Developing a TLS Client on a embedded device, are using non-standard send/recv platform function. After TCP connection happens successfully, the TLS starts and ends in halfway with TLS Alert message.
It seems our recv function is getting all message instead of first 96 byte message of handshake and try to parse it as whole.
Our recv function is prototype below:
void platformRecv(uint8_t *Buffer, uint16_t &Length, uint16_t Timeout);
THe Length param is quite tricky. THere we have to pass the size and after execution, it will update the actual length of recved pkt.
SO, I take it later and return the Length after dereferencing in mbedtls_net_send function.
The Server is setup on Ubuntu System and it is working fine, as we tested the same client program on Ubuntu System. Given output below for ref:
Our client program prints log as below:
. Receiveed by kernel[96] bytes
. ip_kernel recive done failed! mbedtls_ssl_handshake returned -7200
and TLS Server we are running on Ubuntu System, outputs following:
. Performing the SSL/TLS handshake…/home/user/Wz/Thirdparty/mbedtls-2.16.3/library/ssl_tls.c:5178: is a fatal alert message (msg 10)
/home/user/Wz/Thirdparty/mbedtls-2.16.3/library/ssl_tls.c:4369: mbedtls_ssl_handle_message_type() returned -30592 (-0x7780)
/home/user/Wz/Thirdparty/mbedtls-2.16.3/library/ssl_tls.c:5699: mbedtls_ssl_read_record() returned -30592 (-0x7780)
failed
! mbedtls_ssl_handshake returned -30592
Last error was: -30592 - SSL - A fatal alert message was received from our peer
. Waiting for a remote connection … ok
. Performing the SSL/TLS handshake…/home/user/Wz/Thirdparty/mbedtls-2.16.3/library/ssl_tls.c:5178: is a fatal alert message (msg 10)
/home/user/Wz/Thirdparty/mbedtls-2.16.3/library/ssl_tls.c:4369: mbedtls_ssl_handle_message_type() returned -30592 (-0x7780)
/home/user/Wz/Thirdparty/mbedtls-2.16.3/library/ssl_tls.c:5699: mbedtls_ssl_read_record() returned -30592 (-0x7780)
failed
! mbedtls_ssl_handshake returned -30592
Last error was: -30592 - SSL - A fatal alert message was received from our peer
The client is always returning.
MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200
additionally, it is also returning . Received by kernel[96] bytes
. ip_kernel reeceive done failed! mbedtls_ssl_handshake returnd -6c00(this does not come often)
Hi Gopi,
It seems that you have an issue with your recv functionality
If I understand correct, your recv function returns the Actual number of bytes that it read from your transport layer socket, even if it is bigger than the input length parameter. Am I right?
Without looking at your recv function, I would suggest you change the behviour, that it will return to the caller only the requested amount of bytes asked ( or less, if this is what returned).
Try having an intermediate circular buffer to hold the incoming data, and read from it only what was asked
Regards,
Mbed TLS Support
Ron
HI Gopi,
Yes, the circular buffer I was referring to is a FIFO buffer.
I believe that a simpler FIFO buffer may also work, however you will need to manage the size limitation.
I also wonder what will be the items in this FIFO buffer
Regards
But after the client state:3 there is no movement. However after this step, the server is supposed to send TLS version and Length of Certificate. Howeer the server is reseting connection with error
. Waiting for a remote connection ... ok
. Performing the SSL/TLS handshake.../home/user/Wz/Thirdparty/mbedtls-2.16.3/library/ssl_srv.c:1228: mbedtls_ssl_fetch_input() returned -29312 (-0x7280)
failed
! mbedtls_ssl_handshake returned -29312
Last error was: -29312 - SSL - The connection indicated an EOF