-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WolfSSL port to provide TLS/DLTS sockets #2500
base: master
Are you sure you want to change the base?
Conversation
Thanks for the great work! I managed to get this working on an AVR xmega with the PSK-NULL-SHA256 cipher. This patch has saved me a lot of time, although without native sockets I did need to add a few more process yields and checks for the SSL_ERROR_WANT_READ error and retry calling functions. |
@akmcomau thank you for using this patch. Could you share the code modifications you made for your non-native-socket app? It might be really useful to improve this PR. Thanks in advance, -- @danielinux / @wolfSSL |
@danielinux I didn't really have to change that much, I don't think you want my whole contiki branch, as it has a large number of changes. I don't have it as a simple commit that I can push to github, but I can make if you like. Here is a summary of what I changed: In apps/wolfssl/wolfssl.c I removed the calls to wolfSSL_set_using_nonblock() as this didn't seem to be defined in my wolfssl configuration. Here would be an example of an example server. But there may be more modifications required to also support the SSL_ERROR_WANT_WRITE error code. `PROCESS_THREAD(server_process, ev, data) /* make new ssl context */ /* use psk suite for security */ tcp_socket_listen(&sk->conn.tcp, SERVER_PORT); printf("Listening on %d\n", SERVER_PORT);
} PROCESS_END(); |
@akmcomau this is very helpful, thank you. Indeed I do not need a commit, just curious of what you had to change to make it work in your case. Your description is sufficient for me to adjust my PR. Once again, thank you for the feedback! -- |
Hello, @danielinux, Thanks for porting wolfSSL to contiki. But I have problems in building this, when I copy wolfSSL source dir to /apps/wolfssl then |
Hi @hcnhcn012. Please clone with
or use
after a fresh clone, so that the directory apps/wolfssl is populated.
The examples have been successfully tested with For a real-hardware example based on this port, see also our contiki-nRF52 secure boot/secure firmware update demo |
@danielinux Great! Don't know why but tested successfully on my contiki too :). Really appreciate that! |
Dockerfile: update to Renode 1.13.3
This PR is a proposal to integrate basic TLS/DTLS support, wrapping the existing uIP sockets.
The TLS/DTLS support is provided via wolfSSL. A module in apps/wolfssl can be linked with an application to access TLS/DTLS capabilities.
A few extra examples, integrating the wolfSSL module are provided:
Examples have been successfully tested on the
minimal-net
target, using both IPv4 and IPv6, and on the nRF52x development board, using IPv6 over 6LoWPAN.On the nRF52, the watchdog is disabled when wolfSSL is in use. This prevents the system to be rebooted if the TLS/DTLS handshake is taking longer than the watchdog interval.
The wolfssl submodule temporarily points to a wolfSSL fork which adds support in the library for uIP and contiki, that's being validated and considered for inclusion. Later versions of this PR will point to the official wolfSSL repository.
Please provide feedback and comments about the approach.
Looking forward to hearing from the contiki community.
--
@danielinux / @wolfSSL