Hello beaveryoga,

Thanks for joining the forums. This functionality was added to enable openSSL compatibility. It looks like the proper API is `wolfSSL_CTX_set_tlsext_servername_callback`, which is nearly identical to `wolfSSL_CTX_set_servername_callback`.

I could not find any openSSL examples of using `SSL_CTX_set_servername_callback`. I'll check with the n team to see if there is more info to share.

Thanks,
Eric @ wolfSSL Support

Hi Davide,

wolfMQTT is mostly platform agnostic C code, unless your platform is using non-POSIX APIs, in which case you will have to override calls like send, recv, etc. wolfMQTT should compile on any platform.
wolfMQTT does not currently have .NET bindings. If compiled as a C++ application, there should be no restrictions on your VC++ library version.

228

(3 replies, posted in wolfMQTT)

Does your application call `wolfSSL_check_domain_name`? Verifying the common name in the cert is fine, but not necessary if you also have a trusted CA that signed the server's certificate.

229

(3 replies, posted in wolfSSL)

Hi Mohannad,

Looks like you are building a shared library. Please try building as a static lib:
`./configure --enable-static --disable-shared`

Thanks,
Eric @ wolfSSL Support

230

(2 replies, posted in wolfCrypt)

Hello a7v7

Could you please send an email referencing this issue to support@wolfssl.com ?

Kind regards,
Eric @ wolfSSL Support

Hi hablutzel1

Thanks for sending your request to support@wolfssl.com.

Hi @hablutzel1


Thanks for joining the forum. Would you please send an email to support@wolfssl.com referencing this post? We'd like to get some more information about the issue you are seeing.

Thanks,
Eric @ wolfSSL Support

233

(3 replies, posted in wolfMQTT)

Hi Gil,

Are you using a pre-shared key cert or public key for the authentication? You could use a CA that signs any new broker's cert to allow the clients to verify the new broker's cert.

Thanks,
Eric @ wolfSSL Support

234

(9 replies, posted in wolfSSL)

Okay, there is some issue with filesystem access from the wolfSSL test scripts in MSYS. I can get around it with

#define USE_CERT_BUFFERS_256
#define USE_CERT_BUFFERS_4096
#define NO_WRITE_TEMP_FILES

...added to options.h (or added as CFLAGS during configure).

That allows testsuite.test.exe to pass, but there is a similar issue with unit.test

235

(9 replies, posted in wolfSSL)

I can reproduce the issue on my MSYS2 install. I'll let you know what I find out.

Thanks,
Eric

236

(9 replies, posted in wolfSSL)

Thanks for that. By chance do you have any folder names with spaces in the path to the the wolfssl install? MSYS can be finicky with absolute paths.

237

(9 replies, posted in wolfSSL)

I don't see the attachment. Is it the same error?

238

(9 replies, posted in wolfSSL)

Hi a7v7

Are you in the root wolfssl directory when trying to execute the test script? Could you try "make check" and report the results?

The latest version of wolfSSL is v4.8.1 and is available from https://github.com/wolfSSL/wolfssl

Thanks,
Eric @ wolfSSL Support

Hi Kelvin,

Thanks for this additional report. I had to switch over to the HiveMQ broker to reproduce this issue because the Mosquitto broker apparently does not send the reason code with QoS 2 PUBREC response (but it does send it with PUBACK).

I've posted a patch here:
https://github.com/wolfSSL/wolfMQTT/pull/224

It does not fully address your concern about reporting the PUBREC reason code, but I have added that as a feature request.

Thanks,
Eric

Thanks for your suggestions. I've created a fix for the puback issue, as well as other packet types that make use of reason codes. https://github.com/wolfSSL/wolfMQTT/pull/220

Looking forward to your feedback!

Thanks,
Eric @ wolfSSL Support

Hello Kelvin,

I was able to reproduce this issue with a local instance of the mosquitto broker, also. I'll post a fix as soon as it is available.

Thanks,
Eric @ wolfSSL Support

It will be handled automatically only as part of TLS handshake key exchange. If you are building keys, the size will need to be set manually.

Hello Georg,

We do not have support for that specific openSSL API. We do handle setting the DH key size automatically during the key exchange:
src/internal.c :: GetDhPublicKey

#ifdef HAVE_FFDHE
    switch (ssl->options.dhKeySz) {
    #ifdef HAVE_FFDHE_2048
        case 2048/8:
            params = wc_Dh_ffdhe2048_Get();
            group = WOLFSSL_FFDHE_2048;
            break;
    #endif
.
.
.

If you are interested in opening a feature request for `SSL_CTX_set_dh_auto` in wolfSSL, please send an email to support@wolfssl.com

Thanks,
Eric @wolfSSL Support

244

(3 replies, posted in wolfMQTT)

Hi rlev,

Are you setting `mqttPublish.total_len` to the return value of snprintf?

Try checking in the application that the expected length is equal to the value of `mqttPublish.total_len` before calling `MqttClient_Publish`.

https://github.com/Microchip-MPLAB-Harm … ask.c#L480

The MCH example uses strlen to set the payload length, so if your application is sending JSON data, it's possible that some NULL is causing an invalid length calculation.

Thanks,
Eric @ wolfSSL Support

Hello sapi01,

You'll want to build the library with the option "WOLFSSL_ALT_CERT_CHAINS".

src/internal.c

* WOLFSSL_ALT_CERT_CHAINS:
*     Allows CA's to be presented by peer, but not part of a valid chain.
*     Default wolfSSL behavior is to require validation of all presented peer
*     certificates. This also allows loading intermediate CA's as trusted
*     and ignoring no signer failures for CA's up the chain to root.

Thanks,
Eric @ wolfSSL Support

246

(1 replies, posted in wolfSSL)

Hello AkhiG,

The error message "Not ECDSA cert signature" indicates that the signature check failed on the cert that was being verified. This could happen from a driver issue, a buffer overrun, etc.

Are you able to capture the packets with wireshark when the failure occurs?

Thanks,
Eric @ wolfSSL Support

247

(1 replies, posted in wolfSSL)

Hi n_jusic,

I'm not finding much. Here is a mystery post on the openssl forum:
http://openssl.6102.n7.nabble.com/RAND- … 78233.html

You can also implement your own random function and use it to seed wolfSSL.
https://github.com/wolfSSL/wolfssl/blob … main.c#L71

Thanks,
Eric @ wolfSSL Support

Hello ss2009ahnu,

Is this using the wolfCrypt test?
https://github.com/wolfSSL/wolfssl/tree … crypt/test

Could you please post the output from running the test?

Thanks,
Eric @ wolfSSL Support

Hello,

The server uses a callback to set up a session ticket, which will then be sent to the client (if requested using `wolfssl_CTX_UseSessionTicket` API, which is only relevant to the client). You can review the example code.

`wolfSSL_CTX_set_TicketEncCb` API:
https://github.com/wolfSSL/wolfssl/blob … er.c#L2076

example callback:
https://github.com/wolfSSL/wolfssl/blob … st.h#L4052

Kind regards,
Eric @ wolfSSL Support

250

(6 replies, posted in wolfSSL)

Hi Scott,

There is some logic in SP to try and determine the type sizes. They depend on the system checking the *_MAX values. Please try adding define

    #undef ULLONG_MAX
    #define ULLONG_MAX 18446744073709551615ULL