|
From: | Noam Weissman |
Subject: | Re: [lwip-users] PolarSSL and mbedTLS |
Date: | Sun, 12 Mar 2017 09:05:08 +0000 |
Hi Jan, Simon… I have found a solution that seems to work
J…
A college of mine working on the server side pointed me to RFC 6066 were there is an option to request
the server to limit the sent fragment size:
https://tools.ietf.org/html/rfc6066#page-8 The above is part of the RFC without the need to change anything in LwIP or mbedTLS code. It’s a simple
configuration issue. I have added to my code the following: 1.
I defined MBEDTLS_SSL_MAX_FRAGMENT_LENGTH in mbedtls_config.h 2.
I added a call to mbedtls_ssl_conf_max_frag_len(&conf, MBEDTLS_SSL_MAX_FRAG_LEN_1024); The above adds an extra parameter in the SSL/TLS handshake… actually adds it in the HELLO handshake. I need to make a few more tests but it seems to work and have no problems sending even a 600K binary file. I still did not catch why lwip_recvfrom function failed but the above seems to be working. Thanks for everyone that puts their inputs
J If I will have an update I will update the group. BR, Noam. From: lwip-users [mailto:lwip-users-bounces+address@hidden
On Behalf Of Noam Weissman Hi Simon, with SSL there is a read for 5 bytes record header and then reading the data itself as a whole
or in parts (inside lwip_recvfrom). My module is a single task that has a state machine. When the state is in OPEN state it blocks
for 1 second on select, if select is returning with a timeout the task is doing some house keeping
and returns to the OPEN state for another select etc... If select is returning with 1, meaning there is data, the code issues mbedtls_ssl_read etc... The SSL code reads the 5 bytes header but fails after that. The fail happens if the sending record is more then a few K bytes. The strange thing is that it fails on the first read ? If it would have failed after a few blocks that were read then we could assume that there is another problem but it fails on the first read just after the 5 bytes header were read ? My hunch is that its something stupid :-) BR, Noam. From: lwip-users <lwip-users-bounces+address@hidden>
on behalf of address@hidden <address@hidden> Noam,
|
[Prev in Thread] | Current Thread | [Next in Thread] |