Did you ever get this figured out? I've seen "*No ciphersuites configured**" but sadly don't remember how I resolved it.*
*G* On Wed, Dec 5, 2018, 9:34 AM Khaled Elsayed <khaledi...@gmail.com wrote: > Hi, > > I am trying to get certificate-based credential management to work between > a provisioned server and a client. So, I worked a bit more with the > provisionclient and sampleserver_mfg. I created new certificates via the > crtgenerator application. I configured the json files with the new > certificates and private keys for both application. The provisioning > worked. This is the good news proving that these certificates and json > files do work. > > The bad news is if I want to apply the certificate based > authentication/credntial in other examples not including provisioning, it > does not work. I use the sample client and server in the examples/OCFSecure > folder. The client and server initiate properly and reads the > cred/certificates correctly. However, when the client attempts to issues a > GET request over coaps, it fails. > > Obviously there is something that needs to be invoked to associate the > client and server so that they use the certificates to calculate the shared > symmetric encryption key. This seems to occur when the provisioningclient > starts to access the /doxm resource in the sampleserver_mfg. I could see > that in the log but I cannot figure out how to make the OCFSecure > client/server start the certificate exchange process. > > Here is the log. It complains *No ciphersuites configured* (see below) > although they are to start DTLS handshake (InitiateTlsHandshake is being > invoked). So, what procedure should be invoked to create a cipher between > the two endpoints using the certificates before reaching to the point they > exchange coaps payloads. Thanks for any pointers. > > 48:53.275 INFO: OIC_CA_MSG_HANDLE: CASendUnicastData type : 1 > > 48:53.275 DEBUG: OIC_CA_INF_CTR: unicast message to adapter > > 48:53.275 DEBUG: OIC_UQUEUE: Queue Count : 1 > > 48:53.275 INFO: OIC_CA_PRTCL_MSG: adapter value of CoAP/TCP is 1 > > 48:53.275 DEBUG: OIC_CA_RETRANS: sent pdu, msgtype=1, msgid=60490 > > 48:53.275 DEBUG: OIC_CA_RETRANS: not supported message type > > 48:53.275 DEBUG: OIC_CA_MSG_HANDLE: CADestroyData IN > > 48:53.275 DEBUG: OIC_CA_MSG_HANDLE: CADestroyData OUT > > 48:53.275 DEBUG: OIC_CA_QING: wait.. > > 48:53.275 DEBUG: OIC_CA_QING: wake up.. > > 48:53.275 DEBUG: OIC_CA_IP_ADAP: DTLS encrypt called > > 48:53.275 DEBUG: OIC_CA_NET_SSL: In CAencryptSsl > > 48:53.275 DEBUG: OIC_CA_NET_SSL: Port 39115 > > 48:53.275 DEBUG: OIC_CA_NET_SSL: Data to be encrypted dataLen [30] > > 48:53.275 DEBUG: OIC_CA_NET_SSL: In GetSslPeer > > 48:53.275 DEBUG: OIC_CA_NET_SSL: Return NULL > > 48:53.275 DEBUG: OIC_CA_NET_SSL: Out GetSslPeer > > 48:53.279 DEBUG: OIC_CA_NET_SSL: In InitiateTlsHandshake > > 48:53.279 DEBUG: OIC_CA_NET_SSL: In NewSslEndPoint > > 48:53.279 DEBUG: MBED_TLS: set_timer to 0 ms > > 48:53.279 DEBUG: OIC_CA_NET_SSL: New [client role] endpoint added [ > 10.0.0.2:39115] > > 48:53.279 DEBUG: OIC_CA_NET_SSL: Out NewSslEndPoint > > 48:53.279 DEBUG: OIC_CA_NET_SSL: In SetupCipher > > 48:53.279 DEBUG: OIC_SRM_PKIX_INTERFACE: In InitCipherSuiteList > > 48:53.279 DEBUG: OIC_SRM_CREDL: In InitCipherSuiteListInternal > > 48:53.279 DEBUG: OIC_SRM_CREDL: Out InitCipherSuiteListInternal > > 48:53.279 DEBUG: OIC_SRM_PKIX_INTERFACE: Out InitCipherSuiteList > > 48:53.279 DEBUG: OIC_CA_NET_SSL: Supported ciphersuites: > > *48:53.279 ERROR: OIC_CA_NET_SSL: No ciphersuites configured, secure > connections will fail* > > 48:53.279 DEBUG: OIC_CA_NET_SSL: Out SetupCipher > > 48:53.279 ERROR: OIC_CA_NET_SSL: Failed to set up cipher > > 48:53.279 DEBUG: OIC_CA_NET_SSL: In DeleteSslEndPoint > > > > On Tue, Nov 27, 2018 at 9:16 AM Khaled Elsayed <khaledi...@gmail.com> > wrote: > >> Thanks Mats for the pointer. Very handy tool. Nicely done Rami. >> >> Khaled >> >> >> >> On Mon, Nov 26, 2018 at 5:21 PM Mats Wichmann <m...@wichmann.us> wrote: >> >>> On 11/26/18 7:53 AM, Khaled Elsayed wrote: >>> > Hi Nathan >>> > >>> > Just wanted to confirm that json2cbor from iotivity-2.0.0 and latest >>> master >>> > both fail when an ACE contains a roletype entry. >>> > >>> > For the provisioning client example, is there anyway to inspect the >>> .dat >>> > files that are modified after the provisioning is performed? Something >>> like >>> > a cbor2json if there is such a tool. >>> > >>> > Thanks >>> > >>> > Khaled >>> >>> https://github.com/alshafi/iotivity-tool >>> >>> should be able to do this - it converts in both directions. >>> >>> >>> >>> >>> >>> > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#10060): https://lists.iotivity.org/g/iotivity-dev/message/10060 Mute This Topic: https://lists.iotivity.org/mt/28611921/21656 Group Owner: iotivity-dev+ow...@lists.iotivity.org Unsubscribe: https://lists.iotivity.org/g/iotivity-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
