CyaSSL example using x509 certs and DTLS over ethernet.
Dependencies: EthernetInterface NTPClient cyassl-lib mbed-rtos mbed-src CyaSSL_DTLS_Ethernet
Dependents: CyaSSL_DTLS_Ethernet
You are viewing an older revision! See the latest version
Homepage
To test this client you need to setup a server and use the correct CA certificate, server certificate, and server private key, for the client to be able to authenticate to the server, and for the server to be able to authenticate the client. Note that I haven't setup the DN verification yet as I'm still in testing phase.
The server certificate and and CA certificate are identical as this is a self-signed certificate:
-----BEGIN CERTIFICATE----- MIIClTCCAf6gAwIBAgICEREwDQYJKoZIhvcNAQEFBQAwZzELMAkGA1UEBhMCR0Ix EjAQBgNVBAgMCUJlcmtzaGlyZTEQMA4GA1UEBwwHTmV3YnVyeTERMA8GA1UECgwI Vm9kYWZvbmUxDDAKBgNVBAsMA1ImRDERMA8GA1UEAwwIRE1TZXJ2ZXIwHhcNMTMw OTAzMTQwNjA4WhcNMjMwNzEzMTQwNjA4WjBnMQswCQYDVQQGEwJHQjESMBAGA1UE CAwJQmVya3NoaXJlMRAwDgYDVQQHDAdOZXdidXJ5MREwDwYDVQQKDAhWb2RhZm9u ZTEMMAoGA1UECwwDUiZEMREwDwYDVQQDDAhETVNlcnZlcjCBnzANBgkqhkiG9w0B AQEFAAOBjQAwgYkCgYEAupWZHm51RbMkEkvKAvglM96BcWVScxW7KaXFhm1Artt1 1Vm5KTC0rI+0kiG54kxhvY7euWeUcQqJKHxUTFjUWv8TcJrzmjIe5EthipLpdN+V /PJCO/FiLXSiykQsC+VhyU8BKNYrpspyiQ109KPoybH8kK7W2IXf2d9AaLrzcgUC AwEAAaNQME4wHQYDVR0OBBYEFKonGm+IcowtLcJaxXSCpUTRPaMVMB8GA1UdIwQY MBaAFKonGm+IcowtLcJaxXSCpUTRPaMVMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN AQEFBQADgYEAfThlu2u73hm3quZJX57joMRn/N+l2KY4q16YI+gZIoJlLF/uIZw6 4OuxfKNfIvKvCL54LQ+/plh+8CzsmZdjdV9S/1+Jefe+RhEogjSvFjs2oyVaMCjZ OxWujvZJ3XdhpXZJsdnEx4rgmHij3es3SzarTSjPVW8MpBU4H8NKlWI= -----END CERTIFICATE-----
The server private key is as follows:
-----BEGIN PRIVATE KEY----- MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALqVmR5udUWzJBJL ygL4JTPegXFlUnMVuymlxYZtQK7bddVZuSkwtKyPtJIhueJMYb2O3rlnlHEKiSh8 VExY1Fr/E3Ca85oyHuRLYYqS6XTflfzyQjvxYi10ospELAvlYclPASjWK6bKcokN dPSj6Mmx/JCu1tiF39nfQGi683IFAgMBAAECgYEAuAFGQtud7YHQRfbWHv2G+tMp BqJsoDBDJrxjwsFFs+ucFi5oyzVMSI1j/2UhQwoerekSvvdmTeCdCP8rxysnJ3MG vepBkUXZ9kek7qZ561JC6qLZNcTeVc/R1rxMsFZSV/Zuzr7KFG47J/Di15GxGoui x4fRE9ww0coC8PDWbaECQQDgKP48PD2gNaD2jjqd/xNki2kXP9PE1AAnevVaEidS ceOKXgqx7qGYrN1+NFnRGwJhUSoicmUQeDKkC9CU/5UpAkEA1RZCT9M8lWpqx60d oZlF9I3oOoQxXrx4RgoF+2y1tT+C7nUwmeYk2mEi/Gat9/NtKz/J9Tlwu3/Ef9eB G7lVfQJAdvzLl2XSwIw3GSl+bAfOX3yxGCpFWyG9wzc9rcYdIWJbCkPJIZIuLUD1 gdyAIMNZjBbtasOWahujpfivi6fvoQJAHRIdV+CculG7YaR3j21mwtd9YEZaqe8S hZOmf0e0fpa8mSW5zLU+P+DSshacE2DNewIH3oHIpHvo5fwTrCGbzQJAWaFq9L9C lAgoPfuKjKQ0RJ8M+lDVOZo/Okl0VtrU/Z5fQm+yR4Lb+o1iogYjgjvdOmoMkPtb Q/xu4c1qn2ksnA== -----END PRIVATE KEY-----
Both the certificate and the private key are in PEM format. To use these with the CyaSSL example server, which you can get from here: http://yassl.com/yaSSL/download/downloadForm.php. Configure it with debugging and dtls before compiling (I've also enabled PSK because I'm testing that):
./configure --enable-psk --enable-debug --enable-dtls
You need to compile the server example, go into example/server/, and then create the following file structure:
certs/client-cert.pem certs/server-cert.pem certs/server-key.pem
For some reason cyaSSL calls the CA certificate the "client-cert.pem", so copy the server certificate above into "client-cert.pem" and into "server-cert.pem". Copy the private key into "server-key.pem".
Since we are testing DTLS here, run the server like this:
server -u -b -f
You should be able to fire up the mbed, change the code to point to your server, and see the handshake and test messages.