Add DTLS example #615
Add DTLS example #615
Conversation
The server listens for the client to connect and send it a string. It then sends the same text back to the client.
|
|
||
| The client connects to a server and sends it a few lines of text which it expects to be sent back. | ||
|
|
||
| You can build and run the client and server examples on two Pico W devices. To make testing easier to test with just one Pico W device, you can run the server or client on a Linux host. |
There was a problem hiding this comment.
"To make testing easier to test with" -> "To make testing easier with" ?
| The client connects to a server and sends it a few lines of text which it expects to be sent back. | ||
|
|
||
| You can build and run the client and server examples on two Pico W devices. To make testing easier to test with just one Pico W device, you can run the server or client on a Linux host. | ||
| The client.sh and server.sh scripts show how to run the client or server with openssl. The host folder contains source code for a version of the client and server using mbedtls. |
There was a problem hiding this comment.
This seems to be repeated in the next section?
|
|
||
| ## Using openssl | ||
|
|
||
| The host/server.sh and host/client/sh scripts demonstrate how to use DTLS with openssl, although you will have to echo text manually. |
There was a problem hiding this comment.
Obviously host/client/sh should be host/client.sh, and IMHO it's nice if you can put filenames in backticks.
| ``` | ||
| The scripts use the keys in certs/myserver | ||
|
|
||
| Or run dtls_echo_server on a Pico W device and client.sh on a linux PC. The host name for the server on Pico W is set to `pico_dtls_example`"`. Make sure you build the code for the Pico W and run the client with the right DTLS_SERVER name (and matching keys in the client and server) or else the SSL handshake will fail. |
There was a problem hiding this comment.
Stray double-quote after pico_dtls_example
| ## Using mbedtls | ||
|
|
||
| The host folder contains C versions of the examples that can be compiled natively for the host. They are modified versions of mbedtls examples. | ||
| You can build these on a rpi linux device to act as the server or client. The mbedtls library in PICO_SDK_PATH will be used to build the host code. |
There was a problem hiding this comment.
"rpi linux device" -> "Raspberry Pi computer" ?
There was a problem hiding this comment.
Hmmm, or should this just be "Linux PC" as you've used elsewhere, rather than specifically "Raspberry Pi"?
| mkdir $SERVER_NAME | ||
| echo Generating keys in $PWD/$SERVER_NAME | ||
|
|
||
| openssl genrsa -out $SERVER_NAME/ca.key 2048 |
There was a problem hiding this comment.
Maybe it's worth checking that the openssl command is available, and displaying an error if not? (which should obviously be done before mkdir $SERVER_NAME)
|
|
||
| openssl genrsa -out $SERVER_NAME/client.key 2048 | ||
| openssl req -new -out $SERVER_NAME/client.csr -key $SERVER_NAME/client.key -subj "/C=UK/ST=Cambridgeshire/L=Cambridge/O=Raspberry Pi Ltd/OU=Software/CN=$SERVER_NAME" | ||
| openssl x509 -req -in $SERVER_NAME/client.csr -CA $SERVER_NAME/ca.crt -CAkey $SERVER_NAME/ca.key -CAcreateserial -out $SERVER_NAME/client.crt -days 999 |
There was a problem hiding this comment.
Is it deliberate that -days is set to different values for the server and client certificates?
| echo "\"" >> $SERVER_NAME/dtls_client.inc | ||
| echo >> $SERVER_NAME/dtls_client.inc |
There was a problem hiding this comment.
I guess you could combine
echo "\"" >> $SERVER_NAME/dtls_client.inc
echo >> $SERVER_NAME/dtls_client.incinto just:
echo -e "\"\n" >> $SERVER_NAME/dtls_client.inc
| #endif | ||
|
|
||
| static void dtls_timer_callback(__unused async_context_t *context, async_at_time_worker_t *worker) { | ||
| DTLS_DEBUG("pico_mbedtls_timing_worker_callback\n"); |
There was a problem hiding this comment.
Should this debug line be saying "dtls_timer_callback" ?
The server listens for the client to connect and send it a string. It then sends the same text back to the client.