Community Tip - When posting, your subject should be specific and summarize your question. Here are some additional tips on asking a great question. X
Hello,
I have a localized Thingworx server setup on my PC for bench testing. I've followed the installation instructions and substituted the connector protocol to the one provided. The ip of this machine is 192.168.10.100
<Connector port="80" protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="20000"
redirectPort="8443" />
Anyway, my edge device is a Linux board. It compile ok and creates a binary. I've set the TW_HOST as "192.168.10.100" and set TLS to none for development.
#define NO_TLS
Below is the output. Note that I'm unable to connect to the server. I can ping the server though. Am I missing anything?
[FORCE] 2015-08-08 03:45:05,169: Starting up
[DEBUG] 2015-08-08 03:45:05,171: twWs_Create: Initializing Websocket Client for 192.168.10.100:80//Thingworx/WS
[DEBUG] 2015-08-08 03:45:05,171: twTlsClient_Create: Initializing TLS Client
[DEBUG] 2015-08-08 03:45:05,174: subscribedPropsMgr_Initialize: Initializing subscribed properties manager
[TRACE] 2015-08-08 03:45:05,175: twApi_Connect: Delaying 0 milliseconds before connecting
[DEBUG] 2015-08-08 03:45:05,176: twTlsClient_Reconnect: Re-establishing SSL context
[DEBUG] 2015-08-08 03:45:05,176: twTlsClient_Connect: Connecting to server
[ERROR] 2015-08-08 03:45:05,183: Error intializing SSL connection
[ERROR] 2015-08-08 03:45:05,183: twWs_Connect: Error restarting socket. Error 0
[DEBUG] 2015-08-08 03:45:10,184: twTlsClient_Reconnect: Re-establishing SSL context
[DEBUG] 2015-08-08 03:45:10,185: twTlsClient_Connect: Connecting to server
[ERROR] 2015-08-08 03:45:20,196: Error intializing SSL connection
[ERROR] 2015-08-08 03:45:20,197: twWs_Connect: Error restarting socket. Error 32
[DEBUG] 2015-08-08 03:45:25,197: twTlsClient_Reconnect: Re-establishing SSL context
[DEBUG] 2015-08-08 03:45:25,198: twTlsClient_Connect: Connecting to server
[ERROR] 2015-08-08 03:45:35,207: Error intializing SSL connection
[ERROR] 2015-08-08 03:45:35,208: twWs_Connect: Error restarting socket. Error 32
Looks like it didn't take the No TLS switch? Which SDK and what version are you using?
I had a simmilar problem.
My Thing (RaspberryPi) can't connect to the Server. My research showed that SSLv3 was disabled on Server because of the Poodle Exploit (Google Online Security Blog: This POODLE bites: exploiting the SSL 3.0 fallback) (SSL Handshake failed, see also security - How do I list the SSL/TLS cipher suites a particular website offers? - Super User)
So i changed the TLS lib to OpenSSL and now everything works.
BTW: i also can't use the NO_TLS switch becauce the server automaticly switches all incomming connections to a secure connection.
Hello Gerard,
Since you disable TLS, try to call those two after twApi_Initialize:
twApi_SetSelfSignedOk();
twApi_DisableCertValidation();
If it still doesn't work -- try to undefine NO_TLS, so that it actually uses TLS and correct port.
Hello Constantine,
Even I am facing same problem. I added line "#define NO_TLS" in my app.c code and called those two APIs. but no luck. I have tried this in previous version and it used to work. But I had changed to No_TLS in some other file, I think it was in .h file. Can not remember which one and now trying to figure out. I do not want TLS for development purpose at all.
I get below errors. If NO_TLS is defined, then it should not start with tls client. Am I right?
DEBUG] 2015-10-20 21:33:30,654: twTlsClient_Create: Initializing TLS Client
[DEBUG] 2015-10-20 21:33:46,809: twTlsClient_Close: Disconnecting from server
[ERROR] 2015-10-20 21:33:46,809: twWs_Create: Error creating BSD socket to be used for the websocket
[ERROR] 2015-10-20 21:33:46,809: twApi_Initialize: Error creating websocket structure
[ERROR] 2015-10-20 21:33:46,809: Error initializing the API
Can you please help
Thanks
Satish
Hi,
I figured out.
In twTls.c, set below settings to FALSE. So NO_TLS is not enough.
tls->isEnabled = FALSE
tls->validateCert = FALSE
Thank
Satish
Hello Satish,
As far as I can tell, the NO_TLS is not used at all, at least I couldn't grep for it. To me it looks like some left-over old macro, which has no effect whatsoever.
What I do for testing is enabling TLS on the Tomcat side and then using the two calls I mentioned to allow self-signed certificates and disable the validity checks. You can see that twApi_DisableCertValidation() actually does tls->validateCert = FALSE, and as soon as you call it from the right place you don't have to do it twice.
You won't be using the SDK without TLS in production anyway, so why wasting your time on turning it off in the first place, when you can leave it on and just generate a dummy certificate? After the testing phase you can configure the real self-signed certificate for axTLS, and for production you'll probably get a real certificate from a CA.
/ Constantine
Hello Constantine,
Agree, but in my case twApi_DisableCertValidation() was not doing what it was supposed to do. As I said, I did add call twApi_DisableCertValidation(). But it was still using TLS.
Regards
Satish
That's correct, it still uses TLS, it just doesn't check the validity of your Tomcat certificate. You still have to use port 443 or 8443 or whatever you configured for TLS in Tomcat.