1 Reply by Bitgid

(5 replies, posted in wolfSSL)

Hey,
this example we want to test Deffie Hellman on random server
exactly this : DH-RSA-AES128-GCM-SHA256
we use this command line and we see wireshark :
openssl s_client -cipher DH -connect yoursite.com:443 -msg -debug treadmills.
Bitg

Go to forum: wolfSSL

2 Reply by Bitgid

(10 replies, posted in wolfSSL)

amirmaim wrote:

Thanks Bitgid, but I've seen this manual and the answer to my question is not there.

to clarify: assuming we have 3 certificates A->B->C (A signed B, B signed C), where A is self-signed certificate, is there a way to load B as the my trust anchor, and allow WOLFSSL to authenticate C only with B (that is, without self-signed certificate)?

this behavior will be equivalent to OPENSSL with "partial_chain" flag.

anyway, thanks!

Amir

Oh,ok.I will try search more infor for you!

Go to forum: wolfSSL

3 Reply by Bitgid

(10 replies, posted in wolfSSL)

amirmaim wrote:

Hello,

OPENSSL provide the flag "partial_chain" that allow non self signed certificates to be used as CA, and verify certificates signed by one of those non self signed CA certificates. also, with "partial_chain" a non self signed CA can verify itself (which I'm not sure that is a private case of the partial chain verification rule).

is there a similar behavior supported by WOLFSSL? I'm looking for partial chain verification, self-verification, or both.

I know there is possibility to overwrite the verification result with verify_cb mechanism but I want to use WOLFSSL verification schemes. maybe I can call relevant WOLFSSL function from inside my verify_cb?

Thanks!

Amir

p.s.
without the flag, OPENSSL return "unable to get local issuer certificate". WOLFSSL return -188 (ASN_NO_SIGNER_E).

Hey,Amir.
Check out this manual.
https://www.wolfssl.com/docs/wolfssl-manual/ch7/
There are several good and useful answers.
And a special thank to Bitcohen.
Regards BG!

Go to forum: wolfSSL