You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by john
I don't have a good answer without guessing.
Your curl is probably building against OpenSSL. The TLS spec says to have in the chain the certificate, and all signers, in order, up to the CA certificate which should be already loaded. (See RFC5246 §7.4.2.) wolfSSL copies the certificates into an array in order, and then processes the certificates starting with the last one back up to the peer's certificate. We try to process them all. It looks like they are ignoring the extra certificates.
TL;DR: You need to rebuild wolfSSL with MAX_CHAIN_DEPTH set to 12. Given your server's certificate chain, you need to load as CA certificates both the "GeoTrust Global CA" and VeriSign's "Class 3 Public Primary Certification Authority", not the Equinox certificate. And your server's certificate chain has a certificate named "Axeda Systems CA" which is expired.
I'm curious about the "Certificate Policy extension not supported yet." line close to the end of the trace. This seems to be caused by the function DecodeAuthInfo(), which has a comment stating "Only supporting URIs right now." I see this function failing (with the corresponding log message) a few times in the trace, but the rest of the time it seems to be succeeding. Can you shed some light on this? Specifically, is this the cause of our problem or just a side effect?
Red herring. The function DecodeAuthInfo() is parsing the Authority Info Access extension which lists things like OCSP servers. We only parse out the URL for an OCSP lookup. The Certificate Policy extension string you are seeing is output by the function DecodeCertExtensions() when it sees the Certificate Policy extension. There is a SEP profile that uses that extension to put IDs for devices in it. Normally we ignore the extension.
When processing the peer’s certificate chain provided in the Certificate handshake message, we only process up to MAX_CHAIN_DEPTH certificates from the peer; by default that constant is set to 9. The cert chain is:
0: peer cert from Axeda Hosting, signed by GeoTrust SSL CA
1: VeriSign Trust Network, signed by Verisign’s Class 3 Public Primary CA
2: Axeda System CA, self signed
3 to 10: A bunch of VeriSign certificates
11: GeoTrust SSL CA, signed by GeoTrust Global CA
Certificate 11’s Authority Key Identifier is C0:7A:98:68:... which matches the GeoTrust Global CA’s Subject Key ID, not the Equifax certificate you are using as your CA.
When I use our example client to connect to your server with the command
% ./examples/client/client -p 443 -g -h nucleus-connect.axeda.comI get error -368, Maximum Chain Depth Exceeded. I changed MAX_CHAIN_DEPTH to 12 and get error -188, No Signer. Then I use the GeoTrust Global CA,
% ./examples/client/client -p 443 -g -h nucleus-connect.axeda.com -A GeoTrustGlobalCA.pemAnd I also got error -188, No Signer. That was because all the unused VeriSign certificates needed a CA as well. I grabbed VeriSign's “Class 3 Public Primary Certification Authority” certificate from my keychain and appended it to my local copy of the GeoTrust CA in a file called certs.pem. So,
% ./examples/client/client -p 443 -g -h nucleus-connect.axeda.com -A certs.pemI get error -151, ASN Date Error, Current Date After. One of the certs in the chain has an expired certificate. It looks like certificate 2, "CN=Axeda Systems CA" expired on Jan 7, 2013.
I hope that helps.
What are you trying to do? Are you trying to encrypt your own data with the cipher or do you want to use an AES-GCM cipher suite with TLS/SSL?
authIn in a pointer to additional plaintext that is to be authenticated with the plaintext being encrypted
authTag is a pointer to the authentication tag output
The authTag is the "MAC" authentication tag output for the encrypt function, and it is the "MAC" authentication tag input to authenticate with for the decrypt function. The authIn in both encrypt and decrypt functions is the plaintext that included in the authentication tag with the encrypted data.
In TLS, the authentication tag is the MAC of the plaintext data being encrypted, with the sequence number, TLS record type, TLS record version, and record length.
In the function aesgcm_test(), p is the plain text, a is the additional data to authenticate, c is the expected cipher text, t is the expected authentication tag. t2, p2, c2 are the buffers capturing the output of the encrypt and decrypt functions.
On your build platform what are sizeof(cyassl_word), sizeof(long int), sizeof(long long), and sizeof(fp_digit)?
To do the handshake benchmark, you need to use the echoserver and the client with the -b option. And DTLS has to be disabled in the build. (Enabling DTLS forces the echoserver to be DTLS only.)
We don't support DTLS handshake benchmarking at the moment. (But it is on our list.) The problem is that the echoserver won't wait for a new incoming connection until it receives a "break" message from the existing session, or the socket is closed cold. In the TCP benchmark, the sockets are just closed and reopened.
When trying to run the examples from version 3.0.0 with DTLS (option -u) I keep having:
yassl error: Bad SSL version.
When adding CYASSL_DTLS to the preprocessor options, VS cannot build as it encounters some errors:error LNK2019: unresolved external symbol _CyaDTLSv1_server_method referenced in function _server_test@4 error LNK2019: unresolved external symbol _CyaDTLSv1_2_server_method referenced in function _server_test@4 error LNK2019: unresolved external symbol _CyaSSL_dtls_get_current_timeout referenced in function _NonBlockingSSL_Accept error LNK2019: unresolved external symbol _CyaSSL_dtls_got_timeout referenced in function _NonBlockingSSL_Accept
Did you add CYASSL_DTLS to only the server's preprocessor options or to the server, client, and CyaSSL library's preprocessor options?
Another problem I have encountered is that when doing the same exchange but without -u option, using TLS I can made the handshake and the output is good but Wireshark does not show the traffic as TLS but as TCP messages. Anyone had also have this problem?
Wireshark usually picks the protocol based on the port number, so it knows that 443 is HTTP over TLS and decodes it as expected. Our test server uses port 11111 so Wireshark isn’t assuming anything about it. You need to select one of the packets and bring up the pop-up menu selecting “Decode As…”, then select “SSL” from the list of protocols.
You have to load your own CA certificates. We do not distribute any beyond our own test certificates.
Some of the functions listed on that page require other features we normally disable. Adding --enable-sessioncerts should give you wolfSSL_X509_get_serial_number, wolfSSL_get_sessionID, and the chain functions. Adding --enable-certgen will add wolfSSL_PemCertToDer. The other functions listed on that webpage should be available to you, though.
Are you looking at just the exports from the library? Or is your application failing to build? Our compatibility layer is a set of #defines that map the OpenSSL function names to wolfSSL names, like "#define SSL_read wolfSSL_read".
They eventually expire, but they aren't deleted. If you use an expired saved session, the connection will perform a new handshake.
The functions CyaSSL_CTX_set_timeout() and CyaSSL_set_timeout() will adjust the expiry time in seconds.
Could you add a print statement to the EmbedReceive() function in file io.c, right after the RECV_FUNCTION() command to print out the value "recvd" and "errno"? (I'm pretty sure it should go into line 243.) It should be working like you expect. Knowing those values would help. Thanks!
We recently added many DHE-PSK cipher suites last week. The code specifies a new key-exchange algorithm, dhe_psk_kea, which is handled alongside the diffie_hellman_kea and psk_kea. So, you might want to check that out and see if solves your issue. The DHE-PSK key exchange doesn't sign the message like in ECDHE and regular DH(E).
Hot on the heels of the last release is the new version 3.0.0. It is now ready to download from: http://yassl.com/yaSSL/download/downloadForm.php.
New features include:
FIPS release candidate
X.509 improvements that address items reported by Suman Jana with security researchers at UT Austin and UC Davis
Small stack size improvements, --enable-smallstack. Offloads large local variables to the heap. (Note this is not complete.)
Updated AES-CCM-8 cipher suites to use approved suite numbers.
Please see the README and our on-line documentation for more information or feel free to contact us.
Our tutorial does not cover DTLS. You can take a look at our example echoserver and echoclient that comes with the wolfSSL library.
The echoserver tutorial will listen() on the TCP socket. When you are using UDP, you don't listen() on the socket ever. Normally on UDP, you just recvfrom() on the socket and process the datagrams as they arrive. If you look at the wolfSSL echoserver, it has this implemented. (Note, the wolfSSL example echoserver is more complicated than the tutorial version.)
The fact it doesn't compile is a bug. That was an oversight.
That variable hash is used to calculate the "finished" hash, which is an concatenation of the MD5 and SHA-1 hashes of the messages concatenated together and then encrypted. That hash array is of length FINISHED_SZ, or SHA_DIGEST_SIZE + MD5_DIGEST_SIZE. For TLSv1.2, they decided that just the specified hash should be used, and they added the ability to specify other hashes like SHA-256 and SHA-384, which we also support. The strange looking &hash[MD5_HASH_SIZE] is trying to set the pointer into the hash storage after the old MD5 portion. (Trying to do it the new way while letting the old way work.)
Unless you change the value of FINISHED_SZ, you are getting a buffer overflow with your patch.
Which configure settings are you using? I'm guessing you have at the least:
$ ./configure --disable-oldtls --disable-md5The validate date function being used is the one for certificates that is checking for notBefore and notAfter in certificate validity. The one-second window is there for OCSP responses. This detail is on the list of things to address at some point.
To clarify "OCSP stapling", we do not support that yet. That involves a TLS Hello extension that we haven't added yet. We do the lookup when receiving the peer's certificate with the Certificates handshake message.
You've probably seen the change in our GitHub repository, but the OCSP interface has been changed to parallel the CRL interface. It no longer requires including the file internal.h.
The OCSP lookup currently only checks the signature against an attached CA certificate.
Thank you for the suggestion. I agree that should be changed. The newer OCSP configuration functions parallel the CRL configuration functions. I didn't think to move them outside the NO_FILESYSTEM fence. I have this on my list of things to change.
In commit 67b1b00a, there was a fix to allow a server to be missing a requested nonce, as they are supposed to be optional. There have been several other improvements to the OCSP code in the last few months. (Note, it has been tested against connections to the thawte.com and google.com webserver using SSL.)
The new release of CyaSSL, v2.9.0, is now ready to download from our website. New features include:
- Freescale Kinetis RNGB support
- Freescale Kinetis mmCAU support
- TLS Hello extensions
* ECC
* Secure Renegotiation (null)
* Truncated HMAC
- PKCS #7 Enveloped data and signed data
- PKCS #10 Certificate Signing Request generation
- DTLS sliding window
- OCSP Improvements
* API change to integrate into Certificate Manager
* IPv4/IPv6 agnostic
* example client/server support for OCSP
* OCSP nonces are optional
- GMAC hashing
- Microchip MPLAB Harmony support
- Additional X.509 inspection functions
- ECC encrypt/decrypt primitives
- ECC Certificate generation
Please see the README and our on-line documentation for more information or feel free to contact us.
I have fixed this with commit fe4f104. It'll be rolled into the next embedded SSL release.
wolfSSL_CTX_OCSP_set_options() and wolfSSL_CTX_OCSP_set_override_url() are better seen as WOLFSSL_CTX functions supporting OCSP, not OCSP functions.
If you look in the header file ocsp.h, you'll see the standalone interface for OCSP. You'll need to include wolfssl/ocsp.h and wolfssl/internal.h (unfortunately, but there is an update planned to merge OCSP in with the stand-alone CertManager with CRL). You'd use it:
{
int result = 0;
WOLFSSL_OCSP ocsp;
WOLFSSL_OCSP_init(&ocsp);
WOLFSSL_OCSP_set_override_url(&ocsp, "http://otherResponder.example.com:8080");
result = WOLFSSL_OCSP_Lookup_Cert(&ocsp, &dCert);
WOLFSSL_OCSP_Cleanup(&ocsp);
}Just in case somebody else has a similar problem, you have to disable
aes-ni, add the flag --disable-aesni to configureraymundo
Just to clarify, does it work if you leave out both --disable-aesni and --enable-aesni? AES-NI support is disabled by default.
wolfSSL - Embedded SSL Library → Posts by john
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.028 seconds (93% PHP - 7% DB) with 4 queries