[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [lwip-users] PolarSSL and mbedTLS
From: |
Noam Weissman |
Subject: |
Re: [lwip-users] PolarSSL and mbedTLS |
Date: |
Tue, 14 Mar 2017 14:42:20 +0000 |
Hi Jan,
I have added parameter to the conf structure by using the function
mbedtls_ssl_conf_max_frag_len
I have tested my client against a test server based on mbedTLS library and it
worked !
When I triad my client side against the actual server it did not work. So it
may not support
" Maximum Fragment Length Negotiation" option as you have mentioned.
In any case I need to integrate with the server.... continue the work.
Thanks,
Noam.
-----Original Message-----
From: lwip-users [mailto:address@hidden On Behalf Of Jan Menzel
Sent: Tuesday, March 14, 2017 4:36 PM
To: address@hidden
Subject: Re: [lwip-users] PolarSSL and mbedTLS
Hi Noam!
IIRC this options is not widely implemented. Especially openssl seems
to lack it. If you configure a short FRAGMENT_LENGTH and the other side does
not respect the option, transfer of large data blocks (>~
FRAGMENT_LENGTH) will not be possible.
Jan
On 12.03.2017 10:05, Noam Weissman wrote:
> Hi Jan, Simon...
>
>
>
> I have found a solution that seems to work J...
>
>
>
> A college of mine working on the server side pointed me to RFC 6066
> were there is an option to request
>
> the server to limit the sent fragment size:
>
> https://tools.ietf.org/html/rfc6066#page-8
>
>
>
> The above is part of the RFC without the need to change anything in
> LwIP or mbedTLS code. It's a simple
>
> configuration issue.
>
>
>
> I have added to my code the following:
>
> 1. I defined MBEDTLS_SSL_MAX_FRAGMENT_LENGTH in mbedtls_config.h
>
> 2. I added a call to mbedtls_ssl_conf_max_frag_len(&conf,
> MBEDTLS_SSL_MAX_FRAG_LEN_1024);
>
>
>
> The above adds an extra parameter in the SSL/TLS handshake... actually
> adds it in the HELLO handshake.
>
>
>
> I need to make a few more tests but it seems to work and have no
> problems sending even a 600K binary file.
>
>
>
> I still did not catch why lwip_recvfrom function failed but the above
> seems to be working.
>
>
>
> Thanks for everyone that puts their inputs J
>
>
>
> If I will have an update I will update the group.
>
>
>
> BR,
>
> Noam.
>
>
>
> *From:*lwip-users
> [mailto:address@hidden
> *On Behalf Of *Noam Weissman
> *Sent:* Sunday, March 12, 2017 12:39 AM
> *To:* Mailing list for lwIP users
> *Subject:* Re: [lwip-users] PolarSSL and mbedTLS
>
>
>
> Hi Simon,
>
>
>
> with SSL there is a read for 5 bytes record header and then reading
> the data itself as a whole
>
> or in parts (inside lwip_recvfrom).
>
>
>
> My module is a single task that has a state machine. When the state is
> in OPEN state it blocks
>
> for 1 second on select, if select is returning with a timeout the task
> is doing some house keeping
>
> and returns to the OPEN state for another select etc...
>
>
>
> If select is returning with 1, meaning there is data, the code issues
> mbedtls_ssl_read etc...
>
> The SSL code reads the 5 bytes header but fails after that. The fail
> happens if the sending
>
> record is more then a few K bytes. The strange thing is that it fails
> on the first read ?
>
>
>
> If it would have failed after a few blocks that were read then we
> could assume that there
>
> is another problem but it fails on the first read just after the 5
> bytes header were read ?
>
>
>
> My hunch is that its something stupid :-)
>
>
>
> BR,
>
> Noam.
>
> ----------------------------------------------------------------------
> --
>
> *From:*lwip-users <address@hidden
> <mailto:address@hidden>> on behalf of
> address@hidden <mailto:address@hidden> <address@hidden
> <mailto:address@hidden>>
> *Sent:* Saturday, March 11, 2017 11:29 PM
> *To:* Mailing list for lwIP users
> *Subject:* Re: [lwip-users] PolarSSL and mbedTLS
>
>
>
> Noam,
>
> that sounds a bit too complicatied...
>
> My first thought is: you call select and it returns that there is data
> to read, but that does not mean there is enough data to read for TLS,
> so EWOULDBLOCK is not an error at all in this case.
>
> Simon
>
> _______________________________________________
> lwip-users mailing list
> address@hidden <mailto:address@hidden>
> https://lists.nongnu.org/mailman/listinfo/lwip-users
>
> lwip-users -- Mailing list for lwIP users - lists.nongnu.org
> <https://lists.nongnu.org/mailman/listinfo/lwip-users>
>
> lists.nongnu.org
>
> Welcome to the lwip-users mailing list. Use it to ask questions, share
> your experience and discuss new ideas. To see the collection of prior
> postings to the list ...
>
>
>
>
>
> _______________________________________________
> lwip-users mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/lwip-users
>
_______________________________________________
lwip-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/lwip-users
- Re: [lwip-users] PolarSSL and mbedTLS, (continued)
- Re: [lwip-users] PolarSSL and mbedTLS, Noam Weissman, 2017/03/03
- Re: [lwip-users] PolarSSL and mbedTLS, Noam Weissman, 2017/03/10
- Re: [lwip-users] PolarSSL and mbedTLS, Simon Goldschmidt, 2017/03/10
- Re: [lwip-users] PolarSSL and mbedTLS, Noam Weissman, 2017/03/10
- Re: [lwip-users] PolarSSL and mbedTLS, address@hidden, 2017/03/11
- Re: [lwip-users] PolarSSL and mbedTLS, Noam Weissman, 2017/03/11
- Re: [lwip-users] PolarSSL and mbedTLS, address@hidden, 2017/03/11
- Re: [lwip-users] PolarSSL and mbedTLS, Noam Weissman, 2017/03/11
- Re: [lwip-users] PolarSSL and mbedTLS, Noam Weissman, 2017/03/12
- Re: [lwip-users] PolarSSL and mbedTLS, Jan Menzel, 2017/03/14
- Re: [lwip-users] PolarSSL and mbedTLS,
Noam Weissman <=
- Re: [lwip-users] PolarSSL and mbedTLS, Dr. Jan Menzel, 2017/03/14
- Re: [lwip-users] PolarSSL and mbedTLS, Noam Weissman, 2017/03/15
- Re: [lwip-users] PolarSSL and mbedTLS, address@hidden, 2017/03/15
- Re: [lwip-users] PolarSSL and mbedTLS, Jan Menzel, 2017/03/15
- Re: [lwip-users] PolarSSL and mbedTLS, Noam Weissman, 2017/03/16
- Re: [lwip-users] PolarSSL and mbedTLS, goldsimon, 2017/03/16
- [lwip-users] Subnet too large?, Stephen Cowell, 2017/03/16
- Re: [lwip-users] Subnet too large?, goldsimon, 2017/03/16
- Re: [lwip-users] Subnet too large?, Stephen Cowell, 2017/03/16
- Re: [lwip-users] Subnet too large?, address@hidden, 2017/03/16