what elliptic specific curve is needed?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
mqtt CONNECTACK fails after handshake success, using ECC x509 with mbed TLS
I am trying to connect to IoT Hub using an STM32 board.
I have a simulated project using Linux with the exact same CA-signed trusted and device certificates to ensure the problem is not on the certs or the server configuration.
The Linux device connects fine (it uses OpenSSL as chipper)
But for my embedded device STM32 I am using the mbedTLS stack.
with traces enabled, I see the 15 handshake steps occur, then the I get the following error:
IoTHub Connection Status = IOTHUB_CLIENT_CONNECTION_UNAUTHENTICATED, Reason = IOTHUB_CLIENT_CONNECTION_DEVICE_DISABLED
ERROR: mqtt_operation_complete_callback L#1616
Connection Not Accepted: 0x5: Not Authorized
The reason looks suspicious to me, but server side, the device is enabled and looking at the source code, the only response is that the server rejected the connection.
Because I ruled out certificates, server settings and transport, I am assuming that my problem is with the Chipper.
Q1) Any idea what specific curve is needed?
//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
//#define MBEDTLS_ECP_DP_BP512R1_ENABLED
//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
Q2) What traces can I enabled to understand why the server is rejecting the certificate.
mqtt tls1.2 x509 azure-iot-hub mbed
asked Jan 4 at 17:14
Uri KlukUri Kluk
1057
add a comment |
mqtt CONNECTACK fails after handshake success, using ECC x509 with mbed TLS
I am trying to connect to IoT Hub using an STM32 board.
I have a simulated project using Linux with the exact same CA-signed trusted and device certificates to ensure the problem is not on the certs or the server configuration.
The Linux device connects fine (it uses OpenSSL as chipper)
But for my embedded device STM32 I am using the mbedTLS stack.
with traces enabled, I see the 15 handshake steps occur, then the I get the following error:
IoTHub Connection Status = IOTHUB_CLIENT_CONNECTION_UNAUTHENTICATED, Reason = IOTHUB_CLIENT_CONNECTION_DEVICE_DISABLED
ERROR: mqtt_operation_complete_callback L#1616
Connection Not Accepted: 0x5: Not Authorized
The reason looks suspicious to me, but server side, the device is enabled and looking at the source code, the only response is that the server rejected the connection.
Because I ruled out certificates, server settings and transport, I am assuming that my problem is with the Chipper.
Q1) Any idea what specific curve is needed?
//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
//#define MBEDTLS_ECP_DP_BP512R1_ENABLED
//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
Q2) What traces can I enabled to understand why the server is rejecting the certificate.
mqtt tls1.2 x509 azure-iot-hub mbed
asked Jan 4 at 17:14
Uri KlukUri Kluk
1057
add a comment |
mqtt CONNECTACK fails after handshake success, using ECC x509 with mbed TLS
I am trying to connect to IoT Hub using an STM32 board.
I have a simulated project using Linux with the exact same CA-signed trusted and device certificates to ensure the problem is not on the certs or the server configuration.
The Linux device connects fine (it uses OpenSSL as chipper)
But for my embedded device STM32 I am using the mbedTLS stack.
with traces enabled, I see the 15 handshake steps occur, then the I get the following error:
IoTHub Connection Status = IOTHUB_CLIENT_CONNECTION_UNAUTHENTICATED, Reason = IOTHUB_CLIENT_CONNECTION_DEVICE_DISABLED
ERROR: mqtt_operation_complete_callback L#1616
Connection Not Accepted: 0x5: Not Authorized
The reason looks suspicious to me, but server side, the device is enabled and looking at the source code, the only response is that the server rejected the connection.
Because I ruled out certificates, server settings and transport, I am assuming that my problem is with the Chipper.
Q1) Any idea what specific curve is needed?
//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
//#define MBEDTLS_ECP_DP_BP512R1_ENABLED
//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
Q2) What traces can I enabled to understand why the server is rejecting the certificate.
mqtt tls1.2 x509 azure-iot-hub mbed
asked Jan 4 at 17:14
Uri KlukUri Kluk
1057
mqtt CONNECTACK fails after handshake success, using ECC x509 with mbed TLS
I am trying to connect to IoT Hub using an STM32 board.
I have a simulated project using Linux with the exact same CA-signed trusted and device certificates to ensure the problem is not on the certs or the server configuration.
The Linux device connects fine (it uses OpenSSL as chipper)
But for my embedded device STM32 I am using the mbedTLS stack.
with traces enabled, I see the 15 handshake steps occur, then the I get the following error:
IoTHub Connection Status = IOTHUB_CLIENT_CONNECTION_UNAUTHENTICATED, Reason = IOTHUB_CLIENT_CONNECTION_DEVICE_DISABLED
ERROR: mqtt_operation_complete_callback L#1616
Connection Not Accepted: 0x5: Not Authorized
The reason looks suspicious to me, but server side, the device is enabled and looking at the source code, the only response is that the server rejected the connection.
Because I ruled out certificates, server settings and transport, I am assuming that my problem is with the Chipper.
Q1) Any idea what specific curve is needed?
//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
#define MBEDTLS_ECP_DP_BP256R1_ENABLED
#define MBEDTLS_ECP_DP_BP384R1_ENABLED
//#define MBEDTLS_ECP_DP_BP512R1_ENABLED
//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
Q2) What traces can I enabled to understand why the server is rejecting the certificate.
mqtt tls1.2 x509 azure-iot-hub mbed
mqtt tls1.2 x509 azure-iot-hub mbed
asked Jan 4 at 17:14
Uri KlukUri Kluk
1057
asked Jan 4 at 17:14
Uri KlukUri Kluk
1057
asked Jan 4 at 17:14
Uri KlukUri Kluk
1057
asked Jan 4 at 17:14
Uri KlukUri Kluk
1057
asked Jan 4 at 17:14
Uri KlukUri Kluk
1057
1057
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
https://github.com/coisme/Mbed-to-Azure-IoT-Hub claims that it's working with Azure IoT Hub and the only thing it enables on top of default config is MBEDTLS_SHA1_C.
answered Jan 7 at 9:35
Jan JongboomJan Jongboom
21.8k766114
add a comment |
Azure IoT C SDK have a port for MBED, reference: https://github.com/Azure/azure-c-shared-utility/blob/1d622902d7842f94193fc394987f2b4e978bb700/adapters/tlsio_mbedtls.c
answered Jan 9 at 19:46
Yi Zhong - MSFTYi Zhong - MSFT
20315
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54043360%2fwhat-elliptic-specific-curve-is-needed%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
https://github.com/coisme/Mbed-to-Azure-IoT-Hub claims that it's working with Azure IoT Hub and the only thing it enables on top of default config is MBEDTLS_SHA1_C.
answered Jan 7 at 9:35
Jan JongboomJan Jongboom
21.8k766114
add a comment |
https://github.com/coisme/Mbed-to-Azure-IoT-Hub claims that it's working with Azure IoT Hub and the only thing it enables on top of default config is MBEDTLS_SHA1_C.
answered Jan 7 at 9:35
Jan JongboomJan Jongboom
21.8k766114
add a comment |
https://github.com/coisme/Mbed-to-Azure-IoT-Hub claims that it's working with Azure IoT Hub and the only thing it enables on top of default config is MBEDTLS_SHA1_C.
answered Jan 7 at 9:35
Jan JongboomJan Jongboom
21.8k766114
https://github.com/coisme/Mbed-to-Azure-IoT-Hub claims that it's working with Azure IoT Hub and the only thing it enables on top of default config is MBEDTLS_SHA1_C.
answered Jan 7 at 9:35
Jan JongboomJan Jongboom
21.8k766114
answered Jan 7 at 9:35
Jan JongboomJan Jongboom
21.8k766114
answered Jan 7 at 9:35
Jan JongboomJan Jongboom
21.8k766114
answered Jan 7 at 9:35
Jan JongboomJan Jongboom
21.8k766114
21.8k766114
add a comment |
add a comment |
Azure IoT C SDK have a port for MBED, reference: https://github.com/Azure/azure-c-shared-utility/blob/1d622902d7842f94193fc394987f2b4e978bb700/adapters/tlsio_mbedtls.c
answered Jan 9 at 19:46
Yi Zhong - MSFTYi Zhong - MSFT
20315
add a comment |
Azure IoT C SDK have a port for MBED, reference: https://github.com/Azure/azure-c-shared-utility/blob/1d622902d7842f94193fc394987f2b4e978bb700/adapters/tlsio_mbedtls.c
answered Jan 9 at 19:46
Yi Zhong - MSFTYi Zhong - MSFT
20315
add a comment |
Azure IoT C SDK have a port for MBED, reference: https://github.com/Azure/azure-c-shared-utility/blob/1d622902d7842f94193fc394987f2b4e978bb700/adapters/tlsio_mbedtls.c
answered Jan 9 at 19:46
Yi Zhong - MSFTYi Zhong - MSFT
20315
Azure IoT C SDK have a port for MBED, reference: https://github.com/Azure/azure-c-shared-utility/blob/1d622902d7842f94193fc394987f2b4e978bb700/adapters/tlsio_mbedtls.c
answered Jan 9 at 19:46
Yi Zhong - MSFTYi Zhong - MSFT
20315
answered Jan 9 at 19:46
Yi Zhong - MSFTYi Zhong - MSFT
20315
answered Jan 9 at 19:46
Yi Zhong - MSFTYi Zhong - MSFT
20315
answered Jan 9 at 19:46
Yi Zhong - MSFTYi Zhong - MSFT
20315
20315
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54043360%2fwhat-elliptic-specific-curve-is-needed%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
