search

eclipse-threadx / netxduo

Eclipse ThreadX - NetXDuo is an advanced, industrial-grade TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications
https://github.com/eclipse-threadx/rtos-docs/blob/main/rtos-docs/netx-duo/index.md
MIT License
230 stars 131 forks source link

TLS handshake is failing with self signed certificates #145

Closed cy-jayasankar closed 1 year ago

cy-jayasankar commented 1 year ago

Describe the bug I am trying to establish TLS connection with self signed certificates using netxsecure v6.2.0 as a TLS client. As per the documentation I have enabled NX_SECURE_ALLOW_SELF_SIGNED_CERTIFICATES in nx_secure_user.h file. But still the nx_secure_tls_session_start API is returning error TLS NX_SECURE_X509_INVALID_SELF_SIGNED_CERT(0x1A5).

With further debugging found that in nx_secure_x509_certificate_chain_verify.c includes path nx_secure_user.h file is not getting included. So NX_SECURE_ALLOW_SELF_SIGNED_CERTIFICATES is not set in nx_secure_x509_certificate_chain_verify.c file even though it is defined in nx_secure_user.h file. And cerificate verification is failing with NX_SECURE_X509_INVALID_SELF_SIGNED_CERT at line https://github.com/azure-rtos/netxduo/blob/v6.2.0_rel/nx_secure/src/nx_secure_x509_certificate_chain_verify.c#L136

If I define NX_SECURE_X509_INVALID_SELF_SIGNED_CERT in our application's Makefile define then the TLS connection works with self signed certificates, but I think making it work with defining it in nx_secure_user.h file is the right thing.

yanwucai commented 1 year ago

Thanks for your report, this bug is fixed in v6.2.1_rel.