FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

x-cube-cld-gen on the 32f769idiscovery with local mosquitto server

GCosn
Associate

‎2019-02-28 12:57 PM

Hello,

i am currently using the x-cube-cld-gen on the 32f769idiscovery board. Everything works fine with the server test.mosquitto.org. We are trying to make a local network, when we use a local mosquitto server on our network with a dns to use a certification we are not able to trouble the server with the dns. With the ip address it works well but without TLS. We have no local dns server. Can you help us with this point?

0 Kudos
1 REPLY 1
grd
ST Employee

‎2019-06-12 08:14 AM

Hi,

when the connection starts, during the TLS handshake phase, the TLS client verifies that the Common Name of the X509 certificate presented by the server matches the hostname of the remote host. In case of mismatch, the client immediately closes the TLS connection.

As far as I could test, it is not possible to use an IPv4 address as Common Name of the server certificate: mbedTLS would report a mismatch anyway.

If the server address cannot be resolved through DNS, there is however a possible workaround:

  1. Use the server IP address to start the TCP connection (as with a clear connection);
  2. Choose an arbitraty Common Name for your server certificate (e.g. MyFabulousCN)
  3. Let mbedTLS think that the hostname is MyFabulousCN thanks to mbedtls_ssl_set_hostname(), via  net_sock_setopt(, "tls_server_name","MyFabulousCN" , strlen("MyFabulousCN")+1) in the GenericMQTT sample application of X-CUBE-CLD-GEN.

Note: Mind to also double-check to sign your server certificate with the Certification Authority whose certificate is used by the embedded application as Root CA. If it is not the case, the server certificate verification will fail as well, even if the Common Name matches.

-- grd

0 Kudos
Top