You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by csg
Pages 1
I resolved this for now by patching libcurl to ignore a 0 result from SSL_set_session. Seems to work fine so far.
It looks to me as if there's a problem with the way libcurl is interacting with wolfSSL.
If libcurl has a cached session, it will try to call its SSL_set_session function. For the cyassl backend, this can fail if wolfSSL's SetSession determines that the session has timed out (wolfssl/src/ssl.c, line 6333).
When the backend (wolfSSL in this case) returns an error, curl gives up on that connection.
Still not sure why a connection is not reestablished after the error. It's up to the TLS library to decide when the session expires.
Hello,
The problem today is that wolfSSL stops communicating with the server after 10-20 minutes of success.
My application is using libcurl and I am using the 7.44.0 version of that library.
I am using a version of wolfSSL checked out yesterday morning (edc9a24).
With debug tracing on, I have tracked the error down to somewhere near the following sequence, which repeats for every failed request until the program is restarted.
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_set_session
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return 0
wolfSSL Entering ERR_error_string
wolfSSL Entering SSL_shutdown()
growing output bufferEmbed Send error
General error
wolfSSL error occured, error = -308
wolfSSL Entering SSL_free
CTX ref count not 0 yet, no free
Shrinking output bufferwolfSSL Entering BIO_free
wolfSSL Leaving SSL_free, return 0
wolfSSL Entering SSL_CTX_free
CTX ref count down to 0, doing full free
wolfSSL Entering wolfSSL_CertManagerFree
wolfSSL Leaving SSL_CTX_free, return 0
-308 is SOCKET_ERROR_E "error state on socket". Not sure what is causing this. The server side is stable, has hundreds of clients online for months at a time with a different TLS library. wolfSSL is new to me as is the libcurl glue, but libcurl only gives me "SSL connect error" (35) so I'm not sure if it would be productive to troubleshoot from that end.
Clues or suggestions would be much appreciated.
I got it working, after much mucking about. It turned out that I had an expired cert in my bundle.
I also fixed some asm errors with --without-pic in my configure line.
The example client and the curl command-line tool now connect successfully with verification enabled.
Ultimately I want to get an existing application using libcurl to use a libcurl linked with wolfSSL (on a PowerPC device). The curl command line utility was giving me an error 77. I did see http://www.yassl.com/forums/topic702-ca … ation.html, and I think I should be avoiding the problems there.
At the moment, I am trying to get the wolfSSL example client on my build machine (ubuntu trusty) to connect to a server and verify its certificate, but it seems I can't get the client to load any certificate bundle.
csg@ubuntu:/opt/external/wolfssl$ ./examples/client/.libs/client -x -h yahoo.com -p 443 -A /etc/ssl/certs/ca-certificates.crt
wolfSSL error: can't load ca file, Please run from wolfSSL home dirI am running this from the wolfSSL home directory. I have tried it with and without the -A option.
If I disable peer verification using -d, the client connects fine.
Here is my configure line:
./configure \
--prefix=/usr/local \
--enable-opensslextra \
--enable-aesgcm \
--enable-sha512 \
--enable-dh \
--enable-dsa \
--enable-ecc \
--enable-sni \
--enable-fastmath \
--enable-sessioncerts \
--enable-certgen \
--enable-testcert \
C_EXTRA_FLAGS="-DFP_MAX_BITS=16384 -DTFM_TIMING_RESISTANT"Can anyone suggest troubleshooting steps to zero in on the problem? Thanks.
Kaleb,
I am building the 7.44.0 tag from libcurl's git, so quite recent.
It may be true that curl does not use SSLv3 by default, but the abstraction layer supports SSLv3 so it is required at link time.
I solved the immediate problem by removing the SSLv3 case from libcurl's cyassl.c:
// case CURL_SSLVERSION_SSLv3:
// req_method = SSLv3_client_method();
// use_sni(FALSE);
// break;Thanks for the quick reply!
Chris
I am building wolfSSL and libcurl for an embedded application on PowerPC.
My configure line for wolfSSL is
./configure \
--host=powerpc-linux \
--prefix=/opt/vendor/usr/local \
--enable-opensslextra \
--enable-aesgcm \
--enable-sha512 \
--enable-dh \
--enable-dsa \
--enable-ecc \
--enable-sni \
--enable-fastmath \
--enable-sessioncerts \
--enable-certgen \
--enable-testcert \
C_EXTRA_FLAGS="-DFP_MAX_BITS=16384 -DTFM_TIMING_RESISTANT"Since my compiler is ancient, I have to remove -Werror from the Makefile, but otherwise this seems to build OK.
curl configuration seems OK, and the libraries build fine. The problem comes when we try to link the curl command line utility:
libtool: link: powerpc-linux-gcc -Os -Wno-unused -Wno-shadow -Wno-missing-declarations -Wno-missing-prototypes -o .libs/curl curl-tool_binmode.o curl-tool_bname.o curl-tool_cb_dbg.o curl-tool_cb_hdr.o curl-tool_cb_prg.o curl-tool_cb_rea.o curl-tool_cb_see.o curl-tool_cb_wrt.o curl-tool_cfgable.o curl-tool_convert.o curl-tool_dirhie.o curl-tool_doswin.o curl-tool_easysrc.o curl-tool_formparse.o curl-tool_getparam.o curl-tool_getpass.o curl-tool_help.o curl-tool_helpers.o curl-tool_homedir.o curl-tool_hugehelp.o curl-tool_libinfo.o curl-tool_main.o curl-tool_metalink.o curl-tool_mfiles.o curl-tool_msgs.o curl-tool_operate.o curl-tool_operhlp.o curl-tool_panykey.o curl-tool_paramhlp.o curl-tool_parsecfg.o curl-tool_strdup.o curl-tool_setopt.o curl-tool_sleep.o curl-tool_urlglob.o curl-tool_util.o curl-tool_vms.o curl-tool_writeenv.o curl-tool_writeout.o curl-tool_xattr.o ../lib/curl-strtoofft.o ../lib/curl-rawstr.o ../lib/curl-nonblock.o ../lib/curl-warnless.o -L/opt/sixnet/usr/local/lib ../lib/.libs/libcurl.so -lz -Wl,-rpath -Wl,/opt/sixnet/usr/local/lib
../lib/.libs/libcurl.so: undefined reference to `wolfSSLv3_client_method'
collect2: ld returned 1 exit statusWhat configure option do I need to provide wolfSSLv3_client_method in libwolfssl? I have no intention of using SSLv3, but curl wants it.
The end application will not use the curl command line tool, but I am having trouble with certificate bundle loading (the subject of an upcoming post) and I want the tool for troubleshooting.
Pages 1
wolfSSL - Embedded SSL Library → Posts by csg
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.053 seconds (98% PHP - 2% DB) with 5 queries