Connection to mqtt.eclipseprojects.io fails due to parsing failed in session ticket parsing

vikas · October 5, 2023, 8:16am

When trying to connect to “mqtt.eclipseprojects.io” broker TLS connection passes and then server sends session ticket which is getting parsed in mbedtls_ssl_read function while receiving application data. since
mbedtls_ssl_tls13_handshake_client_step function returns MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET it is considered as error and sends alert message. I just added check to make it pass when MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET return code is received and able to make the connection

MBEDTLS version : MBEDTLS 3.4.0
TLS version : TLS 1.3

int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;

if (ssl            == NULL                       ||
    ssl->conf      == NULL                       ||
    ssl->handshake == NULL                       ||
    ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) {
    return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}

ret = ssl_prepare_handshake_step(ssl);
if (ret != 0) {
    return ret;
}

ret = mbedtls_ssl_handle_pending_alert(ssl);
if (ret != 0) {
    goto cleanup;
}

/* If ssl->conf->endpoint is not one of MBEDTLS_SSL_IS_CLIENT or
 * MBEDTLS_SSL_IS_SERVER, this is the return code we give */
ret = MBEDTLS_ERR_SSL_BAD_INPUT_DATA;

#if defined(MBEDTLS_SSL_CLI_C)
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
MBEDTLS_SSL_DEBUG_MSG(2, (“client state: %s”,
mbedtls_ssl_states_str(ssl->state)));

    switch (ssl->state) {
        case MBEDTLS_SSL_HELLO_REQUEST:
            ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
            ret = 0;
            break;

        case MBEDTLS_SSL_CLIENT_HELLO:
            ret = mbedtls_ssl_write_client_hello(ssl);
            break;

        default:

#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
ret = mbedtls_ssl_tls13_handshake_client_step(ssl);
} else {
ret = mbedtls_ssl_handshake_client_step(ssl);
}
#elif defined(MBEDTLS_SSL_PROTO_TLS1_2)
ret = mbedtls_ssl_handshake_client_step(ssl);
#else
ret = mbedtls_ssl_tls13_handshake_client_step(ssl);
#endif
}
}
#endif
#if defined(MBEDTLS_SSL_SRV_C)
if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
if (mbedtls_ssl_conf_is_tls13_only(ssl->conf)) {
ret = mbedtls_ssl_tls13_handshake_server_step(ssl);
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */

#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if (mbedtls_ssl_conf_is_tls12_only(ssl->conf)) {
ret = mbedtls_ssl_handshake_server_step(ssl);
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
#endif

**if(ret == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET)**

** {**
** ret = 0;**
** goto cleanup;**
** }**

if (ret != 0) {
    /* handshake_step return error. And it is same
     * with alert_reason.
     */
    if (ssl->send_alert) {
        ret = mbedtls_ssl_handle_pending_alert(ssl);
        goto cleanup;
    }
}

cleanup:
return ret;
}

Topic		Replies	Views
TLS Handshake failure while connecting to mqtt broker Mbed TLS	0	306	July 8, 2022
TLS Handshake failure while connecting to mqtt broker from device Platform specific questions mbed_tls	0	459	July 5, 2022
Connect to MQTT server Generic mbed_tls	22	5031	November 23, 2018
Error connecting to iot.eclipse.org Crypto and SSL questions	5	5204	December 19, 2018
Using mbedTLS MQTT in Tiva C series without RTOS Mbed TLS	22	2505	January 30, 2021

Connection to mqtt.eclipseprojects.io fails due to parsing failed in session ticket parsing

Related Topics