- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
-
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- Zephyr echo_client sample and openssl server- certification failure.
Zephyr echo_client sample and openssl server- certification failure.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Zephyr echo_client sample and openssl server- certification failure.
08-03-2022
01:17 AM
1,675 Views
gronoarona
Contributor II
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
I need to setup TLS communication using UDP, betwen:
- mimxrt1060-ekvb as client
- ubuntu pc, openssl server as server (ofc)
I modify prj.conf of sample disabling all TCP and IPv6:
# Generic networking options
CONFIG_NETWORKING=y
CONFIG_NET_UDP=y
CONFIG_NET_TCP=n
CONFIG_NET_IPV6=n
CONFIG_NET_IPV4=y
CONFIG_NET_SOCKETS=y
CONFIG_NET_SOCKETS_POSIX_NAMES=y
CONFIG_NET_SOCKETS_POLL_MAX=4
CONFIG_NET_CONNECTION_MANAGER=y
# Kernel options
CONFIG_MAIN_STACK_SIZE=2048
CONFIG_ENTROPY_GENERATOR=y
CONFIG_TEST_RANDOM_GENERATOR=y
CONFIG_INIT_STACKS=y
CONFIG_DEBUG=y
# Logging
CONFIG_NET_LOG=y
CONFIG_LOG=y
CONFIG_NET_STATISTICS=y
CONFIG_PRINTK=y
# Network buffers
CONFIG_NET_PKT_RX_COUNT=16
CONFIG_NET_PKT_TX_COUNT=16
CONFIG_NET_BUF_RX_COUNT=80
CONFIG_NET_BUF_TX_COUNT=80
CONFIG_NET_CONTEXT_NET_PKT_POOL=y
# IP address options
# CONFIG_NET_IF_UNICAST_IPV6_ADDR_COUNT=3
# CONFIG_NET_IF_MCAST_IPV6_ADDR_COUNT=4
CONFIG_NET_MAX_CONTEXTS=10
# Network shell
CONFIG_NET_SHELL=y
# The addresses are selected so that qemu<->qemu connectivity works ok.
# For linux<->qemu connectivity, create a new conf file and swap the
# addresses (so that peer address is ending to 2).
CONFIG_NET_CONFIG_SETTINGS=y
# CONFIG_NET_CONFIG_NEED_IPV6=y
# CONFIG_NET_CONFIG_MY_IPV6_ADDR="2001:db8::2"
# CONFIG_NET_CONFIG_PEER_IPV6_ADDR="2001:db8::1"
CONFIG_NET_CONFIG_NEED_IPV4=y
CONFIG_NET_CONFIG_MY_IPV4_ADDR="192.168.1.225"
CONFIG_NET_CONFIG_PEER_IPV4_ADDR="192.168.1.240"
CONFIG_SYSTEM_WORKQUEUE_STACK_SIZE=2048
To build i using command:
west build -p always -b mimxrt1060_evkb -s samples/net/sockets/echo_client -- -DCONF_FILE="prj.conf overlay-tls.conf"
On server site, running openssl server by:
openssl s_server -key ssl_keys/echo-apps-key.der -cert ssl_keys/echo-apps-cert.der -dtls1_2 -accept 4242 -certform DER
Where is the problem:
Zephyr application running on uP tries to connect to ssl server but it fails, returning error log:
<err> net_sock_tls: TLS handshake error: -2700
On server side i got log:
Using default temp DH parameters
ACCEPT
ERROR
80CB36578F7F0000:error:0A000412:SSL routines:dtls1_read_bytes:sslv3 alert bad certificate:../ssl/record/rec_layer_d1.c:613:SSL alert number 42
shutting down SSL
CONNECTION CLOSED
On wireshark there is also the same information
26255 343.215228125 192.168.1.225 192.168.1.240 DTLSv1.2 62 Alert (Level: Fatal, Description: Bad Certificate)I think the problem in configuration, but i can't find where.
Cert and key files i took from echo_server sample, but if i regenerate them by my self, the result is the same.
1 Reply
08-03-2022
11:07 AM
1,651 Views
dereksnell
NXP Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @gronoarona ,
We recommend posting Zephyr questions like this in Zephyr's GitHub, see Zephyr NXP Support for more details. Looking through this, the issue does not seem specific to NXP hardware, but is a general Zephyr Networking question. So if you post in Zephyrs GitHub Discussions, others in the Zephyr Community who know the Networking stack can provide some support.
BTW, I found you also posted this issue on Nordic's forums?
