Good afternoon. I am a microcontroller product designer. I ported MBED TLS to STM 32L471 microcontroller. While I do not understand how can I use the certificate. My customer gave me a certificate in the form of a center2m.com.cer file. The file contains the 3 fields: -----BEGIN CERTIFICATE----- MIIGVzCCBT+gAwIBAgIMEnU/ ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIET ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIDDX ... -----END CERTIFICATE----- tell me please, how to port my certificate to certs.c file. The question is which fields to insert where? Please help. No one can answer this question except you. Sincerely, development engineer, Shabrov Dmitrii
Hello Tried to execute code from file mbedtls/programs/ssl/mini_client.c I get an error when calling the function int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ). Function exits when compared if( crt != chain ) mbedtls_free( crt ); Tell me what could be the problem? Sincerely, development engineer, Shabrov Dmitrii
Понедельник, 31 января 2022, 16:49 +03:00 от Dmitrij Shabroff dshabroff@mail.ru: Good afternoon. I am a microcontroller product designer. I ported MBED TLS to STM 32L471 microcontroller. While I do not understand how can I use the certificate. My customer gave me a certificate in the form of a center2m.com.cer file. The file contains the 3 fields: -----BEGIN CERTIFICATE----- MIIGVzCCBT+gAwIBAgIMEnU/ ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIET ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIDDX ... -----END CERTIFICATE----- tell me please, how to port my certificate to certs.c file. The question is which fields to insert where? Please help. No one can answer this question except you. Sincerely, development engineer, Shabrov Dmitrii
Dmitrij Shabroff via mbed-tls mbed-tls@lists.trustedfirmware.org wrote: > Good afternoon. > I am a microcontroller product designer. I ported MBED TLS to STM > 32L471 microcontroller. While I do not understand how can I use the > certificate. My customer gave me a certificate in the form of a > center2m.com.cer file. The file contains the 3 fields:
I don't know what your customer gave you.
There are three things that you might be given:
1) a trust anchor (certification authority) to use to validate a connection. 2) a pinned certificate for the server that you are expected to connect to. 3) a certificate that goes with a private key you already have in the device, which you will use as a client certificate for TLS client authentication.
How you would install these is different. (3) generally needs to be provisioned in the factory, at manufacturing time. That's a more complex situation, but for testing purposes you could get away with putting the certificate into C code.
While there are routines in mbedtls that can read/parse a PEM file, and you could include the certificates as a string, you'd save code space if you included the certificate in DER form. Your makefile should convert using, for instance: openssl x509 -in cert.pem -outform der -out cert.der xxd -i cert.der >> cert_data.c
-- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
Hello Thanks for the answer. I solved this problem by replacing the parameter in the line #define MBEDTLS_MPI_MAX_SIZE 48 /**< Maximum number of bytes for usable MPIs. file config.h by 256. I don't understand why there was such a small value. I still have two problems. The first is when the server sends 3621 bytes during the handshake, it closes the connection. The second one is a mistake mbedtls_x509_crt_parse_der -10368 in the ssl_tls.c file (line 5524). I use a PEM format certificate that is flashed into memory and processed successfully and I don’t understand how I get to the DER parsing line ret = mbedtls_x509_crt_parse_der( ssl->session_negotiate->peer_cert, ssl->in_msg + i, n ); ssl_tls.c(5503) Your answers are very important to me because in such a difficult situation I am confused. Sincerely, Shabrov Dmitry
Среда, 2 февраля 2022, 5:08 +08:00 от Michael Richardson via mbed-tls mbed-tls@lists.trustedfirmware.org:
Dmitrij Shabroff via mbed-tls < mbed-tls@lists.trustedfirmware.org > wrote: > Good afternoon. > I am a microcontroller product designer. I ported MBED TLS to STM > 32L471 microcontroller. While I do not understand how can I use the > certificate. My customer gave me a certificate in the form of a > center2m.com.cer file. The file contains the 3 fields:
I don't know what your customer gave you.
There are three things that you might be given:
- a trust anchor (certification authority) to use to validate a connection.
- a pinned certificate for the server that you are expected to connect to.
- a certificate that goes with a private key you already have in the device,
which you will use as a client certificate for TLS client authentication.
How you would install these is different. (3) generally needs to be provisioned in the factory, at manufacturing time. That's a more complex situation, but for testing purposes you could get away with putting the certificate into C code.
While there are routines in mbedtls that can read/parse a PEM file, and you could include the certificates as a string, you'd save code space if you included the certificate in DER form. Your makefile should convert using, for instance: openssl x509 -in cert.pem -outform der -out cert.der xxd -i cert.der >> cert_data.c
-- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
mbed-tls mailing list -- mbed-tls@lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave@lists.trustedfirmware.org
mbed-tls@lists.trustedfirmware.org
-
Dmitrij Shabroff -
Michael Richardson