I trying to get a program working on the Arduino Uno WiFi Rev2 which sends a GET request to a Hue Light System (Hue Bridge) on a local network. I am using Arduino's WiFiNINA library to send a GET request (example below). When I try this (configured with my request data) the connection fails. That is,
if (client.connect(server, 443)) {...};
exits as no connection is established.
I believe this is because there is some SSL certification issue. HTTP connections work fine; HTTPS connections to sites like google also work fine. I've flashed the provided CA Certificate for the Hue Light System successfully, but there remains the issue of common name validation as I am connecting to an IP and not the actual subject in the CA Cert.
Seeing as this is just a small project and will be on my local network, I would like to just bypass the SSL certification step entirely and connect insecurely. However, it seems that WiFiNINA doesn't offer this functionality.I have seen this option with other libraries, such as ArduinoBearSSL (through BearSSLClient::setInsecure(SNI insecure)). However, when I try to upload a program compiled using this library the sketch is too large for the Arduino.
Is there a way to disable the SSL Certificate Verification through the WiFiNINA (or any compatible WiFi library)?
Alternatively, I could try the other recommended work arounds. Such as adding a custom hostname verifier or a custom DNS rule which resolves the correct hostname to the internal IP address. I am not sure how to start going about these methods, however.
Example GET request program with WiFiNINA
/*
This example creates a client object that connects and transfers
data using always SSL.
It is compatible with the methods normally related to plain
connections, like client.connect(host, port).
Written by Arturo Guadalupi
last revision November 2015
*/
#include <SPI.h>
#include <WiFiNINA.h>
#include "arduino_secrets.h"
///////please enter your sensitive data in the Secret tab/arduino_secrets.h
char ssid[] = SECRET_SSID; // your network SSID (name)
char pass[] = SECRET_PASS; // your network password (use for WPA, or use as key for WEP)
int keyIndex = 0; // your network key index number (needed only for WEP)
int status = WL_IDLE_STATUS;
// if you don't want to use DNS (and reduce your sketch size)
// use the numeric IP instead of the name for the server:
//IPAddress server(74,125,232,128); // numeric IP for Google (no DNS)
char server[] = "www.google.com"; // name address for Google (using DNS)
// Initialize the Ethernet client library
// with the IP address and port of the server
// that you want to connect to (port 80 is default for HTTP):
WiFiSSLClient client;
void setup() {
//Initialize serial and wait for port to open:
Serial.begin(9600);
while (!Serial) {
; // wait for serial port to connect. Needed for native USB port only
}
// check for the WiFi module:
if (WiFi.status() == WL_NO_MODULE) {
Serial.println("Communication with WiFi module failed!");
// don't continue
while (true);
}
String fv = WiFi.firmwareVersion();
if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
Serial.println("Please upgrade the firmware");
}
// attempt to connect to WiFi network:
while (status != WL_CONNECTED) {
Serial.print("Attempting to connect to SSID: ");
Serial.println(ssid);
// Connect to WPA/WPA2 network. Change this line if using open or WEP network:
status = WiFi.begin(ssid, pass);
// wait 10 seconds for connection:
delay(10000);
}
Serial.println("Connected to WiFi");
printWiFiStatus();
Serial.println("\nStarting connection to server...");
// if you get a connection, report back via serial:
if (client.connect(server, 443)) {
Serial.println("connected to server");
// Make a HTTP request:
client.println("GET /search?q=arduino HTTP/1.1");
client.println("Host: www.google.com");
client.println("Connection: close");
client.println();
}
}
void loop() {
// if there are incoming bytes available
// from the server, read them and print them:
while (client.available()) {
char c = client.read();
Serial.write(c);
}
// if the server's disconnected, stop the client:
if (!client.connected()) {
Serial.println();
Serial.println("disconnecting from server.");
client.stop();
// do nothing forevermore:
while (true);
}
}
void printWiFiStatus() {
// print the SSID of the network you're attached to:
Serial.print("SSID: ");
Serial.println(WiFi.SSID());
// print your board's IP address:
IPAddress ip = WiFi.localIP();
Serial.print("IP Address: ");
Serial.println(ip);
// print the received signal strength:
long rssi = WiFi.RSSI();
Serial.print("signal strength (RSSI):");
Serial.print(rssi);
Serial.println(" dBm");
}
Because of the API the Hue offers, you have to use HTTPS.I would like to skip the SSL verification, but WiFiNINA doesn't seem to offer a way to allow insecure connections.
They have provided a CA certificate (which I have managed to flash to the WiFi chip), but there remains issues which prevent this SSL