mbedTLS DTLS sample server¶
Overview¶
This sample code shows a simple DTLS server using mbedTLS on top of Zephyr.
Building and Running¶
Follow the steps for testing Networking with QEMU.
In the application directory type:
$make run
. Seeding the random number generator... ok
. Setting up the DTLS structure... ok
. Setting connection
ok
. Setting up ecjpake password ... ok
. Performing the TLS handshake...
In another terminal window, obtain the mbed TLS code from: https://tls.mbed.org/download-archive and put it in a well known directory on your Linux machine, this will be your client. (We’re using version 2.3.0 for this example.)
Move to that directory and compile the mbedTLS on your host machine
tar -xvzf mbedtls-2.3.0-apache.tgz
cd mbedtls-2.3.0
CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<config-thread.h>'" make
./programs/ssl/ssl_client2 server_addr=192.0.2.1 dtls=1 ecjpake_pw=passwd
You will get the following output:
. Seeding the random number generator... ok
. Connecting to udp/192.0.2.1/4433... ok
. Setting up the SSL/TLS structure... ok
. Performing the SSL/TLS handshake... ok
[ Protocol is DTLSv1.2 ]
[ Ciphersuite is TLS-ECJPAKE-WITH-AES-128-CCM-8 ]
[ Record expansion is 29 ]
[ Maximum fragment length is 16384 ]
> Write to server: 34 bytes written in 1 fragments
GET / HTTP/1.0
Extra-header:
< Read from server: 34 bytes read
GET / HTTP/1.0
Extra-header:
. Closing the connection... done
From the app directory type the screen should display
. Performing the TLS handshake... hello verification requested
. Setting up ecjpake password ... ok
. Performing the TLS handshake... ok
< Read from client: 34 bytes read
GET / HTTP/1.0
Extra-header:
> Write to client: 34 bytes written
GET / HTTP/1.0
Extra-header:
< Read from client: connection was closed gracefully
. Closing the connection... done
. Setting up ecjpake password ... ok
. Performing the TLS handshake...
If trying to use IPv6 edit the file prj_qemu_x86.conf and chage the line from CONFIG_NET_IPV6=n to CONFIG_NET_IPV6=y
And run the client on mbedTLS as
./programs/ssl/ssl_client2 server_addr=2001:db8::1 dtls=1 ecjpake_pw=passwd
If the server does not receive the messages, restart the app and try to connect the client again.