I am using MbedTLS client code based on this:
https://github.com/machinezone/IXWebSocket/blob/master/ixwebsocket/IXSocket…
I am connecting to a server via it's URL. However, I would like to connect directly using an IP address returned from running the traceroute command on the URL.
So I replaced the URL with the IP address. However, MBedTLS fails on the handshake:
https://github.com/machinezone/IXWebSocket/blob/master/ixwebsocket/IXSocket…
I get the error:
"error in handshake : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed"
If I revert back to URL, it works. The IP address does exist.
How can I connect using the IP address, instead of the URL?
Hi All,
A gentle reminder that the Asia-Europe timezone-friendly MBed TLS Tech
forum is next Monday at 10:00am PM UK time. Invite details can be found on
the online calendar here <https://www.trustedfirmware.org/meetings/>.
If you have any topics, please let Dave Rodgman know. :)
Best regards,
Don Harbin
TrustedFirmware Community Manager
don.harbin(a)linaro.org
ReplyReply to allForward
Compose:
Community activity: OpenCV, Sensors, AI
[image: Minimise][image: Pop-out][image: Close]
Compose:
Reminder: MBed TLS Tech Forum - Asia/Europe
[image: Minimise][image: Pop-out][image: Close]
Recipients
Hi,
I have an inhouse developed secure authentication program that uses certificate for authentication. I have used mbedtls library for the x.509 certificate verification purpose. In our custom PKI we have only three level of certificates, Root-CA -> Intermediate-CA -> Device-Cert.
The embedded device has very limited memory, so instead of sending whole certificate chain, the devices communicates intermediate_CA and device cert (in der format base64 encoded) in separate packet. Root-CA will be available on node as trusted-ca. Intermediate is verified against Root; then device cert is verified against intermediate.
The problem is, the poc developed on linux platform is working fine - but on embedded platform I encounter either 0x3b00(parsing failed) or 0x2700(with flag 8). Also the error code are inconsistent.
I verified the integrity of packet with certificate using crc16. So no chance of certificate getting corrupted. Also verified the certificate's base64 format integrity using crc16.
All certificates are sha256WithRSAEncryption; RSA Public-Key: (4096 bit)
Attached config.h on target platform for reference - could you help me if anything wrong with configuration.
While trying to trace, the flag was set from x509_crt.c from below code.
/* No parent? We're done here */
if( parent == NULL )
{
printf("NO_PARENT\r\n");
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
return( 0 );
}
Any clue would be helpful.
Thanks,
Gopi Krishnan
Hi All,
A gentle reminder that the US-Europe timezone-friendly MBed TLS Tech forum
is next Monday at 4:30 PM UK time. Invite details can be found on the
online calendar here <https://www.trustedfirmware.org/meetings/>.
If you have any topics, please let Dave Rodgman know. :)
Best regards,
Don Harbin
TrustedFirmware Community Manager
don.harbin(a)linaro.org
Hi All,
A gentle reminder that the Asia-Europe timezone-friendly MBed TLS Tech
forum is next Monday at 10:00am PM UK time. Invite details can be found on
the online calendar here <https://www.trustedfirmware.org/meetings/>.
If you have any topics, please let Dave Rodgman know. :)
Best regards,
Don Harbin
TrustedFirmware Community Manager
don.harbin(a)linaro.org
Hello,
The mbedtls docs (psa_driver_interface.md) mention that only opaque driver supports the use of built-in keys with PSA APIs. Why does a transparent driver not support built-in key feature?
Regards,
Archanaa
Hi all.
We are currently planning on improving our coverage and adding accessor functionality for members marked as MBEDTLS_PRIVATE. I have created an issue ( #8529 )<https://github.com/Mbed-TLS/mbedtls/issues/8529> to consolidate all the information and design-review the task.
It would really help to hear from the community as to which members they are still using, and what is their use-case.
Feel free to comment on the issue, or discuss it here. There may be members that we have decided not to include and are essential to your integration or are completely missing/not being considered.
Best Regards,
Minos Galanakis
Hi,
We need to integrate the TLS Code in our codebase. I have downloaded Mbed
TLS 3.5.1 @ https://github.com/Mbed-TLS/mbedtls/releases and compiled it.
I understand that we can just use the code in mbedtls-3.5.1\library
directory for the TLS functionality - can anyone please confirm. Are there
any other directories where TLS Code exists in the MbedTLS 3.5.1 repo?
Please confirm how we can only integrate MbedTLS TLS functionality code in
other applications / repo. There are so many other directories in MbedTLS
3.5.1 repo - how is the code in repo organized? Do we need all the code
in MbedTLS 3.5.1 repo?
Your valid input will help me to integrate the MbedTLS Code in our codebase?
Please provide all other details as required or will be helpful for the
same.
Thanks in advance.
Regards,
Prakash
Hi,
I downloaded Mbed TLS 3.5.1 @ https://github.com/Mbed-TLS/mbedtls/releases.
Please let me know how to configure and compile the same.
Also please let me know how to run some sample tests there or manually to
verify.
Thanks in advance.
Regards,
Prakash
I am trying to use psa_import_key() after loading private keys from PEM
files. I am succeeding when parsing an "RSA PRIVATE KEY", but no such
luck for "EC PRIVATE KEY". I assume that I am not setting attributes
correctly. A code sample would be nice!
Or, maybe I could just use mbedtls_pk_parse_keyfile(), but then I would
need to "import" a PSA key from the "mbedtls" context, ad I did not find
sample code for that either.
-- Christian Huitema
