My team and I have recently gotten the photon to work as a client using mbedtls. It properly goes through the entire handshake and establishes a connection with our server which is using openssl. However, we also want to enable the photon to work as a server that other photons can connect to and still establish an ssl connection. While looking through the mbed config, we noticed that many of the functions required to do this are in a module that currently only works on Unix and (maybe) Windows. In any case, it is not supported on the Photon. Has anyone already gone through the task of writing their own network callbacks to enable ssl on the server side? If not, can anyone point me in the right direction as to where I should start with that whole process. (Or even if there’s an easier way to do it that I’m not thinking of)
There are a couple porting efforts of a couple SSL libraries. The main effort has been put into the client side. My suggestion is to try and port the webduino library to use one of the SSL libraries. Instead of using the TCPClient object, you would use the SSL object which would handle the SSL/TLS on top of the TCPClient object.
The closest to this goal is potentially porting the wolfssl client to a server. My take is that these callbacks:
int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx); int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
wired into the webduino library should then turn that server into a secure web server.
This could also be done with any of the SSL/TLS libraries. They all seem to use the same technique by using function callbacks to provide read and write services back to the native network object: TCPClient