Hi Chris
I Understand. Thank you very much for your explanation. I was guessing similar.
After defined FP_MAX_BITS >= 8192 it works.
Maybe you could mention it in the API doc's somewhere, ie at wolfSSL_CTX_set_verify() and/or in the INSTALL?
Another question... just for understanding:
If i understand it right, wolfSSLv23_client_method() is meant connecting to a SSL/TLS server with the highest possible SSL/TLS protocol, beginning from TLSv1.2 down to TLSv1.1 -> TLSv1 -> SSLv3
I noticed that if a SSL/TLS Server supports (only) SSLv3 and TLSv1 but not TLSv1.1/TLSv1.2 the connect will failed if using wolfSSLv23_client_method(), but will work only when using wolfTLSv1_client_method() or wolfSSLv3_client_method()
For example cacert.org (Supports SSLv3 and/or TLSv1, but not TLSv1.1/TLSv1.2):
using wolfSSLv23_client_method()
./examples/client/client -h www.cacert.org -p 443 -d
err = -226, record layer version error
yassl error: SSL_connect failed
using wolfSSLv3_client_method():
./examples/client/client -h www.cacert.org -p 443 -d -v 0
SSL version is SSLv3
using wolfTLSv1_client_method():
./examples/client/client -h www.cacert.org -p 443 -d -v 1
SSL version is TLSv1
While on a SSLv3, TLSv1, TLSv1.1, TLSv1.2 capable server, like google.com, wolfSSLv23_client_method() works fine, ie:
./examples/client/client -h google.com -p 443 -d
SSL version is TLSv1.2
So my question is, is there maybe a bug in wolfSSLv23_client_method() or is wolfSSLv23_client_method() meant only for SSLv3/TLSv1 servers, using the highest possible SSL/TLS version?
Thank you for your time.
Greetings
Hans-Jürgen