126

(16 replies, posted in wolfSSL)

Hi Alex,

Glad to hear you were able to resolve your issue.  What platform/architecture are you on?  Which cipher suite are you using?
In general, I'd recommend using SP math over fast math, and SP math assembly if your platform supports it.
Check out our user settings template here for more info on our SP math and other settings: https://github.com/wolfSSL/wolfssl/blob … template.h
I would also enable ARM assembly with WOLFSSL_ARMASM, assuming you're on ARM.
You will want to disable small AES-GCM if possible as it will have a significant speed impact (GCM_SMALL).

Thanks,
Kareem

127

(16 replies, posted in wolfSSL)

Hi Alex,

What platform and OS are you using?  How much stack/heap are you giving to wolfSSL?
What kind of webpage are you serving with wolfSSL?  Is it something that would spawn multiple connections?
Does closing your Chrome tab and opening a new one resolve the issue, or does it require a full browser restart?

If this information is too sensitive to share in a public forum, feel free to contact us at support@wolfssl.com

Thanks,
Kareem

128

(16 replies, posted in wolfSSL)

Hi Alex,

3.15.3 is extremely outdated and unsupported.  Please update to 5.0 and let me know if it fixes the issue for you.

129

(16 replies, posted in wolfSSL)

Hi Alex,

A couple of questions:
1) Does a hard refresh (usually Ctrl+F5) show the same issue in your browser?
2) What version of wolfSSL are you using?  Do you still see the issue with the latest wolfSSL, 5.0?

Thanks,
Kareem

130

(4 replies, posted in wolfSSL)

Hi r-type,

You should continue to use our XCODE IDE project.  To get around the options.h issue, create an options.h file which includes your settings.h file, and make sure your IDE is set to have the preprocessor define WOLFSSL_USER_SETTINGS.  Alternatively, include user_settings.h followed by settings.h in your options.h file.

Thanks,
Kareem

131

(11 replies, posted in wolfSSL)

We recently released 5.0 which fixes various bugs in 4.8.1, please try updating and let me know if you still see any issues.

Hi rahul.c,

Check out our certificate generation with altnames example here: https://github.com/wolfSSL/wolfssl-exam … altnames.c
The IP address used is on line 196 (127.0.0.1 in the example): https://github.com/wolfSSL/wolfssl-exam … mes.c#L196
You can find more info on it here: https://github.com/wolfSSL/wolfssl-exam … er/certgen

Thanks,
Kareem

133

(11 replies, posted in wolfSSL)

Hello rahmanikivi724,

Your platform does have a hardware RNG, you can see the details here: https://www.st.com/en/microcontrollers- … 446re.html
So you should undefine NO_STM32_RNG so we use our STM32 hardware RNG support, which will include a wc_GenerateSeed implementation.  You should also undefine WOLFSSL_GENSEED_FORTEST.

Thanks,
Kareem

134

(16 replies, posted in wolfSSL)

Hi Alex2021,

"Client attempting to connect with different version" means the client and server's TLS versions are not matching.  What TLS version is your client using?
If for example your client is using TLS 1.0, you will need to define WOLFSSL_ALLOW_TLSV10.  If your client is using TLS 1.2, it may help to undefine WOLFSSL_TLS13.

Thanks,
Kareem

135

(11 replies, posted in wolfSSL)

You should have stm32f4xx_hal.h, it needs to be generated by STM32CubeIde.  You may be running into a path issue, make sure your include paths include stm32f4xx_hal.h.
You need to add your platform to the user_settings.h template, see our documentation: https://github.com/wolfSSL/wolfssl/tree … /STM32Cube and user_settings.h template under "#warning Please define a hardware platform!".  You should define NO_STM32_HASH/CRYPTO if applicable for your platform.  You do not need WOLFSSL_STM32F427_RNG defined.
Also see our video here: https://www.youtube.com/watch?v=pUd2HEfBp3w
For debugging, you need to build with DEBUG_WOLFSSL and you need to call wolfSSL_Debugging_ON() before any other code.

136

(11 replies, posted in wolfSSL)

Happy to help.

You need to define WOLFSSL_NO_SOCK as well, also make sure you are including options.h and settings.h before any other wolfSSL headers.  I would recommend you to use our STM32 user_settings.h template, found here: https://github.com/wolfSSL/wolfssl/blob … gs_stm32.h
Yes, you would need to modify this include to use your platform's header instead, most likely "stm32f446xx.h".  You can find this include in wolfssl/wolfcrypt/settings.h around line 1266.  However I would first try running wolfSSL_Init() and confirm that doesn't fix the issue.
You are using the correct data structure WC_RNG in your code.  After initializing the RNG with wc_InitRng, call wc_RNG_GenerateBlock or wc_RNG_GenerateByte to generate random data.

137

(11 replies, posted in wolfSSL)

Hi rahmanikivi724,

A couple of things to try.
First, you should always call wolfSSL_Init() before any other wolfSSL functions.
Second, try defining WOLFSSL_STM32F427_RNG to use our STM32F4xx codepath for your RNG.

If this doesn't help, please enable debugging by building with DEBUG_WOLFSSL and running wolfSSL_Debugging_ON() before your code, and attach debug logs.  The return code of wc_InitRng would also be helpful.

Thanks,
Kareem

138

(3 replies, posted in wolfSSL)

Hello rahmanikivi724,

I would definitely recommend using our GCC-ARM example as you found, since it is set up for ARM platforms like yours.
Try defining NO_WOLFSSL_DIR to skip using DIR/dirent.h, and let me know if it helps.  You will want to include it in your CFLAGS, prefixed by -D.

Thanks,
Kareem

139

(1 replies, posted in wolfSSL)

Hi stillwater,

We do not currently support custom handshake extensions.  I can enter a feature request for you, but there's no guarantee of when it will be implemented.
Alternatively, you can contact us at facts@wolfssl.com to discuss code consulting for this feature.

Thanks,
Kareem

140

(3 replies, posted in wolfSSL)

Hello Mohannad,

Can you post your full configure line including LDFLAGS?  Does adding libgmp/pbc LDflags like this help?  LDFLAGS="-lpbc -lgmp ./configure ..."

Thanks,
Kareem

141

(1 replies, posted in wolfMQTT)

Hi rlev,

Yes, when using the MqttClient_Subscribe API to subscribe, you can pass as many topics as you'd like in the array MqttSubscribe->topics as long as you set topic_count correctly.
Here are a couple of examples that subscribe to a single topic, to expand them you'd just iterate over each topic and set their parameters accordingly:
https://github.com/wolfSSL/wolfMQTT/blo … ent.c#L383
https://github.com/wolfSSL/wolfMQTT/blo … ple.c#L399

Thanks,
Kareem

142

(3 replies, posted in wolfSSH)

Hi rr9mvp,

Unfortunately no, our SCP implementation is part of wolfSSH just like our SFTP, and they're all on the same platforms which does not currently include FreeRTOS without a POSIX API.

Thanks,
Kareem

143

(3 replies, posted in wolfSSH)

Hi rr9mvp,

While we have not ported wolfSSH/SFTP to FreeRTOS without POSIX, we have ported wolfSSH/SFTP to various platforms which you can find here:
https://github.com/wolfSSL/wolfssh/blob … ssh/port.h
https://github.com/wolfSSL/wolfssh/blob … src/port.c

If you are interested in having us help you port to your platform, please contact us at facts@wolfssl.com

Thanks,
Kareem

144

(2 replies, posted in wolfSSL)

Hi rlev,

You should be able to silence these warnings using:

-Wno-packed-not-aligned

I will look into getting these warnings fixed.

Thanks,
Kareem

145

(2 replies, posted in cURL)

Hello Gary,

Do you see this issue with curl for all sites, or just microsoft.com?
Can you try the WOLFSSL_ALLOW_NO_CN_IN_SAN flag?
If that doesn't help, please generate a debug log by rebuilding with WOLFSSL_DEBUG defined and attach it here.  Please also include your curl command line or code.

For wolfSSL's client, try using -A to pass in your CA cert, not -a.

Thanks,
Kareem

146

(1 replies, posted in wolfSSL)

Hello Andreas,

If you are using mutual auth you could set up OCSP stapling in both directions, you will need to configure your OCSP responder for this.  wolfSSL will parse and verify OCSP responses, but it won't create the response itself.

Thanks,
Kareem

147

(1 replies, posted in wolfSSL)

Hi Noufal,

See here for examples and documentation on building wolfSSL with Yocto: https://github.com/wolfSSL/meta-wolfssl

Thanks,
Kareem

148

(4 replies, posted in wolfSSL)

I was able to reproduce your issue here.  It seems this server is not sending a correct record header, the record header has no version number so it is invalid.  Please confirm the server is set up correctly.

Thanks,
Kareem

Hello ENOTTY,

I was able to reproduce your issue on that commit.  Looks like we've just checked in a fix here:
https://github.com/wolfSSL/wolfssl/comm … 8a742dde57
I retested with this commit applied and everything is building for me now.  Let me know if it works for you.

Thanks,
Kareem

150

(4 replies, posted in wolfSSL)

Hello yuliang136,

When you are receiving an error, what url are you passing to the -h option?

Thanks,
Kareem