DtlsSocket security_tags empty cases Invalid argument during connect #25
Comments
|
Yeah, I'd definitely welcome changes there! Good to hear you figured out the problem. |
|
As far as I can see, the security tags refer to certificates saved in the modem. These are needed to verify server identity. The cipher suites are set via socket option. Setting a cipher suite is not required, if not setting ciper suites a default list will be used. Setting one or more security tags is required because otherwise the modem cannot verify the server's certificate. I just submitted a PR for tcp over TLS which includes an enum of the available cipher suites: #26 |
|
I included cipher suit selection for DTLS and a check for an empty security tag list into the mentioned PR. |
|
Oh, thanks that looks nice to me! |
Hi!
I got back to my old project add more functionality to it and I update all my libs including nrf-modem and then tried creating a DtlsSocket. I am pretty sure that works working fine before but now I did get
Unknown error code -1in SocketOptionError.I narrowed it down to having empty security_tags, at first I don't fully understand what are those for so I left them empty.
I found that https://developer.nordicsemi.com/nRF_Connect_SDK/doc/v1.6-branch/nrfxlib/nrf_modem/doc/tls_dtls_configuration.html
And set it currently to 0xC014 and stuff started working!
I think that needs a more ergonomic way of providing that options with isn't that error prone.
For nrf9160 as far I see all the values are listed here https://www.nordicsemi.com/Products/nRF9160/Download#infotabs
So providing an enum with all those options (and eventually a "Custom" option to have user provide whatever they wont) would be better? Not sure about other chips.
Or at least a huge red warning in defmt (or even a panic) to not provide empty security_tags.
The text was updated successfully, but these errors were encountered: