Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make lwip to work on u-boot and mbedtl v3.6 #47

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

jetm
Copy link

@jetm jetm commented Sep 19, 2024

While adding https:// support to U-Boot, several issues were found while using http client app from lwip with SSL support from mbedtls. Further details are in the commit messages.

A minimal set of changes to make the LWIP mbedtls app compatible with
the latest mbedTLS 3.6.x branch.

Only TLS 1.2 with LWIP http client app, and OS_SYS=0 (U-Boot) have been
tested. More changes might be required in other setup combinations. 

Signed-off-by: Javier Tia <[email protected]>
When using the http-client LWIP app in U-Boot (OS_SYS=0), the handshake
fails because LWIP doesn't send TCP packets after it initiates.

Signed-off-by: Javier Tia <[email protected]>
SNI, or Server Name Indication, is an addition to the TLS encryption
protocol that enables a client device to specify the domain name it is
trying to reach in the first step of the TLS handshake, preventing
common name mismatch errors and not reaching to HTTPS server that
enforce this condition.

Signed-off-by: Javier Tia <[email protected]>
trini pushed a commit to trini/u-boot that referenced this pull request Nov 13, 2024
The current code support mbedTLS 2.28. Since we are using a newer
version in U-Boot, update the necessary accessors and the lwIP codebase
to work with mbedTLS 3.6.0. It's worth noting that the patches are
already sent to lwIP [0]

While at it enable LWIP_ALTCP_TLS and enable TLS support in lwIP

[0] lwip-tcpip/lwip#47

Signed-off-by: Javier Tia <[email protected]>
Acked-by: Jerome Forissier <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
trini pushed a commit to trini/u-boot that referenced this pull request Nov 13, 2024
SNI, or Server Name Indication, is an addition to the TLS encryption
protocol that enables a client device to specify the domain name it is
trying to reach in the first step of the TLS handshake, preventing
common name mismatch errors and not reaching to HTTPS server that
enforce this condition. Since most of the websites require it nowadays
add support for it.

It's worth noting that this is already sent to lwIP [0]

[0] lwip-tcpip/lwip#47

Signed-off-by: Javier Tia <[email protected]>
Reviewed-by: Jerome Forissier <[email protected]>
Signed-off-by: Ilias Apalodimas <[email protected]>
marceloalcocer added a commit to marceloalcocer/lwip that referenced this pull request Nov 20, 2024
This is a known missing feature;

* [lwip-tcpip#47][gh-lwip-pr]
* [lwip-tcpip/lwip@c53c9d020][gh-lwip-commit]

Added here again for compatibility with [pico-sdk][gh-pico] v1.5.x.
See discussion in [marceloalcocer/picohttps#1][gh-issue] for more
details.

[gh-lwip-pr]: lwip-tcpip#47
[gh-lwip-commit] lwip-tcpip@c53c9d0
[gh-pico]: https://github.com/raspberrypi/pico-sdk
[gh-issue]: marceloalcocer/picohttps#1 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant