8 Replies Latest reply on Oct 21, 2015 2:15 AM by ckulak RSS
    gseq Apprentice

    Unable to connect to local Thingworx server

    Hello,

    I have a localized Thingworx server setup on my PC for bench testing. I've followed the installation instructions and substituted the connector protocol to the one provided. The ip of this machine is 192.168.10.100

     

        <Connector port="80" protocol="org.apache.coyote.http11.Http11NioProtocol"

                   connectionTimeout="20000"

                   redirectPort="8443" />

     

    Anyway, my edge device is a Linux board. It compile ok and creates a binary.  I've set the TW_HOST as "192.168.10.100" and set TLS to none for development.

    #define NO_TLS

     

    Below is the output. Note that I'm unable to connect to the server. I can ping the server though. Am I missing anything?

     

    [FORCE] 2015-08-08 03:45:05,169: Starting up
    [DEBUG] 2015-08-08 03:45:05,171: twWs_Create: Initializing Websocket Client for 192.168.10.100:80//Thingworx/WS
    [DEBUG] 2015-08-08 03:45:05,171: twTlsClient_Create: Initializing TLS Client
    [DEBUG] 2015-08-08 03:45:05,174: subscribedPropsMgr_Initialize: Initializing subscribed properties manager
    [TRACE] 2015-08-08 03:45:05,175: twApi_Connect: Delaying 0 milliseconds before connecting
    [DEBUG] 2015-08-08 03:45:05,176: twTlsClient_Reconnect: Re-establishing SSL context
    [DEBUG] 2015-08-08 03:45:05,176: twTlsClient_Connect: Connecting to server
    [ERROR] 2015-08-08 03:45:05,183: Error intializing SSL connection
    [ERROR] 2015-08-08 03:45:05,183: twWs_Connect: Error restarting socket.  Error 0
    [DEBUG] 2015-08-08 03:45:10,184: twTlsClient_Reconnect: Re-establishing SSL context
    [DEBUG] 2015-08-08 03:45:10,185: twTlsClient_Connect: Connecting to server
    [ERROR] 2015-08-08 03:45:20,196: Error intializing SSL connection
    [ERROR] 2015-08-08 03:45:20,197: twWs_Connect: Error restarting socket.  Error 32
    [DEBUG] 2015-08-08 03:45:25,197: twTlsClient_Reconnect: Re-establishing SSL context
    [DEBUG] 2015-08-08 03:45:25,198: twTlsClient_Connect: Connecting to server
    [ERROR] 2015-08-08 03:45:35,207: Error intializing SSL connection
    [ERROR] 2015-08-08 03:45:35,208: twWs_Connect: Error restarting socket.  Error 32

      • Re: Unable to connect to local Thingworx server
        paic Collaborator

        Looks like it didn't take the No TLS switch? Which SDK and what version are you using?

        • Re: Unable to connect to local Thingworx server
          ckrenkel Explorer

          I had a simmilar problem.

           

          My Thing (RaspberryPi) can't connect to the Server. My research showed that SSLv3 was disabled on Server because of the Poodle Exploit (Google Online Security Blog: This POODLE bites: exploiting the SSL 3.0 fallback) (SSL Handshake failed, see also security - How do I list the SSL/TLS cipher suites a particular website offers? - Super User)

          So i changed the TLS lib to OpenSSL and now everything works.

           

          BTW: i also can't use the NO_TLS switch becauce the server automaticly switches all incomming connections to a secure connection.

          • Re: Unable to connect to local Thingworx server
            ckulak Apprentice

            Hello Gerard,

             

            Since you disable TLS, try to call those two after twApi_Initialize:

             

            twApi_SetSelfSignedOk();

            twApi_DisableCertValidation();

             

            If it still doesn't work -- try to undefine NO_TLS, so that it actually uses TLS and correct port.

              • Re: Unable to connect to local Thingworx server
                satish Explorer

                Hello Constantine,


                Even I am facing same problem. I added line "#define NO_TLS" in my app.c code and called those two APIs. but no luck. I have tried this in previous version and it used to work. But I had changed to No_TLS in some other file, I think it was in .h file. Can not remember which one and now trying to figure out. I do not want TLS for development purpose at all.


                I get below errors. If NO_TLS is defined, then it should not start with tls client. Am I right?


                DEBUG] 2015-10-20 21:33:30,654: twTlsClient_Create: Initializing TLS Client

                [DEBUG] 2015-10-20 21:33:46,809: twTlsClient_Close: Disconnecting from server

                [ERROR] 2015-10-20 21:33:46,809: twWs_Create: Error creating BSD socket to be used for the websocket

                [ERROR] 2015-10-20 21:33:46,809: twApi_Initialize: Error creating websocket structure

                [ERROR] 2015-10-20 21:33:46,809: Error initializing the API

                 


                Can you please help


                Thanks

                Satish

                  • Re: Unable to connect to local Thingworx server
                    satish Explorer

                    Hi,

                     

                    I figured out.

                     

                    In twTls.c, set below settings to FALSE.  So NO_TLS is not enough.


                    tls->isEnabled = FALSE

                    tls->validateCert = FALSE


                    Thank

                    Satish

                    • Re: Unable to connect to local Thingworx server
                      ckulak Apprentice

                      Hello Satish,

                       

                      As far as I can tell, the NO_TLS is not used at all, at least I couldn't grep for it. To me it looks like some left-over old macro, which has no effect whatsoever.

                       

                      What I do for testing is enabling TLS on the Tomcat side and then using the two calls I mentioned to allow self-signed certificates and disable the validity checks. You can see that twApi_DisableCertValidation() actually does tls->validateCert = FALSE, and as soon as you call it from the right place you don't have to do it twice.

                       

                      You won't be using the SDK without TLS in production anyway, so why wasting your time on turning it off in the first place, when you can leave it on and just generate a dummy certificate? After the testing phase you can configure the real self-signed certificate for axTLS, and for production you'll probably get a real certificate from a CA.

                       

                      / Constantine