Hi everyone.
I am trying to make a successful mTLS connections between a Linux server and MC60 module.
It is my MC60 function to configure TLS and send a https request:
void implement_tls(void)
{
u8 at_cmd1[512] = {0};
u8 at_cmd[512] = {0};
s32 ret;
s32 len = strlen(ca_cert_pem);
s32 len_url = strlen(url);
Ql_memset(at_cmd,0,sizeof(at_cmd));
sprintf(at_cmd, "AT+QSECWRITE=\"RAM:ca_cert.pem\",%d,100\r\n", len);
callback_stage = 1;
ret = Ql_RIL_SendATCmd(at_cmd, strlen(at_cmd), callback_at_response, NULL, 10000);
if (ret != RIL_AT_SUCCESS) {
APP_DEBUG("-----> ERROR sending QSECWRITE1.\r\n");
}
else {
ret = Ql_RIL_WriteDataToCore((u8*)ca_cert_pem, len);
if (ret != len) {
APP_DEBUG("-----> ERROR1: wrote %d bytes (expected %d)\r\n", ret, len);
} else {
APP_DEBUG("-----> ca_cert_pem success.\r\n");
}
}
Ql_Sleep(1000);
len = strlen(client_cert_pem);
Ql_memset(at_cmd,0,sizeof(at_cmd));
sprintf(at_cmd, "AT+QSECWRITE=\"RAM:client_cert.pem\",%d,100\r\n", len);
ret = Ql_RIL_SendATCmd(at_cmd, strlen(at_cmd), callback_at_response, NULL, 10000);
if (ret != RIL_AT_SUCCESS) {
APP_DEBUG("-----> ERROR sending QSECWRITE2.\r\n");
} else {
ret = Ql_RIL_WriteDataToCore((u8*)client_cert_pem, len);
if (ret != len) {
APP_DEBUG("-----> ERROR2: wrote %d bytes (expected %d)\r\n", ret, len);
} else {
APP_DEBUG("-----> client cert success.\r\n");
}
}
Ql_Sleep(1000);
len = strlen(client_key_pem);
Ql_memset(at_cmd,0,sizeof(at_cmd));
sprintf(at_cmd, "AT+QSECWRITE=\"RAM:client_key.pem\",%d,100\r\n", len);
ret = Ql_RIL_SendATCmd(at_cmd, strlen(at_cmd), callback_at_response, NULL, 10000);
if (ret != RIL_AT_SUCCESS) {
APP_DEBUG("-----> ERROR sending QSECWRITE3.\r\n");
} else {
ret = Ql_RIL_WriteDataToCore((u8*)client_key_pem, len);
if (ret != len) {
APP_DEBUG("-----> ERROR3: wrote %d bytes (expected %d)\r\n", ret, len);
} else {
APP_DEBUG("-----> client key success.\r\n");
}
}
Ql_Sleep(1000);
ret = Ql_RIL_SendATCmd("AT+QSSLCFG=\"ctxindex\",0\r\n", Ql_strlen("AT+QSSLCFG=\"ctxindex\",0\r\n"), NULL, NULL, 10000);
if (ret == RIL_AT_SUCCESS) {
APP_DEBUG("-----> ctxindex success.\r\n");
} else {
APP_DEBUG("-----> ctxindex error.\r\n");
}
Ql_Sleep(1000);
ret = Ql_RIL_SendATCmd("AT+QSSLCFG=\"sslversion\",0,4\r\n", Ql_strlen("AT+QSSLCFG=\"sslversion\",0,4\r\n"), NULL, NULL, 0);
if (ret == RIL_AT_SUCCESS) {
APP_DEBUG("-----> sslversion success.\r\n");
}
Ql_Sleep(1000);
ret = Ql_RIL_SendATCmd("AT+QSSLCFG=\"seclevel\",0,2\r\n", Ql_strlen("AT+QSSLCFG=\"seclevel\",0,2\r\n"), NULL, NULL, 0);
if (ret == RIL_AT_SUCCESS) {
APP_DEBUG("-----> seclevel success.\r\n");
}
Ql_Sleep(1000);
ret = Ql_RIL_SendATCmd("AT+QSSLCFG=\"ciphersuite\",0,\"0xFFFF\"\r\n", Ql_strlen("AT+QSSLCFG=\"ciphersuite\",0,0xFFFF\r\n"), NULL, NULL, 0);
if (ret == RIL_AT_SUCCESS) {
APP_DEBUG("-----> ciphersuite success.\r\n");
}
Ql_Sleep(1000);
ret = Ql_RIL_SendATCmd("AT+QSSLCFG=\"cacert\",0,\"RAM:ca_cert.pem\"\r\n", Ql_strlen("AT+QSSLCFG=\"cacert\",0,\"RAM:ca_cert.pem\"\r\n"), NULL, NULL, 0);
if (ret == RIL_AT_SUCCESS) {
APP_DEBUG("-----> Root CA loaded.\r\n");
}
Ql_Sleep(1000);
ret = Ql_RIL_SendATCmd("AT+QSSLCFG=\"clientcert\",0,\"RAM:client_cert.pem\"\r\n", Ql_strlen("AT+QSSLCFG=\"clientcert\",0,\"RAM:client_cert.pem\"\r\n"), NULL, NULL, 0);
if (ret == RIL_AT_SUCCESS) {
APP_DEBUG("-----> Client cert loaded.\r\n");
}
Ql_Sleep(1000);
ret = Ql_RIL_SendATCmd("AT+QSSLCFG=\"clientkey\",0,\"RAM:client_key.pem\"\r\n", Ql_strlen("AT+QSSLCFG=\"clientkey\",0,\"RAM:client_key.pem\"\r\n"), NULL, NULL, 0);
if (ret == RIL_AT_SUCCESS) {
APP_DEBUG("-----> Client key loaded.\r\n");
}
Ql_Sleep(1000);
ret = Ql_RIL_SendATCmd("AT+QSSLCFG=\"https\",0\r\n", Ql_strlen("AT+QSSLCFG=\"https\",0\r\n"), NULL, NULL, 0);
if (ret == RIL_AT_SUCCESS) {
APP_DEBUG("-----> https success.\r\n");
}
Ql_Sleep(1000);
// Set HTTP server address (URL)
ret = RIL_HTTP_SetServerURL(HTTPS_URL_ADDR, Ql_strlen(HTTPS_URL_ADDR));
APP_DEBUG("<-- Set http server URL, ret=%d -->\r\n", ret);
ret = RIL_HTTP_RequestToGet(100);
APP_DEBUG("<-- Send get-request, ret=%d -->\r\n", ret);
RIL_HTTP_ReadResponse(60, HTTP_RcvData);
}
But i got this on my Nginx log:
“client sent no required SSL certificate while reading client request headers …”
Does anyone have any idea what is wrong with MC60?