I have the same question. Specifically when the WICED device is acting as the server.
In the snip/https_server example code, I see that an 'identity' is passed to the wiced_https_server_start() call which contains the device certificate programmed into the DCT. It seems to lack, however, a means of specifying the client credentials (i.e. the client's root CA) when mutual authentication is desired.
2 of 2 people found this helpful
Yes. We have support of mutual authentication for both client and server. you can refer snip/https_server in 3.7.0 latest SDK.
There are two APIs needed to enable mutual authentication.
wiced_tls_init_identity( &tls_identity, dct_security->private_key, strlen( dct_security->private_key ), (uint8_t*) dct_security->certificate, strlen( dct_security->certificate ) );
-> This API will load server certificate and server key which is already stored in DCT.
wiced_tls_init_root_ca_certificates( httpbin_root_ca_certificate, strlen(httpbin_root_ca_certificate) );
-> You also need to load root certificate which will be used to verify client certificate.