I am using MbedTLS client code based on this:
https://github.com/machinezone/IXWebSocket/blob/master/ixwebsocket/IXSocket…
I am connecting to a server via it's URL. However, I would like to connect directly using an IP address returned from running the traceroute command on the URL.
So I replaced the URL with the IP address. However, MBedTLS fails on the handshake:
https://github.com/machinezone/IXWebSocket/blob/master/ixwebsocket/IXSocket…
I get the error:
"error in handshake : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed"
If I revert back to URL, it works. The IP address does exist.
How can I connect using the IP address, instead of the URL?
Hi All,
A gentle reminder that the Asia-Europe timezone-friendly MBed TLS Tech
forum is next Monday at 10:00am PM UK time. Invite details can be found on
the online calendar here <https://www.trustedfirmware.org/meetings/>.
If you have any topics, please let Dave Rodgman know. :)
Best regards,
Don Harbin
TrustedFirmware Community Manager
don.harbin(a)linaro.org
ReplyReply to allForward
Compose:
Community activity: OpenCV, Sensors, AI
[image: Minimise][image: Pop-out][image: Close]
Compose:
Reminder: MBed TLS Tech Forum - Asia/Europe
[image: Minimise][image: Pop-out][image: Close]
Recipients
Hi,
I have an inhouse developed secure authentication program that uses certificate for authentication. I have used mbedtls library for the x.509 certificate verification purpose. In our custom PKI we have only three level of certificates, Root-CA -> Intermediate-CA -> Device-Cert.
The embedded device has very limited memory, so instead of sending whole certificate chain, the devices communicates intermediate_CA and device cert (in der format base64 encoded) in separate packet. Root-CA will be available on node as trusted-ca. Intermediate is verified against Root; then device cert is verified against intermediate.
The problem is, the poc developed on linux platform is working fine - but on embedded platform I encounter either 0x3b00(parsing failed) or 0x2700(with flag 8). Also the error code are inconsistent.
I verified the integrity of packet with certificate using crc16. So no chance of certificate getting corrupted. Also verified the certificate's base64 format integrity using crc16.
All certificates are sha256WithRSAEncryption; RSA Public-Key: (4096 bit)
Attached config.h on target platform for reference - could you help me if anything wrong with configuration.
While trying to trace, the flag was set from x509_crt.c from below code.
/* No parent? We're done here */
if( parent == NULL )
{
printf("NO_PARENT\r\n");
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
return( 0 );
}
Any clue would be helpful.
Thanks,
Gopi Krishnan
Hi All,
A gentle reminder that the US-Europe timezone-friendly MBed TLS Tech forum
is next Monday at 4:30 PM UK time. Invite details can be found on the
online calendar here <https://www.trustedfirmware.org/meetings/>.
If you have any topics, please let Dave Rodgman know. :)
Best regards,
Don Harbin
TrustedFirmware Community Manager
don.harbin(a)linaro.org
Hi All,
A gentle reminder that the Asia-Europe timezone-friendly MBed TLS Tech
forum is next Monday at 10:00am PM UK time. Invite details can be found on
the online calendar here <https://www.trustedfirmware.org/meetings/>.
If you have any topics, please let Dave Rodgman know. :)
Best regards,
Don Harbin
TrustedFirmware Community Manager
don.harbin(a)linaro.org
