I’ve experimented with various ciphersuites, EC curve points, and hash algorithms. However, the server is rejecting the connection in state 8, where clients need to send certificates and client key exchange.
I am using an STM32F777ZIT6 MCU, and I’ve tested my code without client authentication for a different broker, where it is working. I’ve added these lines for client authentication:
ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *)ca_crt, strlen(ca_crt) + 1);
if (ret != 0) return -1;
ret = mbedtls_x509_crt_parse(&clicert, (const unsigned char *)cli_crt, strlen(cli_crt) + 1);
if (ret != 0) return -1;
ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *)cli_key, strlen(cli_key) + 1, NULL, 0);
if (ret != 0) return -1;
if ((ret = mbedtls_ssl_conf_own_cert(&conf, &clicert, &pkey)) != 0) {
return -1;
}
I’ve verified the correctness of my certificates and keys using a Python script, and they are functioning as expected. However, I lack sufficient experience with mbedtls configuration settings. Your assistance would be greatly appreciated.
Thank you.
Using mbed TLS can sometimes lead to memory problems, especially when dealing with certificates and secure connections. In my recent project, I ran into similar troubles with my mbed TLS-powered application. Fortunately, I found a solution by tweaking the way mbed TLS handles memory.
After some digging, I discovered that enabling dynamic memory use in mbed TLS did the trick. All I had to do was define MBEDTLS_MEMORY_BUFFER_ALLOC_C in the mbed TLS configuration. This change allowed mbed TLS to use dynamic memory functions like calloc and free for its internal tasks.