1 (edited by bp787 2024-07-02 11:11:22)

Topic: help with DTLS and loading PFX/p12 certs with 5.7

Hello.  I am new to WolfSSL.  I am currently writing a c++ client using 5.7 on redhat linux.  I have built/installed the rpm enabling pkcs12, all dtls variants, etc...  I have to use DTLS v1.0 and use a PFX certificate.   I have built/installed the rpm enabling pkcs12, all dtls variants, etc...

Looking at the github examples, specifically client-tls-pkcs12.c and client-dtls.c, I'm having issues with some of the functions. Specifically, wolfSSL_CTX_use_PrivateKey() and wolfSSL_CTX_use_certificate().  While I can view these functions in the header, I still get undefined references when compiling.  I realize, in the example, this was indicated as optional if mutual auth is needed. I'm currently unsure if that's the case, but I believe it is. 

Is the example out of date or am I missing something?


edit:  I did a little more digging and added --enable-psdbased --enable-des3 --enable-keygen --enable-certgen --enable-opensslextra and --enable-arc4.  This seems to have gotten me around the undefined reference issue.  However, i'm still SUPER unclear if this is the correct way to go about it or if there's a better/cleaner route.  Thanks!

Share

Re: help with DTLS and loading PFX/p12 certs with 5.7

Hi bp787

Thanks for joining the wolfSSL forums. I'm glad to hear that you were able to resolve the build issues.

> However, i'm still SUPER unclear if this is the correct way to go about it or if there's a better/cleaner route

I would say use the client-tls-pkcs12 example as a base and change it to DTLS. Then you should be able to test connecting to the wolfSSL example server, using the -u option to specify DTLS.

Could you tell us more about your project using wolfSSL? Feel free to email support@wolfssl.com for a more private discussion.

Thanks,
Eric - wolfSSL Support

Re: help with DTLS and loading PFX/p12 certs with 5.7

I was ALMOST doing everything correct.

I had to add flags to enable WOLFSSL_STATIC_RSA during compile of wolfssl and had to use wolfSSL_CTX_set_verify(TLS_Cli_Ctx, WOLFSSL_VERIFY_NONE, 0) for this particular use case.

Thanks!

Share