• saurabh.s9's avatar
    Security error notification engine · ad1f7db6
    saurabh.s9 authored
    Purpose:
    Errors happens during OCDoResource calls should be returned to app layer
    
    Previously, session errors (handshake failed) didn't returned properly to app layer
    and this cause side effects (CA retransmission works in cases when it should not)
    
    Current state:
    1. Source code builds ok
    2. Secure stack samples (UDP/TCP) works well (both positive/negative cases)
    3. Provisioning (OTM, 20th menu item) works well for following:
       a. justworks    positive UDP/TCP, negative UDP case
       b. mfg          positive UDP/TCP, negative UDP case
       c. mv_justworks positive UDP/TCP, negative UDP case
       d. randompin    positive UDP/TCP, negative UDP case
    4. OTM in provisioning via TCP - negative case - should work properly after fix IOT-2454
    
    How to test:
    1. Positive case - just test samples (f.e secure stack samples) & provisioning with all servers
    2. Negative case - add following code which artificially breaks handshake (to ca_adapter_net_ssl.c)
       if (peer->ssl.state == MBEDTLS_SSL_CERTIFICATE_REQUEST)
       {
           ret = MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR;
       }
       And again test all samples and provisioning with all servers.
       As result - you should see an error returned to app immidiately (without timeouts, etc)
       and there should be no CA retransmission attempts (UDP case)
    
    Change-Id: Ia1fe1c7c58f9e40040a0be5e7e83abbc66f80bfe
    Signed-off-by: default avatarAndrii Shtompel <a.shtompel@samsung.com>
    Signed-off-by: default avatarsaurabh.s9 <saurabh.s9@samsung.com>
    ad1f7db6
ca_adapter_net_ssl.c 89.3 KB