You are not logged in. Please login or register.
Active topics Unanswered topics
Welcome to the wolfSSL Forums!
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
References
Stable Releases - download stable product releases.
Development Branch - latest development branch on GitHub.
wolfSSL Manual - wolfSSL (formerly CyaSSL) product manual and API reference.
Search options
Hi, I'm currently testing out the `wolfssl-examples/tls/client-tls.c` code.
On this line, https://github.com/wolfSSL/wolfssl-exam … ls.c#L110, I can see that you're using `wolfSSL_CTX_load_verify_locations` to load a CA certificate. I guess, in this case, it's a self-signed CA because you're using the certificates signed by the CA pointed by `CERT_FILE`(from the Doxygen Documentation).
But how can I make wolfSSL TLS clients use the trusted root CAs located in `/etc/ssl/certs` for example when I try to connect to servers like Google or something which uses trusted certs (not the self-signed CA which I give in `wolfSSL_CTX_load_verify_locations`. When I removed the lines 110 - 115(https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/client-tls.c#L110-L115) and tried to connect to an SSL server that uses a Let's Encrypt or DigiCert, it fails to connect.
I've limited experience with wolfSSL, I'd be helpful if someone could tell me how to make wolfSSL TLS clients use the trusted CAs.
Hi embhorn,
Yeah, it is the wolfSSL Client that is giving me this error when I try to connect to a wolfSSL server(which uses a self-signed cert). I don't want to very the server cert on my client implementation, but just accept whatever cert it gives me(if it's self-signed or signed by some popular CA, my client code just want to accept whatever it gave)
EDIT:
For your reference, here is my client code https://paste.debian.net/plain/1194430 Since mine is a C++ codebase, I'm using few C++ specific constructs there, but the core thing I'm trying to do is same as the `wolfssl-examples/tls/client-tls.c`
Hi, I'm using the wolfSSL client example taken from (https://github.com/wolfSSL/wolfssl-exam … ient-tls.c) to connect to a wolfSSL server example taken from (https://github.com/wolfSSL/wolfssl-exam … rver-tls.c) for testing purpose of my C++ library. I'm using a self-signed cert using OpenSSL (openssl req -x509 -nodes -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365) for my wolfSSL server.
When I try to connect to my wolfSSL server, I'm getting `-188` on `wolfSSL_connect()`. I'm not sure how I can fix this, since it's a self-signed cert I don't think I have a CA signer to verify the certificate(do I?) and also I wanna allow wolfSSL client to connect to insecure SSL endpoints(like servers with self-signed certs), so can I use any "snake oil" certs for my client to use? or am I mistaken something? (if so, can you please correct me?)
Thanks!!
Hi dgarske,
Will you accept a little simplified version of epoll() based single-threaded event-driven server example as a PR? (simplified version compared to the epoll() server examples on the wolfssl-example repo)
Thanks
I'm trying to use wolfSSL to my already existing `epoll` based single-threaded asynchronous/event-driven server. I was looking for a minimal `epoll` example which uses `EPOLLOUT`, `EPOLLIN`, and `EPOLLERR` function handlers which will be dispatched accordingly. I saw `server-tls-nonblocking.c` but it is blocking or rather cannot handle multiple connections in an asynchronous fashion the other `epoll` based examples shown on the `wolfssl-examples` are not minimal or something I was not looking for (like the epoll examples does so much than just epoll) and it's not really super useful for me since it does many other things.
It would be really helpful for me if someone could give me an idea/pseudocode for a single-threaded event-driven epoll server example which uses wolfSSL Async functions/handlers. Right now, my implementation (clear-text server HTTP server) first, calls a handler `OnConnect` which will be called when a client connects for the first time, and `OnReadyRecv` and `OnReadySend` for respective non-blocking `send()` and `recv()` calls by watching events like `EPOLLIN` and `EPOLLOUT` and dispatch accordingly. It would be super helpful for me if someone could provide a very minimal epoll example (without all the thread-poll, client cert authentication, and all that jazz)
Thank You
I created an issue ticket on GitHub, but I'm also asking it here.
Hi, I'm very new to wolfSSL, it's the most smooth experience I had with an SSL lib ever and thanks to wolfssl-examples
I want to use my own self-generated cert for my server, so I generated cert and private key with OpenSSL CLI util with
$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
and when I try to use these generated files on my implementation, I'm getting the following error
ERROR: Failed to load ./key.pem, please check the file.
from wolfSSL_CTX_use_PrivateKey_file function. I'm not sure what goes wrong, Can someone help me with this?
I'm using wolfSSL Release 4.7.0
My code example is from https://github.com/wolfSSL/wolfssl-exam … rver-tls.c
Posts found: 6
Generated in 0.025 seconds (96% PHP - 4% DB) with 4 queries