Complete
over 5 years ago

WERETECH-8281

Addressing this is going to be in the realm of our WiFi team, but it looks like this won't be on their radar for quite some time. As of right now, we are assuming this will not be addressed.

Simulator dislikes Let's Encrypt Certs?

I'm seeing the simulator return responseCode=0 for SSL requests that involve a Let's Encrypt SSL Certificate.

Comodo certs (which I used to use) seem to work fine as does a 'naked', non-SSL request.

This is occurring on a Mac / Mojave running CIQ 3.0.11.

The following test case demonstrates the issue:

using Toybox.Application;
using Toybox.Communications as Comm;
using Toybox.System;

class LetsEncryptSSLTestApp extends Application.AppBase {
    function initialize() {
        AppBase.initialize();
    }

    private function showResult(testName, responseCode) {
        //System.println("responseCode=" + responseCode);
        var status = (responseCode == 200) ? "OK" : "FAIL";
        System.println("[ " + status + " ] " + testName);
    }

    private function makeTestJSONRequest(url, callback) {
        //System.println("Making request to url=" + url);
        Comm.makeWebRequest(url, {}, {
            :method => Comm.HTTP_REQUEST_METHOD_GET,
            :headers => { "Content-Type" => Comm.REQUEST_CONTENT_TYPE_JSON },
            :responseType => Comm.HTTP_RESPONSE_CONTENT_TYPE_JSON
        },
        callback);
    }

    // TEST 1: Test w/ Comodo SSL Cert
    // Success
    function onTestComodoSSLCertResponse(responseCode, data) {
        self.showResult("testComodoSSLCert", responseCode);
        self.testLetsEncryptSSLCert();
    }

    function testComodoSSLCert() {
        self.makeTestJSONRequest("https://reqres.in/api/users/2",
                                 self.method(:onTestComodoSSLCertResponse));
    }

    // TEST 2: Test using Let's Encrypt SSL Cert
    //
    // Fails in simulator
    // Succeeds in curl
    function onTestLetsEncryptSSLCertResponse(responseCode, data) {
        self.showResult("testLetsEncryptSSLCert", responseCode);
        self.testWithoutLetsEncryptSSLCert();
    }

    function testLetsEncryptSSLCert() {
        self.makeTestJSONRequest("https://www.mocky.io/v2/5cf44057330000585d75865a",
                                 self.method(:onTestLetsEncryptSSLCertResponse));
    }

    // TEST 3: Same endpoint as TEST 2 but w/o SSL
    //
    // Succeeds in simulator
    function onTestWithoutLetsEncryptSSLCertResponse(responseCode, data) {
        self.showResult("testWithoutLetsEncryptSSLCert", responseCode);
    }

    function testWithoutLetsEncryptSSLCert() {
        self.makeTestJSONRequest("http://www.mocky.io/v2/5cf44057330000585d75865a",
                                 self.method(:onTestWithoutLetsEncryptSSLCertResponse));
    }

    // onStart() is called on application start up
    function onStart(state) {
        self.testComodoSSLCert();
    }

    // onStop() is called when your application is exiting
    function onStop(state) {
    }

    // Return the initial view of your application here
    function getInitialView() {
        return [ new LetsEncryptSSLTestView() ];
    }
}
Parents
  • A little more information here... If I download the latest trusted CA certificates from Mozilla, I can access reqres.io without error, but continue to get security warnings for mocky.io.

    [ 1:25:47.67] C:\Users\vitek\Desktop>curl --insecure -o cacert.pem https://curl.haxx.se/ca/cacert.pem
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100  220k  100  220k    0     0   588k      0 --:--:-- --:--:-- --:--:--  588k
    
    [ 1:28:39.82] C:\Users\vitek\Desktop>curl --cacert cacert.pem https://www.mocky.io/v2/5cf44057330000585d75865a
    curl: (35) Unknown SSL protocol error in connection to www.mocky.io:443
    
    [ 1:29:05.72] C:\Users\vitek\Desktop>curl --cacert cacert.pem https://reqres.in/api/users/2
    {"data":{"id":2,"email":"[email protected]","first_name":"Janet","last_name":"Weaver","avatar":"https://s3.amazonaws.com/uifaces/faces/twitter/josephstein/128.jpg"}}
    

Comment
  • A little more information here... If I download the latest trusted CA certificates from Mozilla, I can access reqres.io without error, but continue to get security warnings for mocky.io.

    [ 1:25:47.67] C:\Users\vitek\Desktop>curl --insecure -o cacert.pem https://curl.haxx.se/ca/cacert.pem
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100  220k  100  220k    0     0   588k      0 --:--:-- --:--:-- --:--:--  588k
    
    [ 1:28:39.82] C:\Users\vitek\Desktop>curl --cacert cacert.pem https://www.mocky.io/v2/5cf44057330000585d75865a
    curl: (35) Unknown SSL protocol error in connection to www.mocky.io:443
    
    [ 1:29:05.72] C:\Users\vitek\Desktop>curl --cacert cacert.pem https://reqres.in/api/users/2
    {"data":{"id":2,"email":"[email protected]","first_name":"Janet","last_name":"Weaver","avatar":"https://s3.amazonaws.com/uifaces/faces/twitter/josephstein/128.jpg"}}
    

Children
No Data