You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by embhorn
Hi Adam,
Thanks for contacting wolfSSL Support. I have requested a review of this topic by our engineers.
Kind regards,
Eric - wolfSSL Support
Hi Happy,
Thanks for you interest in the wolfCLU project. Did you configure wolfSSL with --enable-crl ?
The CRL parser is capable of handling the command you mentioned:
./wolfssl crl -help
./wolfssl crl
-CAfile <ca file name>
-inform pem or der in format
-in the file to read from
-outform pem or der out format
-out output file to write to
-noout do not print output if set
-text output human readable text of CRLHi Robert,
Welcome to the wolfSSL Forums. Did you init the client structure?
https://github.com/wolfSSL/wolfMQTT/blo … #L211-L213
Could you tell us a bit about your project using wolfMQTT?
Thanks,
Eric - wolfSSL Support
Hi David,
Welcome to the wolfSSL Forums! Sounds like a very interesting project!
We do support SSL_set_session and SSL_get_session, and a quick look at the OpenSSL code shows that is the buik of the work being done in SSL_copy_session_id.
You could give it a shot at implementing the compatibility API, or if you'd like, you can email us at support@wolfssl.com to open a feature request.
Thanks,
Eric - wolfSSL Support
The "100Kb" footprint was achieved with a limited build only supporting pre-shared keys. In order to support certificates for normal TLS, you will need to adjust your footprint expectations. Is PSK a viable path forward for your project?
Hello Happy,
Do you have WOLFSSL_CRL_ALLOW_MISSING_CDP defined in the config, or are you using the callback to override the failure?
If you believe this to be a bug, please email support@wolfssl.com to create a ticket in our support system.
Thanks,
Eric - wolfSSL Support
Hello sasitzar
Welcome to the wolfSSL forums. wolfHSM can utilize wolfCrypt to employ software versions of these PQC algorithms. I'll loop in an engineer for more insights.
Kind regards,
Eric - wolfSSL Support
Since this is a commercial effort, I recommend creating a free presales support ticket by emailing support@wolfssl.com
From there we can help you determine why the broker is sending the alert.
Thanks,
Eric
Hi tritdm
Welcome to the wolfSSL Forums. Could you tell us a bit about you project using wolfMQTT?
It seems like the broker is disconnecting during the TLS handshake? Is this a publicly available broker? You are using a non-standard port. Secure MQTT generally uses port 8883. It may be that the server requires an SNI extension. Here is an example of setting that up:
https://github.com/wolfSSL/wolfMQTT/blo … #L717-L725
Kind regards,
Eric - wolfSSL Support
So if you are not using the autotools configure command, then you should be configuring with a file called user_settings.h and passing WOLFSSL_USER_SETTINGS to the project building wolfSSL. In this case there will not be an options.h file used.
Also, be sure that `WOLFSSL_DER_TO_PEM` is defined using a CFLAG when configuring wolfSSL:
./configure CFLAGS="-DWOLFSSL_DER_TO_PEM"Hi vainn48
Welcome to the wolfSSL forums. Try switching the includes so that the options.h comes before any other wolfSSL headers.
#include <wolfssl.h>
#include <wolfssl/options.h>Is this for a personal project?
Thanks,
Eric - wolfSSL Support
Hi Sunnysunday,
I have requested a review of this topic by our engineers.
Thanks,
Eric - wolfSSL Support
With cmake, you want to use the `WOLFSSL_CRL` option:
add_option(WOLFSSL_CRL
"Enable CRL (Use =io for inline CRL HTTP GET) (default: disabled)"
"no" "yes;no;io")Hi Happy,
There could be a configuration issue. `HAVE_CRL` needs to be defined in user_settings.h (or `--enable-crl` if using ./configure).
Share your wolfSSL configuration if the issue persists.
Thanks,
Eric - wolfSSL Support
Hi Gabriel,
Thanks for pointing out this issue with the documentation. I've opened a PR here:
https://github.com/wolfSSL/wolfssl/pull/8102
Kind regards,
Eric - wolfSSL Support
Yes, the Zephyr port just builds against the main wolfSSL project, so it will be supported.
For the STM32, you should check out our STM32IDE CubePack for wolfMQTT:
https://www.wolfssl.com/files/ide/I-CUBE-wolfMQTT.pack
Hello Anna,
Welcome to the wolfSSL Forums. We do not currently support MLKEM. I would be glad to assist you in making an official feature request. Please send an email to support@wolfssl.com and I will help you get started.
Kind regards,
Eric - wolfSSL Support
Hi MO380,
FreeRTOS should work with the POSIX interface:
https://freertos.org/Documentation/03-L … 04-pthread
If you want to use the native API, you would need to set up those macros.
Thanks,
Eric - wolfSSL Support
Hi iskim,
Welcome to the wolfSSL Forums.
The MQTT protocol uses a keep-alive message called a ping to sustain the communication channel between a client and the broker. During the client connect, the keep_alive_sec field is sent to broker, which uses that to determine if the client has lost it's connection. Some brokers use that value (in seconds) times 1.5 to finally disconnect the client. If your client is not sending the ping (or ping response) within the time frame negotiated, then the broker will disconnect the client.
> - Under what circumstances does WolfMQTT trigger a NETWORK error?
A network timeout can occur when the client attempts to read or write data to the network, but the operation takes too long. This is configurable with the timeout_ms parameter when calling MqttClient_NetConnect.
> - Are there any specific configurations or common pitfalls that I should look into to prevent this kind of disconnection?
A network error might not even be on client side. The application should handle network problems gracefully and allow reconnection attempts.
Could you tell us more about your MQTT project and your location for our support records? Feel free to email us at support@wolfssl.com for a more private conversation.
Kind regards,
Eric - wolfSSL Support
Hi Andids
Welcome to the wolfSSL Forums.
Could you tell us a bit about your Curl project and your location for our support records?
Did you review the Cmake instructions?
https://github.com/curl/curl/blob/maste … L-CMAKE.md
Thanks,
Eric - wolfSSL Support
Hi Dwayne,
Thanks for sharing these details. AWS has several requirements for TLS versions and extensions. It might be worthwhile to try updating the wolfSSL version. The latest release is v5.7.2
If this is related to a commercial project, you should open a new issue by emailing support@wolfssl.com or through the zendesk portal at https://wolfssl.zendesk.com.
Hi Dwayne,
Welcome to the wolfSSL Forums.
Could you tell us a bit about your project and your location for our support records?
There is not a clear error in the log you shared. It could be that the peer sent an alert, but I would have expected to see that recorded in the log. Are you able to generate a packet capture of the failing handshake?
We always recommend using the latest version of the library. Often we have already resolved issues that you may be experiencing.
Is this a new failure that was previously working? Do you know what changed?
Lastly, if you'd prefer, you can open a support ticket by emailing support@wolfssl.com
Thanks,
Eric - wolfSSL Support
Hello Victor,
Welcome to the wolfSSL Forums.
We were excited to see ExpressVPN utilize some of our latest developments, DTLS 1.3 in particular:
https://www.wolfssl.com/expressvpn-is-t … a-wolfssl/
And in fact, the lightway-core is open source!
https://github.com/expressvpn/lightway-core
Could you tell us a bit about your project and your location for our support records?
Thanks,
Eric - wolfSSL Support
wolfSSL - Embedded SSL Library → Posts by embhorn
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.023 seconds (80% PHP - 20% DB) with 4 queries