Basic question on ssl_client1.c

I’ve implemented mbed_tls on an embedded non-linux platform and I am running ssl_client1.c. It works in getting the mbed.org & google.com website using port 443, but mine “ampedrftech.com/test.html” I get a not found 404 error. Could someone tell me why this happens?
Bill

Hi Bill,
The ssl_client1 is a simple HTTP1.0 example using TLS.
I believe that http://ampedrftech.com/test.html is in HTTP 1.1
Note that using TLS you will also need to set the CA root certificate, in order to make the certificate verification succeed. ( with mbedtls_ssl_conf_ca_chain )
When I changed the command to “GET / HTTP/1.1\r\n” , I got the 400 Bad request error.

Hi Ron,
Doesn’t the 400 Bad request error you got mean that the website is not HTTP1.1? Regardless, using Chrome and IE does bring up the page correctly in HTTPS. I also verified that Chrome switches to http2 when bringing it up.

My intent in all this is to access a simple page or data over https much like how Chrome or any other browser can. With a common browser, I don’t need to set a CA root certificate. Why must I do that?

Hi Bill,
The 400 bad request I got was an HTTP 1.1 message.
So I assume the website I was connecting uses HTTP 1.1 protocol.

Since you are connecting to a server, that sends a certificate, your client needs to verify it’s certificate. The certificate is signed by a CA, and you need to set a trusted root CA certificate in your client.

Note that every browser has a CA certificate store. If it is trying to connect to a website which certificate is not known \ verified, you will get a security warning \ error from your browser as well.