You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by embhorn
Hello steins,
Thanks for joining the wolfSSL Support forums. You are trying to isolate all the functions for parsing and decoding a certificate? Any particular reason? The compiler tools should allow you to optimize any unused functionality.
What is the environment you are building in / for?
Thank,
Eric @ wolfSSL Support
Hi Shaun,
The linux wolfMQTT client does connect to mqtt.eclipseprojects.io using TLS with the default certs / config.
eric@ubuntu:~/repos/wolfMQTT$ ./examples/mqttclient/mqttclient -h mqtt.eclipseprojects.io -t
MQTT Client: QoS 0, Use TLS 1
MQTT Net Init: Success (0)
MQTT Init: Success (0)
NetConnect: Host mqtt.eclipseprojects.io, Port 8883, Timeout 5000 ms, Use TLS 1
MQTT TLS Setup (1)
MQTT TLS Verify Callback for mqttclient: PreVerify 0, Error -188 (ASN no signer error to confirm failure)
Subject's domain name is R3
Allowing cert anyways
MQTT TLS Verify Callback for mqttclient: PreVerify 1, Error 0 (none)
Subject's domain name is mqtt.eclipseprojects.io
MQTT Socket Connect: Success (0)
MQTT Connect: Proto (v3.1.1), Success (0)
MQTT Connect Ack: Return Code 0, Session Present 0
MQTT Subscribe: Success (0)
Topic wolfMQTT/example/testTopic, Qos 0, Return Code 0
MQTT Publish: Topic wolfMQTT/example/testTopic, Success (0)
MQTT Waiting for message...
MQTT Message: Topic wolfMQTT/example/testTopic, Qos 0, Len 4
Payload (0 - 4): test
MQTT Message: Done
^CReceived SIGINT
Network Error Callback: Error (Network) (error -8)
MQTT Exiting...
MQTT Unsubscribe: Success (0)
MQTT Disconnect: Success (0)
MQTT Socket Disconnect: Success (0)Did you try forcing TLS?
Thanks,
Eric @ wolfSSL Support
Hi Gus,
Thanks for the update. Next step in debugging this would be to review a pcap of the failing handshake.
If you'd prefer to move off this public forum, please send an email to support@wolfssl.com referencing this forum thread and attach a pcap of the handshake.
Thanks,
Eric @ wolfSSL Support
Hello Gus,
While we always recommend that users are on the latest release, the version error you are seeing is likely related to the TLS protocol version in the handshake. You will probably be able to fix the issue by configuring and using a later version of the TLS protocol to establish the connection.
Please review section 4.2 PROTOCOL SUPPORT
https://www.wolfssl.com/docs/wolfssl-manual/ch4/
Thanks,
Eric @ wolfSSL Support
Hi Remy,
No, I do not think you need the pk callback option, but you mentioned earlier in the thread.
The `NO_ECC_KEY_EXPORT` define comes from here (because `HAVE_ECC` is defined):
https://github.com/wolfSSL/wolfssl/blob … gs.h#L1821
The public key is exported to the `ssl->hsKey` structure in order to compute the shared secret.
ret = EccSharedSecret(ssl,
(ecc_key*)ssl->hsKey, ssl->peerEccKey,
args->output + OPAQUE8_LEN, &args->length,
ssl->arrays->preMasterSecret + OPAQUE16_LEN,
&ssl->arrays->preMasterSz,
WOLFSSL_CLIENT_END
);Hello Tom,
Yeah, the tools do not seems to like the long types. Could you try disabling this section:
https://github.com/wolfSSL/wolfssl/blob … ings.h#L83
Is this a 32-bit platform? If so, try adding:
#undef NO_64BIT
#define NO_64BIT
#undef SIZEOF_LONG
#define SIZEOF_LONG 4
#undef SIZEOF_LONG_LONG
#define SIZEOF_LONG_LONG 8Hi Tom,
Thanks for contacting wolfSSL Support. Did you already follow the guide here?
https://github.com/wolfSSL/wolfssl/tree … /XilinxSDK
It should be fairly straight forward. You would want to compile and link with the IDE. Linking with code compiled for x86 would not work.
Let us know if there are issues.
Thanks,
Eric @ wolfSSL Support
Edit: Another of our engineers has a Xilinx project repo that you might find helpful:
https://github.com/dgarske/UltraZed-EG-wolf
Do you still have `--enable-pk-callback` in your configure line?
Hello bob190
Thanks for reaching out to wolfSSL Support.
We have lots of examples! Here is a cert manager example that should be helpful:
https://github.com/wolfSSL/wolfssl-exam … ertmanager
Please feel free top ask more questions!
Kind regards,
Eric @ wolfSSL Support
Hi @kicku6
As you noted, that error usually indicates a problem with the CA. Are you sure that the peer certificate was signed by the same CA as the CA cert you used? Alternatively, you can override certificate verification errors with the verify callback. Here is an example:
https://github.com/wolfSSL/wolfssl-exam … back.c#L55
The `-K` option is expecting a path to a file.
Hi Remy,
Thanks for joining the wolfSSL Forum. When you said:
Unfortunately by using this callback, WofSSL expect the verify operation to be found, but it is not supported.
Could you please share the error that you are seeing? Is it an actual verify operation failure, or just that the init is failing because the verify does not exist (NULL)?
Hello rydj
Thanks for your interest in wolfSSL. It sounds like you'll want to redirect the IO using a callback. We have an excellent examples here:
https://github.com/wolfSSL/wolfssl-exam … -callbacks
We also have a wolfSSL stunnel example in a private repository. You can request access by contacting support@wolfssl.com
Thanks,
Eric @ wolfSSL Support
Hello havokdu62,
There is not a released LwIP example. We have an older PR for one that you are welcome to review, but it will need some work to be updated.
https://github.com/wolfSSL/wolfssl/pull/599
Thanks,
Eric @ wolfSSL Support
Hi stroebeljc
Thanks for your note. The most up to date documentation is the Doxygen created files in the repository. We are discussing a plan for our other docs moving forward.
Thanks,
Eric @ wolfSSL Support
Hello sapi01
Thanks for your kind words. We also think wolfSSL is the greatest.
I found a solution for this, but not a reason for why it works. If I use openSSL to open the key and simply write it out again using this command:
openssl rsa -inform pem -in server.key -outform pem -out server.key2The new key (server.key2) will work in wolfSSL.
The certs and keys used in the examples are generated with this script:
https://github.com/wolfSSL/wolfssl/blob … ts.sh#L176
Maybe breaking up the openssl commands makes a difference?
Thanks,
Eric @ wolfSSL Support
Hello stroebeljc
You would need to load the same cert on both peers. Else you could setup a verify callback that overrides the error.
Here is an example:
https://github.com/wolfSSL/wolfssl-exam … callback.c
Hi Arun,
I completely missed the fact that wolfSSL already has some support for SRP.
https://www.wolfssl.com/doxygen/group__SRP.html
There is even some test code you could use as an example:
https://github.com/wolfSSL/wolfssl/blob … ests/srp.c
Hope this helps!
Hi Arun,
Thanks for contacting wolfSSL Support. Adding support for SRP ciphers sounds great!
Here is a description of the steps for adding a custom cipher:
https://www.wolfssl.com/adding-alternat … library-2/
If you are interested in contributing your changes, you can open a pull request at https://github.com/wolfSSL/wolfssl.
Kind regards,
Eric @ wolfSSL Support
Hi mcxbain,
Thanks for contacting wolfSSL Support. This sounds interesting. I will review with the team and post an update. We would welcome your findings if you wanted to go ahead and produce the "wolfSSL amalgamation" and run some benchmarks.
Thanks,
Eric @ wolfSSL Support
Hello @marlanagakalyan
Thanks for your interest in wolfMQTT. We do not currently have a Keil example for the wolfMQTT library, but you could certainly extrapolate from the existing wolfSSL examples:
https://github.com/wolfSSL/wolfssl/tree … RM/wolfSSL
I am adding your request to features queue.
Requested Feature: wolfMQTT with Keil example
Source Link: https://www.wolfssl.com/forums/topic1678-wolfmqtt.html
Requested Date: 02 FEB 2021
Implementation Date: Unfunded effort, no timeline
We try to work on requested features whenever we get free engineering cycles unless a customer decides to back the effort for a finite implementation timeline. If at any time a feature becomes a progress blocker for a project it can be accelerated by contacting the an account business manager.
Could you tell us a bit more about your project? Feel free to email us at support@wolfssl.com if you'd prefer to keep details off the forum.
Are you using Cygwin?
What is your operating environment?
Hi Jeremy,
Thanks for submitting this on Zendesk. I will copy the answer here also to help other users.
Here is a very straight forward RSA signing example:
https://github.com/wolfSSL/wolfssl-exam … pk/rsa-pss
And for the TLS examples, you can always use the client and server that come packaged in the main library:
https://github.com/wolfSSL/wolfssl/tree … les/client
https://github.com/wolfSSL/wolfssl/tree … les/server
The client can print the available ciphers using the option -e
./examples/client/client -e
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305-OLDYou can specify a particular cipher suite using the option -l
./examples/client/client -l ECDHE-RSA-AES128-GCM-SHA256For a simpler TLS example you can review:
https://github.com/wolfSSL/wolfssl-exam … ls-ecdhe.c
Hello @stroebeljc
From https://tools.ietf.org/html/rfc3610#section-2
Valid values of L range between 2 octets and 8 octets
(the value L=1 is reserved).
A nonce N of 15-L octets
So the nonce length must be between 7 and 13 octets (21 and 39 bits).
Hence in wolfssl/wolfcrypt/aes.h:
CCM_NONCE_MIN_SZ = 7,
CCM_NONCE_MAX_SZ = 13,wolfSSL - Embedded SSL Library → Posts by embhorn
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.026 seconds (81% PHP - 19% DB) with 5 queries