Re: [lwip-users] lwIP with mbedTLS

Sun, 27 Jan 2019 04:44:13 -0800 

Am 27.01.2019 um 10:44 schrieb Paweł:

Hello,
I'm trying to build an application using lwIP and mbedTLS. My goal is a secure MQTT connection. I'm sure that MQTT without security layer works properly. lwIP works in sys mode. I started of course with ALTCP layer and I can succesfully parse certificate using code: mqttClientInfo.tls_config = altcp_tls_create_config_client(cert, sizeof(cert)); 


After mbedTLS tuning (choosing cipher method, etc.) I can see on 
Wireshark proper Client Hello and Server Hello messages. Then Server 
Hello Done, Certificate and Server Key Exchange message is coming (no 
outgoing Client Key Exchange), but from observations I see that messages 
from Server aren't properly handled by lwIP core.
On console I can see that mbedTLS switched to parsing Server Hello 
message but in fetch method input f_recv function (which is a pointer 
to altcp_mbedtls_bio_recv) is returning MBEDTLS_ERR_SSL_WANT_READ which 
means that there is nothing to read. What is interesting after this fail 
lwIP signals receiving a TCP packet, with Server Hello message (I 
cross-checked sequence numbers with Wireshark). So I digged deeper and 
found out that everything in mbedTLS is called from lwIP thread context, 
so secure layer can't wait for messages. I realized that when I was 
trying to implement f_recv_timeout function.



I'm a bit confused: are you using the mqtt client provided with lwIP? If 
so, TLS should just work. No need to implement f_recv_timeout.


Regards,
Simon



Questions:
1. Does anybody met similiar problems?

2. Can I check for incoming messages in mbedTLS, handle them normally in 
lwIP core and come back to mbedTLS functions? Maybe there is a need for 
separating threads for two of them?



I encountered many problems during mbedTLS implementations but all of 
them were affordable (missing defines, memory problems, etc.) but this 
time I have no idea what to do next.


Regards,
Pawel

_______________________________________________
lwip-users mailing list
lwip-users@nongnu.org
https://lists.nongnu.org/mailman/listinfo/lwip-users




_______________________________________________
lwip-users mailing list
lwip-users@nongnu.org
https://lists.nongnu.org/mailman/listinfo/lwip-users





















					Reply via email to