SSL_RESULT_HANDSHAKE error during HTTPS connect on LG VX11000 (BREW 3.x/4.x) | developer.brewmp.com SSL_RESULT_HANDSHAKE error during HTTPS connect on LG VX11000 (BREW 3.x/4.x) | developer.brewmp.com

Developer

SSL_RESULT_HANDSHAKE error during HTTPS connect on LG VX11000 (BREW 3.x/4.x)

Forums:

Hopefully, somebody with LG VX11000 HTTPS experience can shed some light on this issue.

Are there known HTTPS issues, and resolutions, for a third-party BREW application on the LG VX11000?

Thank you for any helpful feedback.

 

This issue occurs on a third party BREW application that perform an HTTPS POST
transaction with an application server.

On the VX11000, an SSL_RESULT_HANDSHAKE error (2567 decimal value) occurs.

The application performs the same HTTPS POST operation successfully on other
BREW devices, including the LG VX9200, LG VX9100, LG VX5500, LG VX8560,
and Samsung U460. This has been verified via testing by our company and
independently in True BREW testing by Intertek/NSTL.

Here is the application flow to create this issue:
1)
The application performs an IWEB_GetResponse containing the following WebOpt
items:

IWEB_GetResponse( web, ( web, &webResp, &cb, url,
WEBOPT_HANDLERDATA, this,
WEBOPT_HEADER, header,
WEBOPT_HEADERHANDLER, headerCB,
WEBOPT_STATUSHANDLER, statusCB,
WEBOPT_METHOD, "POST",
WEBOPT_BODY, postData,
WEBOPT_CONTENTLENGTH, STRLEN( data + 1 ),
WEBOPT_SSL_ALLOWED_VERSIONS, SSL_VERSION_30,
WEBOPT_SSL_TRUST_MODE, SSL_TRUST_MODE_IGNORE,
WEBOPT_X509_OVERRIDE, &trustOverride, // Added to invesigate this bug.
WEBOPT_DEFAULTS, roots, // Added to invesigate this bug.
WEBOPT_END ) );
2)
Then, the application WEBOPT_STATUSHANDLER function, statusCB, receives the
following status updates:
WEBS_STARTING (0)
WEBS_GETHOSTBYNAME (2)
WEBS_CONNECT (3)
3)
Then, the applciation web response callback receives zero bytes and the
SSL_RESULT_HANDSHAKE error.

This issue occurs 100% of the time on two VX11000 devices that we have used.

VX11000 device #1 on Verizon:
SW Version: VX11KV04
Browser Version: Q7.2-1.1
Media Center Version: 3.1.5SP01
HW Version: Revision 1.0
OTADM Version: 5.3.2

VX11000 device #2 on Verizon:
SW Version: VX11KV11
Browser Version: Polaris7
Media Center Version: 3.1.5SP01
HW Version: Revision 1.0
OTADM Version: 5.3.2

Here are some other points of interest about this issue:
* The HTTPS connection is not received by the server.
* The HTTP connection, without SSL, is successful for the same server
page location on the VX11000.
* The VX11000 Web Browser can successfully perform an HTTPS GET operation to
the server to fetch a test page set up on the server to test this issue.
* This issue occurred when running the application built using the following
platform APIs from the BrewMP toolchain:
- BREW 3.1.5 SP02.
- BREW 4.0.2 SP19.
* The brewmp.com site lists the VX11000 "Platform: Brew 4.0.3.11".
https://developer.brewmp.com/device/lg-vx11000-env-touch
The device reports a BREW version of 4.0.3.25 to the application.
The device lists a "Media Center Version: 3.1.5SP01",
which may indicate BREW v3.x. Is the device using BREW 4.x and is any of
this a contributing factor?
* No new device software update was available when checking from the
Software Update Check New menu option.

try adding WEBOPT_SSL_TRUST_MODE as below;-
 
WebOpt pWebOpts[10];
//pApp->piroot is AEECLSID_SSLROOTCERTS, same as u do it in your code.
pWebOpts[0].nId = WEBOPT_SSL_TRUST_MODE;
pWebOpts[0].pVal = SSL_TRUST_MODE_IGNORE;
pWebOpts[1].nId = WEBOPT_END;
IWEBOPTS_AddOpt(pApp->piroot, pWebOpts);
IWEB_GetResponse(pApp->pIWeb, (pApp->pIWeb, &pApp->pIWebResp, &pApp->pcb,
url,
WEBOPT_HEADERHANDLER, HeaderHandlerFn,
WEBOPT_DEFAULTS, pApp->piroot,
WEBOPT_END));
 

try adding WEBOPT_SSL_TRUST_MODE as below;-
 
WebOpt pWebOpts[10];
//pApp->piroot is AEECLSID_SSLROOTCERTS, same as u do it in your code.
pWebOpts[0].nId = WEBOPT_SSL_TRUST_MODE;
pWebOpts[0].pVal = SSL_TRUST_MODE_IGNORE;
pWebOpts[1].nId = WEBOPT_END;
IWEBOPTS_AddOpt(pApp->piroot, pWebOpts);
IWEB_GetResponse(pApp->pIWeb, (pApp->pIWeb, &pApp->pIWebResp, &pApp->pcb,
url,
WEBOPT_HEADERHANDLER, HeaderHandlerFn,
WEBOPT_DEFAULTS, pApp->piroot,
WEBOPT_END));
 

Thank you, Shivendra!
Your feedback resolved the issue.
The application now performs an IWEB_GetResponse containing the following WebOpt
items, specifically without requiring SSL v3.0:
IWEB_GetResponse( web, ( web, &webResp, &cb, url,
WEBOPT_HANDLERDATA, this,
WEBOPT_HEADER, header,
WEBOPT_HEADERHANDLER, headerCB,
WEBOPT_STATUSHANDLER, statusCB,
WEBOPT_METHOD, "POST",
WEBOPT_BODY, postData,
WEBOPT_CONTENTLENGTH, STRLEN( data + 1 ),
//WEBOPT_SSL_ALLOWED_VERSIONS, SSL_VERSION_30,
WEBOPT_SSL_TRUST_MODE, SSL_TRUST_MODE_IGNORE,
WEBOPT_END ) );
Apparently, the LG VX11000 device, unlike other devices tested, does
not support SSL v3.0 or interact with the application server as expected for SSL v3.0, which caused the previous SSL_RESULT_HANDSHAKE
error. Removing the SSL v3.0 requirement allowed the HTTPS POST to
complete successfully with all original HTTP headers.

Thank you, Shivendra!
Your feedback resolved the issue.
The application now performs an IWEB_GetResponse containing the following WebOpt
items, specifically without requiring SSL v3.0:
IWEB_GetResponse( web, ( web, &webResp, &cb, url,
WEBOPT_HANDLERDATA, this,
WEBOPT_HEADER, header,
WEBOPT_HEADERHANDLER, headerCB,
WEBOPT_STATUSHANDLER, statusCB,
WEBOPT_METHOD, "POST",
WEBOPT_BODY, postData,
WEBOPT_CONTENTLENGTH, STRLEN( data + 1 ),
//WEBOPT_SSL_ALLOWED_VERSIONS, SSL_VERSION_30,
WEBOPT_SSL_TRUST_MODE, SSL_TRUST_MODE_IGNORE,
WEBOPT_END ) );
Apparently, the LG VX11000 device, unlike other devices tested, does
not support SSL v3.0 or interact with the application server as expected for SSL v3.0, which caused the previous SSL_RESULT_HANDSHAKE
error. Removing the SSL v3.0 requirement allowed the HTTPS POST to
complete successfully with all original HTTP headers.