This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

[Bug Report] IoT SDK v0.9 TLS

Hi @ all,

We discovered a bug in the Nordic TLS API, which only appears once a secure TCP connection that makes use of certificates is to be established.

The provided TLS example by Nordic only uses the pre-shared key (PSK) variant, and doesn't use certificates.

The bug is located in IoT_SDK_v0.9\components\iot\tls\mbedtls\tls_interface.c: Line 665:

int result = mbedtls_x509_crt_parse(p_interface->p_cacert,
                                                        p_settings->p_ca_cert_pem,
                                                        sizeof(p_settings->p_ca_cert_pem));

sizeof() is applied to p_settings->p_ca_cert_pem, which is a member of nrf_tls_key_settings_t struct and defined in ..\nrf_tls.h line 91. There it is of type (unsigned char *).

sizeof(p_settings->p_ca_cert_pem) therefore will always be 4, instead of the actual size of the CA certificate. Thus the CA certificate parsing will always fail.

The bug can be fixed by adding a CA certificate length variable to the nrf_tls_key_settings_t struct, as it is done for the own certificate in struct nrf_tls_certificate_t.

Related