ESP32 MQTT over TLS 1.3 有人试过了吗?TLS 1.3 handshake over之后出错
Posted: Sat Apr 02, 2022 2:55 pm
有人在esp32上成功跑过 TLS 1.3吗?
用的master esp-idf 5.0, 然后 mbedtls用的是branch mbedtls git:(mbedtls-3.1.0-idf)
我想测下MQTT over TLS 1.3
在menuconfig里面enable了tls 1.3
第一次 tls 1.3 的handshake没问题,ssl状态在WRAPUP后设置为 MBEDTLS_SSL_HANDSHAKE_OVER
然后在 ssl_handle_hs_message_post_handshake()函数里面报错,
我看了下是收到了NEW_SESSION_TICKET 包裹。
原代码在这边就直接 return UNEXPECTED_MESSAGE了。
mbedtls: ssl_msg.c:4976 hangmao debug: post ssl handshake '4'
用的master esp-idf 5.0, 然后 mbedtls用的是branch mbedtls git:(mbedtls-3.1.0-idf)
我想测下MQTT over TLS 1.3
在menuconfig里面enable了tls 1.3
第一次 tls 1.3 的handshake没问题,ssl状态在WRAPUP后设置为 MBEDTLS_SSL_HANDSHAKE_OVER
然后在 ssl_handle_hs_message_post_handshake()函数里面报错,
我看了下是收到了NEW_SESSION_TICKET 包裹。
原代码在这边就直接 return UNEXPECTED_MESSAGE了。
Code: Select all
MBEDTLS_SSL_DEBUG_MSG( 1, ("hangmao debug: post ssl handshake '%d'", ssl->in_msg[0]));
//if (ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET)
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
Code: Select all
I (3606) mbedtls: ssl_tls13_client.c:1723 tls13 client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP(15)
W (3616) mbedtls: ssl_tls13_client.c:1705 Switch to application keys for inbound traffic
W (3626) mbedtls: ssl_tls13_client.c:1708 Switch to application keys for outbound traffic
I (3636) mbedtls: ssl_tls.c:5323 <= handshake
I (3646) mbedtls: ssl_msg.c:5348 => write
I (3646) mbedtls: ssl_msg.c:2369 => write record
I (3656) mbedtls: ssl_msg.c:546 => encrypt buf
I (3656) mbedtls: ssl_msg.c:990 <= encrypt buf
I (3666) mbedtls: ssl_msg.c:1789 => flush output
I (3666) mbedtls: ssl_msg.c:1809 message length: 53, out_left: 53
I (3676) mbedtls: ssl_msg.c:1814 ssl->f_send() returned 53 (-0xffffffcb)
I (3686) mbedtls: ssl_msg.c:1842 <= flush output
I (3686) mbedtls: ssl_msg.c:2514 <= write record
I (3696) mbedtls: ssl_msg.c:5372 <= write
I (3696) mbedtls: ssl_msg.c:5067 => read
I (3706) mbedtls: ssl_msg.c:3546 => read record
I (3706) mbedtls: ssl_msg.c:1573 => fetch input
I (3716) mbedtls: ssl_msg.c:1730 in_left: 0, nb_want: 5
I (3716) mbedtls: ssl_msg.c:1755 in_left: 0, nb_want: 5
I (3726) mbedtls: ssl_msg.c:1756 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
I (3736) mbedtls: ssl_msg.c:1776 <= fetch input
I (3736) mbedtls: ssl_msg.c:1573 => fetch input
I (3746) mbedtls: ssl_msg.c:1730 in_left: 5, nb_want: 255
I (3756) mbedtls: ssl_msg.c:1755 in_left: 5, nb_want: 255
I (3756) mbedtls: ssl_msg.c:1756 ssl->f_recv(_timeout)() returned 250 (-0xffffff06)
I (3766) mbedtls: ssl_msg.c:1776 <= fetch input
I (3776) mbedtls: ssl_msg.c:1014 => decrypt buf
I (3776) mbedtls: ssl_msg.c:1539 <= decrypt buf
I (3786) mbedtls: ssl_msg.c:3620 <= read record
W (3786) mbedtls: ssl_msg.c:4967 handshake received (not HelloRequest)
W (3796) mbedtls: ssl_msg.c:4976 hangmao debug: post ssl handshake '4'
W (3806) mbedtls: ssl_msg.c:5004 hangmao debug: renegotiation: disable? '1' secure? '0' legacy? '0'