76 Reply by anthony

(3 replies, posted in wolfSSL)

Hi  ja1999,

Thanks for your interest in wolfSSL.  4.8.1 is a very old version.  I suspect you are bumping into expired certificates in our testing directory.

Have you tried a more recent version of wolfSSL-fips-ready?   5.6.4 is the most recent version and it is available at https://wolfssl.com/download . I tested it recently and it works as expected.

Warm regards, Anthony

Go to forum: wolfSSL

77 Reply by anthony

(3 replies, posted in wolfSSL)

Mattia,

The easiest way to confirm my theory is to define WOLFSSL_DEBUG_TLS to see what the server gets.

Warm regards, Anthony

Go to forum: wolfSSL

78 Reply by anthony

(3 replies, posted in wolfSSL)

Hello Again Mattia,

I have successfully imported your ClientHello into wireshark.  It looks to be a compliant TLS 1.3 client hello handshake message.  I see no problems with it.  But then the server sends a DECODE_ERROR alert message. Can you please confirm that the server received the same client hello that you pasted above? I suspect that there is some sort of I/O mishap here.

Warm regards, Anthony

Go to forum: wolfSSL

79 Reply by anthony

(3 replies, posted in wolfSSL)

Hello Mattia,

Thank you for reaching out to us here at wolfSSL.  I will need some time to analyze the handshake data that you have shown.  It might be more efficient if you could turn on debugging (define WOLFSSL_DEBUG and call wolfSSL_Debugging_ON() ) on both sides and paste the logs in a message here.

Warm regards, Anthony

Go to forum: wolfSSL

80 Reply by anthony

(7 replies, posted in wolfSSL)

Hi Henrik,

My name is Anthony Hu and I am a member of the wolfSSL team. I see you are using the STM32CubeIDE but do not have wolfSSL.I-CUBE-wolfSSL_conf.h.  In that case you need to enable wolfSSL in the project's .ioc file. Also, when you close the .ioc file, please make sure you tell the IDE to generate code. 

I'm not sure how our zephyr integration works with STM32CubeIDE.  I will consult with my colleagues to learn about this and get back to you.

Warm regards, Anthony

Go to forum: wolfSSL

81 Reply by anthony

(2 replies, posted in wolfSSL)

Hi shanoaice,

my name is Anthony and I am a member of the wolfSSL team. I am looking at the error output and the line numbers and content do not line up with what I am seeing in the wolfSSL repo on github.

If its not the newest, please consider using the newest code.

Please let me know your version and where you obtain your code for wolfSSL.

Warm regard, Anthony

Go to forum: wolfSSL

82 Reply by anthony

(3 replies, posted in wolfSSL)

Hello andrea.raiola,

I'm glad to know that you have resolved this on your own.  I have enlisted our cmake expert to have a look at this thread and the stackoverflow link to better understand the issue you are seeing.

Thank you so much for pointing this out to us.

Warm regards, Anthony

Go to forum: wolfSSL

83 Reply by anthony

(3 replies, posted in wolfSSL)

Hi, I understand you cannot share the host address nor the certificate and that is fine. Can you make a certificate chain that reproduces this ?

Warm regards, Anthony

Go to forum: wolfSSL

84 Reply by anthony

(3 replies, posted in wolfSSL)

Hi Andrea,

My name is Anthony Hu and I am a member of the wolfSSL team.

>  in particulare i get 8368 but in my main.cpp i get 8432.

This is a very big hint.  You can see the definition of 

struct RsaKey

in 

wolfssl/wolfcrypt/rsa.h

It varies greatly based on what macros are defined. I noticed you have the following in your C file:


#include <wolfssl/options.h>


Can you please make sure it is exactly the same as the wolfssl/options.h  file in your wolfssl source build directory?

If you would like to further discuss this issue, please open a ticket on our Technical Support system by sending a message to support@wolfssl.com

Warm regards, Anthony

Go to forum: wolfSSL

85 Reply by anthony

(3 replies, posted in wolfSSL)

Hi,

` -A certs/server_cert.pem` suggests it is a server certificate; not a root CA certificate.

Can yo please let us know a bit about yourself and your project.  This helps us classify your inquiry.

Warm regards, Anthony

Go to forum: wolfSSL

86 Reply by anthony

(1 replies, posted in wolfSSL)

Hi Bahadirmaktav,

How are you today? My name is Anthony Hu and I am a member of the wolfSSL team. I have checked, and we do not support this particular flag in our OpenSSL compatibility layer. However, I will query my colleagues to see if there is a simple way for you to do this. Please stay tuned.

Warm Regards, Anthony

Go to forum: wolfSSL

87 Reply by anthony

(1 replies, posted in wolfSSL)

Hi David,
Thanks for reaching out!! The meaning of these flags are well documented here: https://www.wolfssl.com/documentation/m … able-spopt . Please have a look.

Note that `--enable-sp-asm` is enabled by default for the following architectures: x86_64/aarch64/amd64.

Here are some other Single-Precision flags that you might be interested in: 

  --enable-sp             Enable Single Precision maths implementation
                          (default: disabled)
  --enable-sp-math-all    Enable Single Precision math implementation for full
                          algorithm suite (default: enabled)
  --enable-sp-math        Enable Single Precision math implementation with
                          restricted algorithm suite (default: disabled)
  --enable-sp-asm         Enable Single Precision assembly implementation
                          (default: enabled on x86_64/aarch64/amd64)

All of them are documented in the document I linked to above.
I hope this helps!
Warm regards, Anthony

Go to forum: wolfSSL

88 Reply by anthony

(8 replies, posted in wolfSSL)

Hi Michele,
I am aware that some of our customers call wolfSSL naively from swift.  We have heard no problems from them.  Perhaps you can try it out and if you find any issues, please do let me know.

Warm regards, Anthony

Go to forum: wolfSSL

89 Reply by anthony

(1 replies, posted in wolfSSL)

Hi Artur,

this seems more appropriate as a support question.  Please copy and past this message into an email and send it to support@wolfssl.com so it can get assigned to an engineer for review.

Thanks!
The wolfSSL Support Team.

Go to forum: wolfSSL

90 Reply by anthony

(5 replies, posted in wolfSSL)

Hi Bluscape.

Just so you know, we accept certificates in both PEM and DER formats.

Here at wolfSSL we love to know what people are doing with our code.  Can you let me understand a bit about yourself, your project and your goals?  Are you doing this as a member of an academic or commercial organization or is it out of personal interest?

Warm regards, Anthony

Go to forum: wolfSSL

91 Reply by anthony

(5 replies, posted in wolfSSL)

Hello bluscape,

my name is Anthony and I am a member of the wolfSSL team. Please have a look at https://github.com/wolfSSL/wolfssl/blob … /dertoc.pl which comes with wolfSSL. its a great utility script for converting der files into arrays which can then be embedded into your source code.

Once you have them embedded into your application you can use the following APIs to pass them to wolfSSL: 

wolfSSL_CTX_load_verify_buffer
wolfSSL_use_certificate_chain_buffer
wolfSSL_CTX_use_certificate_chain_buffer
wolfSSL_use_PrivateKey_buffer
wolfSSL_CTX_use_PrivateKey_buffer

Warm regards, Anthony

Go to forum: wolfSSL

92 Reply by anthony

(8 replies, posted in wolfSSL)

Hi Michele,

TLS 1.3 is supported and enabled by default for both FiPS and non-FIPS code. Can you please try removing the `-gu` parameters on your execution of `nm`?

> I am attaching my user_seettings.h file

Sorry, but I did not find any attachments on your latest message.  Can you try again?

Warm regards, Anthony

Go to forum: wolfSSL

93 Reply by anthony

(8 replies, posted in wolfSSL)

Hi Michele,

For XCode instructions, please see https://github.com/wolfSSL/wolfssl/tree … /IDE/XCODE .
That will show you the README.md which will give you instructions regarding user_settings.h which refers to this file:

https://github.com/wolfSSL/wolfssl/blob … settings.h

You can add your macro defines and undefs in there.

Warm regards, Anthony

Go to forum: wolfSSL

94 Reply by anthony

(3 replies, posted in wolfSSL)

Hi,

currently for iOS we suggest XCode as you have noted in your previous message.  Please see
https://www.wolfssl.com/documentation/m … -x-and-ios as well.  Is swift a requirement?  If so, this conversation would be more appropriate on our support@wolfssl.com alias.  Please send a message there.

Warm regards, Anthony

Go to forum: wolfSSL

95 Reply by anthony

(7 replies, posted in wolfSSL)

Hi, Can you be more specific?  Which semaphore?

Warm regards, Anthony

Go to forum: wolfSSL

96 Reply by anthony

(4 replies, posted in wolfSSL)

Hi Kalen, in order to avoid the filter problems, I suggest opening a support ticket instead.  Can you send a clear report to support@wolfssl.com?

Go to forum: wolfSSL

97 Reply by anthony

(4 replies, posted in wolfSSL)

Hi, Kalen,

My name is Anthony Hu and I am a member of the wolfSSL team. Thanks for reaching out to us.

Can I ask, what should I replace  googleapisurl_here  with?

Also, you have a certificate in PEM format. I'm not sure what I'm supposed to do with that. I'm somewhat confused.  Can you please help me by clarifying?


Warm regards, Anthony

Go to forum: wolfSSL

98 Reply by anthony

(7 replies, posted in wolfSSL)

I see the 5 0 bytes at the end.  When you use the debugger, does your code that writes in the header, length and content get executed? If not, you need to figure out why.

Warm regards, Anthony

Go to forum: wolfSSL

99 Reply by anthony

(6 replies, posted in wolfCrypt)

Hi Zihao,

You're very welcome. We'd still love to have a chat.  If you have a chance, please send me a meeting invite to anthony@wolfssl.com.

Warm regards, Anthony

Go to forum: wolfCrypt

100 Reply by anthony

(7 replies, posted in wolfSSL)

Hi,

I don't see your attachment.

You're probably going to need to run a debugger such as gdb to see if you are actually writing the extension as you expected.

Warm regards, Anthony

Go to forum: wolfSSL