https server woes.

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

https server woes.

Trampas Stern
I am still fighting the https server issues and noticed the following:


ssl_tls.c 4253: got an alert message, type: [2:46]
ssl_tls.c 4261: is a fatal alert message (msg 46)
ssl_tls.c 6867: <= handshake
ERROR:    altcp_tls_mbedtls.c  283: mbedtls_ssl_handshake failed: -0x7780
httpd.c 2599: http_err: Connection closed., pcb: 20454b90

this seems to occur at the same time I get the red line Wireshark.  Note I am fairly new to TCP/IP so hold my hand in interpreting the wire shark results. 

image.png

If anyone has any hits I would appreciate it. 

Thanks
Trampas

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: https server woes.

goldsimon@gmx.de

On 20.02.2020 18:20, Trampas Stern wrote:
> [..]
> I am fairly new to TCP/IP so hold my hand in interpreting the wire shark
> results.
>
> image.png

Please send pcap files, not images, while ensuring the pcap files only
contain things they need (so don't send a file that is too large).

Thanks,
Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: https server woes.

Trampas Stern


On Thu, Feb 20, 2020 at 2:53 PM Simon Goldschmidt <[hidden email]> wrote:

On 20.02.2020 18:20, Trampas Stern wrote:
> [..]
> I am fairly new to TCP/IP so hold my hand in interpreting the wire shark
> results.
>
> image.png

Please send pcap files, not images, while ensuring the pcap files only
contain things they need (so don't send a file that is too large).

Thanks,
Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users

https.pcap.pcapng (86K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: https server woes.

goldsimon@gmx.de
Also, please don't send empty mails with just an attachment. What are we
supposed to do with that attachment?

Describe what's in it. What did you do, which stations do we see, what
do you think is happening, etc.

You're trying to get help. Do as best as you can to make it easy for
people to help you.

Regards,
Simon

Am 20.02.2020 um 21:01 schrieb Trampas Stern:

>
>
> On Thu, Feb 20, 2020 at 2:53 PM Simon Goldschmidt <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>     On 20.02.2020 18:20, Trampas Stern wrote:
>     > [..]
>     > I am fairly new to TCP/IP so hold my hand in interpreting the wire
>     shark
>     > results.
>     >
>     > image.png
>
>     Please send pcap files, not images, while ensuring the pcap files only
>     contain things they need (so don't send a file that is too large).
>
>     Thanks,
>     Simon
>
>     _______________________________________________
>     lwip-users mailing list
>     [hidden email] <mailto:[hidden email]>
>     https://lists.nongnu.org/mailman/listinfo/lwip-users
>
>
> _______________________________________________
> lwip-users mailing list
> [hidden email]
> https://lists.nongnu.org/mailman/listinfo/lwip-users
>


_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: https server woes.

Trampas Stern
Simon, sorry about that I assumed since you asked I would send the file. 

One my continual https problem, I see no end in sight the best I can tell at the moment is that I am getting packets which are not being processed.  That is I am getting retry errors on the polling as packets have been received but not processed.  I have not figured out the altXXX code and what is going on enough to determine root cause.   My guess is that the testing on the https was done with one active connection, and not with multiple and thus maybe their is a bug with multiple connections. However I can not confirm this. 

Trampas

On Thu, Feb 20, 2020 at 4:13 PM [hidden email] <[hidden email]> wrote:
Also, please don't send empty mails with just an attachment. What are we
supposed to do with that attachment?

Describe what's in it. What did you do, which stations do we see, what
do you think is happening, etc.

You're trying to get help. Do as best as you can to make it easy for
people to help you.

Regards,
Simon

Am 20.02.2020 um 21:01 schrieb Trampas Stern:
>
>
> On Thu, Feb 20, 2020 at 2:53 PM Simon Goldschmidt <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>
>     On 20.02.2020 18:20, Trampas Stern wrote:
>     > [..]
>     > I am fairly new to TCP/IP so hold my hand in interpreting the wire
>     shark
>     > results.
>     >
>     > image.png
>
>     Please send pcap files, not images, while ensuring the pcap files only
>     contain things they need (so don't send a file that is too large).
>
>     Thanks,
>     Simon
>
>     _______________________________________________
>     lwip-users mailing list
>     [hidden email] <mailto:[hidden email]>
>     https://lists.nongnu.org/mailman/listinfo/lwip-users
>
>
> _______________________________________________
> lwip-users mailing list
> [hidden email]
> https://lists.nongnu.org/mailman/listinfo/lwip-users
>


_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: https server woes.

goldsimon@gmx.de
Am 21.02.2020 um 21:25 schrieb Trampas Stern:

> Simon, sorry about that I assumed since you asked I would send the file. 
>
> One my continual https problem, I see no end in sight the best I can
> tell at the moment is that I am getting packets which are not being
> processed.  That is I am getting retry errors on the polling as packets
> have been received but not processed.  I have not figured out the altXXX
> code and what is going on enough to determine root cause.   My guess is
> that the testing on the https was done with one active connection, and
> not with multiple and thus maybe their is a bug with multiple
> connections. However I can not confirm this.

No. We're successfully using that server on an STM32 with mbedtls. We
also added crypto hw support for the STM32 based on mbed OS and for a
3rd party TPM-like chip. It works like a charm, once you've got the
protocols and the memory set up correctly.

I admit it's not as easy as pure http, but apart from memory setup,
these were mbedtls issues, not lwIP issues.

Regards,
Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: https server woes.

Trampas Stern
Do you have the example code for the STM32?  Even just the mbedtls config and lwip config files would be good starting point. 

I have found that it is getting certificate rejections from chrome, usually two or three before it accepts the certificate.  Since I only have one certificate, I am not sure why it is being rejected several times before being accepted. 

I am finding that I lwip is timing out on some packets after the 4 retries in the http polling.  

Thanks
Trampas

On Sat, Feb 22, 2020 at 3:37 AM [hidden email] <[hidden email]> wrote:
Am 21.02.2020 um 21:25 schrieb Trampas Stern:
> Simon, sorry about that I assumed since you asked I would send the file. 
>
> One my continual https problem, I see no end in sight the best I can
> tell at the moment is that I am getting packets which are not being
> processed.  That is I am getting retry errors on the polling as packets
> have been received but not processed.  I have not figured out the altXXX
> code and what is going on enough to determine root cause.   My guess is
> that the testing on the https was done with one active connection, and
> not with multiple and thus maybe their is a bug with multiple
> connections. However I can not confirm this.

No. We're successfully using that server on an STM32 with mbedtls. We
also added crypto hw support for the STM32 based on mbed OS and for a
3rd party TPM-like chip. It works like a charm, once you've got the
protocols and the memory set up correctly.

I admit it's not as easy as pure http, but apart from memory setup,
these were mbedtls issues, not lwIP issues.

Regards,
Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users
Reply | Threaded
Open this post in threaded view
|

Re: https server woes.

goldsimon@gmx.de


Am 22. Februar 2020 14:36:58 MEZ schrieb Trampas Stern <[hidden email]>:
>Do you have the example code for the STM32?  Even just the mbedtls
>config
>and lwip config files would be good starting point.

Not right now, sorry. I haven't done that myself but a collegue of mine. Plus the code in question is not currently publicly available, so I cannot just post it here.

Regards,
Simon

_______________________________________________
lwip-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/lwip-users