MbedTLS handshake is not functioning properly when attempting client authentication

I’ve experimented with various ciphersuites, EC curve points, and hash algorithms. However, the server is rejecting the connection in state 8, where clients need to send certificates and client key exchange.

image1600×353 88.5 KB

I am using an STM32F777ZIT6 MCU, and I’ve tested my code without client authentication for a different broker, where it is working. I’ve added these lines for client authentication:

ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *)ca_crt, strlen(ca_crt) + 1);
if (ret != 0) return -1;

ret = mbedtls_x509_crt_parse(&clicert, (const unsigned char *)cli_crt, strlen(cli_crt) + 1);
if (ret != 0) return -1;

ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *)cli_key, strlen(cli_key) + 1, NULL, 0);
if (ret != 0) return -1;

if ((ret = mbedtls_ssl_conf_own_cert(&conf, &clicert, &pkey)) != 0) {
    return -1;
}

I’ve verified the correctness of my certificates and keys using a Python script, and they are functioning as expected. However, I lack sufficient experience with mbedtls configuration settings. Your assistance would be greatly appreciated.

Thank you.

Hello,

do not except too much help from here, rather try to find similar issue, because how you can see the Mbed TLS category of Mbed support forum is not very active, and MbedTLS was moved - Announcement: Migration of Mbed TLS .

GL
BR, Jan

Using mbed TLS can sometimes lead to memory problems, especially when dealing with certificates and secure connections. In my recent project, I ran into similar troubles with my mbed TLS-powered application. Fortunately, I found a solution by tweaking the way mbed TLS handles memory.

After some digging, I discovered that enabling dynamic memory use in mbed TLS did the trick. All I had to do was define MBEDTLS_MEMORY_BUFFER_ALLOC_C in the mbed TLS configuration. This change allowed mbed TLS to use dynamic memory functions like calloc and free for its internal tasks.