Iยดm trying to connect a mbed os client with DTLS to a Leshan. First I used to connect to the ARM connector with their credentials and it worked properly. The next thing I tried was a setup with a local leshan with the PSK ciphersuite, but i could not get it working. So i switched to the Certificate ciphersuite, where I got it running one time, but they only exchanged one package each. Since then I`m stuck on the 6th flight (client sends "ChangeCipherSpec" and "Encrypted Handshake Message") and the server gets back to the 4th flight ("Server Hello" ... "..Done"
).
"No.","Time","Source","Destination","Protocol","Length","Info"
"1","0.000000","Client"----->"Server","DTLSv1.0","181","Client Hello"
"2","0.225764","Server"<-----"Client","DTLSv1.2","122","Hello Verify Request"
"3","0.297524","Client"----->"Server","DTLSv1.0","213","Client Hello"
"4","0.506469","Server"<-----"Client","DTLSv1.2","1225","Server Hello, Certificate"
"5","0.510098","Server"<-----"Client","DTLSv1.2","415","Server Key Exchange, Certificate Request, Server Hello Done"
"6","1.534889","Server"<-----"Client","DTLSv1.2","1225","Server Hello, Certificate"
"7","1.538469","Server"<-----"Client","DTLSv1.2","415","Server Key Exchange, Certificate Request, Server Hello Done"
"8","3.639545","Server"<-----"Client","DTLSv1.2","1225","Server Hello, Certificate"
"9","3.642932","Server"<-----"Client","DTLSv1.2","415","Server Key Exchange, Certificate Request, Server Hello Done"
"10","3.723168","Client"----->"Server","DTLSv1.2","592","Certificate"
"11","6.530284","Client"----->"Server","DTLSv1.2","185","Client Key Exchange"
"12","7.352226","Client"----->"Server","DTLSv1.2","162","Certificate Verify"
"13","7.356961","Client"----->"Server","DTLSv1.2","76","Change Cipher Spec"
"14","7.381765","Client"----->"Server","DTLSv1.2","115","Encrypted Handshake Message"
"15","7.544108","Client"----->"Server","DTLSv1.2","592","Certificate"
"16","7.548869","Client"----->"Server","DTLSv1.2","185","Client Key Exchange"
"17","7.553294","Client"----->"Server","DTLSv1.2","162","Certificate Verify"
"18","7.558359","Client"----->"Server","DTLSv1.2","76","Change Cipher Spec"
"19","7.562992","Client"----->"Server","DTLSv1.2","115","Encrypted Handshake Message"
"20","7.782404","Server"<-----"Client","DTLSv1.2","1225","Server Hello, Certificate" // !!!!
"21","7.786347","Server"<-----"Client","DTLSv1.2","415","Server Key Exchange, Certificate Request, Server Hello Done"
"22","7.997052","Server"<-----"Client","DTLSv1.2","129","Change Cipher Spec, Encrypted Handshake Message"
"23","10.139419","Client"----->"Server","DTLSv1.2","592","Certificate"
"24","10.144136","Client"----->"Server","DTLSv1.2","185","Client Key Exchange"
"25","10.149045","Client"----->"Server","DTLSv1.2","162","Certificate Verify"
"26","10.153632","Client"----->"Server","DTLSv1.2","76","Change Cipher Spec"
"27","10.158366","Client"----->"Server","DTLSv1.2","115","Encrypted Handshake Message"
#!/bin/bash
KEY_STORE=keyStore.jks
KEY_STORE_PWD=endPass
TRUST_STORE=trustStore.jks
TRUST_STORE_PWD=rootPass
VALIDITY=365
echo "creating root key and certificate..."
keytool -genkeypair -alias root -keyalg EC -dname 'C=CA,L=Ottawa,O=Eclipse IoT,OU=Californium,CN=cf-root' \
-ext BC=ca:true -validity $VALIDITY -keypass $TRUST_STORE_PWD -keystore $TRUST_STORE -storepass $TRUST_STORE_PWD
echo "creating CA key and certificate..."
keytool -genkeypair -alias ca -keyalg EC -dname 'C=CA,L=Ottawa,O=Eclipse IoT,OU=Californium,CN=cf-ca' \
-ext BC=ca:true -validity $VALIDITY -keypass $TRUST_STORE_PWD -keystore $TRUST_STORE -storepass $TRUST_STORE_PWD
keytool -keystore $TRUST_STORE -storepass $TRUST_STORE_PWD -certreq -alias ca | \
keytool -keystore $TRUST_STORE -storepass $TRUST_STORE_PWD -alias root -gencert -validity $VALIDITY -ext BC=0 -rfc | \
keytool -alias ca -importcert -keystore $TRUST_STORE -storepass $TRUST_STORE_PWD
echo "creating server key and certificate..."
keytool -genkeypair -alias server -keyalg EC -dname 'C=CA,L=Ottawa,O=Eclipse IoT,OU=Californium,CN=cf-server' \
-validity $VALIDITY -keypass $KEY_STORE_PWD -keystore $KEY_STORE -storepass $KEY_STORE_PWD
keytool -keystore $KEY_STORE -storepass endPass -certreq -alias server | \
keytool -keystore $TRUST_STORE -storepass $TRUST_STORE_PWD -alias ca -gencert -validity $VALIDITY -rfc > server.pem
keytool -alias server -importcert -keystore $KEY_STORE -storepass $KEY_STORE_PWD -trustcacerts -file server.pem
echo "creating client key and certificate..."
keytool -genkeypair -alias client -keyalg EC -dname 'C=CA,L=Ottawa,O=Eclipse IoT,OU=Californium,CN=cf-client' \
-validity $VALIDITY -keypass $KEY_STORE_PWD -keystore $KEY_STORE -storepass $KEY_STORE_PWD
keytool -keystore $KEY_STORE -storepass $KEY_STORE_PWD -certreq -alias client | \
keytool -keystore $TRUST_STORE -storepass $TRUST_STORE_PWD -alias ca -gencert -validity $VALIDITY -rfc > client.pem
keytool -alias client -importcert -keystore $KEY_STORE -storepass $KEY_STORE_PWD -trustcacerts -file client.pem