[Ovmsdev] MBEDTLS

Mark Webb-Johnson mark at webb-johnson.net
Mon Feb 17 11:36:36 HKT 2020


Some issues with our MBEDTLS:

We have '#define MG_SSL_IF_MBEDTLS_MAX_FRAG_LEN 2048’ in our mongoose mg_tocals.h and that overrides the maximum message fragment set in sdkconfig. Result was we can’t connect to any server that sends more than 2048 bytes in it’s handshake (and supports the max fragment length option). Fix is to simply remove it, and allow our sdkconfig to work.

Our mbedtls by default doesn’t debug anything, including warnings. That makes it very hard to find problems (like #1, above). I changed it (in ovms_tls component) to log at level #1 (just warnings and errors), which should be fine. I think that also needs 'CONFIG_MBEDTLS_DEBUG=y’ in sdkconfig. So, suggest to set appropriately.

We should be verifying expired certificates, as our ntp time/date is reliable. So, suggest to set 'CONFIG_MBEDTLS_HAVE_TIME_DATE=y’ in sdkconfig to enable this.

All committed and pushed.

Regards, Mark.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20200217/a24bd818/attachment.html>


More information about the OvmsDev mailing list