Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

QtCOAP PSK put request to IKEA Tradfri Bridge doesn't work. -> Strange SSL Errors



  • Hi!

    I want to write a simple app which controls my IKEA Tradfri light bulbs - Just for fun. The protocol works perfectly as described here: https://freesoft.dev/program/121979476

    The following command works as expected when I run it in Terminal:

    coap-client -m post -u "Client_identity" -k "$GATEWAYCODE" -e '{"9090":"$USERNAME"}' "coaps://$GATEWAYIP:5684/15011/9063"
    

    Now I try to solve this with QtCOAP. This is my code:

     m_coapClient = new QCoapClient(QtCoap::SecurityMode::PreSharedKey, this);
        
        QCoapSecurityConfiguration configuration;
        configuration.setPreSharedKeyIdentity("Client_identity");
        configuration.setPreSharedKey("xxxxxxxxxxxxxxxx");
        m_configuration = configuration;
        m_coapClient->setSecurityConfiguration(m_configuration);
        QCoapRequest request;
        QUrl url;
        url.setHost("192.168.10.94");
        url.setPort(5684);
        url.setPath("/15011/9063");
        request.setUrl(url);
        request.setPayload("{\"9090\":\"frime\"}");
        m_coapClient->post(request);
    

    But I only get the following error message:

    qt.coap.connection: Handshake error:  "Im Ablauf des SSL-Protokolls ist ein Fehler aufgetreten: error:14102410:SSL routines:dtls1_read_bytes:sslv3 alert handshake failure"
    

    What am I doing wrong?

    Thanks in advance!
    Friedemann


  • Lifetime Qt Champion

    Hi,

    What OS are you on ?
    What version of Qt are you running ?
    What version of OpenSSL do you have ?



  • Thanks for fast reply!

    What OS are you on ?

    Ubuntu 20.04 LTS running in a VirtualBox

    What version of Qt are you running ?

    5.14.2

    What version of OpenSSL do you have ?

    OpenSSL 1.1.1f 31 Mar 2020

    Thanks in advance!

    Best,
    Friedemann


  • Lifetime Qt Champion

    Did you check the network activity with a tool like Wireshark ?



  • This post is deleted!


  • I don't really see where the problem is. Unofortunately it is not possible to upload the Wireshark file.

    Screenshot 2020-05-17 at 11.43.28.png



  • Screenshot 2020-05-17 at 11.43.14.png



  • I found this discussion via google. I think the DTLS version is the problem..

    https://www.qt.io/blog/2019/06/06/introducing-qtcoap

    Screenshot 2020-05-17 at 15.30.44.png



  • But Qt uses the latest version of OpenSSL...

    QSslSocket::sslLibraryBuildVersionString()
    

    also returns

    OpenSSL 1.1.1f 31 Mar 2020
    

    Maybe a Qt Bug?


  • Lifetime Qt Champion

    Did you check the bug report system ?



  • Yep. I have already created a bug report...
    https://bugreports.qt.io/browse/QTBUG-84273?filter=-2


  • Lifetime Qt Champion

    Thanks !



  • Thanks to the help of Sona Kurazyan in the Qt Bug Tracker everything works now:

    From your capture I can see that your client has not used the mandatory ciphers TLS_PSK_WITH_AES_128_CCM* required by CoAP. Some libraries (e.g. libcoap, which is what IKEA Tradfri LightBulb seems to be using) are working only with those ciphers. The problem is, that OpenSSL does not use CCM ciphers by default, and you need to "force" their usage by setting the cipher string to QCoapSecurityConfiguration in the following way:

    configuration.setDefaultCipherString("AESCCM");
    

    After adding this line the handshake has worked. But I got a "BadRequest" error now.
    It turned out that there was a small Qt bug at another place after all:

    Just found that the payload set to the request is being ignored when calling post() without data, so the request is sent with an empty payload. I'm assuming that's the difference.
    I'll prepare a fix for this.

    A workaround is to change this line

    request.setPayload("{\"9090\":\"frime\"}");
    m_coapClient->post(request);
    

    to

    m_coapClient->post(request, "{\"9090\":\"frime\"}");
    

  • Lifetime Qt Champion

    Thanks for the follow up !


Log in to reply