Comments (4)
It looks like the issue is with https://github.com/arduino-libraries/ArduinoBearSSL/blob/master/src/BearSSLClient.cpp#L50-L51 vs https://github.com/arduino-libraries/ArduinoBearSSL/blob/master/src/BearSSLClient.cpp#L240-L241
I'm not using mutual TLS for this call so don't call setEccSlot, so the ecVrfy and _ecSign get those default values set at L50 and L51, which is not what they have in the 1.5.0 release.
from arduinobearssl.
This change fixes it for me:
C:\cqtlibs\temp\demo-nano-33-iot\.pio\libdeps\nano_33_iot\ArduinoBearSSL>git diff
diff --git a/src/BearSSLClient.cpp b/src/BearSSLClient.cpp
index 67d00ee..905063e 100644
--- a/src/BearSSLClient.cpp
+++ b/src/BearSSLClient.cpp
@@ -46,8 +46,8 @@ BearSSLClient::BearSSLClient(Client* client, const br_x509_trust_anchor* myTAs,
_numTAs(myNumTAs),
_noSNI(false)
{
- _ecVrfy = br_ecdsa_vrfy_asn1_get_default();
- _ecSign = br_ecdsa_sign_asn1_get_default();
+ _ecVrfy = eccX08_vrfy_asn1;
+ _ecSign = eccX08_sign_asn1;
_ecKey.curve = 0;
_ecKey.x = NULL;
What was the intention for using br_ecdsa_vrfy_asn1_get_default() and br_ecdsa_sign_asn1_get_default() @ffontaine ?
from arduinobearssl.
The goal was to be able to use ArduinoBearSSL without the ECC508 (e.g. using an IoT SAFE applet in a SIM card to sign and the main CPU to verify). To do so, I moved eccX08_vrfy_asn1
and eccX08_sign_asn1
to setEccSlot
. You can set back the default values, I'll use setEccVrfy
in my own code.
from arduinobearssl.
Fixed by merging #43.
from arduinobearssl.
Related Issues (20)
- New release? HOT 1
- Making ArduinoECCX08 optional ? HOT 3
- How to shrink the library to a minimal IoT version HOT 1
- Upgrade to latest GitHub Action based CI
- Handshake SSL certificate HOT 1
- Handshake SSL Certificate
- undefined reference to `_gettimeofday' when compiling on a Teensy4.0 HOT 8
- Support for ATECC608A-TNGTLS thumbprint certificate HOT 3
- Missing data at the end of a read HOT 1
- Add GitHub Actions workflow to synchronise with shared repository labels
- ArduinoBearSsl without eec HOT 2
- failed to send a long data ( > 512bytes ) HOT 3
- No Documentation or Forum Support for libary HOT 1
- A bad connection causes an inifinite loop (at least on an ESP32 but I think also on an Arduino) HOT 2
- Root certificates work for port 443, but not for port 8883 (MQTTS) HOT 4
- Error "SHA1Class SHA1" on an ESP32 when including HTTPClient.h
- AES128 runEnc() cause RP2040 to hard lock
- Possible error in BEAR_SSL_CLIENT_IBUF_SIZE calculation HOT 1
- `ArduinoBearSSLConfig.h` in sketch folders not accessible to library HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from arduinobearssl.