• State
  • Locked Locked
  • Replies 5 replies
  • Subscribers 30 subscribers
  • Views 496 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

MSP-EXP432E401Y: TCP TLS Client bypass cert verify

AJ_ee
Expert 1930 points
Part Number: MSP-EXP432E401Y
Other Parts Discussed in Thread: MSP432E401Y, TM4C129ENCPDT

Hi,

I am using the MSP432E401Y launchpad and I'm implementing a TLS Client socket to connect to a TLS Server. 

When I developed this application using the TM4C129ENCPDT, I used something in wolfssl which is the WOLFSSL_VERIFY_NONE to bypass server cert verification. My team came up with our own method to authenticate the server.

I'd like to implement something similar on the MSP432. I understand the MSP432 is using the slnetsock, which, to my understanding, uses mbedTLS under the hood? Is that right? I am having difficulties figuring out the equivalent of WOLFSSL_VERIFY_NONE in the case of the MSP432E401Y.

How do I implement this? Any input is very much appreciated.

Thanks

AJ

  • 0
    Expert 1930 points

    Just to clarify, here's the snippet I used in the TM4C129E with wolfssl

    wolfSSL_Init();

    TLS_Cli_Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
    if(TLS_Cli_Ctx == NULL)
    {
    write_console_msg("\n\n\rwolfSSL_CTX_new for TLS Client error.\n");
    return -1;;
    }//end if(MQTT_Ctx == NULL)
    else
    {
    write_console_msg("\n\n\rwolfSSL_CTX_new for TLS Client okay.");
    }//end else

    wolfSSL_CTX_set_verify(TLS_Cli_Ctx, WOLFSSL_VERIFY_NONE, 0);

    I'd like to do the same with the MSP432.

    Thanks

    AJ

    By the way, it seems like whenever I post, 2 of the same thread are posted. I don't know why that happens. I only clicked post once. My apologies if this is the case again.

  • 0 in reply to AJ_ee
    TI__Guru**** 191026 points

    Hi AJ,

      TLS/SSL is not my area of expertise. I've done some Google searching. Some online discussion talks about if you don't want to provision a client certificate in your TLS client, just don't call `mbedtls_ssl_conf_own_cert()` in your client code. Then the library will send an empty certificate list as required by the standard. But I'm not sure if this the equivalent means to achieve what you used in wolfSSL with WOLFSSL_VERIFY_NONE. Please reach out to https://tls.mbed.org and I think the experts there can provide better guidance. 

     In case you have not done so, there is a tls example in the below SDK folder. 

      C:\ti\simplelink_msp432e4_sdk_4_20_00_12\examples\rtos\MSP_EXP432E401Y\ns\tcpechotls

      This below post may be of some help about integration of mbedtls into SDK. 

    https://e2e.ti.com/support/microcontrollers/msp-low-power-microcontrollers-group/msp430/f/msp-low-power-microcontroller-forum/792706/msp432e411y-msp432e4-ssl-tls

  • 0 in reply to Charles Tsai
    Expert 1930 points

    Hi Charles,

    That's actually the example I looked at and the example uses slnetsock which I guess wraps around mbedtls. None of the mbedtls functions are called directly, which is why I I was stuck with the slnetsock functions and none of them seem to provide what I need.

    Thanks

    AJ

  • 0 in reply to AJ_ee
    Expert 1930 points

    Hi Charles, 

    I tried to run the tcpechotls example to get a better understanding but it's not working. I'm able to get an IP and SNTP works. However, whenever I run the python program I get this error.

    C:\ti\simplelink_msp432e4_sdk_4_20_00_12\tools\examples\tcpSendReceiveTLS.py:99: DeprecationWarning: ssl.wrap_socket() is deprecated, use SSLContext.wrap_socket()
    sslSocket = ssl.wrap_socket(
    [SSL: EE_KEY_TOO_SMALL] ee key too small (_ssl.c:3900)
    could not open socket

    Could you please help me figure this out.

    Thanks

    AJ 

  • 0 in reply to AJ_ee
    TI__Guru**** 191026 points

    Hi AJ,

    AJ_ee said:
    That's actually the example I looked at and the example uses slnetsock which I guess wraps around mbedtls. None of the mbedtls functions are called directly, which is why I I was stuck with the slnetsock functions and none of them seem to provide what I need.

    Sorry, I don't know how to provide a good guidance here. I'm not even sure if calling mbedtls functions can bypass the verification provided that mbedtls has such the corresponding means to do in the first place. 

    AJ_ee said:

    However, whenever I run the python program I get this error.

    C:\ti\simplelink_msp432e4_sdk_4_20_00_12\tools\examples\tcpSendReceiveTLS.py:99: DeprecationWarning: ssl.wrap_socket() is deprecated, use SSLContext.wrap_socket()
    sslSocket = ssl.wrap_socket(
    [SSL: EE_KEY_TOO_SMALL] ee key too small (_ssl.c:3900)
    could not open socket

    As much as I'd like to help, my knowledge in TLS is very limited. Not sure what this error is about on the python side. It seems to say ssl.wrap_socket() is not supported perhaps by the OS but I don't know if you could just replace ssl with SSLContext to solve the problem. You might want to look for some other client applications that supports TLS to  interact with the MCU.