Disable certificate validation check

Wireless communications in Waspmote, topologies, node types...
Post Reply
barbaran
Posts: 2
Joined: Mon Jan 25, 2016 11:50 am

Disable certificate validation check

Post by barbaran » Mon Dec 16, 2019 12:43 pm

Hi,

We are using a Smart Agriculture 4G and we need to send the information to an HTTPS URL. We are using the public certificate in the Smart Agriculture program. However, when opening the SSL socket we are getting an error. The error code is 20, with no more information.

We assume the problem comes with the remote certificate, as when using an online SSL checker we get that is a valid certificate but "The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider."

At the moment the provider of the SSL certificate is not able to fix it, so we conder if there is a possibility to disable the certificate check, in order to achieve a successful SSL connection.

Here is the initialization of variables:

Code: Select all

// do not specify protocol (only host) example: "softcrits.es"
// char host[] = "enmmgdbxwmv3.x.pipedream.net";
 char host[] = "myhost.es";
char resource[] = "myUrl";
boolean useHttps = true;
// normally 443 for https and 80 for http
uint16_t port = 443;
// ca certificate of the remote server
char httpsCertificate[] =
  "-----BEGIN CERTIFICATE-----\r"\
  "the certificate\r"\
  "-----END CERTIFICATE-----";

const char httpPost[] =
  "POST %s HTTP/1.1\r\n"\
  "Host: %s\r\n"\
  "Content-Type: application/json\r\n"\
  "Content-Length: %d\r\n\r\n";
    
const char jsonFormat[] = 
  "{\"instant\":%lu,\"address\":\"%s\",\"battery\":%u,\"air_temperature\":%d,\"air_humidity\":%s,\"atmospheric_pressure\":%s,"\
  "\"uv_radiation\":%s,\"wind_speed\":%s,\"rain\":%s,\"wind_direction\":%s}";

uint8_t socketId = Wasp4G::CONNECTION_1;

Here is the setup for the 4G:

Code: Select all

void setup()
{


  while(initialize4G() != 0)
  {
    DEBUG(F("Error initializing 4G"));
    delay(1000L);
  }
  Agriculture.ON();
  readSensorAndSend();
}
Here is the code to send data through 4G:

Code: Select all

void readSensorAndSend() 
{

  DEBUG(F("Switching on 4G"));
  uint8_t error = _4G.ON();
  if( error == 0) 
  {
    DEBUG(F("4G on"));
    sendPacket(&sensorData);
    _4G.OFF();
  }
  else 
  {
    DEBUG(F("Error switching on 4g"));
  }
}

uint8_t sendPacket(const SensorData_t *sensorData) 
{
  
  uint8_t error = _4G.checkDataConnection(60);
  if( error != 0) 
  {
    DEBUG(F("Error waiting for data connection"));
    return error;
  }
  _4G.setTimeFrom4G();
  
  const int POST_DATA_BUFFER_SIZE = 800;
  char postData[POST_DATA_BUFFER_SIZE];
  createPostData(sensorData, postData, POST_DATA_BUFFER_SIZE);
  DEBUG(F("Sending post data"));
  DEBUG(postData);

  uint8_t postError;
  if(useHttps) 
  {
    uint8_t error = _4G.openSocketSSL(socketId, host, port);
    if( error != 0) 
    {
      return error;
    }
    
    unsigned int bodyLength = strlen(postData);
    const int POST_REQUEST_BUFFER_SIZE = 1024;
    char postDataBuffer[POST_DATA_BUFFER_SIZE];
    snprintf( postDataBuffer, POST_REQUEST_BUFFER_SIZE, httpPost, resource, host, bodyLength); 
    strcat(postDataBuffer, postData);
    DEBUG(postDataBuffer);
    postError = _4G.sendSSL(socketId, postDataBuffer);
  }
  else 
  {
    postError = _4G.http(Wasp4G::HTTP_POST, host, port, resource, postData);  
  }
  
  if (postError == 0)
  {
    DEBUG(F("4G packet sent ok"));
  }
  else
  {
    DEBUG(F("Error sending 4G packet"));    
  }
  return 0;
}
Is there a way to deactivate the checking of the SSL certificate in the 4G librery?

Many thanks in advance,

Regards,

Javier.

libelium-dev
Posts: 27967
Joined: Mon Sep 28, 2009 1:06 pm

Re: Disable certificate validation check

Post by libelium-dev » Wed Dec 18, 2019 9:31 am

Hi,

Apologies for the delay answering, we're moving our offices and we're overwhelmed those days.

Yes, the server certificate check can be disabled in the 4G module by the AT#SSLSECCFG command. Please go to the 4G library, manageSSL() function, and replace

Code: Select all

	//// 2. Configure security parameters of a SSL socket
	// "AT#SSLSECCFG=1,0,1\r"
	sprintf_P(command_buffer, (char*)pgm_read_word(&(table_IP[34])), socketId+1, 0, 1);
with

Code: Select all

	//// 2. Configure security parameters of a SSL socket
	// "AT#SSLSECCFG=1,0,0\r"
	sprintf_P(command_buffer, (char*)pgm_read_word(&(table_IP[34])), socketId+1, 0, 0);
Let us know if it solves the problem.
Regards

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest