Mbed forum

Basic question on ssl_client1.c

(Bill Colias) #1

I’ve implemented mbed_tls on an embedded non-linux platform and I am running ssl_client1.c. It works in getting the mbed.org & google.com website using port 443, but mine “ampedrftech.com/test.html” I get a not found 404 error. Could someone tell me why this happens?

(Ron Eldor) #2

Hi Bill,
The ssl_client1 is a simple HTTP1.0 example using TLS.
I believe that http://ampedrftech.com/test.html is in HTTP 1.1
Note that using TLS you will also need to set the CA root certificate, in order to make the certificate verification succeed. ( with mbedtls_ssl_conf_ca_chain )
When I changed the command to “GET / HTTP/1.1\r\n” , I got the 400 Bad request error.

(Bill Colias) #3

Hi Ron,
Doesn’t the 400 Bad request error you got mean that the website is not HTTP1.1? Regardless, using Chrome and IE does bring up the page correctly in HTTPS. I also verified that Chrome switches to http2 when bringing it up.

My intent in all this is to access a simple page or data over https much like how Chrome or any other browser can. With a common browser, I don’t need to set a CA root certificate. Why must I do that?

(Ron Eldor) #4

Hi Bill,
The 400 bad request I got was an HTTP 1.1 message.
So I assume the website I was connecting uses HTTP 1.1 protocol.

Since you are connecting to a server, that sends a certificate, your client needs to verify it’s certificate. The certificate is signed by a CA, and you need to set a trusted root CA certificate in your client.

Note that every browser has a CA certificate store. If it is trying to connect to a website which certificate is not known \ verified, you will get a security warning \ error from your browser as well.