On 01/15/2018 09:28 AM, Martin Roesch wrote: > Hi, > > I ran into a problem with the airon_controlee example when using DTLS with > IoTivity 1.3.1. > The sign up to the cloud server fails with error_code OC_STACK_ERROR (255). > Since this error is not handled in the callback handleLoginoutCB, the > following sign in throws an exception because the uid is empty. > > I then built IoTivity with debug log messages, which revealed that the SSL > handshake fails (or at least that's my interpretation): > -- > 08:35.572 DEBUG: MBED_TLS: got no CA chain > 08:35.572 ERROR: OIC_CA_NET_SSL: Handshake error: -0x7680 > 08:35.572 DEBUG: OIC_CA_NET_SSL: In SendCacheMessages > 08:35.572 DEBUG: OIC_CA_INF_CTR: received error from adapter in > interfacecontroller > 08:35.572 DEBUG: OIC_CA_MSG_HANDLE: CAErrorHandler IN > -- (I have attached the full log output) > > Did anyone else also run into this problem? > > A web search for the mbedtls message lead to this issue: > https://github.com/ARMmbed/mbedtls/issues/864 > The issue is already fixed in mbedtls versions 2.5.1, 2.1.8 and 1.3.20 on > Sept. 6, 2017. > But IoTivity 1.3.1 uses mbedtls version 2.4.2 that doesn't contain the fix. > But is this mbedtls issue even related to my issue? > > FYI: I built IoTivity tag 1.3.1 from git on Ubuntu 16.04 with gcc version > 5.4.0.
It's a bit slow-moving... once we use upstream libs for critical things, we need to stay up to date with those, but we're not able to due to limited resources. See the discussion here, for example: https://jira.iotivity.org/browse/IOT-2666 Capsule summary: CVE -> do we have a problem? -> it looks like it might not affect us, so let's defer. The result is a wait from August 31 to today with no changes. Based on the notes in that bug, though, it's probably not the full explanation for what you see, as it _also_ references MBEDTLS_SSL_VERIFY_OPTIONAL - which apparently we don't use, in favor of VERIFY_REQUIRED. _______________________________________________ iotivity-dev mailing list [email protected] https://lists.iotivity.org/mailman/listinfo/iotivity-dev
