diff --git a/CHANGELOG b/CHANGELOG index ae7dfd30..755dc2ba 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -11,6 +11,8 @@ Changes to version 1.4.0 - common: MmsVariableSpecification_getChildValue now also accepts "." as separator - .NET API: ReportControlBlock.GetOwner returns null when no owner available (#79) - IEC 61850 client: IedConnection - added CONNECTING AND CLOSING states - removed IDLE state (CLOSED, CONNECTING, CONNECTED, CLOSING) +- now using mbedtls 2.16 +- TLS renegotiation disabled by default Changes to version 1.3.3 ------------------------ diff --git a/CMakeLists.txt b/CMakeLists.txt index 625d52ed..164c7c2d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -117,9 +117,9 @@ if(MSVC AND MSVC_VERSION LESS 1800) ) endif(MSVC AND MSVC_VERSION LESS 1800) -if(EXISTS ${CMAKE_CURRENT_LIST_DIR}/third_party/mbedtls/mbedtls-2.6.0) +if(EXISTS ${CMAKE_CURRENT_LIST_DIR}/third_party/mbedtls/mbedtls-2.16) set(WITH_MBEDTLS 1) -endif(EXISTS ${CMAKE_CURRENT_LIST_DIR}/third_party/mbedtls/mbedtls-2.6.0) +endif(EXISTS ${CMAKE_CURRENT_LIST_DIR}/third_party/mbedtls/mbedtls-2.16) if(WITH_MBEDTLS) diff --git a/Makefile b/Makefile index 6504f306..65d61364 100644 --- a/Makefile +++ b/Makefile @@ -71,9 +71,9 @@ LIB_INCLUDE_DIRS += third_party/winpcap/Include endif ifdef WITH_MBEDTLS -LIB_SOURCE_DIRS += third_party/mbedtls/mbedtls-2.6.0/library +LIB_SOURCE_DIRS += third_party/mbedtls/mbedtls-2.16/library LIB_SOURCE_DIRS += hal/tls/mbedtls -LIB_INCLUDE_DIRS += third_party/mbedtls/mbedtls-2.6.0/include +LIB_INCLUDE_DIRS += third_party/mbedtls/mbedtls-2.16/include LIB_INCLUDE_DIRS += hal/tls/mbedtls CFLAGS += -D'MBEDTLS_CONFIG_FILE="mbedtls_config.h"' CFLAGS += -D'CONFIG_MMS_SUPPORT_TLS=1' diff --git a/README.md b/README.md index d03dfbd2..81d8e0b2 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ Content: * [Overview](#overview) * [Features](#features) +* [Examples](#examples) * [Building and running the examples](#building-and-running-the-examples-with-the-provided-makefiles) * [Building the library with TLS support](#building-the-library-with-tls-support) * [Installing the library and the API headers](#installing-the-library-and-the-api-headers) @@ -52,6 +53,12 @@ The library support the following IEC 61850 protocol features: * C and C#/.NET API +## Examples + +The examples are built automatically when CMake is used to build the library. + +NOTE: Most examples are intended to show a specific function of the library. They are designed to show this function as simple as possible and may miss some error handling that has to be present in real applications! + ## Building and running the examples with the provided makefiles In the project root directory type @@ -75,7 +82,9 @@ You can test the server examples by using a generic client or the provided clien ## Building the library with TLS support -Download, unpack, and copy mbedtls-2.6.0 into the third_party/mbedtls folder. +Download, unpack, and copy mbedtls-2.16 into the third_party/mbedtls folder. + +NOTE: The current version support mbedtls version 2.16. When you download the source archive from https://tls.mbed.org/ you have to rename the extracted folder to "mbedtls-2.16". In the main libiec61850 folder run @@ -83,6 +92,8 @@ In the main libiec61850 folder run make WITH_MBEDTLS=1 ``` +When using CMake the library is built automatically with TLS support when the folder third_party/mbedtls/mbedtls-2.16 is present. + ## Installing the library and the API headers The make and cmake build scripts provide an install target. This target copies the API header files and the static library to a single directory for the headers (INSTALL_PREFIX/include) and the static library (INSTALL_PREFIX/lib). With this feature it is more easy to integrate libiec61850 in an external application since you only have to add a simple include directory to the build tool of your choice. diff --git a/examples/tls_client_example/CMakeLists.txt b/examples/tls_client_example/CMakeLists.txt index 3a54e2d9..afa63c11 100644 --- a/examples/tls_client_example/CMakeLists.txt +++ b/examples/tls_client_example/CMakeLists.txt @@ -8,6 +8,10 @@ set_source_files_properties(${example_SRCS} PROPERTIES LANGUAGE CXX) ENDIF(WIN32) +configure_file(client1-key.pem client1-key.pem COPYONLY) +configure_file(client1.cer client1.cer COPYONLY) +configure_file(root.cer root.cer COPYONLY) + add_executable(tls_client_example ${example_SRCS} ) diff --git a/examples/tls_server_example/CMakeLists.txt b/examples/tls_server_example/CMakeLists.txt index 4299b8b0..0f1af99b 100644 --- a/examples/tls_server_example/CMakeLists.txt +++ b/examples/tls_server_example/CMakeLists.txt @@ -12,6 +12,12 @@ set_source_files_properties(${example_SRCS} PROPERTIES LANGUAGE CXX) ENDIF(WIN32) +configure_file(server-key.pem server-key.pem COPYONLY) +configure_file(server.cer server.cer COPYONLY) +configure_file(client1.cer client1.cer COPYONLY) +configure_file(client2.cer client2.cer COPYONLY) +configure_file(root.cer root.cer COPYONLY) + add_executable(tls_server_example ${example_SRCS} ) diff --git a/hal/CMakeLists.txt b/hal/CMakeLists.txt index 645dddf6..5ef5c97c 100644 --- a/hal/CMakeLists.txt +++ b/hal/CMakeLists.txt @@ -106,18 +106,18 @@ ENDIF(WIN32) #set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fPIC" ) #set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC" ) -if(EXISTS ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-2.6.0) +if(EXISTS ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-2.16) message("Found mbedtls -> can compile with TLS support") set(WITH_MBEDTLS 1) -endif(EXISTS ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-2.6.0) +endif(EXISTS ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-2.16) if(WITH_MBEDTLS) include_directories( ${CMAKE_CURRENT_LIST_DIR}/tls/mbedtls - ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-2.6.0/include + ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-2.16/include ) -file(GLOB tls_SRCS ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-2.6.0/library/*.c) +file(GLOB tls_SRCS ${CMAKE_CURRENT_LIST_DIR}/../third_party/mbedtls/mbedtls-2.16/library/*.c) add_definitions(-DMBEDTLS_CONFIG_FILE="mbedtls_config.h") diff --git a/hal/tls/mbedtls/tls_mbedtls.c b/hal/tls/mbedtls/tls_mbedtls.c index f5b7f6f8..b7b90126 100644 --- a/hal/tls/mbedtls/tls_mbedtls.c +++ b/hal/tls/mbedtls/tls_mbedtls.c @@ -171,7 +171,7 @@ TLSConfiguration_create() mbedtls_ssl_conf_authmode(&(self->conf), MBEDTLS_SSL_VERIFY_REQUIRED); - mbedtls_ssl_conf_renegotiation(&(self->conf), MBEDTLS_SSL_RENEGOTIATION_ENABLED); + mbedtls_ssl_conf_renegotiation(&(self->conf), MBEDTLS_SSL_RENEGOTIATION_DISABLED); /* static int hashes[] = {3,4,5,6,7,8,0}; */ /* mbedtls_ssl_conf_sig_hashes(&(self->conf), hashes); */ diff --git a/third_party/mbedtls/README b/third_party/mbedtls/README index d0948ceb..04597eb4 100644 --- a/third_party/mbedtls/README +++ b/third_party/mbedtls/README @@ -1,6 +1,9 @@ README ------ -For TLS support with mbedtls download the source tarball of version 2.6.0 and extract here in the subfolder +For TLS support with mbedtls download the source tarball of version 2.16.x and extract here in the subfolder + +mbedtls-2.16 + +After extracting of the archive you may have to rename the folder to match the exact name "mbedtls-2.16". Otherwise the build system will not find the library. -mbedtls-2.6.0