I'm trying to use demo to test a connection to a Leshan server using X.509 certified client authentication. I've run the following command:

./output/bin/demo -s cert --server-uri coaps://192.168.56.1:5684 -e test -C output/certs/client.crt.der -K output/certs/client.key.der

but I get the following error:

2019-10-22 10:47:43.403180 DEBUG [security] [/home/vte/Progetti/Anjay/modules/security/src/security_utils.c:64]: Invalid SMS Security Mode
2019-10-22 10:47:43.403457 INFO [security] [/home/vte/Progetti/Anjay/modules/security/src/mod_security.c:169]: Added instance 1 (SSID: 1, URI: coaps://192.168.56.1:5684)
2019-10-22 10:47:43.404269 INFO [server] [/home/vte/Progetti/Anjay/modules/server/src/mod_server.c:117]: Added instance 1 (SSID: 1)
2019-10-22 10:47:43.404841 INFO [demo] [/home/vte/Progetti/Anjay/demo/demo.c:616]: *** ANJAY DEMO STARTUP FINISHED ***
2019-10-22 10:47:43.405111 WARNING [fw_update] [/home/vte/Progetti/Anjay/modules/fw_update/src/fw_update.c:891]: Firmware Update Result change to 0 not allowed in State 0
2019-10-22 10:47:43.409705 INFO [anjay] [/home/vte/Progetti/Anjay/src/servers/reload.c:165]: servers reloaded
2019-10-22 10:47:43.411625 DEBUG [anjay] [/home/vte/Progetti/Anjay/src/servers/connection_udp.c:164]: server /0/1: UDP security mode = 2
2019-10-22 10:47:43.412816 DEBUG [avs_net] [/home/vte/Progetti/Anjay/avs_commons/git/net/src/mbedtls/mbedtls.c:814]: Server authentication disabled
2019-10-22 10:47:43.413558 DEBUG [avs_net] [/home/vte/Progetti/Anjay/avs_commons/git/net/compat/posix/compat_addrinfo.c:220]: getaddrinfo() error: Address family for hostname not supported; family == (avs_net_af_t) 2
2019-10-22 10:47:43.414281 WARNING [avs_net] [/home/vte/Progetti/Anjay/avs_commons/git/net/src/mbedtls/mbedtls.c:561]: Could not restore session; performing full handshake
2019-10-22 10:47:43.416854 ERROR [avs_net] [/home/vte/Progetti/Anjay/avs_commons/git/net/src/mbedtls/mbedtls.c:598]: handshake failed: -30208
2019-10-22 10:47:43.418440 ERROR [anjay] [/home/vte/Progetti/Anjay/src/servers/connection_udp.c:342]: could not connect to 192.168.56.1:5684
2019-10-22 10:47:43.418902 DEBUG [anjay] [/home/vte/Progetti/Anjay/src/servers/activate.c:55]: Non-Bootstrap Server 1: not reachable.

Error code -30208 corresponds to error mbedtls MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED . I then tried to change the private key parameter by specifying client.key instead of client.key.der.

In this case the error is:

2019-10-22 10:50:04.784528 DEBUG [security] [/home/vte/Progetti/Anjay/modules/security/src/security_utils.c:64]: Invalid SMS Security Mode
2019-10-22 10:50:04.784823 INFO [security] [/home/vte/Progetti/Anjay/modules/security/src/mod_security.c:169]: Added instance 1 (SSID: 1, URI: coaps://192.168.56.1:5684)
2019-10-22 10:50:04.785614 INFO [server] [/home/vte/Progetti/Anjay/modules/server/src/mod_server.c:117]: Added instance 1 (SSID: 1)
2019-10-22 10:50:04.786022 INFO [demo] [/home/vte/Progetti/Anjay/demo/demo.c:616]: *** ANJAY DEMO STARTUP FINISHED ***
2019-10-22 10:50:04.786259 WARNING [fw_update] [/home/vte/Progetti/Anjay/modules/fw_update/src/fw_update.c:891]: Firmware Update Result change to 0 not allowed in State 0
2019-10-22 10:50:04.790632 INFO [anjay] [/home/vte/Progetti/Anjay/src/servers/reload.c:165]: servers reloaded
2019-10-22 10:50:04.792926 WARNING [anjay] [/home/vte/Progetti/Anjay/src/servers/connection_udp.c:136]: read /0/1/5 failed
2019-10-22 10:50:04.794119 DEBUG [anjay] [/home/vte/Progetti/Anjay/src/servers/connections.c:211]: could not get UDP connection info for server /0/1
2019-10-22 10:50:04.795000 DEBUG [anjay] [/home/vte/Progetti/Anjay/src/servers/activate.c:55]: Non-Bootstrap Server 1: not reachable.

Can anyone tell me what I'm doing wrong?

Thank you

Strange. We can't reproduce this issue. What mbedTLS version are you currently using? Could you also provide PCAP dump from client <-> server communication?