Dear all, I have questions about Android SECURED mode, too. I’m using IoTivity-1.3.1 SECURED=1 to create Android client/server apps with the sample SVRs databases from iotivity-1.3.1\resource\csdk\stack\samples\linux\secure\
Scenario1: Android client, sample oic_svr_db_client_devowner Android server, sample oic_svr_db_server plus customized ACE2 of conntype: anon-clear for new resources ð Discovery OK, Get new resources OK. Scenerio2: Android client, sample oic_svr_db_client_devowner Android server, sample oic_svr_db_server ð Discovery OK, Get new resources Failed(UNAUTHORIZED_REQ) client: E/…: org.iotivity.base.OcException: stack error in onGetCallback UNAUTHORIZED_REQ server: D/OIC_SRM: ctx->subjectUuid for request: 00000000-0000-0000-0000-000000000000. D/OIC_SRM: CA_SECURE flag is not set, and Subject ID of requester is NULL; indicates unsecure channel. According to https://wiki.iotivity.org/faq_s |Client selects appropriate channel based on the information it received about the resource via resource discovery. |Marking a resource as 'OC_SECURE' at hosting Server, allows Iotivity stack to include 'secure port' information in discovery responses. I followed https://wiki.iotivity.org/steps_for_enabling_security_in_iotivity_applications to do this: - Client/server SVRs databases are ready. - Client OcPlatform.getDeviceId() is not nil uuid. - Server OcPlatform.registerResource with EnumSet.of(ResourceProperty.DISCOVERABLE, ResourceProperty.OBSERVABLE, ResourceProperty.SECURE) ð After the client discovery finished, the client could just use ocResource.getConnectivityTypeSet() which tells the OcConnectivityType. CT_FLAG_SECURE is not set. Also the client ocResource.get() method are not allowed to set CA_SECURE manually. (BTW, I alse used platformConfig.setAvailableTransportType()); to both client and server side. It won’t impact the result.) The only way I could let Android client set the CA_SECURE flag is by OcPlatform.findResource with EnumSet.of(OcConnectivityType.CT_FLAG_SECURE) However it doesn’t make sence, because the caipadapter.c shows that Multicast discovery won’t trigger CaencryptSsl() Hence the server received an unencrypted message and secure flag set, when the server trys to decrypt it, it leads to bad handshake. Could anyone help me to figure out why the Android client can’t choose a 'secure' channel to get resources from Android server? Thanks. Best Regards, ChiaYu
_______________________________________________ iotivity-dev mailing list iotivity-dev@lists.iotivity.org https://lists.iotivity.org/mailman/listinfo/iotivity-dev
