You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by embhorn
We also have an E2 example here:
https://github.com/wolfSSL/wolfssl/tree … s/e2studio
Hi Rusty81,
If you do not need the TLS stack, please try enabling `WOLFCRYPT_ONLY`
From the server side, yes, the callback allows the server to handle the incoming SNI extension form the client.
Hello raghu,
Have you reviewed the instructions for building wolfSSL with cmake?
https://github.com/wolfSSL/wolfssl/blob … NSTALL#L80
Thanks,
Eric @ wolfSSL Support
Hello emre,
Welcome to the forums. This is likely to be a feature request. Please send an email to support@wolfssl.com and mention this post to get the feature request process started.
Thanks,
Eric @ wolfSSL Support
Hello beaveryoga,
Thanks for joining the forums. This functionality was added to enable openSSL compatibility. It looks like the proper API is `wolfSSL_CTX_set_tlsext_servername_callback`, which is nearly identical to `wolfSSL_CTX_set_servername_callback`.
I could not find any openSSL examples of using `SSL_CTX_set_servername_callback`. I'll check with the n team to see if there is more info to share.
Thanks,
Eric @ wolfSSL Support
Hi Davide,
wolfMQTT is mostly platform agnostic C code, unless your platform is using non-POSIX APIs, in which case you will have to override calls like send, recv, etc. wolfMQTT should compile on any platform.
wolfMQTT does not currently have .NET bindings. If compiled as a C++ application, there should be no restrictions on your VC++ library version.
Does your application call `wolfSSL_check_domain_name`? Verifying the common name in the cert is fine, but not necessary if you also have a trusted CA that signed the server's certificate.
Hi Mohannad,
Looks like you are building a shared library. Please try building as a static lib:
`./configure --enable-static --disable-shared`
Thanks,
Eric @ wolfSSL Support
Hello a7v7
Could you please send an email referencing this issue to support@wolfssl.com ?
Kind regards,
Eric @ wolfSSL Support
Hi hablutzel1
Thanks for sending your request to support@wolfssl.com.
Hi @hablutzel1
Thanks for joining the forum. Would you please send an email to support@wolfssl.com referencing this post? We'd like to get some more information about the issue you are seeing.
Thanks,
Eric @ wolfSSL Support
Hi Gil,
Are you using a pre-shared key cert or public key for the authentication? You could use a CA that signs any new broker's cert to allow the clients to verify the new broker's cert.
Thanks,
Eric @ wolfSSL Support
Okay, there is some issue with filesystem access from the wolfSSL test scripts in MSYS. I can get around it with
#define USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_4096
#define NO_WRITE_TEMP_FILES...added to options.h (or added as CFLAGS during configure).
That allows testsuite.test.exe to pass, but there is a similar issue with unit.test
I can reproduce the issue on my MSYS2 install. I'll let you know what I find out.
Thanks,
Eric
Thanks for that. By chance do you have any folder names with spaces in the path to the the wolfssl install? MSYS can be finicky with absolute paths.
I don't see the attachment. Is it the same error?
Hi a7v7
Are you in the root wolfssl directory when trying to execute the test script? Could you try "make check" and report the results?
The latest version of wolfSSL is v4.8.1 and is available from https://github.com/wolfSSL/wolfssl
Thanks,
Eric @ wolfSSL Support
Hi Kelvin,
Thanks for this additional report. I had to switch over to the HiveMQ broker to reproduce this issue because the Mosquitto broker apparently does not send the reason code with QoS 2 PUBREC response (but it does send it with PUBACK).
I've posted a patch here:
https://github.com/wolfSSL/wolfMQTT/pull/224
It does not fully address your concern about reporting the PUBREC reason code, but I have added that as a feature request.
Thanks,
Eric
Thanks for your suggestions. I've created a fix for the puback issue, as well as other packet types that make use of reason codes. https://github.com/wolfSSL/wolfMQTT/pull/220
Looking forward to your feedback!
Thanks,
Eric @ wolfSSL Support
Hello Kelvin,
I was able to reproduce this issue with a local instance of the mosquitto broker, also. I'll post a fix as soon as it is available.
Thanks,
Eric @ wolfSSL Support
It will be handled automatically only as part of TLS handshake key exchange. If you are building keys, the size will need to be set manually.
Hello Georg,
We do not have support for that specific openSSL API. We do handle setting the DH key size automatically during the key exchange:
src/internal.c :: GetDhPublicKey
#ifdef HAVE_FFDHE
switch (ssl->options.dhKeySz) {
#ifdef HAVE_FFDHE_2048
case 2048/8:
params = wc_Dh_ffdhe2048_Get();
group = WOLFSSL_FFDHE_2048;
break;
#endif
.
.
.If you are interested in opening a feature request for `SSL_CTX_set_dh_auto` in wolfSSL, please send an email to support@wolfssl.com
Thanks,
Eric @wolfSSL Support
Hi rlev,
Are you setting `mqttPublish.total_len` to the return value of snprintf?
Try checking in the application that the expected length is equal to the value of `mqttPublish.total_len` before calling `MqttClient_Publish`.
https://github.com/Microchip-MPLAB-Harm … ask.c#L480
The MCH example uses strlen to set the payload length, so if your application is sending JSON data, it's possible that some NULL is causing an invalid length calculation.
Thanks,
Eric @ wolfSSL Support
Hello sapi01,
You'll want to build the library with the option "WOLFSSL_ALT_CERT_CHAINS".
src/internal.c
* WOLFSSL_ALT_CERT_CHAINS:
* Allows CA's to be presented by peer, but not part of a valid chain.
* Default wolfSSL behavior is to require validation of all presented peer
* certificates. This also allows loading intermediate CA's as trusted
* and ignoring no signer failures for CA's up the chain to root.
Thanks,
Eric @ wolfSSL Support
wolfSSL - Embedded SSL Library → Posts by embhorn
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.021 seconds (74% PHP - 26% DB) with 5 queries