Solved QtCOAP PSK put request to IKEA Tradfri Bridge doesn't work. -> Strange SSL Errors
-
Hi!
I want to write a simple app which controls my IKEA Tradfri light bulbs - Just for fun. The protocol works perfectly as described here: https://freesoft.dev/program/121979476
The following command works as expected when I run it in Terminal:
coap-client -m post -u "Client_identity" -k "$GATEWAYCODE" -e '{"9090":"$USERNAME"}' "coaps://$GATEWAYIP:5684/15011/9063"
Now I try to solve this with QtCOAP. This is my code:
m_coapClient = new QCoapClient(QtCoap::SecurityMode::PreSharedKey, this); QCoapSecurityConfiguration configuration; configuration.setPreSharedKeyIdentity("Client_identity"); configuration.setPreSharedKey("xxxxxxxxxxxxxxxx"); m_configuration = configuration; m_coapClient->setSecurityConfiguration(m_configuration); QCoapRequest request; QUrl url; url.setHost("192.168.10.94"); url.setPort(5684); url.setPath("/15011/9063"); request.setUrl(url); request.setPayload("{\"9090\":\"frime\"}"); m_coapClient->post(request);
But I only get the following error message:
qt.coap.connection: Handshake error: "Im Ablauf des SSL-Protokolls ist ein Fehler aufgetreten: error:14102410:SSL routines:dtls1_read_bytes:sslv3 alert handshake failure"
What am I doing wrong?
Thanks in advance!
Friedemann -
Hi,
What OS are you on ?
What version of Qt are you running ?
What version of OpenSSL do you have ? -
Thanks for fast reply!
What OS are you on ?
Ubuntu 20.04 LTS running in a VirtualBox
What version of Qt are you running ?
5.14.2
What version of OpenSSL do you have ?
OpenSSL 1.1.1f 31 Mar 2020
Thanks in advance!
Best,
Friedemann -
Did you check the network activity with a tool like Wireshark ?
-
This post is deleted! -
I don't really see where the problem is. Unofortunately it is not possible to upload the Wireshark file.
-
-
I found this discussion via google. I think the DTLS version is the problem..
-
But Qt uses the latest version of OpenSSL...
QSslSocket::sslLibraryBuildVersionString()
also returns
OpenSSL 1.1.1f 31 Mar 2020
Maybe a Qt Bug?
-
Did you check the bug report system ?
-
Yep. I have already created a bug report...
https://bugreports.qt.io/browse/QTBUG-84273?filter=-2 -
Thanks !
-
Thanks to the help of Sona Kurazyan in the Qt Bug Tracker everything works now:
From your capture I can see that your client has not used the mandatory ciphers TLS_PSK_WITH_AES_128_CCM* required by CoAP. Some libraries (e.g. libcoap, which is what IKEA Tradfri LightBulb seems to be using) are working only with those ciphers. The problem is, that OpenSSL does not use CCM ciphers by default, and you need to "force" their usage by setting the cipher string to QCoapSecurityConfiguration in the following way:
configuration.setDefaultCipherString("AESCCM");
After adding this line the handshake has worked. But I got a "BadRequest" error now.
It turned out that there was a small Qt bug at another place after all:Just found that the payload set to the request is being ignored when calling post() without data, so the request is sent with an empty payload. I'm assuming that's the difference.
I'll prepare a fix for this.A workaround is to change this line
request.setPayload("{\"9090\":\"frime\"}"); m_coapClient->post(request);
to
m_coapClient->post(request, "{\"9090\":\"frime\"}");
-
Thanks for the follow up !