Hi todd,

If i want to use TLS_DHE_RSA_WITH_AES_256_CBC_SHA want changes I need to do in library/code? i didn't find any information about this in documents.

What is default RSA number is set? RSA 2048 or RSA 1024?

Thanks in advanced.

Vishal N

I am using wolfSSL-1.6.5, as I have already ported this library on OS less environment hence not using 1.8.0.

I am using the wolfSSL on both(client and server) the ends for TLS1.2. Client is on OS less environment and server is on PC(windows XP). I am trying to achieve the TLS1.2 in between these clients. I am getting bad certificate error for client certificate when it got transferred to server.

Initially server was not sending the certificate request to client, so I have  made ctx->verifypeer field to 1(one). Now it is sending the certificate request to client and client is sending the certificate as well. But I am getting the bad certificate(for client certificate) error at server side i.e. Alert(21) message with level 2(fatal) and description 42(Bad certificate). I have traced in and found that mismatch between "cert->issuerHash" and "signers->hash". Because of hash mismatch server is giving the bad certificate error.

I have used wolfSSL's server certificate(server-cert.pem) for server side and wolfSSL client certificate(client-cert.pem), and stored it in  C array(unsigned char) like below,

const unsigned char certBuffer[] = {"-----BEGIN CERTIFICATE-----\n\
....\n\
....\n\
....\n\
-----END CERTIFICATE-----\n"};

“…” replaces actual cert/key data. Is this the right way to store the certificate in C array(unsigned char) or do I need to copy complete file in C array(unsigned char)? This array is used directly by "PemToDerBuffer" function. Same way CA certificate and

CA cert file - ca-cert.pem
Server cert file – server-cert.pem
Server key file – server-key.pem
Client cert file – client-cert.pem
Client key file – client-key.pem

I have following questions,

1.    Do I need to implement the function “GenerateSeed”? if yes what will be output in case of OS less environment?
2.    I have made change in “ctx->verifypeer” field? Is it correct or should it be done by library itself? If yes what fields?
3.    Server is not sending the key? What could be the reason? do we need to do any change in library configuration like done for “ctx->verifypeer” field?
4.    I want to use “TLS_RSA_WITH_AES_256_CBC_SHA”, what kind of configuration settings I need to do in libraries?

If you have any document which describes all these things please let me know I will go through it.

I have tried defining both the macros and below is my findings,

MP_8BIT works for mp_init and related functions but application crashes in "MakeSigner" function.

MP_16BIT works for "MakeSigner" functions but then application crashes in mp_init and mp_grow functions.

I have defined,

#define SIZEOF_LONG 4
#define SIZEOF_LONG_LONG 8

mp_word size is 4 bytes and mp_digit size is 2 bytes.

I have implemented the XMALLOC, XREALLOC and XFREE which is managing the unsigned char buffer.

I am using MPLAB C compiler pic32-gcc. My micro controller is 32bit.

Vishal N

Hi,

I am facing problem for MP_8BIT. MP calculations are working when MP_8BIT macro is defined. But again execution fails at the time of creating the Signer object.

I am using 32 bit micro controller.  Can you tell me how to use this MP for 32bit micro controller?

Vishal N

Hi Todd,

I am trying to use the TLS1.2 from the wolfSSL library. There I found that by default library reads the certificate from the file system using fopen and fclose functions. As I am working in OS less environment I have stored these certificates in buffer and uses functions,

wolfSSL_CTX_use_certificate_buffer
wolfSSL_CTX_use_PrivateKey_buffer

to load the certificates. These functions internally uses "PemToDerBuffer" function to convert the certificate in DER format. This "PemToDerBuffer" function uses the XMALLOC to allocate memory of certificate size to store the cetrtificate. Can we bypass this memory allocation as I am working in OS less environment? Or do I need to implement the memory management using XMALLOC AND XFREE functions for these calls?

Vishal N