You are not logged in. Please login or register.
Active topics Unanswered topics
Welcome to the wolfSSL Forums!
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
References
Stable Releases - download stable product releases.
Development Branch - latest development branch on GitHub.
wolfSSL Manual - wolfSSL (formerly CyaSSL) product manual and API reference.
Search options
Greetings,
just being curious actually. What is the purpose/valid use-case for checking the signature that our own software (or hardware) has generated? It doesn't cause problems, since you can make a callback that always returns success, but I was wondering what was the idea behind this check, it looks pretty unique to wolfSSL.
Thanks!
Hi Kaleb,
thank you for your answer. That is the option I've been using so far. I believe it could be beneficial to be able to set the list in runtime instead of build time. This solves the problem in the short term though.
Thanks!
Actually, the problem with blank certificate is already fixed in master, it's the version in Ubuntu lagging somewhat behind (3.13.0). Everything is working now apart from https://www.wolfssl.com/forums/topic140 … phers.html
Would be great to add a sample with the callbacks to the docs, but didn't mean a feature request or something
Greetings,
I wonder whether wolfSSL allows for overriding the list of supported signature algorithms. My use case is integration of a crypto device that doesn't support RSA-PSS, and also the same device doesn't support signing sha512 hashes (don't ask why ). So I need to exclude psa_pss_rsae_sha256 and rsa_pkcs1_sha512 from the list of advertised algorithms. What would be the best way to do that?
Thanks in advance!
Greetings!
I'd like to use the callbacks too, and I'm a bit confused about the API. I want to use RsaSign callback instead of a plaintext key, but if I don't set the key with wolfSSL_CTX_use_PrivateKey_file() (which I obviously can't do, because the key is inside my device), then SendCertificate function will send an empty certificate, and the handshake will fail.
The client in examples/client/client.c kind of does both, which I don't quite understand. Would be grateful for a concise example with the callbacks/HSM.
Thanks!
Posts found: 5
Generated in 0.016 seconds (95% PHP - 5% DB) with 5 queries