A secure session was not established (#2541) · Issues · IoTivity / iotivity-classic

A secure session was not established

IoTivity version : 1.3.1.1-RC0

CTT version: 1902.0.3
While testing CT_1_7_4_4 CTT server test case, against IoTivity, CTT not being able to establish a DTLS connection with the IUT.
The test procedure is this:
Step 1: CTT establishes an authenticated session with IUT

Step 2: CTT performs a RETRIEVE on IUT /oic/sec/csr to check the Certificate Signing Request property.

Step 3: CTT generates and signs a new certificate based on the contents of the CSR.

Step 4: CTT performs an UPDATE on IUT /oic/sec/cred to store the certificate chain (the newly generated certificate and CRED_CTT_CA as a chain).

Step 5: CTT performs a RETRIEVE on IUT /oic/sec/cred to retrieve the certificate chain.

Step 6: CTT establishes a new secure session using CRED_CERT_CTT.
At Step 6, this occurs:
3.537s 12:06:46 INFO: Opening secure connection using certificate with CN=uuid:22222222-3333-4444-5555-384447835440

3.537s 12:06:46 DEBUG: DTLS Certificate Client: Opening connection to [fe80::5b79:1022:2e6d:8472%16]:59766

3.537s 12:06:46 DEBUG: DTLS Certificate Client: Initializing session. Advertised cipher suites: C0AE

3.537s 12:06:46 DEBUG: DTLS Certificate Client: -> Client Hello, sequence=0, length=100

3.550s 12:06:46 DEBUG: DTLS Certificate Client: Alert handshake_failure(40) was received

3.550s 12:06:46 INFO: Could not open secure connection using certificate. Handshake failure reason handshake_failure (40)

3.550s 12:06:46 DEBUG: Starting verification with ID:"CT1.7.4.4_Check_5"...

3.551s 12:06:46 ERROR: CT1.7.4.4_Check_5: A secure session was not established

3.551s 12:06:46 DEBUG: Verification with ID:"CT1.7.4.4_Check_5" ended with result: FAILED

3.551s 12:06:46 DEBUG: Starting verification with ID:"CT1.7.4.4_Check_6"...

3.551s 12:06:46 ERROR: CT1.7.4.4_Check_6: The Server did not present a certificate during the DTLS handshake

3.551s 12:06:46 DEBUG: Verification with ID:"CT1.7.4.4_Check_6" ended with result: FAILED
Above test was done by creating a Camera device.

Both CTT and IoTivity Debug Logs are attached.

JIRA migration meta data

JIRA Issue ID: IOT-3294
Reporter: sankarselvam
Assignee: nathanheldtsheller
Creator: sankarselvam
Created at: 2019-07-26T01:56:11.000-0700
Found in Version: 1.3.1.1-RC0
Fix in Version: None
Issue Severity: Major
Reproducibility: Always (100%)
Operating System: Ubuntu
Hardware/ OEM Platform: None
External URL: None
Bugzilla ID: None
Product: None
Status: Closed
Components: Security
Priority: P1
Due Date: None
Issue Type: Bug
END of JIRA migration meta data

IoTivity version : 1.3.1.1-RC0  
    
CTT version: 1902.0.3  
While testing CT_1_7_4_4 CTT server test case, against IoTivity, CTT not being able to establish a DTLS connection with the IUT.  
The test procedure is this:  
Step 1: CTT establishes an authenticated session with IUT  
    
Step 2: CTT performs a RETRIEVE on IUT /oic/sec/csr to check the Certificate Signing Request property.  
    
Step 3: CTT generates and signs a new certificate based on the contents of the CSR.  
    
Step 4: CTT performs an UPDATE on IUT /oic/sec/cred to store the certificate chain (the newly generated certificate and CRED_CTT_CA as a chain).  
    
Step 5: CTT performs a RETRIEVE on IUT /oic/sec/cred to retrieve the certificate chain.  
    
Step 6: CTT establishes a new secure session using CRED_CERT_CTT.  
At Step 6, this occurs:  
3.537s 12:06:46 INFO: Opening secure connection using certificate with CN=uuid:22222222-3333-4444-5555-384447835440  
    
3.537s 12:06:46 DEBUG: DTLS Certificate Client: Opening connection to [fe80::5b79:1022:2e6d:8472%16]:59766  
    
3.537s 12:06:46 DEBUG: DTLS Certificate Client: Initializing session. Advertised cipher suites: C0AE  
    
3.537s 12:06:46 DEBUG: DTLS Certificate Client: -> Client Hello, sequence=0, length=100  
    
3.550s 12:06:46 DEBUG: DTLS Certificate Client: Alert handshake_failure(40) was received  
    
3.550s 12:06:46 INFO: Could not open secure connection using certificate. Handshake failure reason handshake_failure (40)  
    
3.550s 12:06:46 DEBUG: Starting verification with ID:"CT1.7.4.4_Check_5"...  
    
3.551s 12:06:46 ERROR: CT1.7.4.4_Check_5: A secure session was not established  
    
3.551s 12:06:46 DEBUG: Verification with ID:"CT1.7.4.4_Check_5" ended with result: FAILED  
    
3.551s 12:06:46 DEBUG: Starting verification with ID:"CT1.7.4.4_Check_6"...  
    
3.551s 12:06:46 ERROR: CT1.7.4.4_Check_6: The Server did not present a certificate during the DTLS handshake  
    
3.551s 12:06:46 DEBUG: Verification with ID:"CT1.7.4.4_Check_6" ended with result: FAILED  
Above test was done by creating a Camera device.  
    
Both CTT and IoTivity Debug Logs are attached.

---  
JIRA migration meta data  
* **JIRA Issue ID**: IOT-3294  
* **Reporter**: sankarselvam  
* **Assignee**: nathanheldtsheller  
* **Creator**: sankarselvam  
* **Created at**: 2019-07-26T01:56:11.000-0700  
* **Found in Version**: 1.3.1.1-RC0  
* **Fix in Version**: None  
* **Issue Severity**: Major  
* **Reproducibility**: Always (100%)  
* **Operating System**: Ubuntu  
* **Hardware/ OEM Platform**: None  
* **External URL**: None  
* **Bugzilla ID**: None  
* **Product**: None  
* **Status**: Closed  
* **Components**: Security  
* **Priority**: P1  
* **Due Date**: None  
* **Issue Type**: Bug  
END  of JIRA migration meta data  
---

Discussion
Designs