1 (edited by cxdinter 2016-11-14 23:25:54)

Topic: [SOLVED] question about openSSL compatibility layer

Hi,
   Recently, I am trying to replace openSSL library by wolfSSL library in our product (mainly for https connection with Poco library).
   But I can't find some openSSL APIs in wolfSSL's openSSL compatibility layer.

   For example:
   We used two openSSL APIs : SSL_ctrl() and SSL_CTX_ctrl(). But can't find them in wolfssl/openssl/ssl.h.
   So, in wolfSSL, which API are same with SSL_ctrl() and SSL_CTX_ctrl()?

Share

Re: [SOLVED] question about openSSL compatibility layer

Hi Cxdinter,

We are continually working to add new openssl compatibility API's. You'll find the ones you are missing in the pull request #618, which should make it into master shortly.

https://github.com/wolfSSL/wolfssl/pull/618

SSL_CTX_ctrl:
https://github.com/wolfSSL/wolfssl/pull … 2c5b9R5625

SSL_ctrl:
https://github.com/wolfSSL/wolfssl/pull … 2c5b9R5614

We also just added a bunch on Nov 10th in PR #617 into master:
https://github.com/wolfSSL/wolfssl/pull/617
Commit: https://github.com/wolfSSL/wolfssl/comm … 4537f5279f

Hopefully that will help with the Poco port you are working on. Let us know if there is anything else.
Your feedback has been very excellent, so thank you!

David Garske, wolfSSL

Share

Re: [SOLVED] question about openSSL compatibility layer

Hi dgarske,
    Thank you.
    We got benefits from your new patch. Even some of them are not really implemented.

    Actually, We have two choices to replace openssl by wolfSSL  for Poco library.
    First way is using wolfSSL's compatibility layer. The second way is : remove netssl component(based on openssl) in Poco library, and use wolfSSL APIs directly.

   I am not sure which way is more better.
   The first way is a conservative strategy, it should be ok after wolfSSL compatibility layer fully implemented.
   The second way have more challenges, but it is also let us exciting.

   By the way, in wolfSSL samples, is there any mature sample code which used for test server/client connect through TLSv1.2 ?

Share

Re: [SOLVED] question about openSSL compatibility layer

Hi Cxdinter,

Correct, those are the porting options. Its difficult for me to guess, which is better for you and the Poco library without a more detailed review.

For the first option you may have to implement some additional openssl compatibility API's. They have over 4000 API's and we only cover the most common ones. If you do add some and would like to contribute changes back to us that would be wonderful. We only require a signed contributor agreement, which I can send you.

We have more examples in this repo:
https://github.com/wolfSSL/wolfssl-examples

Some clean TLS examples are in this folder:
https://github.com/wolfSSL/wolfssl-exam … master/tls

Thanks,
David Garske, wolfSSL

Share

Re: [SOLVED] question about openSSL compatibility layer

HI dgarske,
    OK. If I have finished some new function in openssl compatibility layer, and test it ok. I will paste source code here.

Share