lwip-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-users] lwIP with mbedTLS

From: Paweł
Subject: Re: [lwip-users] lwIP with mbedTLS
Date: Sun, 27 Jan 2019 14:08:32 +0100
Hi Simon,
Thanks for your response.

I'm a bit confused: are you using the mqtt client provided with lwIP? If 
so, TLS should just work. No need to implement f_recv_timeout.
 
Yes, MQTT client from lwIP 2.12.
This is exactly what I thought - but the reality is different in my case. Do you have any idea what I'm doing wrong?
I'm sure mbedTLS is initiated correctly as I'm receiving proper Server Hello Done messages.
I checked this message with another MQTT client with TLS (on Windows machine).
I'm missing two messages: Client Key Exchange and then Session ticket.

Regards,
Pawel

niedz., 27 sty 2019 o 13:42 address@hidden <address@hidden> napisał(a):
Am 27.01.2019 um 10:44 schrieb Paweł:
> Hello,
> I'm trying to build an application using lwIP and mbedTLS. My goal is a
> secure MQTT connection.
> I'm sure that MQTT without security layer works properly. lwIP works in
> sys mode.
> I started of course with ALTCP layer and I can succesfully parse
> certificate using code:
> mqttClientInfo.tls_config = altcp_tls_create_config_client(cert,
> sizeof(cert));
>
> After mbedTLS tuning (choosing cipher method, etc.) I can see on
> Wireshark proper Client Hello and Server Hello messages. Then Server
> Hello Done, Certificate and Server Key Exchange message is coming (no
> outgoing Client Key Exchange), but from observations I see that messages
> from Server aren't properly handled by lwIP core.
> On console I can see that mbedTLS switched to parsing Server Hello
> message but in fetch method input f_recv function (which is a pointer
> to altcp_mbedtls_bio_recv) is returning MBEDTLS_ERR_SSL_WANT_READ which
> means that there is nothing to read. What is interesting after this fail
> lwIP signals receiving a TCP packet, with Server Hello message (I
> cross-checked sequence numbers with Wireshark). So I digged deeper and
> found out that everything in mbedTLS is called from lwIP thread context,
> so secure layer can't wait for messages. I realized that when I was
> trying to implement f_recv_timeout function.

I'm a bit confused: are you using the mqtt client provided with lwIP? If
so, TLS should just work. No need to implement f_recv_timeout.

Regards,
Simon

>
> Questions:
> 1. Does anybody met similiar problems?
> 2. Can I check for incoming messages in mbedTLS, handle them normally in
> lwIP core and come back to mbedTLS functions? Maybe there is a need for
> separating threads for two of them?
>
> I encountered many problems during mbedTLS implementations but all of
> them were affordable (missing defines, memory problems, etc.) but this
> time I have no idea what to do next.
>
> Regards,
> Pawel
>
> _______________________________________________
> lwip-users mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/lwip-users
>


_______________________________________________
lwip-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/lwip-users
reply via email to
[Prev in Thread] Current Thread [Next in Thread]