESSION *tls_session)
{
UINT status;
    /* Initialize and create TLS session.  */
    status = nx_secure_tls_session_create(tls_session, &nx_crypto_tls_ciphers, crypto_metadata_client, sizeof(crypto_metadata_client));
    
    /* Check status.  */
    if (status)
    {
        return(status);
    }
    /* Allocate space for packet reassembly.  */
    status = nx_secure_tls_session_packet_buffer_set(&(client_ptr -> nx_web_http_client_tls_session), tls_packet_buffer, sizeof(tls_packet_buffer));
    /* Check status.  */
    if (status)
    {
        return(status);
    }
    /* Add a CA Certificate to our trusted store for verifying incoming server certificates.  */
    nx_secure_x509_certificate_initialize(&trusted_certificate, (UCHAR*)origin_ca_rsa_root_der, origin_ca_rsa_root_der_len, NX_NULL, 0, NULL, 0, NX_SECURE_X509_KEY_TYPE_NONE);
    nx_secure_tls_trusted_certificate_add(&(client_ptr -> nx_web_http_client_tls_session), &trusted_certificate);
    /* Need to allocate space for the certificate coming in from the remote host.  */
    nx_secure_tls_remote_certificate_allocate(&(client_ptr -> nx_web_http_client_tls_session), &remote_certificate, remote_cert_buffer, sizeof(remote_cert_buffer));
    nx_secure_tls_remote_certificate_allocate(&(client_ptr -> nx_web_http_client_tls_session), &remote_issuer, remote_issuer_buffer, sizeof(remote_issuer_buffer));
    return(NX_SUCCESS);
}
static NX_WEB_HTTP_CLIENT  my_client;
static UINT                error_counter;

void http_request()
{
  NX_PACKET       *recv_packet;
  NX_PACKET       *send_packet;
  UINT            i;
  UINT            status;
  UINT            chunked_size = 0;

  static char pkt[] = {
    0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 /* AAAAAAAAAA */
  };

  /* Create an HTTP client instance.  */
  status = nx_web_http_client_create(&my_client, "HTTP Client", &EthIP, &EthPool, 1536);

  #define SERVER_DNS_NAME "locall.ugurtumer.tech"
  NXD_ADDRESS server_ip_address;
  server_ip_address.nxd_ip_version = 4;
  status = nx_dns_host_by_name_get(&dns_client, (UCHAR *)SERVER_DNS_NAME,
                                &server_ip_address.nxd_ip_address.v4, DEFAULT_TIMEOUT);
  if (status != NX_SUCCESS)
  {
    printf("DNS lookup failed\n");
    Error_Handler();
  }
  printf(
    "Server IP: %lu.%lu.%lu.%lu\n", 
    (server_ip_address.nxd_ip_address.v4 >> 24) & 0xFF, 
    (server_ip_address.nxd_ip_address.v4 >> 16) & 0xFF, 
    (server_ip_address.nxd_ip_address.v4 >> 8) & 0xFF, 
    server_ip_address.nxd_ip_address.v4 & 0xFF
  );

  nx_web_http_client_response_header_callback_set(&my_client, http_response_callback);

  status = nx_web_http_client_post_secure_start(&my_client, &server_ip_address, NX_WEB_HTTPS_SERVER_PORT,
                                        "/index.htm",
                                        "locall.ugurtumer.tech",
                                        NX_NULL, NX_NULL, sizeof(pkt), tls_setup_callback, NX_WAIT_FOREVER);

  printf("Post secure start status: 0x%02X\n", status); // ERROR IS HERE. i got 0x110

  /* Allocate a packet.  */
  status = nx_web_http_client_request_packet_allocate(&my_client, &send_packet, NX_WAIT_FOREVER);
  /* Write data into the packet payload.  */
  nx_packet_data_append(send_packet, pkt, sizeof(pkt), &EthPool, NX_WAIT_FOREVER);

  status = nx_web_http_client_put_packet(&my_client, send_packet, 1 * NX_IP_PERIODIC_RATE);
  if (status)
  {
      nx_packet_release(send_packet);
      error_counter++;
  }

  while (1)
  {

      /* Get response from server.  */
      status = nx_web_http_client_response_body_get(&my_client, &recv_packet, NX_WAIT_FOREVER);

      if (status)
      {
          break;
      }
      else
      {
          chunked_size += recv_packet -> nx_packet_length;
          nx_packet_release(recv_packet);
      }
  }
  printf("Received response body:\n");
  printf("%.*s\n", recv_packet->nx_packet_length, recv_packet->nx_packet_prepend_ptr);

  nx_packet_release(recv_packet);
  nx_packet_release(send_packet);

  status = nx_web_http_client_delete(&my_client);
  if (status)
      error_counter++;
}
  • The server IP address is correct, there is no error in the DNS server.
  • I can send a request to the server via https using TLS v1.2 (you may not be able to send a request when you try, I am using a CF tunnel.)
  • i tried to change nx_web_http_client_post_secure_start other secure funcs but problem still same
Azure RTOS
Azure RTOS
An Azure embedded development suite including a small but powerful operating system for resource-constrained devices.
334 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.