I’m trying to setup a TLS server using mbed test certificates.
I’m getting an “Unexpected Message” fatal error.
I’m new in TLS world, I appreciate any help or ideas that I can try.
1. Client is: 192.168.1.4 and Server is192.168.1.3 2. Here, server is also requesting client's certificate [192.168.1.3] -> [192.168.1.4] TLSv1.2 209 Certificate Request, Server Hello Done 3. But client is not sending it's certificate. 4. Client needs it own cert & key or use MBEDTLS_SSL_VERIFY_NONE on server
Thanks I will try,
regarding “4. Client needs it own cert” any help where can I get the cert files and how to use it with some command line or browser?
Hi @mrluzeiro
In addition to what has correctly mentioned by @gopi219 , you could use a ciphersuite that doesn’t use certificates ( PSK based certificate), depending on your use case and threat model. If your threat model requires you to authenticate the client(by not setting MBEDTLS_SSL_VERIFY_NONE in your serer authentication configuration ), you will need to set the client certificate to send to server.
Using the openssl s_client help command, you will see you need to consider the following parameters:
-cert arg - certificate file to use, PEM format assumed
-certform arg - certificate format (PEM or DER) PEM default
-key arg - Private key file to use, in cert file if
not specified but cert file is.
-keyform arg - key format (PEM or DER) PEM default
Since you are using the Mbed TLS test certificates you should probably use tests/data_files/cli2.crt or tests/data_files/cli-rsa-sha256.crt.
I suggest you read Debugging TLS sessions — Mbed TLS documentation to help you debug your server issues, and extract server logs, so you would understand what cause the server to send the unexpected message error.
thanks RON! I managed to get a TLS server working.
There was lots of issues regarding lwIP and mbedTLS. Then I was able to load the certificated on both sides and make it work.