• State Not Answered
  • Replies 1 reply
  • Subscribers 62 subscribers
  • Views 382 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 293315
Options

Zephyr echo_client sample and openssl server- certification failure.

creative.industry.ag

Hello 

I need to setup TLS communication using UDP, betwen:

- zephyr app as client

- ubuntu pc, openssl server as server (ofc)

I modify prj.conf of sample disabling all TCP and IPv6:

# Generic networking options CONFIG_NETWORKING=y CONFIG_NET_UDP=y CONFIG_NET_TCP=n CONFIG_NET_IPV6=n CONFIG_NET_IPV4=y CONFIG_NET_SOCKETS=y CONFIG_NET_SOCKETS_POSIX_NAMES=y CONFIG_NET_SOCKETS_POLL_MAX=4 CONFIG_NET_CONNECTION_MANAGER=y # Kernel options CONFIG_MAIN_STACK_SIZE=2048 CONFIG_ENTROPY_GENERATOR=y CONFIG_TEST_RANDOM_GENERATOR=y CONFIG_INIT_STACKS=y CONFIG_DEBUG=y # Logging CONFIG_NET_LOG=y CONFIG_LOG=y CONFIG_NET_STATISTICS=y CONFIG_PRINTK=y # Network buffers CONFIG_NET_PKT_RX_COUNT=16 CONFIG_NET_PKT_TX_COUNT=16 CONFIG_NET_BUF_RX_COUNT=80 CONFIG_NET_BUF_TX_COUNT=80 CONFIG_NET_CONTEXT_NET_PKT_POOL=y # IP address options # CONFIG_NET_IF_UNICAST_IPV6_ADDR_COUNT=3 # CONFIG_NET_IF_MCAST_IPV6_ADDR_COUNT=4 CONFIG_NET_MAX_CONTEXTS=10 # Network shell CONFIG_NET_SHELL=y # The addresses are selected so that qemu<->qemu connectivity works ok. # For linux<->qemu connectivity, create a new conf file and swap the # addresses (so that peer address is ending to 2). CONFIG_NET_CONFIG_SETTINGS=y # CONFIG_NET_CONFIG_NEED_IPV6=y # CONFIG_NET_CONFIG_MY_IPV6_ADDR="2001:db8::2" # CONFIG_NET_CONFIG_PEER_IPV6_ADDR="2001:db8::1" CONFIG_NET_CONFIG_NEED_IPV4=y CONFIG_NET_CONFIG_MY_IPV4_ADDR="192.168.1.225" CONFIG_NET_CONFIG_PEER_IPV4_ADDR="192.168.1.240" CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=2048

 

 

To build i using command:

 west build -p always -b mimxrt1060_evkb -s samples/net/sockets/echo_client -- -DCONF_FILE="prj.conf overlay-tls.conf"

 On server site, running openssl server by:

 openssl s_server -key ssl_keys/echo-apps-key.der -cert ssl_keys/echo-apps-cert.der -dtls1_2 -accept 4242 -certform DER

 Where is the problem:

Zephyr application running on uP tries to connect to ssl server but it fails, returning error log:

 <err> net_sock_tls: TLS handshake error: -2700

 

On server side i got log:

 

Using default temp DH parameters
ACCEPT
ERROR
80CB36578F7F0000:error:0A000412:SSL routines:dtls1_read_bytes:sslv3 alert bad certificate:../ssl/record/rec_layer_d1.c:613:SSL alert number 42
shutting down SSL
CONNECTION CLOSED

 

On wireshark there is also the same information 

26255	343.215228125	192.168.1.225	192.168.1.240	DTLSv1.2	62	Alert (Level: Fatal, Description: Bad Certificate)

I think the problem in configuration, but i can't find where. 

Cert and key files i took from echo_server sample, but if i regenerate them by my self, the result is the same. 

Related