[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [lwip-users] PolarSSL and mbedTLS
From: |
Jan Menzel |
Subject: |
Re: [lwip-users] PolarSSL and mbedTLS |
Date: |
Tue, 14 Mar 2017 15:35:31 +0100 |
User-agent: |
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 |
Hi Noam!
IIRC this options is not widely implemented. Especially openssl seems
to lack it. If you configure a short FRAGMENT_LENGTH and the other side
does not respect the option, transfer of large data blocks (>~
FRAGMENT_LENGTH) will not be possible.
Jan
On 12.03.2017 10:05, Noam Weissman wrote:
> Hi Jan, Simon…
>
>
>
> I have found a solution that seems to work J…
>
>
>
> A college of mine working on the server side pointed me to RFC 6066 were
> there is an option to request
>
> the server to limit the sent fragment size:
>
> https://tools.ietf.org/html/rfc6066#page-8
>
>
>
> The above is part of the RFC without the need to change anything in LwIP
> or mbedTLS code. It’s a simple
>
> configuration issue.
>
>
>
> I have added to my code the following:
>
> 1. I defined MBEDTLS_SSL_MAX_FRAGMENT_LENGTH in mbedtls_config.h
>
> 2. I added a call to mbedtls_ssl_conf_max_frag_len(&conf,
> MBEDTLS_SSL_MAX_FRAG_LEN_1024);
>
>
>
> The above adds an extra parameter in the SSL/TLS handshake… actually
> adds it in the HELLO handshake.
>
>
>
> I need to make a few more tests but it seems to work and have no
> problems sending even a 600K binary file.
>
>
>
> I still did not catch why lwip_recvfrom function failed but the above
> seems to be working.
>
>
>
> Thanks for everyone that puts their inputs J
>
>
>
> If I will have an update I will update the group.
>
>
>
> BR,
>
> Noam.
>
>
>
> *From:*lwip-users [mailto:address@hidden
> *On Behalf Of *Noam Weissman
> *Sent:* Sunday, March 12, 2017 12:39 AM
> *To:* Mailing list for lwIP users
> *Subject:* Re: [lwip-users] PolarSSL and mbedTLS
>
>
>
> Hi Simon,
>
>
>
> with SSL there is a read for 5 bytes record header and then reading the
> data itself as a whole
>
> or in parts (inside lwip_recvfrom).
>
>
>
> My module is a single task that has a state machine. When the state is
> in OPEN state it blocks
>
> for 1 second on select, if select is returning with a timeout the task
> is doing some house keeping
>
> and returns to the OPEN state for another select etc...
>
>
>
> If select is returning with 1, meaning there is data, the code issues
> mbedtls_ssl_read etc...
>
> The SSL code reads the 5 bytes header but fails after that. The fail
> happens if the sending
>
> record is more then a few K bytes. The strange thing is that it fails on
> the first read ?
>
>
>
> If it would have failed after a few blocks that were read then we could
> assume that there
>
> is another problem but it fails on the first read just after the 5 bytes
> header were read ?
>
>
>
> My hunch is that its something stupid :-)
>
>
>
> BR,
>
> Noam.
>
> ------------------------------------------------------------------------
>
> *From:*lwip-users <address@hidden
> <mailto:address@hidden>> on behalf of
> address@hidden <mailto:address@hidden> <address@hidden
> <mailto:address@hidden>>
> *Sent:* Saturday, March 11, 2017 11:29 PM
> *To:* Mailing list for lwIP users
> *Subject:* Re: [lwip-users] PolarSSL and mbedTLS
>
>
>
> Noam,
>
> that sounds a bit too complicatied...
>
> My first thought is: you call select and it returns that there is data
> to read, but that does not mean there is enough data to read for TLS, so
> EWOULDBLOCK is not an error at all in this case.
>
> Simon
>
> _______________________________________________
> lwip-users mailing list
> address@hidden <mailto:address@hidden>
> https://lists.nongnu.org/mailman/listinfo/lwip-users
>
> lwip-users -- Mailing list for lwIP users - lists.nongnu.org
> <https://lists.nongnu.org/mailman/listinfo/lwip-users>
>
> lists.nongnu.org
>
> Welcome to the lwip-users mailing list. Use it to ask questions, share
> your experience and discuss new ideas. To see the collection of prior
> postings to the list ...
>
>
>
>
>
> _______________________________________________
> lwip-users mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/lwip-users
>
- Re: [lwip-users] PolarSSL and mbedTLS, (continued)
- Re: [lwip-users] PolarSSL and mbedTLS, Jan Menzel, 2017/03/03
- Re: [lwip-users] PolarSSL and mbedTLS, Noam Weissman, 2017/03/03
- Re: [lwip-users] PolarSSL and mbedTLS, Noam Weissman, 2017/03/10
- Re: [lwip-users] PolarSSL and mbedTLS, Simon Goldschmidt, 2017/03/10
- Re: [lwip-users] PolarSSL and mbedTLS, Noam Weissman, 2017/03/10
- Re: [lwip-users] PolarSSL and mbedTLS, address@hidden, 2017/03/11
- Re: [lwip-users] PolarSSL and mbedTLS, Noam Weissman, 2017/03/11
- Re: [lwip-users] PolarSSL and mbedTLS, address@hidden, 2017/03/11
- Re: [lwip-users] PolarSSL and mbedTLS, Noam Weissman, 2017/03/11
- Re: [lwip-users] PolarSSL and mbedTLS, Noam Weissman, 2017/03/12
- Re: [lwip-users] PolarSSL and mbedTLS,
Jan Menzel <=
- Re: [lwip-users] PolarSSL and mbedTLS, Noam Weissman, 2017/03/14
- Re: [lwip-users] PolarSSL and mbedTLS, Dr. Jan Menzel, 2017/03/14
- Re: [lwip-users] PolarSSL and mbedTLS, Noam Weissman, 2017/03/15
- Re: [lwip-users] PolarSSL and mbedTLS, address@hidden, 2017/03/15
- Re: [lwip-users] PolarSSL and mbedTLS, Jan Menzel, 2017/03/15
- Re: [lwip-users] PolarSSL and mbedTLS, Noam Weissman, 2017/03/16
- Re: [lwip-users] PolarSSL and mbedTLS, goldsimon, 2017/03/16
- [lwip-users] Subnet too large?, Stephen Cowell, 2017/03/16
- Re: [lwip-users] Subnet too large?, goldsimon, 2017/03/16
- Re: [lwip-users] Subnet too large?, Stephen Cowell, 2017/03/16