#networking #ppp #gsm_modem #mbedtls #networking #ppp #gsm_modem #mbedtls
I am working on an application on frdm_k64f board using official zephyr release 2.2.0.
The application involves mqtt and mbedtls.
The connection is a secure connection using certificates.
The application is using either LAN with dhcpv4 client or gsm modem with ppp.
Everything works perfect via LAN, which means the mbedtls_ssl_handshake_client_step() function in ssl_cli.c passes all steps of verifying certificates.
But when I use gsm modem I can connect to the network, but the mbedtls_ssl_handshake_client_step() function stops in state MBEDTLS_SSL_CERTIFICATE_VERIFY.
Debugging shows, that the net_ctx->flags suddenly switch from 0x14d to 0x148, which indicates the connection is unconnected or idle, and NET_CONMTEXT_IN_USE is also false. Please see the table of the flags I have made here below.
In all previous states before MBEDTLS_SSL_CERTIFICATE_VERIFY, the flags are 0x14D and every step of the mbedtls_ssl_handshake_client_step() function works until this sudden change in flags.
I have made sure that CONFIG_NET_PKT_RX_COUNT and CONFIG_NET_PKT_TX_COUNT are 14 as recommended for CONFIG_NET_L2_ETHERNET, which I then assume also applies to NET_L2_PPP.
I have also made sure that CONFIG_NET_BUF_RX_COUNT and CONFIG_NET_BUF_TX_COUNT are 36 as recommended for CONFIG_NET_L2_ETHERNET, which I then assume also applies to NET_L2_PPP.
But maybe there other CONFIG parameters I am not aware of, that need to be adjusted. Maybe some timeout?
The basic configuration was taken from the gsm_modem sample project and extended from there.
I have attached the autoconf.h so you can see the full configuration.
Hopefully someone can help me figure out, what I am missing to make the application work with gsm modem.
I have also added my own debug code with printk, because enabling debugging for some of the modules simply makes it impossible to display all debug messages in a console.
Zephyr writes it has dumped e.g. 54 messages.
I have also attached my debug output, where each state in the mbedtls_ssl_handshake_client_step() function is clearly identified, and some debug info about the flags, number of bytes to send etc.
And here you can see the change in flags clearly in state MBEDTLS_SSL_CERTIFICATE_VERIFY.
some comments inline below:
On Wed, 2020-05-06 at 09:36 -0700, Bo.Kragelund@prevas.dk wrote:
HelloCan you try what you are doing using upstream master branch, it might
have issues fixed regarding what you are trying to do?
The application involves mqtt and mbedtls.Where do you see a recommendation to use 14 as a value for
buffers/packets, in documentation or in samples? Usually you should use
as many network buffers as possible in your application (depending on
your application needs and device possibilities of course). The value
14 used in some sample apps, is just a reasonable working value for
some use case, but your application use case might be different.
I have also made sure that CONFIG_NET_BUF_RX_COUNT andSame comment to value 36 here as for previous comment about number of
But maybe there other CONFIG parameters I am not aware of, that needYou could experiment with these mbedtls options. Are the values of
these same when you use Ethernet vs GSM modem?
Try increasing the max content len to 16kb, mbedtls is really memory
hungry and can fail weirdly if some buffers are not long enough.
The basic configuration was taken from the gsm_modem sample pr
oject and extended from there.Hmm, I did not quite understand this comment. If you see log messages
being dropped, try increasing these values
the buf count could be even higher if you have memory.
Zephyr writes it has dumped e.g. 54 messages.You can also discuss these issues in #networking or #modem channels in
And thank you very much for your very quick answer.
I am sorry I haven't repsonded before, but we had a national Holiday in Denmark Friday the 8th.
I will try to answer on your comments.
Regarding the buffer counts, having a value of 14 is written in the documentation of zephyr 2.2.0 as the link below shows.
Regarding the buffer counts, having a value of 36 is written in the documentation of zephyr 2.2.0 as the link below shows.
We are already using a maximum heap size for CONFIG_MBEDTLS_HEAP_SIZE of 65356.
CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN is set to 8196.
And it is the same configuration in both Ethernet and GSM modem.
Using the maximum value of 16384 for CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN gives another error of "<err> net_sock_tls: TLS handshake error: -4310" when running state MBEDTLS_SSL_CERTIFICATE_VERIFY.
Anyway, this is the "maximum" configuration we use now, where some buffers and also some NET RX and TX stacks are increased to the double of default.
I have disabled some shell to get more memory available for this.
And I am still stuck with the same error in the GSM modem variant.
The Ethernet variant still works perfect.
Again, I have attached the two auto generated header files, so they can be compared directly.
Basically the header file for Ethernet has some ETH related configuration and the GSM modem header has some MODEM and PPP related configuration.
I have also attached the two proj.cnf so they can be compared directly.
And basically you will see, that there is a section at the bottom for using GSM modem, which is based on the GSM_modem sample project.
And when building for Ethernet, you will see this section outcommented more or less, except for the buffers and some net stacks. The only other thing Ethernet variant has enabled is the DHCPV4.
Regarding using latest upstream zephyr version I have tried using 2.2.3rc1 and compare with 2.2.0.
I am only testing the gsm_modem sample project, but using UART 3 on the frdm_k64f board, which is compatible with Arduino pinout, which my modem shield uses.
Using an oscilloscope, no data is sent out on UART 3 for communicating with the modem shield, when I test with zephyr 2.2.3rc1.
Everything works fine with zephyr version 2.2.0 and I can use the net shell to ping some IP addresses, meaning the modem is being configured correct via PPP over UART 3.
What am I missing in order to sent out data on UART 3 on the frdm_k64f board??
There are some changes to the configuration of UART 3 between zephyr 2.2.3rc1 and 2.2.0.
In zephyr 2.2.0 the following configuration parameters are needed to make the UART 3 work, which can be seen in the attahced proj.2.2.0.conf for the gms_modem sample project:
CONFIG_SERIAL=y CONFIG_UART_MCUX_3=y CONFIG_MODEM_GSM_UART_NAME="UART_3"
In zephyr 2.2.3rc1 it seems like CONFIG_UART_MCUX_3=y is no longer needed and I only have to set the two other configuration parameters, which can be seen in the attached proj.2.2.3rc1.conf for the gms_modem sample project: CONFIG_SERIAL=y CONFIG_MODEM_GSM_UART_NAME="UART_3"
I hope to get 2.2.3rc1 up and running to see if it solves my issues with mbedtls certificate handshaking, as you also suggest as first thing to try.