1

(3 replies, posted in wolfSSL)

Yes, by 2 way SSL handshake I mean client certificate authentication. I am using wolfSSL library with my https servers developed in C. At present I am using self-signed certificate (created using openssl) on server side. The client code is developed in Java and its also using self-signed certificates. The server will challenge client for SSL certificate and will validate the certificate provided by client using the chain certificate configured on server side. This flow works fine with one client but as soon as we try with multiple simultaneous clients we see failures. On server side we are doing "X509* peer = SSL_get_peer_certificate(ssl);" to get peer certificate and this is failing in case of multiple simultaneous clients. With just one client we are able to make multiple sequential requests without any problem.

On server side we are doing following

{
SSL_CTX* ctx;
ctx = SSL_CTX_new(TLSv1_server_method());

InitCyaSSL();
CyaSSL_SetIOSend (ctx, SSLSend);  //SSLSend function is defined below
CyaSSL_SetIORecv (ctx, SSLReceive); //SSLReceive function is defined below

SSL_CTX_use_certificate_file(ctx, serverCertFile, SSL_FILETYPE_PEM)
SSL_CTX_use_PrivateKey_file(ctx, serverKeyFile, SSL_FILETYPE_PEM)

SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
SSL_CTX_load_verify_locations(ctx, clientCertChainFile, 0);
...
// Code to accept client connections
SSL* ssl;
SSL_accept(ssl);
...
CyaSSL_SetIOReadCtx (ssl, &io);
CyaSSL_SetIOWriteCtx (ssl, &io);

X509* peer = SSL_get_peer_certificate(ssl);
if(peer != NULL)
      //printf error - This is what is getting printed in case of multiple connections
SSL_shutdown(ssl);
SSL_free(ssl);
...
FreeCyaSSL();
}

*************************************************************************
IO handler for reading from libtask/libevent
***********************************************************************/
        static int SSLReceive(char *buf, int sz, void *ctx)
        {
                SocketIO& io = *(SocketIO*) ctx;
                int recvd = sdread1 (io.fd, buf, sz, io.readtime);
                ....
        }

        /***********************************************************************

                 IO handler for writing to libtask/libevent

        ***********************************************************************/
        static int SSLSend(char *buf, int sz, void *ctx)
        {
                SocketIO& io = *(SocketIO*) ctx;
                int sent = sdwrite(io.fd, buf, sz, io.writetime);
                ...
        }

Will greatly appreciate if you can point me if i am doing some thing wrong, so missing some calls? Thanks

2

(3 replies, posted in wolfSSL)

I am trying to use wolfSSL with my https server which does 2 way ssl handshake or client ssl handshake. When I try with one client its asking for client cert and validates the certificate fine on server side. But when I try with multiple clients its not working

SSL_CTX* ctx;

ctx = SSL_CTX_new(TLSv1_server_method());

InitCyaSSL();
CyaSSL_SetIOSend (ctx, SSLSend);
CyaSSL_SetIORecv (ctx, SSLReceive);
...
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
...
X509* peer = SSL_get_peer_certificate(ssl);
...
...
static int SSLReceive(char *buf, int sz, void *ctx)
static int SSLSend(char *buf, int sz, void *ctx)

Will greatly appreciate if some one can point me to how to setup wolfSSL for my requirement.

Thanks,
Manoj Dhoble