jimsch
commented
6 years ago At the moment you can't. Are you looking at just doing self-signed certificates or are you doing full trust chains?
Open nishantrana opened 6 years ago
jimsch
commented
6 years ago At the moment you can't. Are you looking at just doing self-signed certificates or are you doing full trust chains?
nishantrana
commented
6 years ago Case I am following
I have one Root self signed certificate and on based of that I have created Client and Server certificate. CoAP Client & Server will use public key for handshake of there self signed certificates.
So what approach I should follow to establish DTLS based communication using your library?
jimsch
commented
6 years ago As I said, at the moment you can't. I am trying to think about how things might work but currently only PSK can be supported. To change this requires modifications to the server and client callback code as well as trying to figure out who should be doing the trust decisions and where they should be done. Given that how certificate validation tends to be very application specific for a lot of things that needs to be pushed to the client code out of the library. The problem is where and how the pushing is done and how the result is returned back to the library code.
jimsch
commented
6 years ago There is now - only in the tls_certs branch in my repro - a set of events that will be triggered for events where certificate could would need to be supported. Please look and see if that would solve your needs.
srberard
commented
1 year ago I'm looking to do something similar to what @nishantrana mentions above. Has anyone been able to make DTLS work with x.509 certs?
I need help to implement Certificate based security between client and server. Currently in your library only supports PSK based DTLS but we need Certificate based DTLS. Please let me know how I can do that.