6 Replies Latest reply on Oct 8, 2019 12:00 AM by AxLi_1746341

    Can Root CA be Selectively Applied to TLS Instance? (CYW943907AEVAL1F)

    ChMa_3922746

      I have a few TLS services running on the WICED device, such as:

      • HTTPS server
      • HTTPS client
      • TLS to support SMTP email

       

      I would like to enable mutual authentication on the HTTPS server only.  When I call wiced_tls_init_root_ca_certificates(), then client authentication is enabled for all TLS activities -- something that is very undesirable as you can imagine.

       

      I am using wiced_https_server_start() to start the HTTPS server.  However, there is no mechanism that I can find that would enable client authentication to be applied only to the server.  I see a function wiced_tls_set_context_root_ca_certificates() in wiced_tls.c that looks interesting, but it requires a wiced_tls_context_t

       

      A connection between the high level start function and lower functions in ssl_tls.c appears to be missing to help me out.  I could use a TCP port number as a criteria in ssl_tls.c to enable/disable client authentication, but those functions only care about an mbedtls_ssl_context which lacks basic port numbers.

       

      I wonder if anyone has tried something like this?

       

      Thanks!