You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by embhorn
Hi Bogdan,
Please check your email for a response from our ZenDesk portal.
Thanks,
Eric @ wolfSSL Support
Hello beaverknight,
Thanks for joining the wolfSSL Forums. I've created a crude test app from your example. Could you please add error checking and supply the example key file to get a reproducible test case for us to evaluate?
Could you tell us a bit about your project and the intended goals?
Kind regards,
Eric @ wolfSSL Support
Hi Juan,
I'd suggest sending an email to support@wolfssl.com where we can better prioritize getting you some assistance.
Here is the pcap I mentioned earlier. Can you please provide the packet capture from the failed connection?
Here is a pcap of the wolfMQTT example awsiot running from linux. From your log, it seems there is a problem with the cipher change after the handshake. Can you please share the wolfSSL settings from configuration.h?
Ah, yes!
This works:
./examples/client/client -h api.abuseipdb.com -p 443 -g -S api.abuseipdb.com -v 4 -jHello BerHav,
Thanks for joining the wolfSSL Forums. I was able to reproduce the issue with the wolfSSL client example in linux. I'll review with the team tomorrow.
./examples/client/client -h api.abuseipdb.com -p 443 -g
connect state: CLIENT_HELLO_SENT
SSL version error
wolfSSL Entering SendAlert
growing output buffer
Shrinking output buffer
wolfSSL Leaving SendAlert, return 0
wolfSSL error occurred, error = 326 line:10162 file:src/internal.c
wolfSSL error occurred, error = 326 line:12350 file:src/ssl.c
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -326
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -326
wolfSSL Entering ERR_error_string
wolfSSL_connect error -326, record layer version errorOh, that's great! I think you'll find our repository of ATECC demos very useful:
https://github.com/wolfSSL/microchip-atecc-demos
Hi Pokemon,
Thanks for joining the wolfSSL Forums. Perhaps it would be helpful to review some SE implementations. Here is a good reference:
https://github.com/wolfSSL/wolfssl/tree … ort/silabs
https://github.com/wolfSSL/wolfssl/blob … labs_ecc.c
What platform is your SE using?
Thanks,
Eric @ wolfSSL Support
Hi Juan,
"-140" corresponds to a ASN_PARSE_E error. So yes, probably something is wrong in the cert buffer you are passing in.
Here is a perl script we use that coverts DER to a C array:
https://github.com/wolfSSL/wolfssl/blob … /dertoc.pl
You could also try getting the wolfMQTT AWS example to work first, then try modifying for your specific project:
https://github.com/wolfSSL/wolfMQTT/blo … s/awsiot.c
The example uses PEM certs / keys in buffers.
Thanks,
Its not perfect (maybe the debug log buffer gets overrun), but here is a sample of using the demo to connect to a local mosquitto broker with TLS enabled:
TCP/IP Stack: Initialization Started
TCP/IP Stack: Initialization Ended - success
Interface PIC32INT on host MCHPBOARD_E - NBNS disabled
Created the mqtt Commands
PIC32INT IP Address: 0.0.0.0
PIC32INT IP Address: 192.168.86.38
mqtt start
MQTT pub/sub demo has been started
>MQTT Task - Client Start: QoS 0, broker 192.168.86.43
MQTT Task - run message: WMQTT_NETGlue_Initialize, res: 0
MQTT Task - run message: MqttClient_Init, res: 0
MQTT Task - run message: MqttClient_SetDisconnectCallback, res: 0
WMQTT_NET_GLUE Info: Started Connect
WMQTT_NET_GLUE Info: Connected Successfully
WMQTT_NET_GLUE Info: Start TLS
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering SSLv23_client_method_ex
wolfSSL Entering wolfSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAltNames
Unsupported name type, skipping
wolfSSL Enter FreeingwolfSSL SignaturwolfSSL wolfSSL ShrinkinreceivedprocessiwolfSSL wolfSSL wolfSSL wolfSSL Leaving RsaVerify, return 51
wolfSSL Leaving DoServerKeyExchange, return 0
Shrinking input buffer
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakwolfSSL Leaving EccMakeKey, return 0
wolfSSL Entering EccSharedSecret
wolfSSL Leaving EccSharedSecret, return 0
growing output buffer
Shrinking output buffer
wolfSSL Leaving SendClientKeyExchange, return 0
sent: client key exchange
connect state: FIRST_REPLY_SECOND
connect state: FIRST_REPLY_THIRD
growing output buffer
Shrinking output buffer
sent: change cipher spec
connect state: FIRST_REPLY_FOURTH
wolfSSL Entering SendFinished
growing output buffer
wolfSSL Entering BuildMessage
wolfSSL Leaving BuildMessage, return 0
Shrinking output buffer
wolfSSL Leaving SendFinished, return 0
sent: finished
connect state: FINISHED_DONE
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolwolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL receivedwolfSSL wolfSSL wolfSSL wolfSSL wolfSSL MQTT TaswolfSSL wolfSSL wolfSSL wolfSSL MQTT TasOkay, I've enabled debug by using a custom logging function:
In Harmony3\net_apps_pic32mz\apps\wolfmqtt_demo\firmware\src\config\pic32mz_ef_sk\net_pres\pres\net_pres_enc_glue.c
Add the debug header:
#include "system/debug/sys_debug.h"Add just before NET_PRES_EncProviderStreamClientInit0
void NET_PRES_LogFunc(const int logLevel, const char *const logMessage)
{
/* Skip WANT_READ and WANT_WRITE errors */
if ((strstr("-323", logMessage) == NULL) &&
(strstr("-327", logMessage) == NULL))
SYS_CONSOLE_PRINT("%s\r\n", logMessage);
}Then in NET_PRES_EncProviderStreamClientInit0, add the section #ifdef DEBUG_WOLFSSL
bool NET_PRES_EncProviderStreamClientInit0(NET_PRES_TransportObject * transObject)
{
const uint8_t * caCertsPtr;
int32_t caCertsLen;
if (!NET_PRES_CertStoreGetCACerts(&caCertsPtr, &caCertsLen, 0))
{
return false;
}
if (_net_pres_wolfsslUsers == 0)
{
#ifdef DEBUG_WOLFSSL
wolfSSL_SetLoggingCb(NET_PRES_LogFunc);
wolfSSL_Debugging_ON();
#endif
wolfSSL_Init();
_net_pres_wolfsslUsers++;
}Lastly, add "#define DEBUG_WOLFSSL" to configuration.h
Yeah, I am going back and trying to enable debug logging in my MCH project, and it is not trivial!
For using the AWS example, it is somewhat complicated by the `NET_GLUE` layer that MCH added. But you should be able to figure out which parts are different by reviewing the example:
https://github.com/wolfSSL/wolfMQTT/blo … s/awsiot.c
You should pay attention to the `mqtt_aws_tls_cb` and the `mqtt_aws_tls_verify_cb`. Also note that the topic must include the AWS device name (see `AWSIOT_PUBLISH_TOPIC` in the example).
For a private key, you can use wolfTPM2_RsaDecrypt
Hello Juan,
Thanks for reaching out. Great to hear that you are back to using wolfMQTT.
Could you enable DEBUG_WOLFSSL in the configuration and add a line to the application to call to wolfSSL_Debugging_ON(). This will enable debug logging for wolfSSL.
Thanks,
Eric @ wolfSSL Support
Hello Federico,
We are delighted to hear that you are finding the wolfTPM library useful!
To accomplish an encrypt operation without padding, you can use wolfTPM2_RsaEncrypt with the padScheme parameter set to TPM_ALG_NULL.
Here is an example:
https://github.com/wolfSSL/wolfTPM/blob … #L326-L342
Let us know if there are questions.
Thanks,
Eric @ wolfSSL Support
Hello Scotty,
The callback is being triggered for each error encountered. There are checks for "valid-from" and "expiration", each could be triggered if the system time and date are invalid.
You can override the date errors like this:
https://github.com/wolfSSL/wolfssl/blob … st.h#L2829
Or is you know the time will always be invalid, you can bypass cert date checking in the wolfSSL config by defining `NO_ASN_TIME`.
I'll review the CA signer issue with the team tomorrow. I suspect it could be the order that the certs are loaded. Could you please enable debug logging and share the log showing the signer error?
Thanks,
Eric @ wolfSSL Support
Hello stroebeljc,
Certainly! Here is an example from our repository:
https://github.com/wolfSSL/wolfssl-exam … mple.c#L67
Let us know if there are questions.
Thanks,
Eric @ wolfSSL Support
Responding in ZenDesk ticket
Hi Denis,
Would you please send an email to support@wolfssl.com referencing this issue?
Thanks,
Eric @ wolfSSL Support
Hello Anika,
Thanks for joining the wolfSSL Forums. If you do not require support for TLS protocol, you can greatly reduce the size with
--enable-cryptonlyThis should also alleviate some of the component dependencies you were seeing.
Let us know if there are further questions.
Thanks,
Eric @ wolfSSL Support
The server is expecting the data channel to resume the session. You'll need to save the session from the first connection, and then set the session before doing the second connection.
Here is an example:
https://github.com/wolfSSL/wolfssl-exam … s-resume.c
Hi Davide,
This is a bit more complex problem than what should be supported in a forum post. Could you please open a formal support ticket by emailing support@wolfssl.com?
Thanks,
Eric
Hello lili,
Thanks for your post. PSK is used to negotiate the first connection handshake. If sessions are enabled, the server will provide a session key (or ticket) that can be to quickly resume the connection without the full handshake.
Here is an example:
https://github.com/wolfSSL/wolfssl-exam … s-resume.c
Kind regards,
Eric @ wolfSSL Support
Hello zyhaha,
Thanks for joining the wolfSSL Forums. It sounds like the server is expecting the client to use a session ticket to renegotiate the connection. Could you please share a pcap of the first and second connections?
Kind regards,
Eric @ wolfSSL Support
wolfSSL - Embedded SSL Library → Posts by embhorn
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.012 seconds (53% PHP - 47% DB) with 5 queries