Connection by using security mode cert

[terravi]

I'm trying to use demo to test a connection to a Leshan server using X.509 certified client authentication. I've run the following command:

./output/bin/demo -s cert --server-uri coaps://192.168.56.1:5684 -e test -C output/certs/client.crt.der -K output/certs/client.key.der

but I get the following error:

2019-10-22 10:47:43.403180 DEBUG [security] [/home/vte/Progetti/Anjay/modules/security/src/security_utils.c:64]: Invalid SMS Security Mode 2019-10-22 10:47:43.403457 INFO [security] [/home/vte/Progetti/Anjay/modules/security/src/mod_security.c:169]: Added instance 1 (SSID: 1, URI: coaps://192.168.56.1:5684) 2019-10-22 10:47:43.404269 INFO [server] [/home/vte/Progetti/Anjay/modules/server/src/mod_server.c:117]: Added instance 1 (SSID: 1) 2019-10-22 10:47:43.404841 INFO [demo] [/home/vte/Progetti/Anjay/demo/demo.c:616]: ANJAY DEMO STARTUP FINISHED 2019-10-22 10:47:43.405111 WARNING [fw_update] [/home/vte/Progetti/Anjay/modules/fw_update/src/fw_update.c:891]: Firmware Update Result change to 0 not allowed in State 0 2019-10-22 10:47:43.409705 INFO [anjay] [/home/vte/Progetti/Anjay/src/servers/reload.c:165]: servers reloaded 2019-10-22 10:47:43.411625 DEBUG [anjay] [/home/vte/Progetti/Anjay/src/servers/connection_udp.c:164]: server /0/1: UDP security mode = 2 2019-10-22 10:47:43.412816 DEBUG [avs_net] [/home/vte/Progetti/Anjay/avs_commons/git/net/src/mbedtls/mbedtls.c:814]: Server authentication disabled 2019-10-22 10:47:43.413558 DEBUG [avs_net] [/home/vte/Progetti/Anjay/avs_commons/git/net/compat/posix/compat_addrinfo.c:220]: getaddrinfo() error: Address family for hostname not supported; family == (avs_net_af_t) 2 2019-10-22 10:47:43.414281 WARNING [avs_net] [/home/vte/Progetti/Anjay/avs_commons/git/net/src/mbedtls/mbedtls.c:561]: Could not restore session; performing full handshake 2019-10-22 10:47:43.416854 ERROR [avs_net] [/home/vte/Progetti/Anjay/avs_commons/git/net/src/mbedtls/mbedtls.c:598]: handshake failed: -30208 2019-10-22 10:47:43.418440 ERROR [anjay] [/home/vte/Progetti/Anjay/src/servers/connection_udp.c:342]: could not connect to 192.168.56.1:5684 2019-10-22 10:47:43.418902 DEBUG [anjay] [/home/vte/Progetti/Anjay/src/servers/activate.c:55]: Non-Bootstrap Server 1: not reachable.

Error code -30208 corresponds to error mbedtls MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED . I then tried to change the private key parameter by specifying client.key instead of client.key.der.

In this case the error is:

2019-10-22 10:50:04.784528 DEBUG [security] [/home/vte/Progetti/Anjay/modules/security/src/security_utils.c:64]: Invalid SMS Security Mode 2019-10-22 10:50:04.784823 INFO [security] [/home/vte/Progetti/Anjay/modules/security/src/mod_security.c:169]: Added instance 1 (SSID: 1, URI: coaps://192.168.56.1:5684) 2019-10-22 10:50:04.785614 INFO [server] [/home/vte/Progetti/Anjay/modules/server/src/mod_server.c:117]: Added instance 1 (SSID: 1) 2019-10-22 10:50:04.786022 INFO [demo] [/home/vte/Progetti/Anjay/demo/demo.c:616]: ANJAY DEMO STARTUP FINISHED 2019-10-22 10:50:04.786259 WARNING [fw_update] [/home/vte/Progetti/Anjay/modules/fw_update/src/fw_update.c:891]: Firmware Update Result change to 0 not allowed in State 0 2019-10-22 10:50:04.790632 INFO [anjay] [/home/vte/Progetti/Anjay/src/servers/reload.c:165]: servers reloaded 2019-10-22 10:50:04.792926 WARNING [anjay] [/home/vte/Progetti/Anjay/src/servers/connection_udp.c:136]: read /0/1/5 failed 2019-10-22 10:50:04.794119 DEBUG [anjay] [/home/vte/Progetti/Anjay/src/servers/connections.c:211]: could not get UDP connection info for server /0/1 2019-10-22 10:50:04.795000 DEBUG [anjay] [/home/vte/Progetti/Anjay/src/servers/activate.c:55]: Non-Bootstrap Server 1: not reachable.

Can anyone tell me what I'm doing wrong?

Thank you

[krwc]

Strange. We can't reproduce this issue. What mbedTLS version are you currently using? Could you also provide PCAP dump from client <-> server communication?