Fix review comments

peterharperuk · peterharperuk · commit 92b54c5195f0 · 2025-04-10T12:36:07.000+01:00
diff --git a/pico_w/wifi/dtls/README.md b/pico_w/wifi/dtls/README.md
@@ -1,7 +1,7 @@
 # Setup
 
 These examples demonstrate how to use dtls via mbedtls on a Pico W device.
-You need to define DTLS_SERVER and run the makecerts.sh script to generate the certificates and keys needed for the server and client.
+You need to define DTLS_SERVER and run the `makecerts.sh` script to generate the certificates and keys needed for the server and client.
 ```
 export DTLS_SERVER=myserver
 cd dtls/certs
@@ -12,36 +12,34 @@ The examples should now build.
 # Running the dtls examples
 
 The client connects to a server and sends it a few lines of text which it expects to be sent back.
-
-You can build and run the client and server examples on two Pico W devices. To make testing easier to test with just one Pico W device, you can run the server or client on a Linux host.
-The client.sh and server.sh scripts show how to run the client or server with openssl. The host folder contains source code for a version of the client and server using mbedtls.
+You can build and run the client and server examples on two Pico W devices, or to test with just one Pico W device, you can run the server or client on a Linux host.
 
 ## Using openssl
 
-The host/server.sh and host/client/sh scripts demonstrate how to use DTLS with openssl, although you will have to echo text manually.
-For example, run dtls_echo_client on a Pico W device and the server.sh on a linux PC.
+The `host/server.sh` and `host/client.sh` scripts demonstrate how to use DTLS with openssl, although you will have to echo text manually.
+For example, run dtls_echo_client on a Pico W device and the `server.sh` on a linux host.
 ```
 export DTLS_SERVER=myserver
 cd host
 ./server.sh
 ```
 The scripts use the keys in certs/myserver
 
-Or run dtls_echo_server on a Pico W device and client.sh on a linux PC. The host name for the server on Pico W is set to `pico_dtls_example`"`. Make sure you build the code for the Pico W and run the client with the right DTLS_SERVER name (and matching keys in the client and server) or else the SSL handshake will fail.
+Or run dtls_echo_server on a Pico W device and `client.sh` on a linux host. The host name for the server on Pico W is set to `pico_dtls_example`. Make sure you build the code for the Pico W and run the client with the right DTLS_SERVER name (and matching keys in the client and server) or else the SSL handshake will fail.
 ```
 export DTLS_SERVER=pico_dtls_example
 ping pico_dtls_example # make sure you can reach it!
 cd host
 ./client.sh
 ```
-The scripts use the keys in certs/pico_dtls_example. Type a sentence into the client.sh console and the server should send it back as a reply.
+The scripts use the keys in certs/pico_dtls_example. Type a sentence into the `client.sh` console and the server should send it back as a reply.
 
 ## Using mbedtls
 
 The host folder contains C versions of the examples that can be compiled natively for the host. They are modified versions of mbedtls examples.
-You can build these on a rpi linux device to act as the server or client. The mbedtls library in PICO_SDK_PATH will be used to build the host code.
+If you are building the server or client on a linux host, the mbedtls library in PICO_SDK_PATH will be used to build the code.
 
-For example, run dtls_echo_client on a Pico W device and the dtls_host_echo_server on a linux PC.
+For example, run dtls_echo_client on a Pico W device and the dtls_host_echo_server on a linux host.
 ```
 export DTLS_SERVER=myserver
 cd host
@@ -52,7 +50,7 @@ make -j8
 ./dtls_host_echo_server
 
 ```
-Or run dtls_echo_server on a Pico W device and dtls_host_echo_client on a linux PC.
+Or run dtls_echo_server on a Pico W device and dtls_host_echo_client on a linux host.
 ```
 export DTLS_SERVER=pico_dtls_example
 cd host
@@ -62,4 +60,4 @@ cmake ..
 make -j8
 ./dtls_host_echo_client
 ```
-Remember to build the client and server for the host and Pico W with the correct value of DTLS_SERVER or else the handshake will fail.
+Remember to build the client and server for the linux host and Pico W with the correct value of DTLS_SERVER or else the handshake will fail.
diff --git a/pico_w/wifi/dtls/certs/makecerts.sh b/pico_w/wifi/dtls/certs/makecerts.sh
@@ -1,4 +1,5 @@
 #!/usr/bin/bash
+set -e
 
 if [ "${PWD##*/}" != "certs" ]; then
     echo Run this in the certs folder
@@ -8,6 +9,11 @@ if [ -z "$DTLS_SERVER" ]; then
     echo Define DTLS_SERVER
     exit 1
 fi
+if ! command -v openssl 2>&1 >/dev/null; then
+    echo openssl could not be found
+    exit 1
+fi
+
 SERVER_NAME=$DTLS_SERVER
 
 if [ -d "$SERVER_NAME" ]; then
@@ -30,27 +36,23 @@ openssl x509 -req -in $SERVER_NAME/client.csr -CA $SERVER_NAME/ca.crt -CAkey $SE
 
 echo -n \#define DTLS_ROOT_CERT \" > $SERVER_NAME/dtls_client.inc
 cat $SERVER_NAME/ca.crt | awk '{printf "%s\\n\\\n", $0}' >> $SERVER_NAME/dtls_client.inc
-echo "\"" >> $SERVER_NAME/dtls_client.inc
-echo >> $SERVER_NAME/dtls_client.inc
+echo -e "\"\n" >> $SERVER_NAME/dtls_client.inc
 
 echo -n \#define DTLS_KEY \" >> $SERVER_NAME/dtls_client.inc
 cat $SERVER_NAME/client.key | awk '{printf "%s\\n\\\n", $0}' >> $SERVER_NAME/dtls_client.inc
-echo "\"" >> $SERVER_NAME/dtls_client.inc
-echo >> $SERVER_NAME/dtls_client.inc
+echo -e "\"\n" >> $SERVER_NAME/dtls_client.inc
 
 echo -n \#define DTLS_CERT \" >> $SERVER_NAME/dtls_client.inc
 cat $SERVER_NAME/client.crt | awk '{printf "%s\\n\\\n", $0}' >> $SERVER_NAME/dtls_client.inc
-echo "\"" >> $SERVER_NAME/dtls_client.inc
+echo -e "\"\n" >> $SERVER_NAME/dtls_client.inc
 
 echo -n \#define DTLS_ROOT_CERT \" > $SERVER_NAME/dtls_server.inc
 cat $SERVER_NAME/ca.crt | awk '{printf "%s\\n\\\n", $0}' >> $SERVER_NAME/dtls_server.inc
-echo "\"" >> $SERVER_NAME/dtls_server.inc
-echo >> $SERVER_NAME/dtls_server.inc
+echo -e "\"\n" >> $SERVER_NAME/dtls_server.inc
 
 echo -n \#define DTLS_KEY \" >> $SERVER_NAME/dtls_server.inc
 cat $SERVER_NAME/server.key | awk '{printf "%s\\n\\\n", $0}' >> $SERVER_NAME/dtls_server.inc
-echo "\"" >> $SERVER_NAME/dtls_server.inc
-echo >> $SERVER_NAME/dtls_server.inc
+echo -e "\"\n" >> $SERVER_NAME/dtls_server.inc
 
 echo -n \#define DTLS_CERT \" >> $SERVER_NAME/dtls_server.inc
 cat $SERVER_NAME/server.crt | awk '{printf "%s\\n\\\n", $0}' >> $SERVER_NAME/dtls_server.inc
diff --git a/pico_w/wifi/dtls/dtls_common.c b/pico_w/wifi/dtls/dtls_common.c
@@ -30,7 +30,7 @@ static const uint8_t dtls_cert[] = DTLS_CERT;
 #endif
 
 static void dtls_timer_callback(__unused async_context_t *context, async_at_time_worker_t *worker) {
-    DTLS_DEBUG("pico_mbedtls_timing_worker_callback\n");
+    DTLS_DEBUG("dtls_timer_callback\n");
     dtls_processing((dtls_session_t*)worker->user_data, true);
 }
 
@@ -174,7 +174,11 @@ int dtls_base_init(dtls_base_t *base)
     }
     mbedtls_ssl_conf_ca_chain(&base->conf, base->cert.next, NULL);
     mbedtls_pk_init(&base->pkey);
+#if MBEDTLS_VERSION_MAJOR < 3
     ret = mbedtls_pk_parse_key(&base->pkey, dtls_key, sizeof(dtls_key), NULL, 0);
+#else
+    ret = mbedtls_pk_parse_key(&base->pkey, dtls_key, sizeof(dtls_key), NULL, 0, NULL, NULL);
+#endif
     if (ret != 0) {
         DTLS_ERROR("Failed to parse key");
         return ret;
