Issues with creating multiple TLS server

Hello, 

The DevZone support team is currently lower staffed due to Christmas holiday. Please expect longer response time.

Can you please provide what version of nRF Connect SDK you are using? 

Our requirement is creating two TLS server with same IP and different port no

Are you doing this in the Serial LTE Modem? The documentation states: The TLS server role is currently not supported.

Kind regards,
Øyvind

Hi,

We are using nrf connect sdk 1.7.0, and I am not using Serial LTE Modem example.

Hi,

We are using nrf connect sdk 1.7.0, and I am not using Serial LTE Modem example.

Are you able to provide more information i.e. are you basing this on a special sample, are you using native TLS? What modem FW are you using on the device? This is relevant for me to reproduce the issue. 

Kind regards,
Øyvind

I am not using any sample this is my own project, yes we are using native TLS and modem version is mfw_nrf9160_1.3.1.

below is my prj.conf

CONFIG_NETWORKING=y
CONFIG_NET_NATIVE=n
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_OFFLOAD=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y

# Modem library
CONFIG_NRF_MODEM_LIB=y

# AT host library
CONFIG_AT_HOST_LIBRARY=y
CONFIG_UART_INTERRUPT_DRIVEN=y

# Stacks and heaps
CONFIG_MAIN_STACK_SIZE=3072
CONFIG_HEAP_MEM_POOL_SIZE=16384

#LTE
CONFIG_MODEM_KEY_MGMT=y
CONFIG_LTE_LINK_CONTROL=y
CONFIG_LTE_AUTO_INIT_AND_CONNECT=n
CONFIG_NEWLIB_LIBC=y
#CONFIG_POSIX_MAX_FDS = 8
#CONFIG_ASSERT=y

#mbedtls and security
CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
CONFIG_NET_SOCKETS_OFFLOAD_TLS=n
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=4096
CONFIG_MBEDTLS_HEAP_SIZE=32768
CONFIG_MBEDTLS_TLS_LIBRARY=y
CONFIG_MBEDTLS_X509_LIBRARY=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y
CONFIG_MBEDTLS_PKCS1_V15=y
CONFIG_MBEDTLS_RSA_C=y
CONFIG_MBEDTLS_LIBRARY_NRF_SECURITY=y
CONFIG_MBEDTLS_SHA1_C=y
CONFIG_NRF_SECURITY_ADVANCED=y
CONFIG_NORDIC_SECURITY_BACKEND=y

Please tell us what is issue with multiple TLS server.

Thank you

Anitha S

Hi,

We are a bit short on capacity this week due to Christmas vacations, but I'll try to help you as best as I can.

Could you share some snippets of your code showing how you create the sockets, and how you use them?

Best regards,

Didrik

Yes I will share snippets of my code 

int socketCreate(uint8_t ip_version,int *sock_fd)
{
uint8_t err;
if(ip_version == 4)
{
/*Creating the IPV4 socket NRF_SPROTO_TLS1v2 */
*sock_fd = nrf_socket(NRF_AF_INET,NRF_SOCK_STREAM, NRF_SPROTO_TLS1v2);
if (*sock_fd < 0)
{
printk("error in creating the socket\n");
return errno;
}
}}

int certProvision(void)
{
int err;
bool exists;
uint8_t unused;
if ((err = modem_key_mgmt_exists(TLS_SEC_TAG,MODEM_KEY_MGMT_CRED_TYPE_CA_CHAIN,&exists, &unused)) < 0)
{
printk("Failed to check for certificates err %d\n", err);
return err;
}
if (exists)
{
/* For the sake of simplicity we delete what is provisioned
* with our security tag and reprovision our certificate.
*/
if ((err = modem_key_mgmt_delete(TLS_SEC_TAG,MODEM_KEY_MGMT_CRED_TYPE_CA_CHAIN)) < 0)
{
printk("Failed to delete existing certificate, err %d\n",
err);
return err;
}
}
printk("Provisioning certificate\n");
/* Provision certificate to the modem */
if ((err = modem_key_mgmt_write(TLS_SEC_TAG,MODEM_KEY_MGMT_CRED_TYPE_CA_CHAIN,CA_cert, sizeof(CA_cert) - 1))<0) //Provisioning CA certificate
{
printk("Failed to provision certificate, err %d\n", err);
return err;
}
if ((err = modem_key_mgmt_write(TLS_SEC_TAG,MODEM_KEY_MGMT_CRED_TYPE_PUBLIC_CERT,S_cert, sizeof(S_cert) - 1)) < 0) //Provisioning server certificate
{
printk("Failed to provision server cert, err %d\n", err);
return err;
}
if ((err = modem_key_mgmt_write(TLS_SEC_TAG,MODEM_KEY_MGMT_CRED_TYPE_PRIVATE_CERT,pr_key, sizeof(pr_key) - 1)) < 0) //Provisioning server private key
{
printk("Failed to provision server private key, err %d\n", err);
return err;
}

return TLS_SUCCESS;
}

int tlsCredentialAdd()
{
int err;
// Security tag that we have provisioned the certificate with

if((err = tls_credential_add(tls_sec_tag[0],TLS_CREDENTIAL_CA_CERTIFICATE,CA_cert,sizeof(CA_cert))) < 0) //adding CA certificate credentials
{
printk("erro in tls_add()\n");

return err;
}
if((err = tls_credential_add(tls_sec_tag[0],TLS_CREDENTIAL_SERVER_CERTIFICATE,S_cert,sizeof(S_cert))) < 0) //adding server certificate credentials
{
printk("erro in tls_add()\n");
return err;
}
if((err = tls_credential_add(tls_sec_tag[0],TLS_CREDENTIAL_PRIVATE_KEY,pr_key,sizeof(pr_key))) < 0) //adding server private key credentials
{
printk("erro in tls_add()\n");
return err;
}
return 0;
}

int tlsSetup(int fd)
{
int err;
int verify;

/* Security tag that we have provisioned the certificate with */
int opt = 1;
/* setting TLS role as server */
if ((err = nrf_setsockopt(fd, NRF_SOL_SECURE, NRF_SO_SEC_ROLE,&opt,sizeof(opt)))<0)
{
printk("T1 Failed to setup role, err %d\n", errno);
return err;
}
// verify = REQUIRED;
/* setting Peer verification */
verify = NONE;
if ((err = nrf_setsockopt(fd, NRF_SOL_SECURE,NRF_SO_SEC_PEER_VERIFY, &verify, sizeof(verify))) < 0)
{
printk("T1 Failed to setup peer verification, err %d\n", errno);
return err;
}

/* Associate the socket with the security tag
* we have provisioned the certificate with.
*/
if ((err = nrf_setsockopt(fd, NRF_SOL_SECURE, NRF_SO_SEC_TAG_LIST, tls_sec_tag,sizeof(tls_sec_tag))) < 0) {
printk("T1 Failed to setup TLS sec tag, err %d\n", errno);
return err;
}

return TLS_SUCCESS;
}

Please suggest some solution for my actual question.

best regards

Thanks for the code.

Note that when you are using native TLS (which you must to have a TLS server), you must use Zephyr's sockets, not nrf_sockets.

I've attached a project that opens and binds and listens to two TLS sockets.

Note that I am not able to test if it actually can connect to clients, because of limitations with my SIM card.

dual_tls_server.zip