[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [lwip-users] lwIP with mbedTLS
From: |
Jan Menzel |
Subject: |
Re: [lwip-users] lwIP with mbedTLS |
Date: |
Sun, 27 Jan 2019 20:07:12 +0100 |
User-agent: |
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 |
Hi Pawel!
On 27.01.2019 14:08, Paweł wrote:
[...]
> I'm missing two messages: Client Key Exchange and then Session ticket.
[...]
Thats where the expensive part has been done. I'd suggest to check your
memory setup. You need a lot of memory to validate the servers identity...
Jan
> Regards,
> Pawel
>
> niedz., 27 sty 2019 o 13:address@hidden <mailto:address@hidden>
> <address@hidden <mailto:address@hidden>> napisał(a):
>
> Am 27.01.2019 um 10:44 schrieb Paweł:
> > Hello,
> > I'm trying to build an application using lwIP and mbedTLS. My goal
> is a
> > secure MQTT connection.
> > I'm sure that MQTT without security layer works properly. lwIP
> works in
> > sys mode.
> > I started of course with ALTCP layer and I can succesfully parse
> > certificate using code:
> > mqttClientInfo.tls_config = altcp_tls_create_config_client(cert,
> > sizeof(cert));
> >
> > After mbedTLS tuning (choosing cipher method, etc.) I can see on
> > Wireshark proper Client Hello and Server Hello messages. Then Server
> > Hello Done, Certificate and Server Key Exchange message is coming (no
> > outgoing Client Key Exchange), but from observations I see that
> messages
> > from Server aren't properly handled by lwIP core.
> > On console I can see that mbedTLS switched to parsing Server Hello
> > message but in fetch method input f_recv function (which is a pointer
> > to altcp_mbedtls_bio_recv) is returning MBEDTLS_ERR_SSL_WANT_READ
> which
> > means that there is nothing to read. What is interesting after
> this fail
> > lwIP signals receiving a TCP packet, with Server Hello message (I
> > cross-checked sequence numbers with Wireshark). So I digged deeper
> and
> > found out that everything in mbedTLS is called from lwIP thread
> context,
> > so secure layer can't wait for messages. I realized that when I was
> > trying to implement f_recv_timeout function.
>
> I'm a bit confused: are you using the mqtt client provided with
> lwIP? If
> so, TLS should just work. No need to implement f_recv_timeout.
>
> Regards,
> Simon
>
> >
> > Questions:
> > 1. Does anybody met similiar problems?
> > 2. Can I check for incoming messages in mbedTLS, handle them
> normally in
> > lwIP core and come back to mbedTLS functions? Maybe there is a
> need for
> > separating threads for two of them?
> >
> > I encountered many problems during mbedTLS implementations but all of
> > them were affordable (missing defines, memory problems, etc.) but
> this
> > time I have no idea what to do next.
> >
> > Regards,
> > Pawel
> >
> > _______________________________________________
> > lwip-users mailing list
> > address@hidden <mailto:address@hidden>
> > https://lists.nongnu.org/mailman/listinfo/lwip-users
> >
>
>
> _______________________________________________
> lwip-users mailing list
> address@hidden <mailto:address@hidden>
> https://lists.nongnu.org/mailman/listinfo/lwip-users
>
>
> _______________________________________________
> lwip-users mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/lwip-users
>
- [lwip-users] lwIP with mbedTLS, Paweł, 2019/01/27
- Re: [lwip-users] lwIP with mbedTLS, address@hidden, 2019/01/27
- Re: [lwip-users] lwIP with mbedTLS, Paweł, 2019/01/27
- Re: [lwip-users] lwIP with mbedTLS,
Jan Menzel <=
- Re: [lwip-users] lwIP with mbedTLS, Paweł, 2019/01/27
- Re: [lwip-users] lwIP with mbedTLS, Jan Menzel, 2019/01/27
- Re: [lwip-users] lwIP with mbedTLS, tomek wilkxt, 2019/01/28
- Re: [lwip-users] lwIP with mbedTLS, Paweł, 2019/01/28
- Re: [lwip-users] lwIP with mbedTLS, tomek wilkxt, 2019/01/28
- Re: [lwip-users] lwIP with mbedTLS, Paweł, 2019/01/28
- Re: [lwip-users] lwIP with mbedTLS, Paweł, 2019/01/28
- Re: [lwip-users] lwIP with mbedTLS, tomek wilkxt, 2019/01/29