Thanks Aleksey. For sure I am using OC_CLIENT_SERVER mode. My code is based on ~/iotivity/examples/OCFSecure which already took core of this in the client.cpp code.
On Fri, Dec 28, 2018 at 1:40 PM Oleksiy Volkov <a.vol...@samsung.com> wrote: > Hi Khaled, > > > > maybe you use 'client only' (OC_CLIENT) mode instead of 'client-server' > (OC_CLIENT_SERVER) to initialize the Iotivity stack. > > > > *Best regards,* > > *Aleksey Volkov* > > > > --------- *Original Message* --------- > > *Sender* : Khaled Elsayed <kha...@ieee.org> > > *Date* : 2018-12-10 18:54 (GMT+2) > > *Title* : Re: [dev] Certificate-based credential (DTLS fails to find > cipher suite) > > > Hi Gregg, > > No unfortunately. I will have a second look today but If I could not, I > will proceed using the non-certificate based shared key credential > supporting a limited number of clients for the time being. > > On Sun, Dec 9, 2018 at 11:18 PM Gregg Reynolds <d...@mobileink.com> wrote: > >> Did you ever get this figured out? >> >> I've seen "*No ciphersuites configured**" but sadly don't remember how I >> resolved it.* >> >> *G* >> >> On Wed, Dec 5, 2018, 9:34 AM Khaled Elsayed <khaledi...@gmail.com wrote: >> >>> Hi, >>> >>> I am trying to get certificate-based credential management to work >>> between a provisioned server and a client. So, I worked a bit more with the >>> provisionclient and sampleserver_mfg. I created new certificates via the >>> crtgenerator application. I configured the json files with the new >>> certificates and private keys for both application. The provisioning >>> worked. This is the good news proving that these certificates and json >>> files do work. >>> >>> The bad news is if I want to apply the certificate based >>> authentication/credntial in other examples not including provisioning, it >>> does not work. I use the sample client and server in the examples/OCFSecure >>> folder. The client and server initiate properly and reads the >>> cred/certificates correctly. However, when the client attempts to issues a >>> GET request over coaps, it fails. >>> >>> Obviously there is something that needs to be invoked to associate the >>> client and server so that they use the certificates to calculate the shared >>> symmetric encryption key. This seems to occur when the provisioningclient >>> starts to access the /doxm resource in the sampleserver_mfg. I could see >>> that in the log but I cannot figure out how to make the OCFSecure >>> client/server start the certificate exchange process. >>> >>> Here is the log. It complains *No ciphersuites configured* (see below) >>> although they are to start DTLS handshake (InitiateTlsHandshake is being >>> invoked). So, what procedure should be invoked to create a cipher between >>> the two endpoints using the certificates before reaching to the point they >>> exchange coaps payloads. Thanks for any pointers. >>> >>> 48:53.275 INFO: OIC_CA_MSG_HANDLE: CASendUnicastData type : 1 >>> >>> 48:53.275 DEBUG: OIC_CA_INF_CTR: unicast message to adapter >>> >>> 48:53.275 DEBUG: OIC_UQUEUE: Queue Count : 1 >>> >>> 48:53.275 INFO: OIC_CA_PRTCL_MSG: adapter value of CoAP/TCP is 1 >>> >>> 48:53.275 DEBUG: OIC_CA_RETRANS: sent pdu, msgtype=1, msgid=60490 >>> >>> 48:53.275 DEBUG: OIC_CA_RETRANS: not supported message type >>> >>> 48:53.275 DEBUG: OIC_CA_MSG_HANDLE: CADestroyData IN >>> >>> 48:53.275 DEBUG: OIC_CA_MSG_HANDLE: CADestroyData OUT >>> >>> 48:53.275 DEBUG: OIC_CA_QING: wait.. >>> >>> 48:53.275 DEBUG: OIC_CA_QING: wake up.. >>> >>> 48:53.275 DEBUG: OIC_CA_IP_ADAP: DTLS encrypt called >>> >>> 48:53.275 DEBUG: OIC_CA_NET_SSL: In CAencryptSsl >>> >>> 48:53.275 DEBUG: OIC_CA_NET_SSL: Port 39115 >>> >>> 48:53.275 DEBUG: OIC_CA_NET_SSL: Data to be encrypted dataLen [30] >>> >>> 48:53.275 DEBUG: OIC_CA_NET_SSL: In GetSslPeer >>> >>> 48:53.275 DEBUG: OIC_CA_NET_SSL: Return NULL >>> >>> 48:53.275 DEBUG: OIC_CA_NET_SSL: Out GetSslPeer >>> >>> 48:53.279 DEBUG: OIC_CA_NET_SSL: In InitiateTlsHandshake >>> >>> 48:53.279 DEBUG: OIC_CA_NET_SSL: In NewSslEndPoint >>> >>> 48:53.279 DEBUG: MBED_TLS: set_timer to 0 ms >>> >>> 48:53.279 DEBUG: OIC_CA_NET_SSL: New [client role] endpoint added [ >>> 10.0.0.2:39115] >>> >>> 48:53.279 DEBUG: OIC_CA_NET_SSL: Out NewSslEndPoint >>> >>> 48:53.279 DEBUG: OIC_CA_NET_SSL: In SetupCipher >>> >>> 48:53.279 DEBUG: OIC_SRM_PKIX_INTERFACE: In InitCipherSuiteList >>> >>> 48:53.279 DEBUG: OIC_SRM_CREDL: In InitCipherSuiteListInternal >>> >>> 48:53.279 DEBUG: OIC_SRM_CREDL: Out InitCipherSuiteListInternal >>> >>> 48:53.279 DEBUG: OIC_SRM_PKIX_INTERFACE: Out InitCipherSuiteList >>> >>> 48:53.279 DEBUG: OIC_CA_NET_SSL: Supported ciphersuites: >>> >>> *48:53.279 ERROR: OIC_CA_NET_SSL: No ciphersuites configured, secure >>> connections will fail* >>> >>> 48:53.279 DEBUG: OIC_CA_NET_SSL: Out SetupCipher >>> >>> 48:53.279 ERROR: OIC_CA_NET_SSL: Failed to set up cipher >>> >>> 48:53.279 DEBUG: OIC_CA_NET_SSL: In DeleteSslEndPoint >>> >>> >>> >>> On Tue, Nov 27, 2018 at 9:16 AM Khaled Elsayed <khaledi...@gmail.com> >>> wrote: >>> >>>> Thanks Mats for the pointer. Very handy tool. Nicely done Rami. >>>> >>>> Khaled >>>> >>>> >>>> >>>> On Mon, Nov 26, 2018 at 5:21 PM Mats Wichmann <m...@wichmann.us> wrote: >>>> >>>>> On 11/26/18 7:53 AM, Khaled Elsayed wrote: >>>>> > Hi Nathan >>>>> > >>>>> > Just wanted to confirm that json2cbor from iotivity-2.0.0 and latest >>>>> master >>>>> > both fail when an ACE contains a roletype entry. >>>>> > >>>>> > For the provisioning client example, is there anyway to inspect the >>>>> .dat >>>>> > files that are modified after the provisioning is performed? >>>>> Something like >>>>> > a cbor2json if there is such a tool. >>>>> > >>>>> > Thanks >>>>> > >>>>> > Khaled >>>>> >>>>> https://github.com/alshafi/iotivity-tool >>>>> >>>>> should be able to do this - it converts in both directions. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> > > > > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#10113): https://lists.iotivity.org/g/iotivity-dev/message/10113 Mute This Topic: https://lists.iotivity.org/mt/28611921/21656 Group Owner: iotivity-dev+ow...@lists.iotivity.org Unsubscribe: https://lists.iotivity.org/g/iotivity-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
