https://gist.github.com/FGasper/43758d13e987518009d18ec8951ffcbb
^^ With 3.0.0 this prints:
seeded entropy
mbedtls connected
trust loaded ok
SNI set ok
handshake tried
handshake: X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
… but if I switch to the development branch, it works.
Same trust chain, same code … but the production code fails while the dev one works …
Am I just “holding it wrong”?
Thank you in advance!
-FG
Hi All,
I am new here.
With a colleague, I am working on a product which previously used
PolarSSL but was later changed to MbedTLS which, in the ST ARM 32F417
implementation, is believed to be less buggy.
It is working ok as far as we have got, but we are finding that as
well as needing some 100k more FLASH, it needs nearly 50k of RAM,
which on the 32F417 (128k RAM) would normally be OK but due to other
required functionality it leaves us just 10k.
The architecture we are using for MbedTLS is a 48k (48k was found to
be the smallest that works) static buffer within which TLS runs its
own heap. I am aware that in the most generic case one has to have
enough for one 16k buffer (plus a bit) for HTTPS, but what concerns me
is that there appears to be no way to determine the worst case memory
usage, across various usage scenarios.
It would also be great to reduce this 48k to say 30k.
Some of the protocols we know we don't need (e.g. PPP) but within any
of them there is the question of which cipher suite needs supporting.
What is the minimum cipher suite required to be able to use MbedTLS as
an HTTPS client for use with typical current cloud-based file storage
or data logging APIs such as Dropbox, Google Drive, Loggly etc?
And what is the recommended minimum cipher suite required to implement
an HTTPS server that would be able to negotiate a session with most
current web-browsers?
The goal is to ideally reduce both RAM and code size requirements for
use in an embedded device that needs to work both as a general purpose
server and client, without requiring support for multiple concurrent
sessions.
The other thing is that even the ST port of MbedTLS doesn't appear to
make use of ST CPU hardware features such as AES256, DES, etc, which
the 32F417 has in hardware. This speeds things up hugely but much more
importantly in our case, saves a lot of RAM. For example AES256 can
use about 10k if done in software.
Thank you very much in advance for any input on what can be done.
Peter
Hello,
I am Marco Portoni and I am working on a thesis research for the University
of Study of Milan. It is focused on cryptographic libraries in the IoT
world, and my question is: is it possible to run the benchmark on a ESP32?
I have already runned the benchmark on 2 of my laptops to test and
collected the results, but my ultimate goal is to make the benchmark run
on the ESP. Is it possible to do it? Thanks for every help!
Marco
Hello,
I’m trying to build shared from git on macOS and having no luck. I’m doing:
> mkdir build; cd build
> cmake DUSE_SHARED_MBEDTLS_LIBRARY=On ..
…
> make
…
> ls -la library
total 2944
drwxr-xr-x 10 felipe staff 320 Dec 1 08:49 .
drwxr-xr-x 15 felipe staff 480 Dec 1 08:49 ..
drwxr-xr-x 8 felipe staff 256 Dec 1 08:49 CMakeFiles
-rw-r--r-- 1 felipe staff 92755 Dec 1 08:49 Makefile
-rw-r--r-- 1 felipe staff 2942 Dec 1 08:49 cmake_install.cmake
-rw-r--r-- 1 felipe staff 34055 Dec 1 08:49 error.c
-rw-r--r-- 1 felipe staff 916112 Dec 1 08:49 libmbedcrypto.a
-rw-r--r-- 1 felipe staff 315856 Dec 1 08:49 libmbedtls.a
-rw-r--r-- 1 felipe staff 104072 Dec 1 08:49 libmbedx509.a
-rw-r--r-- 1 felipe staff 26265 Dec 1 08:49 version_features.c
Am I just missing something? It seems like I’m following what the README says to do; I also did `export SHARED=1` just in case, but that made no difference.
Thank you in advance!
-FG
