Closed 2trc closed 5 years ago
Something like this worked for me (mbedTLS 2.16.0):
configs/config-ccm-psk-tls1_2.h
diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h
index c9b58dd53..57aa40043 100644
--- a/configs/config-ccm-psk-tls1_2.h
+++ b/configs/config-ccm-psk-tls1_2.h
@@ -42,6 +42,22 @@
#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_2
+/ NOTE: required by Anjay and avs_commons / +#define MBEDTLS_SSL_PROTO_DTLS + +/**
+/**
/ mbed TLS modules /
2. Copied `configs/config-ccm-psk-tls1_2.h` to `include/mbedtls/config.h` -- frankly speaking, this seems a bit crazy, but without it a generic `config.h` will be installed (and no, overriding `MBEDTLS_CONFIG_FILE` doesn't help there), which is not good, as it contains definitions of features the build does not actually have, and that unfortunately leads to compile-time errors in `avs_commons` which actually does perform some compile time feature checks.
3. Configured and compiled the mbedTLS:
$ cmake -DENABLE_TESTING=OFF -DCMAKE_INSTALL_PREFIX=/tmp/stuff/mbedtls . $ make -j install
4. Configured and compiled Anjay (without certificates enabled):
$ cmake . -DMBEDTLS_ROOT_DIR=/tmp/stuff/mbedtls -DWITH_X509=OFF $ make -j
There likely exists a more elegant approach to mbedTLS configuration, but unfortunately I don't know about it.
Thanks a lot @sznaider but it still doesn't work for me. It's almost as if none of the configuration is taken into consideration by Anjay (or mbed). I see all the cyphersuites being installed as before. Not sure if it's some caching issue (given I did a make clean and deleted the /tmp/mbestls folder)
Could you post a log from a clean build of Anjay (cmake
command output)? Right now it sounds a bit like Anjay used system-installed mbed TLS instead of the build with custom config.
Hi @dextero, I think so too but it's hard to find out why Anjay behaves that way and how to change it. E.g. where is the 'system-installed mbed TLS'? Maybe we could just replace it?
Here is the output of my cmake (after making cleanups...)
cmake . -DMBEDTLS_ROOT_DIR=/tmp/mbedtls/install -DWITH_X509=OFF
-- Looking for dlsym() in library:
-- Looking for dlsym
-- Looking for dlsym - not found
-- Looking for dlsym() in library: dl
-- Looking for dlsym
-- Looking for dlsym - found
-- Checking if IN6_IS_ADDR_V4MAPPED is usable
-- Checking if IN6_IS_ADDR_V4MAPPED is usable - no
-- DTLS backend: mbedtls
-- Checking if IN6_IS_ADDR_V4MAPPED is usable
-- Checking if IN6_IS_ADDR_V4MAPPED is usable - no
-- Could NOT find Doxygen (missing: DOXYGEN_EXECUTABLE)
* generating root cert
* generating root cert - done
* generating client cert
Signature ok
subject=CN = localhost
Getting CA Private Key
* generating client cert - done
* generating server cert
Signature ok
subject=CN = localhost
Getting CA Private Key
* generating server cert - done
* creating trustStore.jks
Trust this certificate? [no]: Certificate was added to keystore
* creating trustStore.jks - done
* creating keyStore.jks
* creating keyStore.jks - done
NOTE: To make demo successfully connect to Californium cf-secure server, copy contents of the /home/pi/Documents/Anjay/output/certs to the cf-secure/certs subdirectory and restart the server.
-- Could NOT find Doxygen (missing: DOXYGEN_EXECUTABLE)
-- Configuring done
-- Generating done
-- Build files have been written to: /home/pi/Documents/Anjay
I could also send the 'make' output but it's a bit too long
Looks like you used make clean
, however that only deletes compiled objects / binaries / libraries, but not CMake configuration (which is what needs to be cleaned-up actually).
Please do $ rm -r CMakeCache.txt CMakeFiles/
in the project root directory and try again.
Hi @sznaider it worked! I did try cleaning the cmake cache a couple of times but I didn't know how to do it properly. awesome, thanks a lot!
@2trc in latest version of Anjay as of today,
there is an option to specify ciphersuite in demo client:
--ciphersuites CIPHERSUITE[,CIPHERSUITE...] - Sets the ciphersuites to be used by default for (D)TLS connections. (default: TLS library defaults)
Hi gurus,
I don't think this question has been asked before but please point it out if it's the case.
I'm currently following the tutorial "Compiling Client Applications" and I would like to configure what cyphersuite is used by Anjay and this case mbed (since it's what I'm using). I'm on a RPi but I don't think it matters. I've followed these steps for compilation (and installation): For mbed
For Anjay
And prior to all that I've replaced 'include/mbedtls/config.h' with 'configs/config-ccm-psk-tls1_2.h' as suggested in the 'config/README.txt' from mbedtls.
However, whenever my client connects it always offers 49 ciphersuites in the 'Client Hello' message and TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 is choosen by the server. I would like to use a ciphersuite which is easier to decrypt in Wireshark (like TLS_PSK_WITH_AES_128_CCM_8).
I've tried
make clean
on both projects to cleanup the cache...but it still doesn't work.Could you please suggest what do to (differently)?
Thanks a lot in advance!