It’s time to deal with mbedTLS again. This time from a different angle. Rather than use the lwIP/mbedTLS integration using application layered TCP (altcp_* functions), maybe I can use mbedTLS functions backed by lwIP sockets. We’ll see.

First, let’s get mbedTLS to build, but this time using the latest release should be fine (hopefully).

~ $ git clone https://github.com/Mbed-TLS/mbedtls.git
Cloning into 'mbedtls'...
remote: Enumerating objects: 195636, done.
remote: Counting objects: 100% (9/9), done.
remote: Compressing objects: 100% (9/9), done.
remote: Total 195636 (delta 1), reused 1 (delta 0), pack-reused 195627
Receiving objects: 100% (195636/195636), 96.94 MiB | 2.64 MiB/s, done.
Resolving deltas: 100% (151694/151694), done.
~ $ cd mbedtls/
~/mbedtls $ git switch --detach v3.3.0
HEAD is now at 8c8922499 Merge pull request #985 from Mbed-TLS/mbedtls-3.3.0rc2-pr

Then:

~/mbedtls $ mkdir build
~/mbedtls/build $ cmake -DCMAKE_C_COMPILER_WORKS=1 -DCMAKE_C_COMPILER:FILEPATH=/usr/bin/arm-none-eabi-gcc -DENABLE_TESTING=Off -DENABLE_PROGRAMS=Off -DCMAKE_C_FLAGS='-DMBEDTLS_USER_CONFIG_FILE=\"<path>/mbedtls-config-changes.h\"' ..

This creates the file build/cmake/MbedTLSConfig.cmake. Then in CMakeLists.txt of the project:

set(MbedTLS_DIR "<path>/mbedtls/build/cmake")
find_package(MbedTLS)

target_link_libraries(<project>
        MbedTLS::mbedtls
        MbedTLS::mbedcrypto
        MbedTLS::mbedx509)

At this point I must stop. The TL;DR is that it didn’t work for me. Calling psa_crypto_init crashed immediately, and I could not make it work. The stack trace was useless, and increasing the stack size didn’t make a difference.

I then ditched C completely and tried to at least get MQTT to work with MicroPython, but the stuff that I needed wasn’t implemented (client certificates). AWS does allow another option, which also didn’t work (signing a token and sending it with the username). In short, this was not working.

The point is that sometimes things don’t work. That doesn’t mean that there’s no way to make them work, but hitting dead-ends is part of the process. And with this in mind, let’s move on.