Topic: Setting private key on a WOLFSSL object

Hi,

I'm having an issue similar to https://www.wolfssl.com/forums/topic144 … enssl.html. A bit of context: I have a proxy that inspects TLS traffic, so for every connection I need to generate an interception certificate and set it (along with a private key) on the client connection. At the moment it's working well with OpenSSL, but as soon as I switch to WolfSSL I'm getting errors setting the private key.
The private key is generated by RSA_generate_key, but when I try to set the key with SSL_use_PrivateKey on the SSL object I'm seeing a -4 WOLFSSL_BAD_FILE error.

The relevant code is:

RSA *pkey = RSA_generate_key(2048, RSA_F4, NULL, NULL);
EVP_PKEY* clientKeyPair = EVP_PKEY_new();
EVP_PKEY_assign_RSA(clientKeyPair, pkey);
// ...
// Client certificate generation
X509* cert = X509_new();
// Set issuer, subject, notAfter, notBefore, extensions and serial...
X509_set_pubkey(cert, clientKeyPair);
// ...
// Later on
SSL_use_certificate(ssl, cert);
SSL_use_PrivateKey(ssl, clientKeyPair); // <-- Fails with -4
...

I'm building WolfSSL with --enable-keygen, but I get the same error if I use PEM_read_bio_RSAPrivateKey to use a pre-generated key instead of RSA_generate_key.

Other flags I'm passing to configure are --enable-apachehttpd --enable-opensslall --enable-opensslextra --enable-asio.

Am I missing some setup needed in WolfSSL (but not on OpenSSL) or a build flag to make this work?

Share

Re: Setting private key on a WOLFSSL object

Hi sergiop,

Thanks for this report. I will setup a test case for this and validate. I would expect that sequence of openssl compatibility calls to work.

Also we have an example for setting up a TLS proxy with native wolfSSL API's. I'm emailing you that example.

Thanks,
David Garske, wolfSSL

Share

Re: Setting private key on a WOLFSSL object

Hi David,

Just wanted to report back my findings. I was able to get past the -4 WOLFSSL_BAD_FILE error by using wolfSSL_use_PrivateKey_buffer and passing it a buffer in PEM format.

Share