zephyr: mbedlts improvements

[casaroli]

Add some improvements to make secure coap work on Zephyr 4.3.0 with mbedtls (not using Zephyr TLS protocol options).

west build -p always -b pico_plus2/rp2350b/m33/w libcoap/examples/zephyr/client-src --extra-conf libcoap-mbedtls.conf

[mrdeep1]

Thanks for raising and working on this.

Fixing the pre-commit required changes should fix the the CI pre-commit, documentation and distribution builds.

In terms of the zephyr build, I would prefer that the generic MbedTLS (and WolfSSL) library setup configuration files were kept within the libcoap/zephyr directory for anyone to easily use rather then being in the libcoap/examples/zephyr directory.

[casaroli]

Thank you for you comments.

I would prefer that the generic MbedTLS (and WolfSSL) library setup configuration files were kept within the libcoap/zephyr directory for anyone to easily use rather then being in the libcoap/examples/zephyr directory

You mean the libcoap_mbedtls.conf? I moved it to the example directory because I believe this is "application configuration". I.e. if the application developer includes the libcoap_mbedtls.conf, then the application will have different build time configuration (include coaps support, mbedtls, etc).

In zephyr, the extra configuration file it is usually used (in other examples) as

build -p always -b <board> libcoap/examples/zephyr/client-src --extra-conf libcoap_mbedtls.conf

the config file is relative to the application directory. So I thought it was good idea to move it there, to simplify the west command on a standard Zephyr build.

What do you think?

I guess we could still move the file to zephyr and pass --extra-conf ../../../zephyr/libcoap_mbedtls to west if you like it better.

Or we could just enable mbedtls by default in Zephyr (i.e. move the stuff in libcoap_mbedtls.conf to prj.conf and push for a more secure world 😅

Or just keep it like I suggested so we can simplify the west command and harmonize with how usually application extra configs are handled in examples.

Whatever you prefer, I can update the documentation to match.

[casaroli]

I have applied the pre-commit and fixed the Makefile.

[casaroli]

Ok this one is tricky. Zephyr mbedtls does not expose mbedtls_version_get_number. We can work around this by setting some dummy number here or wait for Zephyr to merge a PR to make it expose that function.

What do you think?

[mrdeep1]

Zephyr mbedtls does not expose mbedtls_version_get_number()

Actually it does if MBEDTLS_VERSION_C is defined. This was one of the reasons for having zephyr/config-mbedtls-libcoap.h in the zephyr/ directory which you have deleted as it defines all the needed MBedTLS definitions to allow libcoap to work based on how MBedTLS is configured (via Kconfig and prj.conf).

That said, I am not a Zephyr expert and there may be better ways to do things.

[casaroli]

Lets try this first: zephyrproject-rtos/zephyr#99923

Please, bear with me on this 😅

Thank you for your time.

[mrdeep1]

Lets try this first: zephyrproject-rtos/zephyr#99923

The challenge here is that we can currently build for MBedTLS, but builds will fail if someone is using a release version of Zephyr that does not include this fix.

[casaroli]

can we just set this value as unknown if zephyr version is too low?

what is the earliest zephyr version you want to support?

[mrdeep1]

what is the earliest zephyr version you want to support?

Certainly base 4.3.0 version, and ideally a couple of versions earlier.