Eclipse ThreadX - NetXDuo is an advanced, industrial-grade TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications
Describe the bug
I am trying to establish TLS connection with self signed certificates using netxsecure v6.2.0 as a TLS client. As per the documentation I have enabled NX_SECURE_ALLOW_SELF_SIGNED_CERTIFICATES in nx_secure_user.h file. But still the nx_secure_tls_session_start API is returning error TLS NX_SECURE_X509_INVALID_SELF_SIGNED_CERT(0x1A5).
With further debugging found that in nx_secure_x509_certificate_chain_verify.c includes path nx_secure_user.h file is not getting included. So NX_SECURE_ALLOW_SELF_SIGNED_CERTIFICATES is not set in nx_secure_x509_certificate_chain_verify.c file even though it is defined in nx_secure_user.h file. And cerificate verification is failing with NX_SECURE_X509_INVALID_SELF_SIGNED_CERT at line https://github.com/azure-rtos/netxduo/blob/v6.2.0_rel/nx_secure/src/nx_secure_x509_certificate_chain_verify.c#L136
If I define NX_SECURE_X509_INVALID_SELF_SIGNED_CERT in our application's Makefile define then the TLS connection works with self signed certificates, but I think making it work with defining it in nx_secure_user.h file is the right thing.
Describe the bug I am trying to establish TLS connection with self signed certificates using netxsecure v6.2.0 as a TLS client. As per the documentation I have enabled NX_SECURE_ALLOW_SELF_SIGNED_CERTIFICATES in nx_secure_user.h file. But still the nx_secure_tls_session_start API is returning error TLS NX_SECURE_X509_INVALID_SELF_SIGNED_CERT(0x1A5).
With further debugging found that in nx_secure_x509_certificate_chain_verify.c includes path nx_secure_user.h file is not getting included. So NX_SECURE_ALLOW_SELF_SIGNED_CERTIFICATES is not set in nx_secure_x509_certificate_chain_verify.c file even though it is defined in nx_secure_user.h file. And cerificate verification is failing with NX_SECURE_X509_INVALID_SELF_SIGNED_CERT at line https://github.com/azure-rtos/netxduo/blob/v6.2.0_rel/nx_secure/src/nx_secure_x509_certificate_chain_verify.c#L136
If I define NX_SECURE_X509_INVALID_SELF_SIGNED_CERT in our application's Makefile define then the TLS connection works with self signed certificates, but I think making it work with defining it in nx_secure_user.h file is the right thing.