#include "cainterface.h"
#include "base64.h"
#include "cJSON.h"
+#include "global.h"
#include "srmresourcestrings.h"
#include "doxmresource.h"
CAEndpoint_t* endpoint = (CAEndpoint_t *)&otmCtx->selectedDeviceInfo->endpoint;
endpoint->port = otmCtx->selectedDeviceInfo->securePort;
- CAResult_t closeRes = CACloseDtlsSession(endpoint);
- if(CA_STATUS_OK != closeRes)
+ CAResult_t caResult = CACloseDtlsSession(endpoint);
+ if(CA_STATUS_OK != caResult)
{
OC_LOG(ERROR, TAG, "Failed to close DTLS session");
- SetResult(otmCtx, closeRes);
+ SetResult(otmCtx, caResult);
+ return OC_STACK_DELETE_TRANSACTION;
+ }
+
+ /**
+ * If we select NULL cipher,
+ * client will select appropriate cipher suite according to server's cipher-suite list.
+ */
+ caResult = CASelectCipherSuite(TLS_NULL_WITH_NULL_NULL);
+ if(CA_STATUS_OK != caResult)
+ {
+ OC_LOG(ERROR, TAG, "Failed to select TLS_NULL_WITH_NULL_NULL");
+ SetResult(otmCtx, caResult);
return OC_STACK_DELETE_TRANSACTION;
}
}
OC_LOG(INFO, TAG, "Anonymous cipher suite Enabled.");
+ caresult = CASelectCipherSuite(TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256);
+ if (CA_STATUS_OK != caresult)
+ {
+ OC_LOG_V(ERROR, TAG, "Failed to select TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256");
+ caresult = CAEnableAnonECDHCipherSuite(false);
+ if (CA_STATUS_OK != caresult)
+ {
+ OC_LOG_V(ERROR, TAG, "Unable to enable anon cipher suite");
+ }
+ else
+ {
+ OC_LOG(INFO, TAG, "Anonymous cipher suite Disabled.");
+ }
+ return OC_STACK_ERROR;
+ }
+ OC_LOG(INFO, TAG, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA_256 cipher suite selected.");
+
OCProvisionDev_t* selDevInfo = otmCtx->selectedDeviceInfo;
CAEndpoint_t *endpoint = (CAEndpoint_t *)OICCalloc(1, sizeof (CAEndpoint_t));
if(NULL == endpoint)
return OC_STACK_INVALID_PARAM;
}
+ CAResult_t caresult = CAEnableAnonECDHCipherSuite(false);
+ if (CA_STATUS_OK != caresult)
+ {
+ OC_LOG_V(ERROR, TAG, "Unable to disable anon cipher suite");
+ return OC_STACK_ERROR;
+ }
+ OC_LOG(INFO, TAG, "Anonymous cipher suite disabled.");
+
+ caresult = CASelectCipherSuite(TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256);
+ if (CA_STATUS_OK != caresult)
+ {
+ OC_LOG_V(ERROR, TAG, "Failed to select TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256");
+ return OC_STACK_ERROR;
+ }
+ OC_LOG(INFO, TAG, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA_256 cipher suite selected.");
+
+
OCProvisionDev_t* selDevInfo = otmCtx->selectedDeviceInfo;
CAEndpoint_t *endpoint = (CAEndpoint_t *)OICCalloc(1, sizeof (CAEndpoint_t));
if(NULL == endpoint)
}
memcpy(endpoint,&selDevInfo->endpoint,sizeof(CAEndpoint_t));
endpoint->port = selDevInfo->securePort;
- CAResult_t caresult = CAInitiateHandshake(endpoint);
+ caresult = CAInitiateHandshake(endpoint);
OICFree(endpoint);
if (CA_STATUS_OK != caresult)
{