Hi Gregg, No unfortunately. I will have a second look today but If I could not, I will proceed using the non-certificate based shared key credential supporting a limited number of clients for the time being.
On Sun, Dec 9, 2018 at 11:18 PM Gregg Reynolds <d...@mobileink.com> wrote: > Did you ever get this figured out? > > I've seen "*No ciphersuites configured**" but sadly don't remember how I > resolved it.* > > *G* > > On Wed, Dec 5, 2018, 9:34 AM Khaled Elsayed <khaledi...@gmail.com wrote: > >> Hi, >> >> I am trying to get certificate-based credential management to work >> between a provisioned server and a client. So, I worked a bit more with the >> provisionclient and sampleserver_mfg. I created new certificates via the >> crtgenerator application. I configured the json files with the new >> certificates and private keys for both application. The provisioning >> worked. This is the good news proving that these certificates and json >> files do work. >> >> The bad news is if I want to apply the certificate based >> authentication/credntial in other examples not including provisioning, it >> does not work. I use the sample client and server in the examples/OCFSecure >> folder. The client and server initiate properly and reads the >> cred/certificates correctly. However, when the client attempts to issues a >> GET request over coaps, it fails. >> >> Obviously there is something that needs to be invoked to associate the >> client and server so that they use the certificates to calculate the shared >> symmetric encryption key. This seems to occur when the provisioningclient >> starts to access the /doxm resource in the sampleserver_mfg. I could see >> that in the log but I cannot figure out how to make the OCFSecure >> client/server start the certificate exchange process. >> >> Here is the log. It complains *No ciphersuites configured* (see below) >> although they are to start DTLS handshake (InitiateTlsHandshake is being >> invoked). So, what procedure should be invoked to create a cipher between >> the two endpoints using the certificates before reaching to the point they >> exchange coaps payloads. Thanks for any pointers. >> >> 48:53.275 INFO: OIC_CA_MSG_HANDLE: CASendUnicastData type : 1 >> >> 48:53.275 DEBUG: OIC_CA_INF_CTR: unicast message to adapter >> >> 48:53.275 DEBUG: OIC_UQUEUE: Queue Count : 1 >> >> 48:53.275 INFO: OIC_CA_PRTCL_MSG: adapter value of CoAP/TCP is 1 >> >> 48:53.275 DEBUG: OIC_CA_RETRANS: sent pdu, msgtype=1, msgid=60490 >> >> 48:53.275 DEBUG: OIC_CA_RETRANS: not supported message type >> >> 48:53.275 DEBUG: OIC_CA_MSG_HANDLE: CADestroyData IN >> >> 48:53.275 DEBUG: OIC_CA_MSG_HANDLE: CADestroyData OUT >> >> 48:53.275 DEBUG: OIC_CA_QING: wait.. >> >> 48:53.275 DEBUG: OIC_CA_QING: wake up.. >> >> 48:53.275 DEBUG: OIC_CA_IP_ADAP: DTLS encrypt called >> >> 48:53.275 DEBUG: OIC_CA_NET_SSL: In CAencryptSsl >> >> 48:53.275 DEBUG: OIC_CA_NET_SSL: Port 39115 >> >> 48:53.275 DEBUG: OIC_CA_NET_SSL: Data to be encrypted dataLen [30] >> >> 48:53.275 DEBUG: OIC_CA_NET_SSL: In GetSslPeer >> >> 48:53.275 DEBUG: OIC_CA_NET_SSL: Return NULL >> >> 48:53.275 DEBUG: OIC_CA_NET_SSL: Out GetSslPeer >> >> 48:53.279 DEBUG: OIC_CA_NET_SSL: In InitiateTlsHandshake >> >> 48:53.279 DEBUG: OIC_CA_NET_SSL: In NewSslEndPoint >> >> 48:53.279 DEBUG: MBED_TLS: set_timer to 0 ms >> >> 48:53.279 DEBUG: OIC_CA_NET_SSL: New [client role] endpoint added [ >> 10.0.0.2:39115] >> >> 48:53.279 DEBUG: OIC_CA_NET_SSL: Out NewSslEndPoint >> >> 48:53.279 DEBUG: OIC_CA_NET_SSL: In SetupCipher >> >> 48:53.279 DEBUG: OIC_SRM_PKIX_INTERFACE: In InitCipherSuiteList >> >> 48:53.279 DEBUG: OIC_SRM_CREDL: In InitCipherSuiteListInternal >> >> 48:53.279 DEBUG: OIC_SRM_CREDL: Out InitCipherSuiteListInternal >> >> 48:53.279 DEBUG: OIC_SRM_PKIX_INTERFACE: Out InitCipherSuiteList >> >> 48:53.279 DEBUG: OIC_CA_NET_SSL: Supported ciphersuites: >> >> *48:53.279 ERROR: OIC_CA_NET_SSL: No ciphersuites configured, secure >> connections will fail* >> >> 48:53.279 DEBUG: OIC_CA_NET_SSL: Out SetupCipher >> >> 48:53.279 ERROR: OIC_CA_NET_SSL: Failed to set up cipher >> >> 48:53.279 DEBUG: OIC_CA_NET_SSL: In DeleteSslEndPoint >> >> >> >> On Tue, Nov 27, 2018 at 9:16 AM Khaled Elsayed <khaledi...@gmail.com> >> wrote: >> >>> Thanks Mats for the pointer. Very handy tool. Nicely done Rami. >>> >>> Khaled >>> >>> >>> >>> On Mon, Nov 26, 2018 at 5:21 PM Mats Wichmann <m...@wichmann.us> wrote: >>> >>>> On 11/26/18 7:53 AM, Khaled Elsayed wrote: >>>> > Hi Nathan >>>> > >>>> > Just wanted to confirm that json2cbor from iotivity-2.0.0 and latest >>>> master >>>> > both fail when an ACE contains a roletype entry. >>>> > >>>> > For the provisioning client example, is there anyway to inspect the >>>> .dat >>>> > files that are modified after the provisioning is performed? >>>> Something like >>>> > a cbor2json if there is such a tool. >>>> > >>>> > Thanks >>>> > >>>> > Khaled >>>> >>>> https://github.com/alshafi/iotivity-tool >>>> >>>> should be able to do this - it converts in both directions. >>>> >>>> >>>> >>>> >>>> >>>> >> >> -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#10062): https://lists.iotivity.org/g/iotivity-dev/message/10062 Mute This Topic: https://lists.iotivity.org/mt/28611921/21656 Group Owner: iotivity-dev+ow...@lists.iotivity.org Unsubscribe: https://lists.iotivity.org/g/iotivity-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
