pdii's Content - Netduino Forums
   
Netduino home hardware projects downloads community

Jump to content


The Netduino forums have been replaced by new forums at community.wildernesslabs.co. This site has been preserved for archival purposes only and the ability to make new accounts or posts has been turned off.

pdii's Content

There have been 9 items by pdii (Search limited from 29-March 23)


By content type

See this member's

Sort by                Order  

#63993 SSL not working?

Posted by pdii on 27 August 2015 - 06:43 AM in Netduino 3

I just read your post.  Here it is if others are interested.

 

Based on line 71 of apqpnetlite's TcpTransport class, how is verification of the peer being performed when null is being passed for the certificate in the AuthenticateAsClient method?

 

It is my understanding that we need to provide the root CA's cert for the endpoint we want to connect to in order for verification to be performed.




#63957 SSL not working?

Posted by pdii on 23 August 2015 - 09:46 PM in Netduino 3

Ahh, so it seems this because the Netduino implementation of SslStream for the CC3100 hasn't yet implemented certificate validation.  I'm assuming that the reason why you did reference HttpsAuthentCerts in your other blog post was because you were using a FezSpider and they must have implemented certificate validation in their SslStream?

 

Thanks for the link to AMQPLite.  However, since AMQPS is just a protocol like HTTPS, won't it rely on Netduino's implementation of SslStream and won't it run into the same issues as HTTPS on a N3W?

 

Chris, is this true?  Although the N3W hardware supports SSL 3.0 and TLS 1.2, we'll need an update to Netduino.IP / the CC3100 firmware (not sure if I'm using the proper terminology here) before the N3Ws will be able to communicate securely w/o a gateway device in front of them?

 

If not, would you mind adding happy and sad path test cases to the NetduinoIP_StackTests.zip project you refereed to here so that we can see how to get this working?

 

Thank you!




#63917 SSL not working?

Posted by pdii on 17 August 2015 - 01:48 PM in Netduino 3

Thanks for the response KiwiDev.  I read a few of your blog posts while investigating this issue.

 

One thing that I didn't quite understand is why you didn't use the HttpWebRequest.HttpsAuthentCerts property in the netduino post and the blog entry you've linked to like you did in one of your other blog posts.  Under what scenarios do you and don't you need to use this property?

 

I'm new to .NET MF, so apologies if this is a stupid question.




#63886 SSL not working?

Posted by pdii on 14 August 2015 - 09:39 PM in Netduino 3

I just got my hands on a few N3Ws and was most interested in their support for SSL/TLS.  The #1 thing I want to do with these is send data to an Event Hub in Azure.

It is my understanding that:

  • To connect to https:// or amqps://<event_hub_namespace>-ns.servicebus.windows.net/<event_hub_name> my N3W will need to have the root CA cert for the *.servicebus.windows.net certificate available to validate each call to my event hub.
  • .NET MF doesn’t include root CA certificates due to space constraints and therefore I must embed the root CA for any endpoint to which I want to establish a SSL connection with the project that is deployed to my N3W.  I followed the advice here to acquire the CA certificate for my event hub.
  • For SSL to work on .NET MF, my N3W needs
    • to have an accurate device time (which it can acquire via a NTP server)
    • the “SSL seed” needs to be generated using the MFDeploy tool (not exactly sure why or in which scenarios I need to regen again)
  • I can’t use the portable http client because it doesn’t support .NET MF, and instead must use either:
    1. HttpWebRequest and pass the embedded CA cert for the event hub endpoint in the HttpWebRequest.HttpsAuthentCerts property.
    2. wrap a NetworkStream generated from a TcpClient in a SslStream and implement the SslStream’s certificateSelection and certificateValidation callbacks (potentially like this) the in order to make this connection.

I’ve tried implementing the HttpWebRequest approach first.  I ran into issues similar to what was described in this post.

 

After facing these issues, I decided that I would try a different endpoint.  I issued a HTTPS GET request to https://www.google.com/.  This seemed to work.  However, it would work if I didn’t present the root CA cert, if I did present the root CA cert and even if I presented the wrong root CA cert in the HttpWebRequest.HttpsAuthentCerts property.  I think this is the same issue that ppatierno raises on the .NET MF's github site.

 

I’m concerned that cert validation isn’t working.  The GET to https://www.google.com scenario makes me think that even if I go through the trouble of adding the root CA cert, I could still fall victim to a man in the middle attack.

 

Has anyone validated that they get some sort of exception when attempting to make an SSL connect to an endpoint that is presenting an invalid cert?

 

In order to get this level of verification, do I need to skip the HttpWebRequest approach and go down the TcpClient/NetworkStream/SslStream approach?

 

Where can I get more details on the purpose of SSL Seed generation?

 

I’m new to .NET MF, so I’m somewhat expecting that there’s just something obviously wrong with my approach.  If not, and if it is helpful, I’m willing to upload a small sample program that illustrates these issues.

 

Thanks in advance for any help you can provide!




#63883 SSL Authentication issues

Posted by pdii on 14 August 2015 - 08:29 PM in Netduino 3

I'll start a separate thread because I don't want to hijack this one, but I wanted to leave a quick note that I too am facing some interesting issues with SSL on my N3W that are very similar to this.




#63855 Introducing Netduino 3 Ethernet

Posted by pdii on 11 August 2015 - 04:45 AM in Netduino 3

Does the Netduino 3 Ethernet support SSL like the Netduino 3 Wifi?




#62908 Netduino GO! Touchscreen and Relay modules

Posted by pdii on 26 May 2015 - 10:01 PM in Netduino Go

Thanks neslekkim, I did find that source code when I was looking into this late last week.

 

I'm a bit concerned that the Relay module might not be supported going forward (GoBus 1.5+).  I bought the Go and the Relay a while ago and have been looking forward to the upcoming Ethernet & Temp/Humidity modules so that I could work on a home automation project (controlling gable fans based on temp & humidity).

 

Are there plans for updated Relay modules that will work on the Go in conjunction with the Ethernet and Temp/Humidity modules?

Thanks!




#62881 Netduino GO! Touchscreen and Relay modules

Posted by pdii on 26 May 2015 - 05:41 AM in Netduino Go

I recently updated my Netduino Go's firmware to 4.3.2 (b1).  Now it appears that my nwazet Relay isn't working anymore.  I don't have the exception in front of me, but it looked like naming of GoPort/GoSocket base classes that the Relay drivers implemented have changed.

 

Is this a known issue?




#61386 Netduino.IP Technical Preview (Build 1)

Posted by pdii on 27 January 2015 - 06:58 PM in Netduino.IP Technical Preview

I don't have an NP2, but I do have the Go.  Is at TP for the Go and the Go's Ethernet module on the horizon?  I would love to test this out.





home    hardware    projects    downloads    community    where to buy    contact Copyright © 2016 Wilderness Labs Inc.  |  Legal   |   CC BY-SA
This webpage is licensed under a Creative Commons Attribution-ShareAlike License.