New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net: lwm2m: DTLS x509 certificate based support #54376
Comments
Add option for x509 certificate support according to Security object 1.1 3: client's certificate 4: server's certificate (CA) 5: client's pkey Add optionnal CA check to be used easily with leshan default certificate Issue zephyrproject-rtos#54376 Signed-off-by: romain pelletant <romainp@kickmaker.net>
Add option for x509 certificate support according to Security object 1.1 3: client's certificate 4: server's certificate (CA) 5: client's pkey Add optionnal CA check to be used easily with leshan default certificate Issue zephyrproject-rtos#54376 Signed-off-by: romain pelletant <romainp@kickmaker.net>
Add option for x509 certificate support according to Security object 1.1 3: client's certificate 4: server's certificate (CA) 5: client's pkey Add optionnal CA check to be used easily with leshan default certificate Issue zephyrproject-rtos#54376 Signed-off-by: romain pelletant <romainp@kickmaker.net>
Though zephyr uses mbedTLS, it's more enabling the configuration and provide the right credentials from the lwm2m security object (hope that the right lwm2m object name). There should be no other limits as for TLS. AFAIK in LWM2M support for ECDSA is mandatory (at least implicit by RFC 7252), so the certificate size should not be an too hard issue. |
@boaks Thanks for your message. You are right : it works with leshan with the block-wise transfer limitation (bootstrap to device when overwriting security data shall not exceed 1024 bytes). |
@RomainPelletant could you share the configs needed to get it work with the bootstrap? |
FYI: pending for review: #59019 |
@SeppoTakalo solved this issue. Thank you |
Is your enhancement proposal related to a problem? Please describe.
Zephyr currently supports NoSec and DTLS/PSK connection.
Describe the solution you'd like
Add support for security mode 2 (in LwM2M specifications) to support DTLS x509 certificate based.
I plan to implement it : do you see some limitations (max. certificate size for example, etc...?)
The text was updated successfully, but these errors were encountered: