Hi stroebeljc
Thanks for your note. The most up to date documentation is the Doxygen created files in the repository. We are discussing a plan for our other docs moving forward.
Thanks,
Eric @ wolfSSL Support
You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by embhorn
Hi stroebeljc
Thanks for your note. The most up to date documentation is the Doxygen created files in the repository. We are discussing a plan for our other docs moving forward.
Thanks,
Eric @ wolfSSL Support
Hello sapi01
Thanks for your kind words. We also think wolfSSL is the greatest.
I found a solution for this, but not a reason for why it works. If I use openSSL to open the key and simply write it out again using this command:
openssl rsa -inform pem -in server.key -outform pem -out server.key2
The new key (server.key2) will work in wolfSSL.
The certs and keys used in the examples are generated with this script:
https://github.com/wolfSSL/wolfssl/blob … ts.sh#L176
Maybe breaking up the openssl commands makes a difference?
Thanks,
Eric @ wolfSSL Support
Hello stroebeljc
You would need to load the same cert on both peers. Else you could setup a verify callback that overrides the error.
Here is an example:
https://github.com/wolfSSL/wolfssl-exam … callback.c
Hi Arun,
I completely missed the fact that wolfSSL already has some support for SRP.
https://www.wolfssl.com/doxygen/group__SRP.html
There is even some test code you could use as an example:
https://github.com/wolfSSL/wolfssl/blob … ests/srp.c
Hope this helps!
Hi Arun,
Thanks for contacting wolfSSL Support. Adding support for SRP ciphers sounds great!
Here is a description of the steps for adding a custom cipher:
https://www.wolfssl.com/adding-alternat … library-2/
If you are interested in contributing your changes, you can open a pull request at https://github.com/wolfSSL/wolfssl.
Kind regards,
Eric @ wolfSSL Support
Hi mcxbain,
Thanks for contacting wolfSSL Support. This sounds interesting. I will review with the team and post an update. We would welcome your findings if you wanted to go ahead and produce the "wolfSSL amalgamation" and run some benchmarks.
Thanks,
Eric @ wolfSSL Support
Hello @marlanagakalyan
Thanks for your interest in wolfMQTT. We do not currently have a Keil example for the wolfMQTT library, but you could certainly extrapolate from the existing wolfSSL examples:
https://github.com/wolfSSL/wolfssl/tree … RM/wolfSSL
I am adding your request to features queue.
Requested Feature: wolfMQTT with Keil example
Source Link: https://www.wolfssl.com/forums/topic1678-wolfmqtt.html
Requested Date: 02 FEB 2021
Implementation Date: Unfunded effort, no timeline
We try to work on requested features whenever we get free engineering cycles unless a customer decides to back the effort for a finite implementation timeline. If at any time a feature becomes a progress blocker for a project it can be accelerated by contacting the an account business manager.
Could you tell us a bit more about your project? Feel free to email us at support@wolfssl.com if you'd prefer to keep details off the forum.
Are you using Cygwin?
What is your operating environment?
Hi Jeremy,
Thanks for submitting this on Zendesk. I will copy the answer here also to help other users.
Here is a very straight forward RSA signing example:
https://github.com/wolfSSL/wolfssl-exam … pk/rsa-pss
And for the TLS examples, you can always use the client and server that come packaged in the main library:
https://github.com/wolfSSL/wolfssl/tree … les/client
https://github.com/wolfSSL/wolfssl/tree … les/server
The client can print the available ciphers using the option -e
./examples/client/client -e
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305-OLD
You can specify a particular cipher suite using the option -l
./examples/client/client -l ECDHE-RSA-AES128-GCM-SHA256
For a simpler TLS example you can review:
https://github.com/wolfSSL/wolfssl-exam … ls-ecdhe.c
Hello @stroebeljc
From https://tools.ietf.org/html/rfc3610#section-2
Valid values of L range between 2 octets and 8 octets
(the value L=1 is reserved).
A nonce N of 15-L octets
So the nonce length must be between 7 and 13 octets (21 and 39 bits).
Hence in wolfssl/wolfcrypt/aes.h:
CCM_NONCE_MIN_SZ = 7,
CCM_NONCE_MAX_SZ = 13,
What errors did you see when trying to install the wolfssl-py library?
Enabling the ciphers in wolfSSL will not enable them openSSL, so you'll need to be using wolfSSL for us to help.
Hello teja.veeragandam,
Could you tell us more about the hardware device you are using? Are you currently using openSSL and wish to replace it with wolfSSL?
Here are some good references for getting started:
https://www.wolfssl.com/docs/wolfssl-manual/ch2/
Thanks,
Eric @ wolfSSL Support
Hello Iyaps,
Welcome to the wolfSSL Support forum. Have you already downloaded (or cloned from Github) the wolfSSL project? There are several Xilinx SDK examples here:
https://github.com/wolfSSL/wolfssl/tree … /XilinxSDK
> 1. I would like to communicate with external devices with or without SSL/TLS security. So Is it possible to communicate without using SSL/TLS security with wolfSSL API's?
Usually your application will determine if TLS is required (i.e., "http://www.example.com" VS "https://www.example.com"). The same application code will be used, but the TLS connection should only be used when connecting to servers / clients that support it.
2. I know that wolfSSL is the successor of CyaSSL. But I would like to know what is the base layer of wolfSSL/yaSSL is developed from. Whether wolfSSL uses openSSL or LwIP functions internally?
wolfSSL is written from scratch and maintained by the wolfSSL team! That is one reason developers prefer wolfSSL over so many other SSL and crypto libraries.
Kind regards,
Eric @ wolfSSL Support
Hello @kevinpt,
Thanks for contacting wolfSSL Support.
Yes, I see what you mean about not being able to re-iterate the list. In fact this in src/ssl.c@18435
/* already went through them */
if (cert->altNamesNext == NULL)
return NULL;
So maybe a new API as you suggested, wolfSSL_X509_get_first_altname(), that will simply reset the list pointer to the head? I review this with the team tomorrow evening.
Thanks,
Eric @ wolfSSL Support
Hi @agubisch
No, I think you are correct. It looks like MqttClient_Publish_WritePayload has overloaded the meaning of the return value MQTT_CODE_CONTINUE, so that the publish callback does not work correctly when non-blocking is enabled. I think a new return code is needed to specify the condition that the callback should be executed again.
I opened a ticket to track this defect
https://github.com/wolfSSL/wolfMQTT/issues/192
Thanks for your help investigating this issue!
-Eric @ wolfSSL Support
The socket handling is the responsibility of the application's implementation of the MqttNet structure. The example does this here:
https://github.com/wolfSSL/wolfMQTT/blo … et.c#L1048
The wolfSSL_shutdown API is used to send the FIN packet to a peer, indicating that the application will no longer listen to that socket. The wolfSSL_shutdown API is used by the client as part of a bi-directional shutdown, but otherwise is not needed at the client side. It does not clean up the socket resource.
There is built-in memory tracking in wolfSSL:
-DWOLFSSL_TRACK_MEMORY
or
./configure --enable-trackmemory
Also memory logging:
-DWOLFSSL_MEMORY_LOG
or
--enable-memorylog
The socket is closed (in the example code) by mqttexample.c::NetDisconnect, which is called from mqtt_socket.c::MqttSocket_Disconnect
https://github.com/wolfSSL/wolfMQTT/blo … ket.c#L480
There are not a lot of mallocs in the library proper, so it should be possible to use a memcheck tool to find the culprit. We sometimes use valgrind to hunt for mem leaks.
Hello @kackle123
Thanks for contacting wolfSSL Support. Calling wolfSSL_shutdown is not required, since the broker will disconnect the socket connection after the client sends the disconnect packet (MqttClient_Disconnect). The wolfSSL resources are freed using the code in MqttSocket_Disconnect:
https://github.com/wolfSSL/wolfMQTT/blo … ket.c#L465
Could there be an allocation in the application TLS setup callback? In the examples, we use mqtt_tls_cb
https://github.com/wolfSSL/wolfMQTT/blo … ple.c#L505
Thanks,
Eric @wolfSSL Support
Hello @agubisch
It looks like there was a fix added to properly return the MQTT_CODE_CONTINUE error. Could you please confirm the release? Also can you please confirm that WOLFMQTT_NONBLOCK is defined in the settings?
Thanks,
Eric @ wolfSSL Support
Hello @agubisch
Have you tested the firmware push example as-is with the PIC32? Does it also demonstrate the issue you are seeing?
Thanks,
Eric @ wolfSSL Support
Hello Anthony,
The callback description is here:
https://github.com/wolfSSL/wolfMQTT/blo … ient.h#L49
The callback is registered during `MqttClient_Init`, and it will be called when a published message is received on a topic the client is subscribed to. The topic name and total payload size are available in the `MqttMessage` parameter. The msg_new and msg_done parameters are used to indicate the progress of the payload.
There is an excellent example that demonstrates receiving a large payload using the message callback functionality. It a two part example, the first client creates and publishes a signed "firmware" blob. The second client is subscribed to the topic waiting for the firmware message. When it receives the message, it saves the payload and authenticates the firmware package.
https://github.com/wolfSSL/wolfMQTT/tre … s/firmware
Instructions:
https://github.com/wolfSSL/wolfMQTT/blo … re-example
Thanks,
Eric @ wolfSSL Support
Hi JazP,
Yes, please open a support ticket.
Thanks,
Eric @ wolfSSL Support
Hi JasP
We support all users of wolfSSL libraries! You can open a support ticket by emailing support@wolfssl.com anytime.
It looks like this is a good example of connecting an MQTT client to the ThingSpeak broker:
https://www.mathworks.com/help/thingspe … p8266.html
From there we know the broker is "mqtt.thingspeak.com"; clientID is random; the username and password will come from your ThingSpeak account settings.
It does not appear to use a secure connection, so TLS can be disabled in the wolfMQTT configuration. This is likely the source of the MqttNet callback error you saw.
Are you building for an embedded platform? Have you tried running our existing examples?
Thanks,
Eric @ wolfSSL Support
Edit:
Here is an even better discussion of using an MQTT client with ThingSpeak:
https://www.mathworks.com/help/thingspe … asics.html
Hello @JazP
Thanks for contacting wolfSSL Support. The `stat` structure element is used internally by the command API. It preserves the current state of the command processing. This functionality is used by the non-blocking configuration option, when the API could return `MQTT_CODE_CONTINUE` to indicate an incomplete command.
If you are reusing the structure for a subsequent call (for example calling publish twice in a row with the same structure), you would need to reset the stat to 0 (MQTT_MSG_BEGIN).
Could you tell us a bit more about your use case? Feel free to contact us at support@wolfssl.com
Thanks,
Eric
Edit to add info about the "ack" - The ack packet is a response from the broker to indicate the status of the requested command.
wolfSSL - Embedded SSL Library → Posts by embhorn
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.020 seconds (78% PHP - 22% DB) with 4 queries