You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by embhorn
For a private key, you can use wolfTPM2_RsaDecrypt
Hello Juan,
Thanks for reaching out. Great to hear that you are back to using wolfMQTT.
Could you enable DEBUG_WOLFSSL in the configuration and add a line to the application to call to wolfSSL_Debugging_ON(). This will enable debug logging for wolfSSL.
Thanks,
Eric @ wolfSSL Support
Hello Federico,
We are delighted to hear that you are finding the wolfTPM library useful!
To accomplish an encrypt operation without padding, you can use wolfTPM2_RsaEncrypt with the padScheme parameter set to TPM_ALG_NULL.
Here is an example:
https://github.com/wolfSSL/wolfTPM/blob … #L326-L342
Let us know if there are questions.
Thanks,
Eric @ wolfSSL Support
Hello Scotty,
The callback is being triggered for each error encountered. There are checks for "valid-from" and "expiration", each could be triggered if the system time and date are invalid.
You can override the date errors like this:
https://github.com/wolfSSL/wolfssl/blob … st.h#L2829
Or is you know the time will always be invalid, you can bypass cert date checking in the wolfSSL config by defining `NO_ASN_TIME`.
I'll review the CA signer issue with the team tomorrow. I suspect it could be the order that the certs are loaded. Could you please enable debug logging and share the log showing the signer error?
Thanks,
Eric @ wolfSSL Support
Hello stroebeljc,
Certainly! Here is an example from our repository:
https://github.com/wolfSSL/wolfssl-exam … mple.c#L67
Let us know if there are questions.
Thanks,
Eric @ wolfSSL Support
Responding in ZenDesk ticket
Hi Denis,
Would you please send an email to support@wolfssl.com referencing this issue?
Thanks,
Eric @ wolfSSL Support
Hello Anika,
Thanks for joining the wolfSSL Forums. If you do not require support for TLS protocol, you can greatly reduce the size with
--enable-cryptonlyThis should also alleviate some of the component dependencies you were seeing.
Let us know if there are further questions.
Thanks,
Eric @ wolfSSL Support
The server is expecting the data channel to resume the session. You'll need to save the session from the first connection, and then set the session before doing the second connection.
Here is an example:
https://github.com/wolfSSL/wolfssl-exam … s-resume.c
Hi Davide,
This is a bit more complex problem than what should be supported in a forum post. Could you please open a formal support ticket by emailing support@wolfssl.com?
Thanks,
Eric
Hello lili,
Thanks for your post. PSK is used to negotiate the first connection handshake. If sessions are enabled, the server will provide a session key (or ticket) that can be to quickly resume the connection without the full handshake.
Here is an example:
https://github.com/wolfSSL/wolfssl-exam … s-resume.c
Kind regards,
Eric @ wolfSSL Support
Hello zyhaha,
Thanks for joining the wolfSSL Forums. It sounds like the server is expecting the client to use a session ticket to renegotiate the connection. Could you please share a pcap of the first and second connections?
Kind regards,
Eric @ wolfSSL Support
Hello Ahmed,
Thanks for also emailing wolfSSL support. I've responded to your questions from our ZenDesk portal.
Kind regards,
Eric @ wolfSSL Support
Hello cachristiansen
Thanks for joining the forum. In order to provide highest priority support, we recommend emailing support@wolfssl.com with your questions.
The default implementation of wc_RNG_GenerateBlock will use the TSIP RNG via the seed operation. You can implement you r own block RNG function by defining CUSTOM_RAND_GENERATE_BLOCK.
Thanks,
Eric @ wolfSSL Support
Hello Davide,
Thanks for joining the wolfSSL forums. The timeout error simply indicates that the client has been inactive long enough that it needs to send a ping to the broker to maintain the connection. It is an informative error.
Could you tell us more about your project and goals with wolfMQTT?
Thanks,
Eric @ wolfSSL Support
Hello Malik,
Thanks for joining the wolfSSL Forums.
The -322 code corresponds to the following error in wolfssl/error-ssl.h
DOMAIN_NAME_MISMATCH = -322, /* peer subject name mismatch */The error code DOMAIN_NAME_MISMATCH would make sense if you are using a certificate issued for one domain with a different domain.
Could you please provide some more details such as the domains in question, the cert(s) in question and how we might reproduce on our end?
Do you have a site accessible that we can test against and a copy of the certificate in question?
Kind regards,
Eric @ wolfSSL Support
Hi beaveryoga,
Excellent, thanks for sharing this! Were there any issues or changes required?
Kind regards,
Eric @ wolfSSL Support
Hello celov65111
Welcome and thanks for joining the wolfSSL Forums. I moved this topic to the wolfTPM section, under the assumption that you are using wolfTPM to access the TPM device. Please correct me if I am mistaken.
Here is an example of reading a key from nvram:
https://github.com/wolfSSL/wolfTPM/blob … ram/read.c
Let us know if there are any questions.
Kind regards,
Eric @ wolfSSL Support
Hi labonte_d
Thanks for contacting wolfSSL Support. The compatibility layer of wolfSSL is intended to cover the most widely used OpenSSL API, but there are some gaps. I can open open a feature request for implementing the BIO_TYPE_SOCKET type if you'd like. I'd suggest adding the type define and seeing if there are further issues.
For the SHA224_Init issues, I do see that SHA224_Init is defined to wolfSSL_SHA224_Init in wolfssl/wolfssl/openssl/sha.h
Does realm-core/src/realm/util/encrypted_file_mapping.cpp include options.h before any other wolfSSL headers?
Thanks,
Eric @ wolfSSL Support
Hello Manaury,
We have an excellent PKCS12 example that parses out the key and cert:
https://github.com/wolfSSL/wolfssl-exam … pto/pkcs12
(I replied to your support ticket, but I am copying the response here for posterity.)
Hello Rafa,
Welcome to the wolfSSL Forums. Yes, you are absolutely on the right track. The network layer of wolfMQTT is transport agnostic. Here is an example of a UART port:
https://github.com/wolfSSL/wolfMQTT/blo … mqttuart.c
You'll notice the network layer only requires a structure and a few functions.
Let us know if there are questions and feel free to email support@wolfssl.com for priority pre-sales support.
Thanks,
Eric @ wolfSSL Support
> lws cannot find wolfSSL_X509_VERIFY_PARAM_set1_host
This is quite odd. The macro `OPENSSL_EXTRA` is the only define gating the definition. Maybe try with
-DWOLFSSL_OPENSSLEXTRA=yesinstead of using the CFLAG value.
Hi r-type,
Yes, you can modify the CMakeLists.txt. Our CMake build is a work-in-progress. Alternatively, you can also pass in wolfSSL build options like this:
cmake ../wolfssl -DCMAKE_C_FLAGS_INIT='-DWOLFSSL_LIBWEBSOCKETS -DHAVE_EX_DATA -DOPENSSL_NO_EC'Hi Angelo,
We do have some newer documentation that is prerelease. I can share this with you if you can send a request to support@wolfssl.com
Hello Angelo,
Thanks for joining the wolfSSL Support Forum. I know the CAAM driver has to be specially built and linked in order for wolfSSL to access the driver. Please see the instructions here:
https://github.com/wolfSSL/wolfssl/blob … am_doc.pdf
I will check about the intended usage of the configure option `--enable-caam`
Thanks,
Eric @ wolfSSL Support
wolfSSL - Embedded SSL Library → Posts by embhorn
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.031 seconds (76% PHP - 24% DB) with 4 queries