Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

https GET request is failed for big file download. #24108

Closed
Navin-Sankar opened this issue Apr 5, 2020 · 4 comments
Closed

https GET request is failed for big file download. #24108

Navin-Sankar opened this issue Apr 5, 2020 · 4 comments
Assignees
@jukkar
Labels
area: Networking bug The issue is a bug, or the PR is fixing a bug priority: medium Medium impact/importance bug Waiting for response Waiting for author's response

Comments

@Navin-Sankar
Copy link
Member

The following PR #24107 adds the hawkbit FOTA libary support to update embedded device using http and https mode. HTTP mode is working fine(docker image). Hawkbit https server is build with self signed certificate to run in local network. The HTTPS mode is working when the response size is < 2Kb. While downloading the update image from the server, download is failed and client sent the encrypted alert message to the server to stop the communication.

Wireshark file is attached.

server.ip = 192.168.1.108 & client.ip = 192.168.1.109
frdm_https.zip
@Navin-Sankar Navin-Sankar added the bug The issue is a bug, or the PR is fixing a bug label Apr 5, 2020
@jukkar jukkar added area: Networking priority: medium Medium impact/importance bug labels Apr 6, 2020
@jukkar jukkar self-assigned this Apr 6, 2020
@jukkar
Copy link
Member

jukkar commented Apr 8, 2020

Could you try to increase the value of CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN and retry. That option determines what is the maximum size of the encrypted packet, default value is 1500 bytes.

@Navin-Sankar
Copy link
Member Author

Increased the size of CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN to 4096. But still getting the same response. Attached tls-config file
frdm_https
overlay-tls.conf

CONFIG_MAIN_STACK_SIZE=8192

# TLS configuration
CONFIG_MBEDTLS=y
CONFIG_MBEDTLS_BUILTIN=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=30000
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=4096

CONFIG_NET_SOCKETS_SOCKOPT_TLS=y

@jukkar
Copy link
Member

jukkar commented Apr 30, 2020

I do not have hawkbit environment setup. Do you have any other way to replicate this issue?

@jukkar jukkar added the Waiting for response Waiting for author's response label Apr 30, 2020
@Navin-Sankar
Copy link
Member Author

Changed the TLS Kconfig as per the sample big_http_download.

From

CONFIG_MBEDTLS_HEAP_SIZE=30000
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=4096

to

CONFIG_MBEDTLS_HEAP_SIZE=60000
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=16384

now it's working. Thanks @jukkar

@jukkar jukkar closed this as completed May 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jukkar jukkar

Labels
area: Networking bug The issue is a bug, or the PR is fixing a bug priority: medium Medium impact/importance bug Waiting for response Waiting for author's response
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jukkar @Navin-Sankar