debugging EAP-TLS on Wiced 3.7.0-3, server-hello failing

Raktim Roy wrote: Hello John, We were not able to recreate the issue here when we are using ThreadX RTOS.  Eventually, the issue was found out to be RTOS specific where an enum was differently optimized

Can you explain a bit about why it is RTOS specific.

Does it work for FreeRTOS?

Since WICED claims to support both ThreadX and FreeRTOS, please make sure it works for both RTOS.

The RTOS John used was GreenHills RTOS which was optimizing an enum differently. After fixing that enum issue, we were able to see the server hello in Wireshark log. It should work fine with FreeRTOS and LwIP combination.

Do you have a standard test procedure to test EAP-TLS/PEAP?

I mean using console join_ent command, is there anything you need to modify to test EAP-TLS/PEAP?

I am trying to list out a basic outline of the procedure.

1. Put the certificates in Wiced-SDK\libraries\utilities\command_console\wifi\certificate.h.
2. In n "command_console_wifi.c" file mention proper eap_identity based on the user which was configured in back-end servers in function "join_ent " please change eap_identity appropriately.
3. Modify the following tunables in console.mk file

        ifeq ($(PLATFORM),$(filter $(PLATFORM), BCM943364WCD1 BCM94343WWCD1 BCM94343WWCD2 BCM943438WCD1))

        GLOBAL_DEFINES += TX_PACKET_POOL_SIZE=10 \

        RX_PACKET_POOL_SIZE=10 \

        WICED_TCP_TX_DEPTH_QUEUE=13 \

        TCP_WINDOW_SIZE=131072

Hi rroy

When I test PEAP using ubuntu linux desktop, it has an option to connect enterprise AP without "CA".

i.e. I can connect without setting any ca/cert/key when using PEAP.

Is it fine to test PEAP without updating Wiced-SDK\libraries\utilities\command_console\wifi\certificate.h?

The changes for TX_PACKET_POOL_SIZ/RX_PACKET_POOL_SIZE/WICED_TCP_TX_DEPTH_QUEUE/TCP_WINDOW_SIZE is very strange. That changes means it takes more memory for the network stack.

Does that mean it won't work if using default settings on 4343W/43438 platforms?

Raktim Roy wrote: I am trying to list out a basic outline of the procedure. Put the certificates in Wiced-SDK\libraries\utilities\command_console\wifi\certificate.h.

It seems does not make sense to hardcoded the certificate/key in

libraries\utilities\command_console\wifi\certificate.h because it needs to be user configurable.

But...

Consider your users want to enable EAP-TLS enterprise security.

It needs to allow users to update rootCA/certificate/key.

And if the user want to connect AWS-IoT, it needs another set of

rootCA/certificate/key which also needs to be user updatable.

Then it will run out of DCT space soon because rootCA/certificate/key

are quite big.