mbedtls Handshake not starting

Greg
Posts: 2
Joined: Sat Nov 26, 2016 6:29 pm

mbedtls Handshake not starting

Postby Greg » Sat Nov 26, 2016 6:44 pm

Hi,

I need to set up a connection to a mqtt server with a TLS 1.2 Handshake with certificate verification.

When Using sdk with libssl the TLS Handshake works perfectly. Unfortunately libssl only supports TLS 1.1.

So I switched to using the mbedtls patch for the sdk 2.0. When I disable the certificate verification, the TLS 1.2 Handshake works fine. But as soon as I switch on the certificate verification by calling espconn_secure_cert_req_enable() and espconn_secure_ca_enable() the Handshake fails. I investigated the problem by using wireshark. With enabled certificate verification, the Handshake does not even begin ! There is not even a client Hello !

The Debug output in this case is the following:
client handshake start.
espconn_mbedtls.c 652, type[private_key],length[610]
client handshake failed!
Reason:[-0x7f00]

I think, there is something wrong with the certificates. I am using Exactly the same certificate and key-file as with libssl. Does mbedtls need a different format for the files ? Unfortunately there is no example that I could find. The only example that is provided by espressif for mbedtls has the espconn_secure_cert_req_enable() and espconn_secure_ca_enable() calls commented out.

Since there is no example for a mbedtls TLS V1.2 based certifiate verification and no evidence that anybody could ever establish a TLS 1.2 connection with the expressif sdk I begin to doubt that it works at all...
Or is a different certificate/key format needed for mbedtls ?

Any help is highly appreciated !

Thanks a lot,
Gregor

Micheal Champ
Posts: 1
Joined: Thu Dec 29, 2016 2:07 pm

Re: mbedtls Handshake not starting

Postby Micheal Champ » Thu Dec 29, 2016 2:25 pm

Already incredible that you observed out that it most effective happens on TLS 1.2. Can you ship us a description on what you have been doing with Betfair? (Or what we are able to do to replicate this? can we need to register? and so on?), visit my website if you need quality essay. Expert writers will help you to get perfect professionally written essay.

ai-thinker sky
Posts: 2
Joined: Thu Jan 05, 2017 3:46 pm

Re: mbedtls Handshake not starting

Postby ai-thinker sky » Thu Jan 05, 2017 4:01 pm

hi,
I met the same problem.The debug shows that the chip can connect the website but mbedtls Handshake failed. :x I use the offical demo and follow its guide.I try to connect other website and it failed.I ping my Internet and it's ok.I hope that the FAE can give us a rely.
Best regards!

SDK ver: 2.0.0(656edbf) compiled @ Jul 19 2016 17:58:40
phy ver: 1055, pp ver: 10.2

SDK version:2.0.0(656edbf)
data : 0x3ffe8000 ~ 0x3ffe8418, len: 1048
rodata: 0x3ffe8420 ~ 0x3ffe9400, len: 4064
bss : 0x3ffe9400 ~ 0x3ffef7e8, len: 25576
heap : 0x3ffef7e8 ~ 0x3fffc000, len: 51224
sleep disable
mode : sta(5c:cf:7f:1d:bd:0f)
add if0
scandone
state: 0 -> 2 (b0)
state: 2 -> 3 (0)
state: 3 -> 5 (10)
add 0
aid 1
cnt

connected with iPhone, channel 11
dhcp client start...
event 0
ip:172.27.190.9,mask:255.255.0.0,gw:172.27.190.1
event 3
heap 49216
user_dns_found 115.29.202.58
heap 48824
espconn connect return 0 !
client handshake start.
client handshake failed!
Reason:[-0x7200]
reconnect callback, error code -114 !
pm open,type:0 0
ip:172.27.190.9,mask:255.255.0.0,gw:172.27.190.1
ip:172.27.190.9,mask:255.255.0.0,gw:172.27.190.1

Who is online

Users browsing this forum: No registered users and 2 guests