Hello
I am working to evaluate NetX for our product. My task is to set up a TLS server using NetX secure and test it using openssl.
Currently, the TLS server is running correctly using TLS 1.2 and TLS 1.3, both using ECC and RSA.
Now, I need to setup client authentication. The documentation isn't that clear but I figured out I need to compile netx_secure with NX_SECURE_ENABLE_CLIENT_CERTIFICATE_VERIFY and NX_SECURE_ALLOW_SELF_SIGNED_CERTIFICATES.
I followed the documentation :
- add the client certificate using nx_secure_x509_certificate_initialize with NX_NULL in privKey field than add it using nx_secure_tls_trusted_certificate_add
- nx_secure_tls_session_client_verify_enable during init (ie, before nx_secure_tls_session_start)
All nx_* functions calls return 0.
When I try to connect (with the correct certificate), nx_secure_tls_session_start failed with error code 0x20007 (NX_CRYPTO_PTR_ERROR).
More test I've done :
- connexion with a non-matching certificate chain : error 0x18C (expected)
- connexion without giving client certificate : error 0x132 (expected)
I also tried mixing TLS 1.2/1.3 and ECC/RSA and I have the same issue.
More info :
- SSL command line : openssl s_client -port PORTNB -tls1_2 -cert clientCert.pem -key clientPrivKey.pem -CAfile serverCert.pem -verify_return_error IP
OpenSSL return an alert 80
- Traffic seen by wireshark