Hello,
The first thing when you see an unexpected error code is to look up the
corresponding error message. Mbed TLS comes with a utility for that:
programs/util/strerror 0x2180
Last error was: -0x2180 - X509 - The CRT/CRL/CSR format is invalid,
e.g. different type expected
You can also search the error code in the source code:
grep 0x2180 include/mbedtls/*.h
include/mbedtls/x509.h:#define
MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180 /**< The
CRT/CRL/CSR format is invalid, e.g. different type expected. */
At first glance it looks like there's only one case for which CRT
parsing return MBEDTLS_ERR_X509_INVALID_FORMAT as opposed to
(MBEDTLS_ERR_X509_INVALID_FORMAT + low_level_error_code), and that's if
the certificate doesn't parse like a DER format at the top level. A
plausible reason for that is that the certificate is in PEM format and
your build has PEM support turned off. If that's the case, convert the
certifcate to DER when you copy it to the device. You can use the Mbed
TLS utility programs/util/pem2der for that.
Best regards,
--
Gilles Peskine
Mbed TLS developer
On 05/07/2021 18:10, Danny Backx via mbed-tls wrote:
>
> Hi,
>
> I must be missing something obvious but my code (on an ESP32) fails to
> accept an incoming connection.
>
> I tried the same certificate on an ESP32 sample, and it appears to
> work there.
>
> Does anyone have a clue where to look next ?
>
> Danny
>
> I (16:06:51.481) esp_https_server: performing session handshake
> E (16:06:51.483) x509_crt: x509_crt_parse_der_core -> 0x2180
> E (16:06:51.484) esp_tls_mbedtls: set_pki_context: public_cert
> 0x3ffdb924, len 5750 -> ret 0x2180
> E (16:06:51.493) esp-tls-mbedtls: mbedtls_x509_crt_parse returned -0x2180
> E (16:06:51.501) esp-tls-mbedtls: Failed to set server pki context
> E (16:06:51.508) esp-tls-mbedtls: Failed to set server configurations
> E (16:06:51.515) esp-tls-mbedtls: create_ssl_handle failed
> E (16:06:51.521) esp_https_server: esp_tls_create_server_session failed
> W (16:06:51.528) httpd: httpd_accept_conn: session creation failed
> W (16:06:51.538) httpd: httpd_server: error accepting new connection
>
> --
> Danny Backx - dannybackx(a)telenet.be - http://danny.backx.info
>
Hi,
I must be missing something obvious but my code (on an ESP32) fails to
accept an incoming connection.
I tried the same certificate on an ESP32 sample, and it appears to work
there.
Does anyone have a clue where to look next ?
Danny
I (16:06:51.481) esp_https_server: performing session handshake
E (16:06:51.483) x509_crt: x509_crt_parse_der_core -> 0x2180
E (16:06:51.484) esp_tls_mbedtls: set_pki_context: public_cert
0x3ffdb924, len 5750 -> ret 0x2180
E (16:06:51.493) esp-tls-mbedtls: mbedtls_x509_crt_parse returned -0x2180
E (16:06:51.501) esp-tls-mbedtls: Failed to set server pki context
E (16:06:51.508) esp-tls-mbedtls: Failed to set server configurations
E (16:06:51.515) esp-tls-mbedtls: create_ssl_handle failed
E (16:06:51.521) esp_https_server: esp_tls_create_server_session failed
W (16:06:51.528) httpd: httpd_accept_conn: session creation failed
W (16:06:51.538) httpd: httpd_server: error accepting new connection
--
Danny Backx - dannybackx(a)telenet.be - http://danny.backx.info
Hello everyone,
I am currently evaluating SSL with a local server and an STM32 device. I'm
unable to figure out why the decryption fails with CCM as the cipher suite.
FYI: I am using MbedTLS *v2.14.1.*
*Setup*:
I'm using *x86 local server* with *STM32* device as a client.
Here is what happens-
1. Software CCM implementation on the client:
When I use the *software* implementation of the CCM. Handshake and
decryption is *successful*. Therefore, I can stream
the data from STM32 and read it on the local server.
2. Hardware CCM implementation with MBEDTLS_CCM_ALT:
I have used ccm_alt.c provided from STM32Cube v1.9.0. Here, the
handshake is successful. But *decrypting* the
message *fails*.
The errors are:
ssl_decrypt_buf() returned -29056 (-0x7180)
mbedtls_ssl_read_record() returned -29056 (-0x7180)
Checks performed:
- Same certificates are used for SW and HW implementations.
- CCM self test returns '0' for both HW and SW CCM implementations.
- I have reserved enough heap, no memory issues.
Please find all the necessary data in the attachment provided. I have added
the logs from the server and the client. I have added the certificates and
the code files as well.
It would be of great help if somebody could point at what might be going
wrong.
Thank you!
Best regards,
Navin
