ARMmbed

Tracking mbedtls_ssl_states

Hi,

Developing a VPN Client, The server(from cluster chosen by DNS random ip response) may/may not request the certificate from client. Depends on the state MBEDTLS_SSL_CERTIFICATE_REQUEST. Need to enable certain policies iff server request certificate from my client application,

I could tweak into ssl_cli.c to set a global_flag, however, it is not clean way, also tried mbedtls_ssl_get_verify_result, no solution. Any suggestion?

Thanks

Hi @gopi219
I apologize, but I don’t understand your use case.
What kind of policies do you need to enable? What’s your use case and flow?
Regards,
Mbed TLS team member
Ron

Hi,
Thanks for reply. But even am not aware of complete specs. However, as Client developer I need to detect, does the

(1) client is communicating with the server for the first time
(2) server is requesting client’s certificate or not
____-> Currently possible with tweak using a GLOBAL_FLAG
____-> Expecting what mbedtls could offer without any tweak.
If any case is true, need to call some extrnl prog. I guess, some kind of white-listing.

Hi,

(1) client is communicating with the server for the first time

You could consider using session resumption and MBEDTLS_SSL_TICKET_C, as demonstrated in the client example. The client could try to resume a previous connection with the server (you will need to use correct ticket according to the server you are trying to connect, in your client application).

(2) server is requesting client’s certificate or not

Unfortunately, Mbed TLS doesn’t supply means to know if a specific message arrived.
May I know your use case?
Regards,
Ron