I'm having problems using SSL certificate pinning in SIM800L. I can successfully make GET requests using both AT+HTTPSSL=0 and AT+HTTPSSL=1. However, the module doesn't check whether the offered server certificate is valid. According to this thread I have uploaded the certificate to the module's filesystem. I can successfully set the cert using an AT command:
AT+SSLSETCERT=cert.cer
AT+SSLSETCERT=cert.cer
OK
+SSLSETCERT: 0
However, doing this only doesn't seem to block other certificates from being used, e. g. I have tried with google.com and mywebsite.com (for which I have imported the certificate). So I dig a little deeper and find the SSLOPT command, which should (according to SSL docs) block invalid certificates. Setting the flag with AT+SSLOPT=0,0 and then executing the HTTPS request gets me a 605 error:
+HTTPACTION: 0,605,0
Documentation says this means "SSL failed to establish channels". My understanding of this is that the server offered an invalid certificate (so, something different from the one loaded with AT+SSLSETCERT). If I understand this correctly, I would expect this error to come when doing a request to, let's say, google.com or selfsigned.badssl.com. The problem is that I get this even if I do the request to mywebsite.com, for which I loaded the certificate into the storage.
I have tried a similar procedure with two different modules (SIM800L and SIM808) and got a similar result. Am I doing something wrong?
Here's the full list of commands and their replies for the request to mywebsite.com:
AT+CREG?
+CREG: 0,5
OK
AT+SAPBR=1,1
AT+SAPBR=1,1
OK
AT+HTTPINIT
AT+HTTPINIT
OK
AT+HTTPPARA="URL","mywebsite.com"
AT+HTTPPARA="URL","mywebsite.com"
OK
AT+HTTPPARA="CID",1
AT+HTTPPARA="CID",1
OK
AT+HTTPSSL=1
AT+HTTPSSL=1
OK
AT+SSLSETCERT=cert.cer
AT+SSLSETCERT=cert.cer
OK
+SSLSETCERT: 0
AT+SSLOPT=0,0
AT+SSLOPT=0,0
OK
AT+HTTPACTION=0
AT+HTTPACTION=0
OK
AT+HTTPREAD
AT+HTTPREAD
OK
+HTTPACTION: 0,605,0 <<<-------This shouldn't be 605
AT+HTTPTERM
AT+HTTPTERM
OK
AT+SAPBR=0,1
AT+SAPBR=0,1
OK
