Re: [lwip-users] lwIP with mbedTLS

lwip-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-users] lwIP with mbedTLS

From:	address@hidden
Subject:	Re: [lwip-users] lwIP with mbedTLS
Date:	Sun, 27 Jan 2019 13:42:26 +0100
User-agent:	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0

Am 27.01.2019 um 10:44 schrieb Paweł:

Hello,
I'm trying to build an application using lwIP and mbedTLS. My goal is asecure MQTT connection.I'm sure that MQTT without security layer works properly. lwIP works insys mode.I started of course with ALTCP layer and I can succesfully parsecertificate using code:mqttClientInfo.tls_config = altcp_tls_create_config_client(cert,sizeof(cert));
After mbedTLS tuning (choosing cipher method, etc.) I can see onWireshark proper Client Hello and Server Hello messages. Then ServerHello Done, Certificate and Server Key Exchange message is coming (nooutgoing Client Key Exchange), but from observations I see that messagesfrom Server aren't properly handled by lwIP core.On console I can see that mbedTLS switched to parsing Server Hellomessage but in fetch method input f_recv function (which is a pointerto altcp_mbedtls_bio_recv) is returning MBEDTLS_ERR_SSL_WANT_READ whichmeans that there is nothing to read. What is interesting after this faillwIP signals receiving a TCP packet, with Server Hello message (Icross-checked sequence numbers with Wireshark). So I digged deeper andfound out that everything in mbedTLS is called from lwIP thread context,so secure layer can't wait for messages. I realized that when I wastrying to implement f_recv_timeout function.

I'm a bit confused: are you using the mqtt client provided with lwIP? Ifso, TLS should just work. No need to implement f_recv_timeout.


Regards,
Simon

Questions:
1. Does anybody met similiar problems?
2. Can I check for incoming messages in mbedTLS, handle them normally inlwIP core and come back to mbedTLS functions? Maybe there is a need forseparating threads for two of them?
I encountered many problems during mbedTLS implementations but all ofthem were affordable (missing defines, memory problems, etc.) but thistime I have no idea what to do next.
Regards,
Pawel

_______________________________________________
lwip-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/lwip-users

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-users] lwIP with mbedTLS, Paweł, 2019/01/27
- Re: [lwip-users] lwIP with mbedTLS, address@hidden <=
  - Re: [lwip-users] lwIP with mbedTLS, Paweł, 2019/01/27
    - Re: [lwip-users] lwIP with mbedTLS, Jan Menzel, 2019/01/27
    - Re: [lwip-users] lwIP with mbedTLS, Paweł, 2019/01/27
    - Re: [lwip-users] lwIP with mbedTLS, Jan Menzel, 2019/01/27
    - Re: [lwip-users] lwIP with mbedTLS, tomek wilkxt, 2019/01/28
    - Re: [lwip-users] lwIP with mbedTLS, Paweł, 2019/01/28
    - Re: [lwip-users] lwIP with mbedTLS, tomek wilkxt, 2019/01/28
    - Re: [lwip-users] lwIP with mbedTLS, Paweł, 2019/01/28
    - Re: [lwip-users] lwIP with mbedTLS, Paweł, 2019/01/28
    - Re: [lwip-users] lwIP with mbedTLS, tomek wilkxt, 2019/01/29

Prev by Date: Re: [lwip-users] Socket API: Only six connections getting Accepted
Next by Date: Re: [lwip-users] lwIP with mbedTLS
Previous by thread: [lwip-users] lwIP with mbedTLS
Next by thread: Re: [lwip-users] lwIP with mbedTLS
Index(es):
- Date
- Thread