Hi David,
Just wanted to report back my findings. I was able to get past the -4 WOLFSSL_BAD_FILE error by using wolfSSL_use_PrivateKey_buffer and passing it a buffer in PEM format.
You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by sergiop
Pages 1
Hi David,
Just wanted to report back my findings. I was able to get past the -4 WOLFSSL_BAD_FILE error by using wolfSSL_use_PrivateKey_buffer and passing it a buffer in PEM format.
Hi,
I'm having an issue similar to https://www.wolfssl.com/forums/topic144 … enssl.html. A bit of context: I have a proxy that inspects TLS traffic, so for every connection I need to generate an interception certificate and set it (along with a private key) on the client connection. At the moment it's working well with OpenSSL, but as soon as I switch to WolfSSL I'm getting errors setting the private key.
The private key is generated by RSA_generate_key, but when I try to set the key with SSL_use_PrivateKey on the SSL object I'm seeing a -4 WOLFSSL_BAD_FILE error.
The relevant code is:
RSA *pkey = RSA_generate_key(2048, RSA_F4, NULL, NULL);
EVP_PKEY* clientKeyPair = EVP_PKEY_new();
EVP_PKEY_assign_RSA(clientKeyPair, pkey);
// ...
// Client certificate generation
X509* cert = X509_new();
// Set issuer, subject, notAfter, notBefore, extensions and serial...
X509_set_pubkey(cert, clientKeyPair);
// ...
// Later on
SSL_use_certificate(ssl, cert);
SSL_use_PrivateKey(ssl, clientKeyPair); // <-- Fails with -4
...
I'm building WolfSSL with --enable-keygen, but I get the same error if I use PEM_read_bio_RSAPrivateKey to use a pre-generated key instead of RSA_generate_key.
Other flags I'm passing to configure are --enable-apachehttpd --enable-opensslall --enable-opensslextra --enable-asio.
Am I missing some setup needed in WolfSSL (but not on OpenSSL) or a build flag to make this work?
Just realized the X509_add_ext function is not yet in the OpenSSL compatibility layer, simply adding
#define X509_add_ext wolfSSL_X509_add_ext
fixes that problem. However the issue with ASN1 remains.
Hi,
I have an iOS app that uses OpenSSL, and to reduce memory usage I wanted to give it a try to wolfSSL. Unfortunately I'm having trouble compiling my project with wolfSSL.
To build wolfSSL I'm defining IPHONE, as well as passing the following flags to configure
"--enable-opensslall",
"--enable-opensslextra",
"--enable-asio",
"--enable-static",
"--disable-shared",
"--enable-lowresource",
"--enable-sni",
"--enable-alpn",
"--enable-ecc",
"--enable-sp",
"--enable-harden",
"--enable-fastmath",
"--enable-tls13",
"--disable-oldtls",
"--disable-pwdbased",
"--enable-poly1305",
"--enable-chacha",
"--enable-supportedcurves",
"--enable-extended-master",
"--enable-sha3=small",
"--enable-aesgcm=small",
"--enable-curve25519=small",
"--enable-ed25519=small",
"--enable-certgen",
"--enable-certreq",
"--enable-certext",
"--disable-examples"
When I try to compile my project I get compilation errors only with ASN1 and certificate extensions:
In file included from /Users/spaque/Workspace/proxy/src/cert/Certificate.cpp:1:
In file included from /Users/spaque/Workspace/proxy/src/cert/Certificate.h:8:
In file included from /Users/spaque/.conan/data/wolfssl/4.4.0/_/_/package/a53c403ad85370bc61eaa67d47bf767b370c82cf/include/wolfssl/openssl/ssl.h:35:
In file included from /Users/spaque/.conan/data/wolfssl/4.4.0/_/_/package/a53c403ad85370bc61eaa67d47bf767b370c82cf/include/wolfssl/ssl.h:3208:
/Users/spaque/.conan/data/wolfssl/4.4.0/_/_/package/a53c403ad85370bc61eaa67d47bf767b370c82cf/include/wolfssl/openssl/asn1.h:126:66: error: expected ')'
WOLFSSL_API void *wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM *template);
^
/Users/spaque/.conan/data/wolfssl/4.4.0/_/_/package/a53c403ad85370bc61eaa67d47bf767b370c82cf/include/wolfssl/openssl/asn1.h:126:40: note: to match this
'('
WOLFSSL_API void *wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM *template);
^
/Users/spaque/.conan/data/wolfssl/4.4.0/_/_/package/a53c403ad85370bc61eaa67d47bf767b370c82cf/include/wolfssl/openssl/asn1.h:127:77: error: expected ')'
WOLFSSL_API void wolfSSL_ASN1_item_free(void *val, const WOLFSSL_ASN1_ITEM *template);
^
/Users/spaque/.conan/data/wolfssl/4.4.0/_/_/package/a53c403ad85370bc61eaa67d47bf767b370c82cf/include/wolfssl/openssl/asn1.h:127:40: note: to match this
'('
WOLFSSL_API void wolfSSL_ASN1_item_free(void *val, const WOLFSSL_ASN1_ITEM *template);
^
/Users/spaque/.conan/data/wolfssl/4.4.0/_/_/package/a53c403ad85370bc61eaa67d47bf767b370c82cf/include/wolfssl/openssl/asn1.h:129:64: error: expected ')'
const WOLFSSL_ASN1_ITEM *template);
^
/Users/spaque/.conan/data/wolfssl/4.4.0/_/_/package/a53c403ad85370bc61eaa67d47bf767b370c82cf/include/wolfssl/openssl/asn1.h:128:38: note: to match this
'('
WOLFSSL_API int wolfSSL_ASN1_item_i2d(const void *src, byte **dest,
^
/Users/spaque/Workspace/proxy/src/cert/Certificate.cpp:116:13: error: use of undeclared identifier 'X509_add_ext'
X509_add_ext(cert, extension, -1);
^
Before including ssl.h I'm always including wolfssl/options.h. Am I missing something or using incompatible configure flags?
Pages 1
wolfSSL - Embedded SSL Library → Posts by sergiop
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.017 seconds (95% PHP - 5% DB) with 5 queries