|
From: | Paweł |
Subject: | Re: [lwip-users] lwIP with mbedTLS |
Date: | Sun, 27 Jan 2019 14:08:32 +0100 |
I'm a bit confused: are you using the mqtt client provided with lwIP? If
so, TLS should just work. No need to implement f_recv_timeout.
Am 27.01.2019 um 10:44 schrieb Paweł:
> Hello,
> I'm trying to build an application using lwIP and mbedTLS. My goal is a
> secure MQTT connection.
> I'm sure that MQTT without security layer works properly. lwIP works in
> sys mode.
> I started of course with ALTCP layer and I can succesfully parse
> certificate using code:
> mqttClientInfo.tls_config = altcp_tls_create_config_client(cert,
> sizeof(cert));
>
> After mbedTLS tuning (choosing cipher method, etc.) I can see on
> Wireshark proper Client Hello and Server Hello messages. Then Server
> Hello Done, Certificate and Server Key Exchange message is coming (no
> outgoing Client Key Exchange), but from observations I see that messages
> from Server aren't properly handled by lwIP core.
> On console I can see that mbedTLS switched to parsing Server Hello
> message but in fetch method input f_recv function (which is a pointer
> to altcp_mbedtls_bio_recv) is returning MBEDTLS_ERR_SSL_WANT_READ which
> means that there is nothing to read. What is interesting after this fail
> lwIP signals receiving a TCP packet, with Server Hello message (I
> cross-checked sequence numbers with Wireshark). So I digged deeper and
> found out that everything in mbedTLS is called from lwIP thread context,
> so secure layer can't wait for messages. I realized that when I was
> trying to implement f_recv_timeout function.
I'm a bit confused: are you using the mqtt client provided with lwIP? If
so, TLS should just work. No need to implement f_recv_timeout.
Regards,
Simon
>
> Questions:
> 1. Does anybody met similiar problems?
> 2. Can I check for incoming messages in mbedTLS, handle them normally in
> lwIP core and come back to mbedTLS functions? Maybe there is a need for
> separating threads for two of them?
>
> I encountered many problems during mbedTLS implementations but all of
> them were affordable (missing defines, memory problems, etc.) but this
> time I have no idea what to do next.
>
> Regards,
> Pawel
>
> _______________________________________________
> lwip-users mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/lwip-users
>
_______________________________________________
lwip-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/lwip-users
[Prev in Thread] | Current Thread | [Next in Thread] |