First calculate and sum TLS overhead when altcp_mbedtls_write() is called.
Then take care of it when calling application sent callback. Give reveived
len from inner_conn, minus calculated overhead.
According to mbedTLS source code and documentation, calls to
`mbedtls_ssl_conf_session_cache` and `mbedtls_ssl_conf_session_tickets_cb`
are only available if mbedTLS is configured for server mode (ie. MBEDTLS_SSL_SRV_C
is defined). This cannot be used on client mode to resume a previous session.
To allow session reuse in client mode, application must save session parameters
(including tickets provided by the server if any) after successfull connection
and restore them before attemting to reconnect. Since `alctp_close()` free the
structure, it cannot be used to store the required information.
So, two new API were added, directly wrapped to mbedTLS functions, allow application
to do that by itself.
Also added full declaration of `struct altcp_tls_session` in altcp_tls.h to allow
easier usage in application when using mbedTLS port.
Use only one entropy/ctr_drbg context for all altcp_tls_config structure allocated.
(Small adjustments before committing: fix coding style, adapt to changes in master)
This is the default way for mbedTLS. Add entropy sources via defines (see
mbedtls_entropy_init).
This removes the use of ALTCP_MBEDTLS_RNG_FN
Signed-off-by: Simon Goldschmidt <goldsimon@gmx.de>
TLS clients that need 2-way authentication (e.g. Amazon AWS IoT cloud mqtt)
need to pass a certificate and private key when creating the tls altcp_pcb.
Added a new function altcp_tls_create_config_client_2wayauth() for this that
replaces altcp_tls_create_config_client() for such clients.
See bug #54601.
- call conn->err() instead of conn->recv() if handshake fail and free conn
- close inner_conn and free current conn in altcp_mbedtls_close()
Signed-off-by: goldsimon <goldsimon@gmx.de>
Partly revert commit 0486100a2bcbce74a7214ee4f11782a9441acbf0 from 07.08.2017 as it breaks layering: every layer must free its own altcp_pcb. Freeing the inner_conn is not the right way.
- added `altcp_tls_free_config()`.
- added `altcp_tls_context()` function to allow mbedtls parameter tweak.
Since state structure isn't exported, this allow application to get
internal context (port dependent) to tweak it.
- free altcp_pcb when lower error callback called.
