[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-users] lwIP with mbedTLS

From: Paweł
Subject: [lwip-users] lwIP with mbedTLS
Date: Sun, 27 Jan 2019 10:44:41 +0100

I'm trying to build an application using lwIP and mbedTLS. My goal is a secure MQTT connection.
I'm sure that MQTT without security layer works properly. lwIP works in sys mode.
I started of course with ALTCP layer and I can succesfully parse certificate using code:
mqttClientInfo.tls_config = altcp_tls_create_config_client(cert, sizeof(cert));

After mbedTLS tuning (choosing cipher method, etc.) I can see on Wireshark proper Client Hello and Server Hello messages. Then Server Hello Done, Certificate and Server Key Exchange message is coming (no outgoing Client Key Exchange), but from observations I see that messages from Server aren't properly handled by lwIP core. 
On console I can see that mbedTLS switched to parsing Server Hello message but in fetch method input f_recv function (which is a pointer to altcp_mbedtls_bio_recv) is returning MBEDTLS_ERR_SSL_WANT_READ which means that there is nothing to read. What is interesting after this fail lwIP signals receiving a TCP packet, with Server Hello message (I cross-checked sequence numbers with Wireshark). So I digged deeper and found out that everything in mbedTLS is called from lwIP thread context, so secure layer can't wait for messages. I realized that when I was trying to implement f_recv_timeout function. 

1. Does anybody met similiar problems?
2. Can I check for incoming messages in mbedTLS, handle them normally in lwIP core and come back to mbedTLS functions? Maybe there is a need for separating threads for two of them?

I encountered many problems during mbedTLS implementations but all of them were affordable (missing defines, memory problems, etc.) but this time I have no idea what to do next.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]