Hi dtiemann,
A return value of -4 is an SSL_BAD_FILE error. Can you double check the formatting of your PEM string? You should have the header and footer and you should have lines separated with a LF or CRLF.
Regards,
Chris
You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by chrisc
Hi dtiemann,
A return value of -4 is an SSL_BAD_FILE error. Can you double check the formatting of your PEM string? You should have the header and footer and you should have lines separated with a LF or CRLF.
Regards,
Chris
Hi raphaell,
Can you try using C_EXTRA_FLAGS instead of CFLAGS when configuring wolfSSL embedded SSL?
A while back we switched reading additional flags in from the user from CFLAGS to C_EXTRA_FLAGS to avoid conflicts with modifications we have made to the ./configure system.
Thanks,
Chris
Hi Mor,
It looks like WOLFSSL_CALLBACKS doesn't currently support Windows, as like you noted, it uses <sys/time.h>. Will you need to use WOLFSSL_CALLBACKS? The handshake callback (WOLFSSL_CALLBACKS) is intended for embedded systems for debugging support. That is, when a good debugger isn't available and sniffing is impractical. It basically allows a trace of the handshake embedded SSL.
Regards,
Chris
Hi dtiemann,
wolfSSL_KeyPemToDer() is currently only compiled into wolfSSL if our OpenSSL compatibility layer has been defined when building wolfSSL.
You can enable the compatibility layer by using the --enable-opensslextra ./configure option, or by adding OPENSSL_EXTRA to your list of preprocessor flags.
Can you give this a try and let me know if it works for you?
Thanks,
Chris
Hi Everyone,
Just a quick note that we now have our updated wolfSSL Porting Guide online, with a PDF version available for download:
http://yassl.com/yaSSL/Docs-cyassl-porting-guide.html
Please let us know if you have any questions.
Best Regards,
Chris
Hi,
wolfSSL's OpenSSL compatibility layer was designed to make porting into existing OpenSSL applications easier, but is far from complete. It maps roughly the most-used 300 OpenSSL functions to the native wolfSSL API, where OpenSSL has over 4,000 in total.
It sounds like the functions you have listed are related to certificate generation. For an example of how wolfSSL does certificate generation, see ./ctaocrypt/test/test.c, specifically the code inside of the #ifdef WOLFSSL_CERT_GEN define of rsa_test().
a. SSL_get_privatekey
wolfSSL doesn't currently support this function. For certificate generation, wolfSSL uses an RsaKey structure, which contains a RSA private key. A private key buffer (in DER format) can be loaded into an RsaKey structure using the RsaPrivateKeyDecode() function.
b. X509_set_version
In OpenSSL, this function lets the application set the X.509 certificate version to use. wolfSSL embedded SSL only supports X.509 V3 certificate generation. As such, this function is not needed with wolfSSL.
c. X509_set_serialNumber
When doing certificate generation with wolfSSL, the serial number can be set directly by the user when filling in the "Cert" structure.
d. X509_NAME_add_entry_by_txt
Like the previous function, certificate fields can be set directly by the user when filling in the "Cert" structure.
e. X509_sign
wolfSSL's equivalent to X509_sign() would be the SignCert() function, with usage shown in rsa_test() of test.c.
Best Regards,
Chris
Hi Bart and Roberto,
You should both be receiving the wolfSSL Porting Guide in your email inbox soon.
Thanks,
Chris
Hi Lukas,
We haven't found time yet to add support for secure renegotiation, but it's still on our list.
Best Regards,
Chris
Hi Zeddi,
That will be fixed in the next wolfSSL release. We updated it in our GitHub repository a couple days ago (https://github.com/cyassl/cyassl/commit … 59e45b02c8), so feel free to use the updated certificate found there.
Best Regards,
Chris
Hi Gnate,
Hopefully I'll get time to publish the guide on our website soon. I'll email it over to you for your reference.
Regarding integrating wolfSSL with LwIP, wolfSSL currently can use LwIP out-of-the-box when WOLFSSL_LWIP is defined - as long as LwIP is using the BSD style socket API.
If you need to use the RAW LwIP API, like you mentioned above, you'll have to write and register your own I/O callbacks with wolfSSL. Info about I/O callbacks can be found in Section 5.1.2 of the wolfSSL Manual (http://yassl.com/yaSSL/Docs-cyassl-manu … ility.html). If you run into any questions, feel free to reach out to us at support@wolfssl.com.
Best Regards,
Chris
Hi Daniel,
You are correct in your findings. Our client/server examples currently assume that there will be a file system available. We'll need to work on making those easier to use in filesystem-less environments.
You'd need to use the buffer loading functions to load your certificates and keys instead of the file loading functions, ie:
wolfSSL_CTX_load_verify_buffer
wolfSSL_CTX_use_certificate_buffer
wolfSSL_CTX_use_PrivateKey_buffer
etc.
Best Regards,
Chris
Hi abak2409,
I just sent you a PM.
Best Regards,
Chris
Hi,
This seems to be an issue where the CURL configure system isn't setting SIZEOF_LONG_LONG for your platform. I'll look into it and get back to you with a more permanent solution, but as a temporary fix, you can define SIZEOF_LONG_LONG manually during CURL's ./configure process, making your ./configure line similar to:
./configure CFLAGS=-DSIZEOF_LONG_LONG=8 --prefix=/home/chris/installed_library/curl-7.32.0 --without-ssl --with-cyassl==/home/chris/installed_library/cyassl-2.8.0
where sizeof(long long) would equal 8 on your platform.
Best Regards,
Chris
Hi Yun,
Your understanding of RsaPrivateKeyDecode() is correct. It is used to decode a key from a DER format into an RsaKey structure.
SSL_FILETYPE_RAW is used with NTRU (a separate public key algorithm which CyaSSL supports). DER format is indicated by SSL_FILETYPE_ASN1.
Best Regards,
Chris
Hi Robin,
You should be receiving the porting guide via email shortly.
Best Regards,
Chris
Hi,
Currently wolfSSL embedded SSL doesn't have the ability to generate a CSR. We have had a few inquiries recently about CSR generation though. Are you able to share any details about the project you are working on?
Thanks,
Chris
Hi SLR,
At the moment, it isn't available on our site yet. We have plans of getting it posted, but until then, I'll just send it to you in an email.
Best Regards,
Chris
Hi ctb,
Yes, the AesEncryptDirect() and AesDecryptDirect() functions just do a direct ECB-mode AES operation. These are left out of the documentation because ECB (Electronic codebook) mode is not regarded as very secure. If you take a look at the penguin image on the following Wikipedia page under the "ECB" section, you will see that it doesn't hide patterns very well:
https://en.wikipedia.org/wiki/Block_cip … _operation
Best Regards,
Chris
Spoke too soon... should be updated now.
Thanks,
Chris
Hi ctb,
It looks like this has been fixed post-5.2.1. You can view our most current version of the CTaoCrypt usage reference online, here: http://yassl.com/yaSSL/Docs-cyassl-manu … rence.html.
A new version of the PDF Manual will be released with our upcoming 2.8.0 release.
Thanks,
Chris
Hi Hans-Jürgen,
The reason that OpenSSL worked in this case is because when s_client received the client certificate request, it was sending a blank client certificate automatically (without you having to load one). With wolfSSL 2.7.0 on the other hand, if the application didn't load a client certificate, and the server requested one, wolfSSL wouldn't send a blank client certificate with TLS 1.0 or TLS 1.1 because it wasn't required by the RFC. Only with TLS 1.2 (as required).
We just fixed this issue as of this commit (https://github.com/cyassl/cyassl/commit … 6e99d21ac6). If you update to our latest GitHub code, your connection should now work as expected. wolfSSL will now send a blank client certificate for TLS 1.0, 1.1, and 1.2 if the server requests one and the application has not loaded a client certificate.
Best Regards,
Chris
Hi Steffen,
Can you check to make sure you have the same preprocessor flags set in both your CyaSSL project file as well as your ConsoleApplication2 project file? A mismatch in these will cause the internal Sha structure sizes to differ, thus causing problems.
Thanks,
Chris
WolfSSL can be used with the LwIP stack, and is generally fairly easy to get running on a variety of processors. To use wolfSSL with LwIP, you'll need to define CYASSL_LWIP in <cyassl_root>/cyassl/ctaocrypt/settings.h when compiling wolfSSL. By default, wolfSSL uses the LwIP BSD Socket API. You'll need to have this enabled in your LwIP stack.
Regarding getting wolfSSL embedded SSL running on your processors, you'll need to make sure that you:
1) Define SIZEOF_LONG and SIZEOF_LONG_LONG to match the output of sizeof(long) and sizeof(long long) respectively for your platform
2) Set the correct endianness for your processor. Define BIG_ENDIAN_ORDER if big endian, otherwise define LITTLE_ENDIAN_ORDER if little endian.
Hi,
You'll need to do a couple of things to build the existing Visual Studio wolfSSL project file with NO_RSA and HAVE_ECC:
1. In the Visual Studio project file for wolfSSL embedded SSL, you'll need to add NO_RSA and HAVE_ECC to the Preprocessor Definitions.
2. You'll need to remove the OPENSSL_EXTRA define already listed in the preprocessor definitions in the project settings.
3. You'll need to add the ./ctaocrypt/src/ecc.c source file to the "Source Files" list in Visual Studio.
4. Clean and re-build the wolfSSL project.
Best Regards,
Chris
Hi Hans-Jürgen,
Ok, thanks for the clarification. I'm glad we were able to get things figured out!
Best Regards,
Chris
wolfSSL - Embedded SSL Library → Posts by chrisc
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.028 seconds (70% PHP - 30% DB) with 5 queries