You are not logged in. Please login or register.
Active topics Unanswered topics
Welcome to the wolfSSL Forums!
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
References
Stable Releases - download stable product releases.
Development Branch - latest development branch on GitHub.
wolfSSL Manual - wolfSSL (formerly CyaSSL) product manual and API reference.
Search options (Page 10 of 14)
Hello beaveryoga,
Thanks for joining the forums. This functionality was added to enable openSSL compatibility. It looks like the proper API is `wolfSSL_CTX_set_tlsext_servername_callback`, which is nearly identical to `wolfSSL_CTX_set_servername_callback`.
I could not find any openSSL examples of using `SSL_CTX_set_servername_callback`. I'll check with the n team to see if there is more info to share.
Thanks,
Eric @ wolfSSL Support
Hi Davide,
wolfMQTT is mostly platform agnostic C code, unless your platform is using non-POSIX APIs, in which case you will have to override calls like send, recv, etc. wolfMQTT should compile on any platform.
wolfMQTT does not currently have .NET bindings. If compiled as a C++ application, there should be no restrictions on your VC++ library version.
Does your application call `wolfSSL_check_domain_name`? Verifying the common name in the cert is fine, but not necessary if you also have a trusted CA that signed the server's certificate.
Hi Mohannad,
Looks like you are building a shared library. Please try building as a static lib:
`./configure --enable-static --disable-shared`
Thanks,
Eric @ wolfSSL Support
Hello a7v7
Could you please send an email referencing this issue to support@wolfssl.com ?
Kind regards,
Eric @ wolfSSL Support
Hi hablutzel1
Thanks for sending your request to support@wolfssl.com.
Hi @hablutzel1
Thanks for joining the forum. Would you please send an email to support@wolfssl.com referencing this post? We'd like to get some more information about the issue you are seeing.
Thanks,
Eric @ wolfSSL Support
Hi Gil,
Are you using a pre-shared key cert or public key for the authentication? You could use a CA that signs any new broker's cert to allow the clients to verify the new broker's cert.
Thanks,
Eric @ wolfSSL Support
Okay, there is some issue with filesystem access from the wolfSSL test scripts in MSYS. I can get around it with
#define USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_4096
#define NO_WRITE_TEMP_FILES
...added to options.h (or added as CFLAGS during configure).
That allows testsuite.test.exe to pass, but there is a similar issue with unit.test
I can reproduce the issue on my MSYS2 install. I'll let you know what I find out.
Thanks,
Eric
Thanks for that. By chance do you have any folder names with spaces in the path to the the wolfssl install? MSYS can be finicky with absolute paths.
I don't see the attachment. Is it the same error?
Hi a7v7
Are you in the root wolfssl directory when trying to execute the test script? Could you try "make check" and report the results?
The latest version of wolfSSL is v4.8.1 and is available from https://github.com/wolfSSL/wolfssl
Thanks,
Eric @ wolfSSL Support
Hi Kelvin,
Thanks for this additional report. I had to switch over to the HiveMQ broker to reproduce this issue because the Mosquitto broker apparently does not send the reason code with QoS 2 PUBREC response (but it does send it with PUBACK).
I've posted a patch here:
https://github.com/wolfSSL/wolfMQTT/pull/224
It does not fully address your concern about reporting the PUBREC reason code, but I have added that as a feature request.
Thanks,
Eric
Thanks for your suggestions. I've created a fix for the puback issue, as well as other packet types that make use of reason codes. https://github.com/wolfSSL/wolfMQTT/pull/220
Looking forward to your feedback!
Thanks,
Eric @ wolfSSL Support
Hello Kelvin,
I was able to reproduce this issue with a local instance of the mosquitto broker, also. I'll post a fix as soon as it is available.
Thanks,
Eric @ wolfSSL Support
It will be handled automatically only as part of TLS handshake key exchange. If you are building keys, the size will need to be set manually.
Hello Georg,
We do not have support for that specific openSSL API. We do handle setting the DH key size automatically during the key exchange:
src/internal.c :: GetDhPublicKey
#ifdef HAVE_FFDHE
switch (ssl->options.dhKeySz) {
#ifdef HAVE_FFDHE_2048
case 2048/8:
params = wc_Dh_ffdhe2048_Get();
group = WOLFSSL_FFDHE_2048;
break;
#endif
.
.
.
If you are interested in opening a feature request for `SSL_CTX_set_dh_auto` in wolfSSL, please send an email to support@wolfssl.com
Thanks,
Eric @wolfSSL Support
Hi rlev,
Are you setting `mqttPublish.total_len` to the return value of snprintf?
Try checking in the application that the expected length is equal to the value of `mqttPublish.total_len` before calling `MqttClient_Publish`.
https://github.com/Microchip-MPLAB-Harm … ask.c#L480
The MCH example uses strlen to set the payload length, so if your application is sending JSON data, it's possible that some NULL is causing an invalid length calculation.
Thanks,
Eric @ wolfSSL Support
Hello sapi01,
You'll want to build the library with the option "WOLFSSL_ALT_CERT_CHAINS".
src/internal.c
* WOLFSSL_ALT_CERT_CHAINS:
* Allows CA's to be presented by peer, but not part of a valid chain.
* Default wolfSSL behavior is to require validation of all presented peer
* certificates. This also allows loading intermediate CA's as trusted
* and ignoring no signer failures for CA's up the chain to root.
Thanks,
Eric @ wolfSSL Support
Hello AkhiG,
The error message "Not ECDSA cert signature" indicates that the signature check failed on the cert that was being verified. This could happen from a driver issue, a buffer overrun, etc.
Are you able to capture the packets with wireshark when the failure occurs?
Thanks,
Eric @ wolfSSL Support
Hi n_jusic,
I'm not finding much. Here is a mystery post on the openssl forum:
http://openssl.6102.n7.nabble.com/RAND- … 78233.html
You can also implement your own random function and use it to seed wolfSSL.
https://github.com/wolfSSL/wolfssl/blob … main.c#L71
Thanks,
Eric @ wolfSSL Support
Hello ss2009ahnu,
Is this using the wolfCrypt test?
https://github.com/wolfSSL/wolfssl/tree … crypt/test
Could you please post the output from running the test?
Thanks,
Eric @ wolfSSL Support
Hello,
The server uses a callback to set up a session ticket, which will then be sent to the client (if requested using `wolfssl_CTX_UseSessionTicket` API, which is only relevant to the client). You can review the example code.
`wolfSSL_CTX_set_TicketEncCb` API:
https://github.com/wolfSSL/wolfssl/blob … er.c#L2076
example callback:
https://github.com/wolfSSL/wolfssl/blob … st.h#L4052
Kind regards,
Eric @ wolfSSL Support
Hi Scott,
There is some logic in SP to try and determine the type sizes. They depend on the system checking the *_MAX values. Please try adding define
#undef ULLONG_MAX
#define ULLONG_MAX 18446744073709551615ULL
Posts found: 226 to 250 of 346
Generated in 0.024 seconds (81% PHP - 19% DB) with 5 queries