- updated code to use mbedtls-2.16 (LTS version)

6 years ago · 1549367eed
parent e7ece50f08
commit 1549367eed
9 changed files with 38 additions and 12 deletions
--- a/2
+++ b/2
@ -11,6 +11,8 @@ Changes to version 1.4.0
 - common: MmsVariableSpecification_getChildValue now also accepts "." as separator
 - .NET API: ReportControlBlock.GetOwner returns null when no owner available (#79)
 - IEC 61850 client: IedConnection - added CONNECTING AND CLOSING states - removed IDLE state (CLOSED, CONNECTING, CONNECTED, CLOSING)
+- now using mbedtls 2.16
+- TLS renegotiation disabled by default

 Changes to version 1.3.3
 ------------------------
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -117,9 +117,9 @@ if(MSVC AND MSVC_VERSION LESS 1800)
    )
 endif(MSVC AND MSVC_VERSION LESS 1800)

-if(EXISTS ${CMAKE_CURRENT_LIST_DIR}/third_party/mbedtls/mbedtls-2.6.0)
+if(EXISTS ${CMAKE_CURRENT_LIST_DIR}/third_party/mbedtls/mbedtls-2.16)
 set(WITH_MBEDTLS 1)
-endif(EXISTS ${CMAKE_CURRENT_LIST_DIR}/third_party/mbedtls/mbedtls-2.6.0)
+endif(EXISTS ${CMAKE_CURRENT_LIST_DIR}/third_party/mbedtls/mbedtls-2.16)

 if(WITH_MBEDTLS)

--- a/4
+++ b/4
@ -71,9 +71,9 @@ LIB_INCLUDE_DIRS += third_party/winpcap/Include
 endif

 ifdef WITH_MBEDTLS
-LIB_SOURCE_DIRS += third_party/mbedtls/mbedtls-2.6.0/library
+LIB_SOURCE_DIRS += third_party/mbedtls/mbedtls-2.16/library
 LIB_SOURCE_DIRS += hal/tls/mbedtls
-LIB_INCLUDE_DIRS += third_party/mbedtls/mbedtls-2.6.0/include
+LIB_INCLUDE_DIRS += third_party/mbedtls/mbedtls-2.16/include
 LIB_INCLUDE_DIRS += hal/tls/mbedtls
 CFLAGS += -D'MBEDTLS_CONFIG_FILE="mbedtls_config.h"'
 CFLAGS += -D'CONFIG_MMS_SUPPORT_TLS=1'
--- a/README.md
+++ b/README.md
@ -8,6 +8,7 @@ Content:

 * [Overview](#overview)
 * [Features](#features)
+* [Examples](#examples)
 * [Building and running the examples](#building-and-running-the-examples-with-the-provided-makefiles)
 * [Building the library with TLS support](#building-the-library-with-tls-support)
 * [Installing the library and the API headers](#installing-the-library-and-the-api-headers)
@ -52,6 +53,12 @@ The library support the following IEC 61850 protocol features:
 * C and C#/.NET API


+## Examples
+
+The examples are built automatically when CMake is used to build the library.
+
+NOTE: Most examples are intended to show a specific function of the library. They are designed to show this function as simple as possible and may miss some error handling that has to be present in real applications!
+
 ## Building and running the examples with the provided makefiles

 In the project root directory type
@ -75,7 +82,9 @@ You can test the server examples by using a generic client or the provided clien

 ## Building the library with TLS support

-Download, unpack, and copy mbedtls-2.6.0 into the third_party/mbedtls folder.
+Download, unpack, and copy mbedtls-2.16 into the third_party/mbedtls folder.
+
+NOTE: The current version support mbedtls version 2.16. When you download the source archive from https://tls.mbed.org/ you have to rename the extracted folder to "mbedtls-2.16".

 In the main libiec61850 folder run

@ -83,6 +92,8 @@ In the main libiec61850 folder run
 make WITH_MBEDTLS=1
 ```

+When using CMake the library is built automatically with TLS support when the folder third_party/mbedtls/mbedtls-2.16 is present.
+
 ## Installing the library and the API headers

 The make and cmake build scripts provide an install target. This target copies the API header files and the static library to a single directory for the headers (INSTALL_PREFIX/include) and the static library (INSTALL_PREFIX/lib). With this feature it is more easy to integrate libiec61850 in an external application since you only have to add a simple include directory to the build tool of your choice.
--- a/examples/tls_client_example/CMakeLists.txt
+++ b/examples/tls_client_example/CMakeLists.txt
@ -8,6 +8,10 @@ set_source_files_properties(${example_SRCS}
                                       PROPERTIES LANGUAGE CXX)
 ENDIF(WIN32)

+configure_file(client1-key.pem client1-key.pem COPYONLY)
+configure_file(client1.cer client1.cer COPYONLY)
+configure_file(root.cer root.cer COPYONLY)
+
 add_executable(tls_client_example
  ${example_SRCS}
 )
--- a/examples/tls_server_example/CMakeLists.txt
+++ b/examples/tls_server_example/CMakeLists.txt
@ -12,6 +12,12 @@ set_source_files_properties(${example_SRCS}
                                       PROPERTIES LANGUAGE CXX)
 ENDIF(WIN32)

+configure_file(server-key.pem server-key.pem COPYONLY)
+configure_file(server.cer server.cer COPYONLY)
+configure_file(client1.cer client1.cer COPYONLY)
+configure_file(client2.cer client2.cer COPYONLY)
+configure_file(root.cer root.cer COPYONLY)
+
 add_executable(tls_server_example
  ${example_SRCS}
 )
--- a/hal/CMakeLists.txt
+++ b/hal/CMakeLists.txt
@ -106,18 +106,18 @@ ENDIF(WIN32)
 #set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC" )
 #set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC" )

-if(EXISTS ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-2.6.0)
+if(EXISTS ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-2.16)
 message("Found mbedtls -> can compile with TLS support")
 set(WITH_MBEDTLS 1)
-endif(EXISTS ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-2.6.0)
+endif(EXISTS ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-2.16)

 if(WITH_MBEDTLS)
 include_directories(
 	${CMAKE_CURRENT_LIST_DIR}/tls/mbedtls
-    ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-2.6.0/include
+    ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-2.16/include
 )

-file(GLOB tls_SRCS ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-2.6.0/library/*.c)
+file(GLOB tls_SRCS ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-2.16/library/*.c)

 add_definitions(-DMBEDTLS_CONFIG_FILE="mbedtls_config.h")

--- a/hal/tls/mbedtls/tls_mbedtls.c
+++ b/hal/tls/mbedtls/tls_mbedtls.c
@ -171,7 +171,7 @@ TLSConfiguration_create()

        mbedtls_ssl_conf_authmode(&(self->conf), MBEDTLS_SSL_VERIFY_REQUIRED);

-        mbedtls_ssl_conf_renegotiation(&(self->conf), MBEDTLS_SSL_RENEGOTIATION_ENABLED);
+        mbedtls_ssl_conf_renegotiation(&(self->conf), MBEDTLS_SSL_RENEGOTIATION_DISABLED);

        /* static int hashes[] = {3,4,5,6,7,8,0}; */
        /* mbedtls_ssl_conf_sig_hashes(&(self->conf), hashes); */
--- a/third_party/mbedtls/README
+++ b/third_party/mbedtls/README
@ -1,6 +1,9 @@
 README
 ------

-For TLS support with mbedtls download the source tarball of version 2.6.0 and extract here in the subfolder
+For TLS support with mbedtls download the source tarball of version 2.16.x and extract here in the subfolder
+
+mbedtls-2.16
+
+After extracting of the archive you may have to rename the folder to match the exact name "mbedtls-2.16". Otherwise the build system will not find the library.

-mbedtls-2.6.0