8 Replies Latest reply on Nov 3, 2019 2:53 AM by ChMa_3922746

    Can Root CA be Selectively Applied to TLS Instance? (CYW943907AEVAL1F)


      I have a few TLS services running on the WICED device, such as:

      • HTTPS server
      • HTTPS client
      • TLS to support SMTP email


      I would like to enable mutual authentication on the HTTPS server only.  When I call wiced_tls_init_root_ca_certificates(), then client authentication is enabled for all TLS activities -- something that is very undesirable as you can imagine.


      I am using wiced_https_server_start() to start the HTTPS server.  However, there is no mechanism that I can find that would enable client authentication to be applied only to the server.  I see a function wiced_tls_set_context_root_ca_certificates() in wiced_tls.c that looks interesting, but it requires a wiced_tls_context_t


      A connection between the high level start function and lower functions in ssl_tls.c appears to be missing to help me out.  I could use a TCP port number as a criteria in ssl_tls.c to enable/disable client authentication, but those functions only care about an mbedtls_ssl_context which lacks basic port numbers.


      I wonder if anyone has tried something like this?