Welcome to the wolfSSL Forums!

2022-07-29 14:32:53

Okay, I've enabled debug by using a custom logging function:

In Harmony3\net_apps_pic32mz\apps\wolfmqtt_demo\firmware\src\config\pic32mz_ef_sk\net_pres\pres\net_pres_enc_glue.c

Add the debug header:

#include "system/debug/sys_debug.h"

Add just before NET_PRES_EncProviderStreamClientInit0

void NET_PRES_LogFunc(const int logLevel, const char *const logMessage)
{
    /* Skip WANT_READ and WANT_WRITE errors */
    if ((strstr("-323", logMessage) == NULL) && 
        (strstr("-327", logMessage) == NULL))
        SYS_CONSOLE_PRINT("%s\r\n", logMessage);
}

Then in NET_PRES_EncProviderStreamClientInit0, add the section #ifdef DEBUG_WOLFSSL

bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject)
{
    const uint8_t * caCertsPtr;
    int32_t caCertsLen;
    if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0))
    {
        return false;
    }
    if (_net_pres_wolfsslUsers == 0)
    {
    #ifdef DEBUG_WOLFSSL
        wolfSSL_SetLoggingCb(NET_PRES_LogFunc);
        wolfSSL_Debugging_ON();
    #endif
        wolfSSL_Init();
        _net_pres_wolfsslUsers++;
    }

Lastly, add "#define DEBUG_WOLFSSL" to configuration.h

2022-07-29 14:06:58

Yeah, I am going back and trying to enable debug logging in my MCH project, and it is not trivial!

For using the AWS example, it is somewhat complicated by the `NET_GLUE` layer that MCH added. But you should be able to figure out which parts are different by reviewing the example:
https://github.com/wolfSSL/wolfMQTT/blo … s/awsiot.c

You should pay attention to the `mqtt_aws_tls_cb` and the `mqtt_aws_tls_verify_cb`. Also note that the topic must include the AWS device name (see `AWSIOT_PUBLISH_TOPIC` in the example).

2022-07-28 15:41:01

For a private key, you can use wolfTPM2_RsaDecrypt

2022-07-28 15:39:41

Hello Juan,

Thanks for reaching out. Great to hear that you are back to using wolfMQTT.

Could you enable DEBUG_WOLFSSL in the configuration and add a line to the application to call to wolfSSL_Debugging_ON(). This will enable debug logging for wolfSSL.

Thanks,
Eric @ wolfSSL Support

2022-07-27 07:25:55

Hello Federico,

We are delighted to hear that you are finding the wolfTPM library useful!

To accomplish an encrypt operation without padding, you can use wolfTPM2_RsaEncrypt with the padScheme parameter set to TPM_ALG_NULL.

Here is an example:
https://github.com/wolfSSL/wolfTPM/blob … #L326-L342

Let us know if there are questions.

Thanks,
Eric @ wolfSSL Support

2022-07-18 09:43:09

Hello Scotty,

The callback is being triggered for each error encountered. There are checks for "valid-from" and "expiration", each could be triggered if the system time and date are invalid.

You can override the date errors like this:
https://github.com/wolfSSL/wolfssl/blob … st.h#L2829

Or is you know the time will always be invalid, you can bypass cert date checking in the wolfSSL config by defining `NO_ASN_TIME`.

I'll review the CA signer issue with the team tomorrow. I suspect it could be the order that the certs are loaded. Could you please enable debug logging and share the log showing the signer error?

Thanks,
Eric @ wolfSSL Support

2022-07-18 09:24:57

Hello stroebeljc,

Certainly! Here is an example from our repository:
https://github.com/wolfSSL/wolfssl-exam … mple.c#L67

Let us know if there are questions.

Thanks,
Eric @ wolfSSL Support

2022-07-13 07:07:49

Responding in ZenDesk ticket

2022-07-12 15:18:57

Hi Denis,

Would you please send an email to support@wolfssl.com referencing this issue?

Thanks,
Eric @ wolfSSL Support

2022-07-12 08:01:33

Hello Anika,

Thanks for joining the wolfSSL Forums. If you do not require support for TLS protocol, you can greatly reduce the size with

--enable-cryptonly

This should also alleviate some of the component dependencies you were seeing.

Let us know if there are further questions.

Thanks,
Eric @ wolfSSL Support

2022-07-07 10:37:20

The server is expecting the data channel to resume the session. You'll need to save the session from the first connection, and then set the session before doing the second connection.

Here is an example:
https://github.com/wolfSSL/wolfssl-exam … s-resume.c

2022-07-05 08:14:31

Hi Davide,

This is a bit more complex problem than what should be supported in a forum post. Could you please open a formal support ticket by emailing support@wolfssl.com?

Thanks,
Eric

2022-07-05 08:11:08

Hello lili,

Thanks for your post. PSK is used to negotiate the first connection handshake. If sessions are enabled, the server will provide a session key (or ticket) that can be to quickly resume the connection without the full handshake.

Here is an example:
https://github.com/wolfSSL/wolfssl-exam … s-resume.c

Kind regards,
Eric @ wolfSSL Support

2022-07-05 08:00:24

Hello zyhaha,

Thanks for joining the wolfSSL Forums. It sounds like the server is expecting the client to use a session ticket to renegotiate the connection. Could you please share a pcap of the first and second connections?

Kind regards,
Eric @ wolfSSL Support

2022-07-05 07:45:35

Hello Ahmed,

Thanks for also emailing wolfSSL support. I've responded to your questions from our ZenDesk portal.

Kind regards,
Eric @ wolfSSL Support

2022-07-05 07:41:55

Hello cachristiansen

Thanks for joining the forum. In order to provide highest priority support, we recommend emailing support@wolfssl.com with your questions.

The default implementation of wc_RNG_GenerateBlock will use the TSIP RNG via the seed operation. You can implement you r own block RNG function by defining CUSTOM_RAND_GENERATE_BLOCK.

Thanks,
Eric @ wolfSSL Support

2022-07-01 08:26:19

Hello Davide,

Thanks for joining the wolfSSL forums. The timeout error simply indicates that the client has been inactive long enough that it needs to send a ping to the broker to maintain the connection. It is an informative error.

Could you tell us more about your project and goals with wolfMQTT?

Thanks,
Eric @ wolfSSL Support

2022-06-29 07:22:28

Hello Malik,

Thanks for joining the wolfSSL Forums.

The -322 code corresponds to the following error in wolfssl/error-ssl.h

    DOMAIN_NAME_MISMATCH         = -322,   /* peer subject name mismatch */

The error code DOMAIN_NAME_MISMATCH would make sense if you are using a certificate issued for one domain with a different domain.

Could you please provide some more details such as the domains in question, the cert(s) in question and how we might reproduce on our end?

Do you have a site accessible that we can test against and a copy of the certificate in question?

Kind regards,
Eric @ wolfSSL Support

2022-06-17 06:52:43

Hi beaveryoga,

Excellent, thanks for sharing this! Were there any issues or changes required?

Kind regards,
Eric @ wolfSSL Support

2022-06-16 06:34:43

Hello celov65111

Welcome and thanks for joining the wolfSSL Forums. I moved this topic to the wolfTPM section, under the assumption that you are using wolfTPM to access the TPM device. Please correct me if I am mistaken.

Here is an example of reading a key from nvram:
https://github.com/wolfSSL/wolfTPM/blob … ram/read.c

Let us know if there are any questions.

Kind regards,
Eric @ wolfSSL Support

2022-06-14 09:45:22

Hi labonte_d

Thanks for contacting wolfSSL Support. The compatibility layer of wolfSSL is intended to cover the most widely used OpenSSL API, but there are some gaps. I can open open a feature request for implementing the BIO_TYPE_SOCKET type if you'd like. I'd suggest adding the type define and seeing if there are further issues.

For the SHA224_Init issues, I do see that SHA224_Init is defined to wolfSSL_SHA224_Init in wolfssl/wolfssl/openssl/sha.h

Does realm-core/src/realm/util/encrypted_file_mapping.cpp include options.h before any other wolfSSL headers?

Thanks,
Eric @ wolfSSL Support

2022-05-05 06:51:30

Hello Manaury,

We have an excellent PKCS12 example that parses out the key and cert:
https://github.com/wolfSSL/wolfssl-exam … pto/pkcs12

(I replied to your support ticket, but I am copying the response here for posterity.)

2022-05-04 04:23:25

Hello Rafa,

Welcome to the wolfSSL Forums. Yes, you are absolutely on the right track. The network layer of wolfMQTT is transport agnostic. Here is an example of a UART port:
https://github.com/wolfSSL/wolfMQTT/blo … mqttuart.c

You'll notice the network layer only requires a structure and a few functions.

Let us know if there are questions and feel free to email support@wolfssl.com for priority pre-sales support.

Thanks,
Eric @ wolfSSL Support

2022-05-02 14:54:41

> lws cannot find wolfSSL_X509_VERIFY_PARAM_set1_host

This is quite odd. The macro `OPENSSL_EXTRA` is the only define gating the definition. Maybe try with

-DWOLFSSL_OPENSSLEXTRA=yes

instead of using the CFLAG value.

2022-04-25 04:53:08

Hi r-type,

Yes, you can modify the CMakeLists.txt. Our CMake build is a work-in-progress. Alternatively, you can also pass in wolfSSL build options like this:

cmake ../wolfssl -DCMAKE_C_FLAGS_INIT='-DWOLFSSL_LIBWEBSOCKETS -DHAVE_EX_DATA -DOPENSSL_NO_EC'

Welcome to the wolfSSL Forums!

Search options (Page 7 of 15)

Posts found: 151 to 175 of 353

151 Reply by embhorn 2022-07-29 14:32:53

Re: WolfMQTT PIC32 (18 replies, posted in wolfMQTT)

152 Reply by embhorn 2022-07-29 14:06:58

Re: WolfMQTT PIC32 (18 replies, posted in wolfMQTT)

153 Reply by embhorn 2022-07-28 15:41:01

Re: Signing question with wolftpm (3 replies, posted in wolfTPM)

154 Reply by embhorn 2022-07-28 15:39:41

Re: WolfMQTT PIC32 (18 replies, posted in wolfMQTT)

155 Reply by embhorn 2022-07-27 07:25:55

Re: Signing question with wolftpm (3 replies, posted in wolfTPM)

156 Reply by embhorn 2022-07-18 09:43:09

Re: How to use the VerifyCallback? (2 replies, posted in wolfSSL)

157 Reply by embhorn 2022-07-18 09:24:57

Re: Creation of cert with Subject Alternative Names (10 replies, posted in wolfCrypt)

158 Reply by embhorn 2022-07-13 07:07:49

Re: Require Wolfssl with minimal size for CMS/PKCS7 verification (5 replies, posted in wolfCrypt)

159 Reply by embhorn 2022-07-12 15:18:57

Re: How to enable or disable SSL and TLS versions allowed for WOLFSSL_CTX (1 replies, posted in wolfSSL)

160 Reply by embhorn 2022-07-12 08:01:33

Re: Require Wolfssl with minimal size for CMS/PKCS7 verification (5 replies, posted in wolfCrypt)

161 Reply by embhorn 2022-07-07 10:37:20

Re: wolfSSL_connect Fail (4 replies, posted in wolfSSL)

162 Reply by embhorn 2022-07-05 08:14:31

Re: -7 Timeout error on Publish Message (3 replies, posted in wolfMQTT)

163 Reply by embhorn 2022-07-05 08:11:08

Re: PSK (1 replies, posted in wolfSSL)

164 Reply by embhorn 2022-07-05 08:00:24

Re: wolfSSL_connect Fail (4 replies, posted in wolfSSL)

165 Reply by embhorn 2022-07-05 07:45:35

Re: Build specific C files without using any C standard libraries (2 replies, posted in wolfCrypt)

166 Reply by embhorn 2022-07-05 07:41:55

Re: Creating TRNG with Renesas RX65 TSIP (1 replies, posted in wolfCrypt)

167 Reply by embhorn 2022-07-01 08:26:19

Re: -7 Timeout error on Publish Message (3 replies, posted in wolfMQTT)

168 Reply by embhorn 2022-06-29 07:22:28

Re: Using wolfSSL to get a websocket connection (3 replies, posted in wolfSSL)

169 Reply by embhorn 2022-06-17 06:52:43

Re: EL8, EL9 FC36 packages of 5.3.0 in Copr (2 replies, posted in wolfSSL)

170 Reply by embhorn 2022-06-16 06:34:43

Re: Verify cert using keyblob read from tpm nvram (6 replies, posted in wolfTPM)

171 Reply by embhorn 2022-06-14 09:45:22

Re: WolfSSL compatibility layer and Realm database (4 replies, posted in wolfSSL)

172 Reply by embhorn 2022-05-05 06:51:30

Re: Parse a PKCS #12 (1 replies, posted in wolfSSL)

173 Reply by embhorn 2022-05-04 04:23:25

Re: wolfMQTT over BLE (2 replies, posted in wolfMQTT)

174 Reply by embhorn 2022-05-02 14:54:41

Re: Extending CMakeLists.txt to support libwebsockets (5 replies, posted in wolfSSL)

175 Reply by embhorn 2022-04-25 04:53:08

Re: Extending CMakeLists.txt to support libwebsockets (5 replies, posted in wolfSSL)

Posts found: 151 to 175 of 353