cancel
Showing results for 
Search instead for 
Did you mean: 

LWIP MBEDTLS, no RTOS

Wood.Andy
Associate III

I have tried to get LWIP and MBEDTLS working in RAW mode without an RTOS but have failed miserably...

I think I have overlooked something - any suggestions?

The failure is at -

ssl_tls.c - line 2629

if( ! mbedtls_pk_can_do( &ssl->session_negotiate->peer_cert->pk, pk_alg ) )

{

   MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );

   mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,

                                           MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );

   return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );

}

My server shows -

Starting server.

Ipdaemon1_OnSSLStatusUsing platform security API.

Ipdaemon1_OnSSLStatusEnabling TLS versions: TLS1.2 TLS1.1 TLS1.0

Ipdaemon1_OnSSLStatusReceiving 106 bytes of handshake data.

Ipdaemon1_OnSSLStatusCipher Suites:

   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c);

   TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f);

   TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc087);

   TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc07d);

   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b);

   TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e);

   TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc086);

   TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc07c);

   Unknown (255)

Ipdaemon1_OnSSLStatusSelected TLS Version: TLS1.2

Ipdaemon1_OnSSLStatusSelected Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)

Ipdaemon1_OnSSLStatusSending 1902 bytes of handshake data.

Ipdaemon1_OnSSLStatusReceiving 7 bytes of handshake data.

10.0.0.151 has disconnected.

And the Wireshark screenshot attached shows the cert has been uploaded but probably nothing done with it.

The attached TLS Code file shows what I have done to try to make it work.

Thanks

Andy.

1 REPLY 1
steveh
Associate

I think I am heading down thw same rabbit hole, did you ever sole it?