Re: [lwip-users] PolarSSL and mbedTLS

[Jan Menzel]

Hi Noam!
        IIRC this options is not widely implemented. Especially openssl seems
to lack it. If you configure a short FRAGMENT_LENGTH and the other side
does not respect the option, transfer of large data blocks (>~
FRAGMENT_LENGTH) will not be possible.

        Jan

On 12.03.2017 10:05, Noam Weissman wrote:
> Hi Jan, Simon…
> 
>  
> 
> I have found a solution that seems to work J…
> 
>  
> 
> A college of mine working on the server side pointed me to RFC 6066 were
> there is an option to request
> 
> the server to limit the sent fragment size:
> 
>     https://tools.ietf.org/html/rfc6066#page-8
> 
>  
> 
> The above is part of the RFC without the need to change anything in LwIP
> or mbedTLS code. It’s a simple
> 
> configuration issue.
> 
>  
> 
> I have added to my code the following:
> 
> 1.       I defined MBEDTLS_SSL_MAX_FRAGMENT_LENGTH in mbedtls_config.h
> 
> 2.       I added a call to mbedtls_ssl_conf_max_frag_len(&conf,
> MBEDTLS_SSL_MAX_FRAG_LEN_1024);
> 
>  
> 
> The above adds an extra parameter in the SSL/TLS handshake… actually
> adds it in the HELLO handshake.
> 
>  
> 
> I need to make a few more tests but it seems to work and have no
> problems sending even a 600K binary file.
> 
>  
> 
> I still did not catch why lwip_recvfrom function failed but the above
> seems to be working.
> 
>  
> 
> Thanks for everyone that puts their inputs J
> 
>  
> 
> If I will have an update I will update the group.
> 
>  
> 
> BR,
> 
> Noam.
> 
>  
> 
> *From:*lwip-users [mailto:address@hidden
> *On Behalf Of *Noam Weissman
> *Sent:* Sunday, March 12, 2017 12:39 AM
> *To:* Mailing list for lwIP users
> *Subject:* Re: [lwip-users] PolarSSL and mbedTLS
> 
>  
> 
> Hi Simon,
> 
>  
> 
> with SSL there is a read for 5 bytes record header and then reading the
> data itself as a whole
> 
> or in parts (inside lwip_recvfrom).
> 
>  
> 
> My module is a single task that has a state machine. When the state is
> in OPEN state it blocks
> 
> for 1 second on select, if select is returning with a timeout the task
> is doing some house keeping
> 
> and returns to the OPEN state for another select etc...
> 
>  
> 
> If select is returning with 1, meaning there is data, the code issues
> mbedtls_ssl_read etc...
> 
> The SSL code reads the 5 bytes header but fails after that. The fail
> happens if the sending
> 
> record is more then a few K bytes. The strange thing is that it fails on
> the first read ?
> 
>  
> 
> If it would have failed after a few blocks that were read then we could
> assume that there
> 
> is another problem but it fails on the first read just after the 5 bytes
> header were read ?
> 
>  
> 
> My hunch is that its something stupid :-)
> 
>  
> 
> BR,
> 
> Noam.
> 
> ------------------------------------------------------------------------
> 
> *From:*lwip-users <address@hidden
> <mailto:address@hidden>> on behalf of
> address@hidden <mailto:address@hidden> <address@hidden
> <mailto:address@hidden>>
> *Sent:* Saturday, March 11, 2017 11:29 PM
> *To:* Mailing list for lwIP users
> *Subject:* Re: [lwip-users] PolarSSL and mbedTLS
> 
>  
> 
> Noam,
> 
> that sounds a bit too complicatied...
> 
> My first thought is: you call select and it returns that there is data
> to read, but that does not mean there is enough data to read for TLS, so
> EWOULDBLOCK is not an error at all in this case.
> 
> Simon
> 
> _______________________________________________
> lwip-users mailing list
> address@hidden <mailto:address@hidden>
> https://lists.nongnu.org/mailman/listinfo/lwip-users
> 
> lwip-users -- Mailing list for lwIP users - lists.nongnu.org
> <https://lists.nongnu.org/mailman/listinfo/lwip-users>
> 
> lists.nongnu.org
> 
> Welcome to the lwip-users mailing list. Use it to ask questions, share
> your experience and discuss new ideas. To see the collection of prior
> postings to the list ...
> 
>  
> 
> 
> 
> _______________________________________________
> lwip-users mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/lwip-users
>