You are not logged in. Please login or register.
Active topics Unanswered topics
Welcome to the wolfSSL Forums!
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
References
Stable Releases - download stable product releases.
Development Branch - latest development branch on GitHub.
wolfSSL Manual - wolfSSL (formerly CyaSSL) product manual and API reference.
Search options (Page 3 of 7)
Hi dcanthony,
For a bare metal ARM target, rather than using ./configure I would recommend using our GCC-ARM example: https://github.com/wolfSSL/wolfssl/tree … DE/GCC-ARM This includes a user_settings.h file which defines the macro WOLFSSL_USER_CURRTIME, allowing it to define a custom custom_time function which does not depend on clock_gettime. You can find this function in Source/wolf_main.c. Note that you will need to implement your own hw_get_time_sec function which returns the RTC value if you are trying to verify the dates in certificates.
What modifications did you make to Makefile.common?
Thanks,
Kareem
Hi confused_squirrel,
Thanks for your interest in wolfSSL. You are on the right track with our getter functions such as GetASN_Items and GetASN_OID, these are the functions we use to parse ASN and the functions you should call for this case. These are internal static functions, we do not have a public interface for this. You will need to find a way to call static wolfSSL functions from your application, or patch our source to make these functions non static.
We don't currently have a complete example on how to use these functions as again, they are internal functions.
Are you willing to share some information about your project? Are you working on a commercial or personal project? You are welcome to email us at support [AT] wolfssl [DOT] com if this information is confidential.
Thanks,
Kareem
Can you share your error log so I can assist further?
We don't have an example of using Visual Studio to build curl but it should work.
The definitions go in your project's user_settings.h.
Yes, check out our blog post here: https://www.wolfssl.com/using-curl-with … d-tls-1-3/
Hi Samuel,
I would recommend using our updated wolfSSH Visual Studio project and instructions from ide/winvs: https://github.com/wolfSSL/wolfssh/tree … /ide/winvs
You will want to use the DLL Debug/DLL Release build configurations, you can set your target to win32 with either config.
Thanks,
Kareem
Hi Samuel,
What version of wolfSSL are you using? If you aren't using our latest release 5.7.0, please upgrade.
HAVE_CURL is not sufficient, you will need multiple other defines as follows:
#define HAVE_TLS_EXTENSIONS
#define HAVE_SNI
#define HAVE_SUPPORTED_CURVES
#define HAVE_FFDHE_2048
#define WOLFSSL_TLS13
#define HAVE_EXTENDED_MASTER
#define NO_RC4
#define HAVE_ENCRYPT_THEN_MAC
#define HAVE_CRL
#define HAVE_CERTIFICATE_STATUS_REQUEST
#define HAVE_CERTIFICATE_STATUS_REQUEST_V2
#define WOLFSSL_ALT_CERT_CHAINS
#define WOLFSSL_IP_ALT_NAME
#define HAVE_SESSION_TICKET
#define NO_SESSION_CACHE_REF
#define WOLFSSL_DES_ECB
#define WOLFSSL_TICKET_NONCE_MALLOC
#define NO_PSK
#define WOLFSSL_ENCRYPTED_KEYS
#define HAVE_DH_DEFAULT_PARAMS
#define WOLFSSL_SYS_CA_CERTS
#define HAVE_OCSP
#define OPENSSL_EXTRA
#define NO_DES3_TLS_SUITES
#define WOLFSSL_PUBLIC_MP
#define HAVE_SERVER_RENEGOTIATION_INFO
Thanks,
Kareem
Hi Simon,
It looks like you have a support contract on file with us, please contact us at support [AT] wolfssl [DOT] com so we can prioritize your support.
Thanks,
Kareem
Hi Simon,
To remove support for our AES CCM cipher suites, build wolfSSL with HAVE_AESCCM not defined. If you are using configure, you can use the argument --disable-aesccm to disable this.
Thanks,
Kareem
Hi just_david,
Glad you were able to solve your RSA issue.
-125 is MEMORY_E, which means we were unable to allocate enough memory. As you are on an embedded system, I would recommend enabling our small stack support and our small SP code, which you can do with: --enable-smallstack --enable-sp=small,nomalloc. Please let me know if you continue to run into errors with these flags.
Hi Samuel,
It looks like you are not enabling our OpenSSL compatibility layer when building curl, this implements EVP_MD_CTX and many other OpenSSL types/functions. Please share your build settings for wolfSSL and wolfSSL version. You should be building wolfSSL with --enable-curl to use it with curl.
Thanks,
Kareem
Hi David,
Our Microchip Harmony license was written by Microchip, please reach out to Microchip as they will be able to assist with your license questions.
Thanks,
Kareem
Hi Prabhu,
Our Microchip Harmony library is not licensed under GPL, it has a custom license which you can review here: https://github.com/Microchip-MPLAB-Harm … crochip.md
Please let me know if you have any further questions on this.
Thanks,
Kareem
Hi ler762,
It looks like you're cross-compiling and copying the test binary over to your target. Please ensure you are also copying the certs/ directory to your target, and that you are running the test binary from the same directory as certs/.
You will also need to modify wolfcrypt/test/test_paths.h with the path to your certs directory on your target.
Thanks,
Kareem
Copying from zendesk ticket:
When including wolfSSL headers in your application, you must include our build settings (options.h/settings.h) first as follows:
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/settings.h>
You need to include these headers before all other wolf/OpenSSL headers in all files which include these headers. Please give it a try and let me know if it helps.
I am not seeing any attachments, please retry attaching your debug logs or contact us at support [AT] wolfssl [DOT] com for further assistance.
Please rebuild wolfSSL with --enable-debug defined and post debug logs of the server to help confirm what is going wrong. Please also include your full wolfSSL build settings, ./configure line or user_settings.h.
Is your embedded client running wolfSSL, or something else?
Hi Saurabh,
Make sure you are running our example server from your base wolfSSL directory, and not from inside of examples/server. Your base wolfSSL directory has certs/, examples/ etc. inside of it.
Thanks,
Kareem
Hi Resarf,
We haven't tried wolfTPM on a Raspberry Pi Pico, but we would expect it to work based on the platform's specs and wolfTPM's requirements.
Which TPM are you planning to use? Will you be attaching a physical TPM to your Pi?
You will need to build wolfTPM with the appropriate configure option for your TPM, you can find a full description of our configure options here: https://github.com/wolfSSL/wolftpm#buil … nd-defines
Thanks,
Kareem
Hello Anika,
The error you are seeing comes from our configure system failing to generate the header, this can happen if there's an issue with your toolchain or compiler flags. You should see a config.log file in your base wolfssl directory, do you see any errors in it? Please attach your config.log here.
I would also recommend upgrading to our recent release, 5.6.4, for the latest bugfixes and performance improvements: https://github.com/wolfSSL/wolfssl/rele … 6.4-stable
Thanks,
Kareem
Hello Mike,
Yes, your understanding of PSK is correct. I would recommend using PSK with ECDHE for this reason, if feasible. TLS 1.3 does generally offer forward secrecy, but there are cases where you would want to use PSK only, so it is still offered despite not offering forward secrecy.
You can turn on debug logging in wolfSSL to confirm the key exchange and connection are being completed as expected by building wolfSSL with --enable-debug. You could also capture a packet dump and open it with Wireshark to confirm everything being sent and received matches your expectations.
You may find our PSK examples and documentation here helpful: https://github.com/wolfSSL/wolfssl-exam … master/psk
Thanks,
Kareem
Hello gsojc234,
wolfSSL is maintaining a rolling hash, which is updated after each message. Even though you will only see the hash using the current message's data when we are constructing the Finished message, it is using the hash computed from previous messages.
In some cases, we keep handshake data until after Finished is sent to compute this hash.
For more information on how we are doing this, check out the functions HashInput, HashOutput and HashRaw in internal.c.
Thanks,
Kareem
Hi OptiZle,
The examples include a user_settings.h which is tuned for the ESP32, I would recommend retrying with this. Our generic user_settings_default.h file is meant as a reference, and is not suitable out of the box for the ESP32.
Yes, we've recently improved our ESP32 support and added support for the S3. I don't believe this support was present in 5.5.4. I would strongly recommend upgrading.
Thanks,
Kareem
Hi OptiZle,
Thanks for reaching out to us.
-199 is RNG_FAILURE_E, which means we had an issue initializing your RNG.
What version of wolfSSL are you using, and what settings are you using to build wolfSSL? Have you tried using our Espressif example found here: https://github.com/wolfSSL/wolfssl/tree … if/ESP-IDF ? If not, I would recommend using it. Make sure you're using our latest version, 5.6.3.
Thanks,
Kareem
Hi lazH,
Your code is currently passing in the entire certificate DER to wc_RsaPublicKeyDecode, this won't work as wc_RsaPublicKeyDecode expects just the key.
You will need to call wolfSSL_X509_load_certificate_file followed by wolfSSL_X509_get_pubkey on your certificate to extract the public key. You can then call wc_RsaPublicKeyDecode on this extracted public key and use it as desired for encryption/decryption.
Check out our full example of this here: https://github.com/wolfSSL/wolfssl-exam … m-certfile
Thanks,
Kareem
Hi pbreed,
We do not directly support generating a JSON web key, but we do support generating keys, exporting their components and encoding them as base64. After following these steps, you will need to handle creating the JSON and adding the base64-encoded components to this JSON.
For RSA:
1) Generate an RSA key using wc_MakeRsaKey: https://www.wolfssl.com/documentation/m … makersakey
2) Export the RSA key using wc_RsaFlattenPublicKey (n/e only for public key) or wc_RsaExportKey (all components for public + private key): https://www.wolfssl.com/documentation/m … npublickey
For ECC:
1) Generate an ECC key using wc_ecc_make_key: https://www.wolfssl.com/documentation/m … c_make_key
2) Export the ECC key using wc_ecc_export_public_raw/wc_ecc_export_private_raw.
Now base64 encode each component using Base64_Encode_NoNl: https://www.wolfssl.com/documentation/m … ncode_nonl
Then you will need to create the appropriate JSON and add these components.
Thanks,
Kareem
Posts found: 51 to 75 of 157
Generated in 0.018 seconds (86% PHP - 14% DB) with 5 queries