How to use mbedtls

[Zevolusion]

If I using main branch, how to switch openssl to mbedtls? @butlerpaul

[dachalco]

Hi @Zevolusion

Are you looking to build the demos with mbedtls or a separate project with mbedtls?

These stacks are in the platform layer so they can be swapped. There's a porting guide giving all the details behind platform code. There's also existing mbedtls+corePKCS11 platform code you may reference here. Finally, you can also create your own transport layer and authentication steps as needed.

[Zevolusion]

Thanks @dachalco

1. I try to build the demo with mbedtls first. What arguments should passed into cmake? Or should modify the CMakeLists?
2. What did u mean a separate project?

[paulbartell]

@Zevolusion : You can build normally without openssl available. Demos that require openssl will be excluded will be skipped.

To enable additional demos, you will need to port them to use the mbedtls transport implementation that @dachalco mentioned above.

[ClaudioBaldo]

we are trying to compile the library for a yocto device which only supports openssl 1.0.2, would you have any example which just use mbdetls? As the "..._simple_tls" still implements and rely on openssl.

/ OpenSSL sockets transport implementation. /

include "openssl_posix.h"

I understand the "porting" idea but I thought the whole point of having examples from aws team was to avoid user from "heavy lifting" and to speed up the time to market.

[ravibhagavandas]

I agree that we don't have all demos ported for all transport implementations. We will look into how best we can accommodate this to the demos. However you can look into functions EstablishMqttSession and DisconnectMqttSession in file mqtt_operations.c. This file shows Mbedtls transport implementations that can be directly consumed into demos.

[ravibhagavandas]

I will close the issue due to inactivity. Please open an issue if you still have questions.