Hello Thanks for the answer. I solved this problem by replacing the parameter in the line #define MBEDTLS_MPI_MAX_SIZE 48 /**< Maximum number of bytes for usable MPIs. file config.h by 256. I don't understand why there was such a small value. I still have two problems. The first is when the server sends 3621 bytes during the handshake, it closes the connection. The second one is a mistake mbedtls_x509_crt_parse_der -10368 in the ssl_tls.c file (line 5524). I use a PEM format certificate that is flashed into memory and processed successfully and I don’t understand how I get to the DER parsing line ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert, ssl->in_msg + i, n ); ssl_tls.c(5503) Your answers are very important to me because in such a difficult situation I am confused. Sincerely, Shabrov Dmitry
Среда, 2 февраля 2022, 5:08 +08:00 от Michael Richardson via mbed-tls mbed-tls@lists.trustedfirmware.org:
Dmitrij Shabroff via mbed-tls < mbed-tls@lists.trustedfirmware.org > wrote: > Good afternoon. > I am a microcontroller product designer. I ported MBED TLS to STM > 32L471 microcontroller. While I do not understand how can I use the > certificate. My customer gave me a certificate in the form of a > center2m.com.cer file. The file contains the 3 fields:
I don't know what your customer gave you.
There are three things that you might be given:
- a trust anchor (certification authority) to use to validate a connection.
- a pinned certificate for the server that you are expected to connect to.
- a certificate that goes with a private key you already have in the device,
which you will use as a client certificate for TLS client authentication.
How you would install these is different. (3) generally needs to be provisioned in the factory, at manufacturing time. That's a more complex situation, but for testing purposes you could get away with putting the certificate into C code.
While there are routines in mbedtls that can read/parse a PEM file, and you could include the certificates as a string, you'd save code space if you included the certificate in DER form. Your makefile should convert using, for instance: openssl x509 -in cert.pem -outform der -out cert.der xxd -i cert.der >> cert_data.c
-- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.org