I am using MbedTLS client code based on this:
https://github.com/machinezone/IXWebSocket/blob/master/ixwebsocket/IXSocket…
I am connecting to a server via it's URL. However, I would like to connect directly using an IP address returned from running the traceroute command on the URL.
So I replaced the URL with the IP address. However, MBedTLS fails on the handshake:
https://github.com/machinezone/IXWebSocket/blob/master/ixwebsocket/IXSocket…
I get the error:
"error in handshake : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed"
If I revert back to URL, it works. The IP address does exist.
How can I connect using the IP address, instead of the URL?
Hi,
I have an inhouse developed secure authentication program that uses certificate for authentication. I have used mbedtls library for the x.509 certificate verification purpose. In our custom PKI we have only three level of certificates, Root-CA -> Intermediate-CA -> Device-Cert.
The embedded device has very limited memory, so instead of sending whole certificate chain, the devices communicates intermediate_CA and device cert (in der format base64 encoded) in separate packet. Root-CA will be available on node as trusted-ca. Intermediate is verified against Root; then device cert is verified against intermediate.
The problem is, the poc developed on linux platform is working fine - but on embedded platform I encounter either 0x3b00(parsing failed) or 0x2700(with flag 8). Also the error code are inconsistent.
I verified the integrity of packet with certificate using crc16. So no chance of certificate getting corrupted. Also verified the certificate's base64 format integrity using crc16.
All certificates are sha256WithRSAEncryption; RSA Public-Key: (4096 bit)
Attached config.h on target platform for reference - could you help me if anything wrong with configuration.
While trying to trace, the flag was set from x509_crt.c from below code.
/* No parent? We're done here */
if( parent == NULL )
{
printf("NO_PARENT\r\n");
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
return( 0 );
}
Any clue would be helpful.
Thanks,
Gopi Krishnan
Hi All,
A gentle reminder that the US-Europe timezone-friendly MBed TLS Tech forum
is next Monday at 4:30 PM UK time. Invite details can be found on the
online calendar here <https://www.trustedfirmware.org/meetings/>.
If you have any topics, please let Dave Rodgman know. :)
Best regards,
Don Harbin
TrustedFirmware Community Manager
don.harbin(a)linaro.org
Hi Team,
I want to implement TLS over UART using MbedTLS library, But the issue i am facing right now is There are no example codes or any reference document for briefing how to import the libraries and what changes should be done to do so.
I tried to use some examples for Lwip examples but i am getting errors while importing library like platform error, timing_alt.h error.
Please help me out in urgent.
Thanks !!
I have created an http server following the example for server1 under FreeRTOS and Lwip running on a STM32H753 using the Stm32CubeIDE. Everything seem to work correctly, however, I am experiencing a small memory leak over each successive TLS connection of 160 bytes. It is obvious that I must not be freeing a context, but as I am following the example very closely, except for running the code in a FreeRTOS thread, I must be missing something fundemental. Has anyone on this list experienced a similar issue or have any ideas on how to debug it?
Hi All,
A gentle reminder that the Asia-Europe timezone-friendly MBed TLS Tech
forum is next Monday at 10:00am PM UK time. Invite details can be found on
the online calendar here <https://www.trustedfirmware.org/meetings/>.
If you have any topics, please let Dave Rodgman know. :)
Best regards,
Don Harbin
TrustedFirmware Community Manager
don.harbin(a)linaro.org
Hi
What's the best way to shutdown a network connection for when say an embedded device is shutting down or going to reboot?
I have the following code I call when I am going to kick off a reboot:
LOG_DEBUG("Network Manager: Ethernet is going down%s", networkManager->rebootInProgress ? "..." : " for reconfiguration...");
netifapi_dhcp_release_and_stop(&networkManager->networkInterfaceContext);
netifapi_netif_set_link_down(&networkManager->networkInterfaceContext);
netifapi_netif_set_down(&networkManager->networkInterfaceContext);
networkManager->ethernetLinkUp = false;
if (networkManager->rebootInProgress)
{
netifapi_netif_remove(&networkManager->networkInterfaceContext);
}
The trouble is that the link seems to come back up again as soon as it goes down and my state machine starts doing stuff like kicking off a new DHCP request etc, right about the time the hardware reboots.
I added in the call to netifapi_netif_remove() quite recently but it doesn't seem to make any difference.
I could put some more code in my link status state machine for an impending reboot, but this seems more complicated than it probably needs to be, as I'm probably not doing something I should be.
Gary Metalle
Senior Embedded Software Engineer
Hello,
What is the extent of PSA Crypto API 1.1 support available in mbedTLS today?
From the road map, API v1.0 is supported. I also see that PBKDF, which is in PSA API v1.1, is in development.
Regards,
Archanaa
