You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by anthony
Hi,
I've had a quick scan of your changes. nothing really jumps out as being wrong. Perhaps it would be a good idea to get wireshark to see and make sure you know the root cause.
Can you please let me know what wireshark shows you?
Warm regards, Anthony
Hi Wangzihao,
Thank you very much for using wolfSSL!
I tried reproducing what you are seeing. Here is what I did :
cd wolfssl
git checkout master
./autogen.sh
./configure --enable-static --enable-sp-math-all --enable-opensslall
make all
make check
sudo make installI then copied the code supplied in your post into a file called `forum.c` and did the following:
g++ forum.cpp /usr/local/lib/libwolfssl.a -o forum
./forumHere are the results I got:
get mp_int af: 0
get mp_int bf: 0
get mp_int prime: 0
get mp_int order: 0
get mp_int ra: 0
get mp_int s: 0
get ecc_point pointG: 0
point is on curve: 0
n3*G: 0
n1*G: 0
n2*B: 0
A is equal to C: 0
get mp_int ra1: 0
get mp_int ra2: 0
ra3*G: 0
ra1*G: 0
ra2*E: 0
D is equal to F: -1Is this what you are seeing as well?
I will need to confer with my colleagues. Please stay tuned.
Warm regards, Anthony
Hello joseph.mazza,
I've put up a pull request on github: https://github.com/wolfSSL/wolfssl/pull/6276
Lets see how my colleagues feel about it in the review comments.
In the meantime, we love to know more about how our code is being use and by whom. To that end, I have a few questions.
Can you please let us know your location and any academic or professional affiliations? I'd also love to know about your project. Can you let us know what you are trying to do and your goals?
Warm regards, Anthony
Warm regards, Anthony
Hi,
I apologize for not getting you answer more promptly. I need to go back to my colleagues for this.
Warm regards, Anthony
Hello joseph.mazza,
It would seem you have found a bug. I apologize, however, it is quite late in my time zone so I will have ask you to be patient as I start my investigation tomorrow. In the meantime, please let me know your location and affiliated organization so that I may better prioritize your issue.
Warm regards, Anthony
Note, you can also get the generated certificates from here: https://github.com/wolfSSL/wolfssl-examples/pull/375
Hi Basak,
but, still I cannot start my server with it.
What error message are you seeing?
And yes, the generated files should be moved to wolfssl/certs/ directory
Hi Basak,
I don't know your computer's directory setup so I cannot give you the exact commands you need to execute. When I say /path/to/osp/... I mean "The path to where you downloaded osp project to...."
Hope this helps!
Warm regards, Anthony
Hi basak,
My name is Anthony and I'm a member of the wolfSSL team. Please note that the certificates are not included as part of wolfSSL. They need to be generated. The instructions for generating them are at https://github.com/wolfSSL/osp/tree/mas … /README.md .
Please let us know about your progress with this experiment.
Warm regards, Anthony
Ok, so you are now having success with our example client. You can now use that as a template to better understand what you need to do. Since you mentioned embedded, please do consider tiny curl. It just might fit your use case!
Warm regards, Anthony
Hi msorage,
There is some sort of problem here. Your debug output indicates you only processed 2 certificates. You should have processed all the certificates in the /etc/ssl/certs.
Please use a debugger to figure why that hasn't happened.
Warm regards , Anthony
Hi,
Please do this and then send over the logs:
./configure --enable-sys-ca-certs --enable-debug
make all
./examples/client/client -h www.wolfssl.com -p 443 --sys-ca-certs
Hi msorage,
I guess you're going to have to try again with --enable-debug to get some more verbose logging since I can't reproduce your issue here.
Warm regards, anthony
That's odd. This is my output:
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
SSL curve name is SECP256R1This is where we are looking for the certificates:
"/etc/ssl/certs", /* Debian, Ubuntu, Gentoo, others */
"/etc/pki/ca-trust/source/anchors", /* Fedora, RHEL */
"/etc/pki/tls/certs" /* Older RHEL */What distribution of linux are you using? Can you check the locations specified above to see if there are certificates there?
Warm regards, Anthony
Hi,
Also, please consider tiny-curl. You can find it at https://www.wolfssl.com/download/
Warm regards, Anthony
On Linux, this worked for me:
./configure --enable-sys-ca-certs
make all
./examples/client/client -h www.wolfssl.com -p 443 --sys-ca-certs Warm regards, Anthony
Hi,
May I ask why you are doing this and what you are trying to achieve? Is this an academic or hobby project? We love know what people are doing with wolfSSL.
Have you considered using curl? You can download the source for curl and build it with wolfSSL underneath. Then you can look at how curl is calling wolfSSL to get a better understanding of what is needed. Or, depending on your needs, curl might be a better fit.
Warm regards, Anthony
I noticed your address is a numeric IP address. within the certificate, is that numeric ip address specified?
What names are specified in the certificate?
Hi msorage,
Thanks for trying this out. I guess we're going to need more information. Can you start by turning on logging? Build with --enable-debug and call wolfSSL_Debugging_ON() at the beginning of your application.
Warm regards, Anthony
Hi msorage,
This return code indicates that you do not have a root certificate that chains up to the certificate provided by the server. You can use your browser to go to any site, look up the security settings for that site and from there get the root certificate that chains up to it held by your browser.
I hope this helps!!
Warm regards, Anthony
Hi jobryansr,
My name is Anthony Hu and I am a member of the wolfSSL team. Can you please e-mail facts@wolfssl.com with your question? This forum is more focused on technical questions. We can handle your FIPS questions better via email.
Warm regards, Anthony
Hello jferraris,
This issue was fixed in wolfssl's `master` branch. Please see the following pull request that has already been merged: https://github.com/wolfSSL/wolfssl/pull/6085
Warm regards, Anthony
Hi _angelo_
1) are you asking to never send change_cipher_spec and to ignore them if received ?
2) in `wolfssl/internal.h` we define max record size as follows:
MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
Hope this helps. Let me know your clarifications on the first point and if you have any further questions.
Warm regards, Anthony
Hello m_u_h, how are you?
My name is Anthony Hu and I am part of the wolfSSL team.
There are many reasons why openssl might not be using wolfengine. How are you performing SSH and TLS? Are they separate applications? If so, then it could be that the application doing TLS was built with static libraries in which case that particular application would not support engine usage.
Can you please share details about your applications? For example, how are they built?
Also, here at wolfSSL we love hearing about how our software is being used. Can you let us know about your project and what your goals are?
Warm regards, Anthony
wolfSSL - Embedded SSL Library → Posts by anthony
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.018 seconds (89% PHP - 11% DB) with 5 queries