Hello
I need to setup TLS communication using UDP, betwen:
- zephyr app as client
- ubuntu pc, openssl server as server (ofc)
I modify prj.conf of sample disabling all TCP and IPv6:
# Generic networking options CONFIG_NETWORKING=y CONFIG_NET_UDP=y CONFIG_NET_TCP=n CONFIG_NET_IPV6=n CONFIG_NET_IPV4=y CONFIG_NET_SOCKETS=y CONFIG_NET_SOCKETS_POSIX_NAMES=y CONFIG_NET_SOCKETS_POLL_MAX=4 CONFIG_NET_CONNECTION_MANAGER=y # Kernel options CONFIG_MAIN_STACK_SIZE=2048 CONFIG_ENTROPY_GENERATOR=y CONFIG_TEST_RANDOM_GENERATOR=y CONFIG_INIT_STACKS=y CONFIG_DEBUG=y # Logging CONFIG_NET_LOG=y CONFIG_LOG=y CONFIG_NET_STATISTICS=y CONFIG_PRINTK=y # Network buffers CONFIG_NET_PKT_RX_COUNT=16 CONFIG_NET_PKT_TX_COUNT=16 CONFIG_NET_BUF_RX_COUNT=80 CONFIG_NET_BUF_TX_COUNT=80 CONFIG_NET_CONTEXT_NET_PKT_POOL=y # IP address options # CONFIG_NET_IF_UNICAST_IPV6_ADDR_COUNT=3 # CONFIG_NET_IF_MCAST_IPV6_ADDR_COUNT=4 CONFIG_NET_MAX_CONTEXTS=10 # Network shell CONFIG_NET_SHELL=y # The addresses are selected so that qemu<->qemu connectivity works ok. # For linux<->qemu connectivity, create a new conf file and swap the # addresses (so that peer address is ending to 2). CONFIG_NET_CONFIG_SETTINGS=y # CONFIG_NET_CONFIG_NEED_IPV6=y # CONFIG_NET_CONFIG_MY_IPV6_ADDR="2001:db8::2" # CONFIG_NET_CONFIG_PEER_IPV6_ADDR="2001:db8::1" CONFIG_NET_CONFIG_NEED_IPV4=y CONFIG_NET_CONFIG_MY_IPV4_ADDR="192.168.1.225" CONFIG_NET_CONFIG_PEER_IPV4_ADDR="192.168.1.240" CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=2048
To build i using command:
west build -p always -b mimxrt1060_evkb -s samples/net/sockets/echo_client -- -DCONF_FILE="prj.conf overlay-tls.conf"
On server site, running openssl server by:
openssl s_server -key ssl_keys/echo-apps-key.der -cert ssl_keys/echo-apps-cert.der -dtls1_2 -accept 4242 -certform DER
Where is the problem:
Zephyr application running on uP tries to connect to ssl server but it fails, returning error log:
<err> net_sock_tls: TLS handshake error: -2700
On server side i got log:
Using default temp DH parameters
ACCEPT
ERROR
80CB36578F7F0000:error:0A000412:SSL routines:dtls1_read_bytes:sslv3 alert bad certificate:../ssl/record/rec_layer_d1.c:613:SSL alert number 42
shutting down SSL
CONNECTION CLOSED
On wireshark there is also the same information
26255 343.215228125 192.168.1.225 192.168.1.240 DTLSv1.2 62 Alert (Level: Fatal, Description: Bad Certificate)
I think the problem in configuration, but i can't find where.
Cert and key files i took from echo_server sample, but if i regenerate them by my self, the result is the same.