Hi,
I am trying to use a certificate with its public key algorithm is NIST
P-384 and its signature algorithm is ED448.
I am working on ESP board with IDF framework which supports mbedtls. But
when I am trying to use that certificate, I got error message about
'MBEDTLS_ERR_X509_UNKOWN_SIG_ALG'.
So, I thought that maybe mbedtls does not support certificates which signed
with ED448.
Hi,
I am trying to use a certificate with its public key algorithm is NIST
P-384 and its signature algorithm is ED448.
I am working on ESP board with IDF framework which supports mbedtls. But
when I am trying to use that certificate, I got error message about
'MBEDTLS_ERR_X509_UNKOWN_SIG_ALG'.
So, I thought that maybe mbedtls does not support certificates which signed
with ED448.
I've got mbedTLS 3.1.4 and want to use TLS 1.3. My handshake fails very early because I don't have any Pre-Shared Keys. Does mbedTLS TLS1.3 only support PSKs, or can I still use generated session keys as does TLS 1.2? If so, how?
Jeff Thompson | Senior Electrical Engineer - Firmware
+1 704 752 6513 x1394
www.invue.com
[cid:image001.gif@01D9D729.620C6230]
Hello,
I am trying to build MbedTLS on a Mac, as part of a project to support
MbedTLS in the "picoquic" implementation of QUIC. I have a small
problem, probably something of my making. I have cloned the repo on an
"mbedtls" directory, created a "build" subdirectory, and from there
run"cmake ..", which worked fine, and then tried to run "make", which
fails in "generating psa_crypto_driver_wrapper.c" when trying the python
script "generate_driver_wrappers.py" because it cannot find the python
module "jsonschema".
I tried to solve that by installing that module using "pip", and test
programs running python3 do find the "jsonschema". Calling
print(jsonschema.__file__) shows the module is installed in my user
directory:
/users/christianhuitema/Library/python3.9/lib/python/...
Is there a simple way to fix that?
-- Christian Huitema
Hello,
I'm currently engaged in a project where I'm utilizing mbedtls for the management of certificates. Within this project, I'm aiming to integrate a revocation feature using Certificate Revocation Lists (CRLs). However, my search for resources on how to effectively implement a comprehensive certificate revocation process using mbedtls has unfortunately yielded no productive outcomes.
I am concerned about how to first create a crl file and sign it using my self-signed CA, how to revocate a certificate if we need to revocate it, and how to update the CRL, then when parsing the cert how to detect that this certificate has been revocated. ( I am using LPCXpresso55S16 as a client and raspberry pi as a server and I am doing all with coding).
Thank you in advance for your support.
Best regards,
Ahmed.
Hello,
I need some help to setup mbedtls as a CMake subproject, I added it as a subdirectory in my CMakeLists.
However, I can't figure out how to use my own config file for mbedtls (MBEDTLS_CONFIG_FILE option to the file I want as a config file).
When I put my custom config file to the include folder of mbedtls in the place of the original mbedtls_config.h file it works wel,l but it's not a future-proof option for me, is there anyone that could help me with this setup ?
Hi,
I have noticed that PSA driver wrapper function is missing for single part MAC verify function. In the current implementation, it calls the MAC compute wrapper and does the comparison using mbedtls_psa_safer_memcmp.
The hardware I am working on allows the complete process to be offloaded to it. Can we have an option for the same in wrapper layer for PSA for MAC verify ?
Regards,
Ruchika
Hi Mbed TLS users,
We are releasing Mbed TLS 3.4.1 and 2.28.4 LTS.
As the point release suggests, this is a small update which primarily addresses some expiring test certificates.
Full details are available via the release notes:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.4.1https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.4
We recommend all users to consider whether they are impacted, and to upgrade appropriately.
Thanks,
The Mbed TLS team
This event has been updated
Changed: time
MBed TLS Technical Forum - Asia
Every 4 weeks from 3am to 3:50am on Monday from Monday Jan 30 to Sunday Aug
13
Mountain Standard Time - Phoenix
Trusted Firmware is inviting you to a scheduled Zoom meeting.
Topic: MBed TLS Technical Forum - Asia
Time: Nov 8, 2021 10:00 AM London
Every 4 weeks on Mon, 20 occurrence(s)
Nov 8, 2021 10:00 AM
Dec 6, 2021 10:00 AM
Jan 3, 2022 10:00 AM
Jan 31, 2022 10:00 AM
Feb 28, 2022 10:00 AM
Mar 28, 2022 10:00 AM
Apr 25, 2022 10:00 AM
May 23, 2022 10:00 AM
Jun 20, 2022 10:00 AM
Jul 18, 2022 10:00 AM
Aug 15, 2022 10:00 AM
Sep 12, 2022 10:00 AM
Oct 10, 2022 10:00 AM
Nov 7, 2022 10:00 AM
Dec 5, 2022 10:00 AM
Jan 2, 2023 10:00 AM
Jan 30, 2023 10:00 AM
Feb 27, 2023 10:00 AM
Mar 27, 2023 10:00 AM
Apr 24, 2023 10:00 AM
Please download and import the following iCalendar (.ics) files to your
calendar system.
Weekly:
https://linaro-org.zoom.us/meeting/tJ0kc-GsqDktHNGa8CWl6wJ7je6CKD-5zgh8/ics…
Join Zoom Meeting
https://linaro-org.zoom.us/j/99948462765?pwd=SGlHYlF1Z2owUDNFWWppaGlSRDh5UT…
Meeting ID: 999 4846 2765
Passcode: 196117
One tap mobile
+12532158782,,99948462765# US (Tacoma)
+13462487799,,99948462765# US (Houston)
Dial by your location
+1 253 215 8782 US (Tacoma)
+1 346 248 7799 US (Houston)
+1 669 900 9128 US (San Jose)
+1 301 715 8592 US (Washington DC)
+1 312 626 6799 US (Chicago)
+1 646 558 8656 US (New York)
888 788 0099 US Toll-free
877 853 5247 US Toll-free
Meeting ID: 999 4846 2765
Find your local number: https://linaro-org.zoom.us/u/anpWWkRdt
Guests
Don Harbin - creator
nnac123(a)gmail.com
santosdanillo(a)gmail.com
schoenle.thomas(a)googlemail.com
psa-crypto(a)lists.trustedfirmware.org
mbed-tls(a)lists.trustedfirmware.org
kris.kwiatkowski(a)pqshield.com
View all guest info
https://calendar.google.com/calendar/event?action=VIEW&eid=MzE1cHJuZGxwMDFo…
Reply for mbed-tls(a)lists.trustedfirmware.org and view more details
https://calendar.google.com/calendar/event?action=VIEW&eid=MzE1cHJuZGxwMDFo…
Your attendance is optional.
~~//~~
Invitation from Google Calendar: https://calendar.google.com/calendar/
You are receiving this email because you are an attendee on the event. To
stop receiving future updates for this event, decline this event.
Forwarding this invitation could allow any recipient to send a response to
the organizer, be added to the guest list, invite others regardless of
their own invitation status, or modify your RSVP.
Learn more https://support.google.com/calendar/answer/37135#forwarding