You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by Alexander79
Pages 1
Thanks for the answer!
I think you're right: better wait for the release.
Are there any live ones here?
Thank you for answer!
Now I study WolfSLL at home by myself and see it as a replacement for OpenSSL (in Qt).
I want to write some simple programs on my own to understand how to work with WolfSSL.
If you would like further instruction on how to build wolfSSL with Qt to test in your application, please let us know and we can provide more information.
Yes, provide more information, please.
Hello everyone!
I was write a simple SSL-client/server in Visual Studio, using WolfSSL. It work fine.
For now I try to write a simple SSL server, using Qt and based on QTcpServer.
But I didn't find any information about WolfSSL + Qt.
There is source code:
SslServer.h
#ifndef SSLSERVER_H
#define SSLSERVER_H
#include <QTcpServer>
#define WC_NO_HARDEN
#include <wolfssl/ssl.h>
#define CERT_SERVER_CERT "Certs\\server-cert.pem"
#define CERT_SERVER_KEY "Certs\\server-key.pem"
#define CERT_SERVER_DH "Certs\\dh2048.pem"
class SslServer : public QTcpServer
{
Q_OBJECT
public:
explicit SslServer(QObject* parent = nullptr);
virtual ~SslServer() override;
protected:
virtual void incomingConnection(qintptr socketDescriptor) override final;
private:
WOLFSSL_CTX* m_CTX;
};
#endif // SSLSERVER_HSslServer.cpp
#include "SslServer.h"
#include "SslSocket.h"
#include <QDebug>
#pragma comment(lib, "ws2_32.lib")
#pragma comment(lib, "AdvAPI32.lib")
SslServer::SslServer(QObject* parent) :
QTcpServer(parent),
m_CTX(nullptr)
{
WSADATA wsa_data = { 0 };
WSAStartup(MAKEWORD(2, 0), &wsa_data);
wolfSSL_Init();
m_CTX = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
if (m_CTX)
{
if (wolfSSL_CTX_use_certificate_file(m_CTX, CERT_SERVER_CERT, SSL_FILETYPE_PEM) == SSL_SUCCESS)
{
if (wolfSSL_CTX_use_PrivateKey_file(m_CTX, CERT_SERVER_KEY, SSL_FILETYPE_PEM) == SSL_SUCCESS)
{
if (wolfSSL_CTX_SetTmpDH_file(m_CTX, CERT_SERVER_DH, SSL_FILETYPE_PEM) == SSL_SUCCESS)
{
qDebug() << "SslServer::SslServer -> init SSL is OK";
}
}
}
}
}
SslServer::~SslServer()
{
if (m_CTX)
{
wolfSSL_CTX_free(m_CTX);
m_CTX = nullptr;
}
wolfSSL_Cleanup();
WSACleanup();
}
void SslServer::incomingConnection(qintptr socketDescriptor)
{
qDebug() << "SslServer::incomingConnection";
SslSocket* sock = new SslSocket(this);
WOLFSSL* ssl = wolfSSL_new(m_CTX);
if (ssl)
{
wolfSSL_set_fd(ssl, socketDescriptor);
for (;;)
{
// loop because accept didn't work immediately
int r = wolfSSL_accept(ssl);
if (r == -1)
{
r = wolfSSL_get_error(ssl, r);
if (r == SSL_ERROR_WANT_READ)
{
Sleep(10);
continue;
}
}
break;
}
sock->setSocketDescriptor(socketDescriptor);
sock->SetSSL(ssl);
qDebug() << "SslServer::incomingConnection -> make SSL socket";
}
this->addPendingConnection(sock);
}Then I was write SSLSocket
There is source code:
SslSocket.h
#ifndef SslSocket_H
#define SslSocket_H
#include <QTcpSocket>
#define WC_NO_HARDEN
#include <wolfssl/ssl.h>
class SslSocket : public QTcpSocket
{
Q_OBJECT
public:
explicit SslSocket(QObject* parent = nullptr);
virtual ~SslSocket() override;
void SetSSL(WOLFSSL* ssl);
qint64 read(char* data, qint64 maxlen);
QByteArray read(qint64 maxlen);
qint64 write(const char* data, qint64 len);
private:
WOLFSSL* m_SSL;
};
#endif // SslSocket_HSslSocket.cpp
#include "SslSocket.h"
#include <QDebug>
SslSocket::SslSocket(QObject* parent) :
QTcpSocket(parent),
m_SSL(nullptr)
{
}
SslSocket::~SslSocket()
{
if (m_SSL)
{
wolfSSL_shutdown(m_SSL);
wolfSSL_free(m_SSL);
m_SSL = nullptr;
}
}
void SslSocket::SetSSL(WOLFSSL* ssl)
{
m_SSL = ssl;
}
qint64 SslSocket::read(char* data, qint64 maxlen)
{
qDebug() << "SslSocket::read 1";
if (m_SSL && data && maxlen > 0)
{
return wolfSSL_read(m_SSL, data, maxlen);
}
return 0;
}
QByteArray SslSocket::read(qint64 maxlen)
{
QByteArray data;
qDebug() << "SslSocket::read 2, SSL = " << m_SSL;
if (m_SSL && maxlen > 0)
{
data.resize(maxlen);
maxlen = wolfSSL_read(m_SSL, (void*)data.data(), maxlen);
if (maxlen > 0)
{
data.resize(maxlen);
}
else
{
data.clear();
}
}
return std::move(data);
}
qint64 SslSocket::write(const char* data, qint64 len)
{
qDebug() << "SslSocket::write";
if (m_SSL && data && len > 0)
{
return wolfSSL_write(m_SSL, data, len);
}
return 0;
}Server listen port and accept connections is fine.
But a have a problem to receive data from client at this line:
maxlen = wolfSSL_read(m_SSL, (void*)data.data(), maxlen);Function wolfSSL_read return -1, but method bytesAvailable() in SSLSocket say to there is data to read in socket.
What I do wrong?
How a correct receive data over WolfSSL in Qt?
Thank you!
I' use as example this source code:
https://github.com/wolfSSL/wolfssl-exam … ls-ecdhe.c
But function wolfSSL_CTX_use_certificate_file() return error while trying parse file server-ecc.pem from WolfSSL library.
I looked inside this function, it's open and read file, but there is some error while parsing.
Don't understand, what I'm doing wrong...
Please, look at my source code, I post it down here.
On server side, function wolfSSL_accept return error, after function wolfSSL_connect at client side.
Also don't understand how to work with cipher's and certificate's, with functions wolfSSL_CTX_set_cipher_list and wolfSSL_CTX_SetTmpDH.
I was readed manuals, looked samples, but still cannot make it work...
Can you fix my source code, please?
Tell me, please, what I'm doing wrong?
There is simple echo client-server:
SERVER
#include <iostream>
#include <string>
#include <algorithm>
#include <conio.h>
#include <wolfssl/ssl.h>
#define CERT_SERVER_PATH "Certs/server-cert.pem"
#define KEY_SERVER_PATH "Certs/server-key.pem"
#define PORT 1234
#define Assert(expr) _ASSERT_EXPR((expr), _CRT_WIDE(#expr))
#define _WINSOCKAPI_
#include <Windows.h>
#include <winsock2.h>
#pragma comment(lib, "ws2_32.lib")
void Exit(WOLFSSL* ssl)
{
std::string err_str(80, 0);
int err = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(err, &err_str[0]);
std::cerr << err_str << "\n";
Assert(false && "Error");
exit(-1);
}
WOLFSSL_CTX* Init()
{
WSADATA wsa_data;
WORD version;
version = MAKEWORD(2, 0);
WSAStartup(version, &wsa_data);
wolfSSL_Init();
auto ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
const char* cipher_list = "DHE-RSA-AES128-SHA256";
if (wolfSSL_CTX_set_cipher_list(ctx, cipher_list) != SSL_SUCCESS)
Exit(nullptr);
return ctx;
}
void LoadCerts(WOLFSSL_CTX* ctx)
{
if (wolfSSL_CTX_use_certificate_file(ctx, CERT_SERVER_PATH, SSL_FILETYPE_PEM) != SSL_SUCCESS)
Exit(nullptr);
if (wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_SERVER_PATH, SSL_FILETYPE_PEM) != SSL_SUCCESS)
Exit(nullptr);
}
int Send(WOLFSSL* ssl, const std::string& data)
{
return wolfSSL_write(ssl, (char*)data.c_str(), data.size());
}
int Recv(WOLFSSL* ssl, std::string& data, int size)
{
return wolfSSL_read(ssl, (char*)&data[0], size);
}
void Clean(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
{
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
WSACleanup();
}
int main()
{
int yes = 1;
SOCKET server_socket = INVALID_SOCKET;
struct sockaddr_in sockaddr;
WOLFSSL_CTX* ctx = nullptr;
WOLFSSL* ssl = nullptr;
if (!(ctx = Init()))
Exit(nullptr);
LoadCerts(ctx);
server_socket = ::WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, 0, 0, 0);
memset(&sockaddr, 0x00, sizeof(sockaddr_in));
sockaddr.sin_family = AF_INET;
sockaddr.sin_port = htons(PORT);
sockaddr.sin_addr.s_addr = htonl(INADDR_ANY);
::setsockopt(server_socket, SOL_SOCKET, SO_REUSEADDR, (const char*)&yes, sizeof(int));
::bind(server_socket, (struct sockaddr*)&sockaddr, sizeof(struct sockaddr));
::listen(server_socket, 1);
std::cout << "Waiting connection...\n";
SOCKET client_socket = ::accept(server_socket, nullptr, nullptr);
std::cout << "Got new connection\n";
if (!(ssl = wolfSSL_new(ctx)))
Exit(ssl);
wolfSSL_set_fd(ssl, client_socket);
if (wolfSSL_accept(ssl) != SSL_SUCCESS)
Exit(ssl);
std::cout << "Secure socket ready\n";
std::string data(80, 0);
if (!Recv(ssl, data, data.size()))
Exit(ssl);
std::cout << "Recv: " << data << "\n";
data.erase(std::remove(data.begin(), data.end(), '\0'), data.end());
data += " <---> ECHO\n";
if (!Send(ssl, data))
Exit(ssl);
Clean(ssl, ctx);
std::cout << "\nDone\n";
_getch();
return 0;
}CLIENT
#include <iostream>
#include <string>
#include <algorithm>
#include <conio.h>
#include <wolfssl/ssl.h>
#define CERT_CLIENT_PATH "Certs/client-cert.pem"
#define IP "127.0.0.1"
#define PORT 1234
#define Assert(expr) _ASSERT_EXPR((expr), _CRT_WIDE(#expr))
#define _WINSOCKAPI_
#include <Windows.h>
#include <winsock2.h>
#pragma comment(lib, "ws2_32.lib")
void Exit(WOLFSSL* ssl)
{
std::string err_str(80, 0);
int err = wolfSSL_get_error(ssl, 0);
wolfSSL_ERR_error_string(err, &err_str[0]);
std::cerr << err_str << "\n";
Assert(false && "Error");
exit(-1);
}
WOLFSSL_CTX* Init()
{
WSADATA wsa_data;
WORD version;
version = MAKEWORD(2, 0);
WSAStartup(version, &wsa_data);
wolfSSL_Init();
auto ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
const char* cipher_list = "DHE-RSA-AES128-SHA256";
if (wolfSSL_CTX_set_cipher_list(ctx, cipher_list) != SSL_SUCCESS)
Exit(nullptr);
return ctx;
}
int Send(WOLFSSL* ssl, const std::string& data)
{
return wolfSSL_write(ssl, (char*)data.c_str(), data.size());
}
int Recv(WOLFSSL* ssl, std::string& data, int size)
{
return wolfSSL_read(ssl, (char*)&data[0], size);
}
void Clean(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
{
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
WSACleanup();
}
int main()
{
int yes = 1;
SOCKET socket = INVALID_SOCKET;
struct sockaddr_in sockaddr;
WOLFSSL_CTX* ctx = nullptr;
WOLFSSL* ssl = nullptr;
if (!(ctx = Init()))
Exit(nullptr);
struct hostent* target = nullptr;
socket = ::WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, 0, 0, 0);
target = gethostbyname(IP);
memset(&sockaddr, 0x00, sizeof(sockaddr_in));
sockaddr.sin_family = AF_INET;
((u_long*)&sockaddr.sin_addr)[0] = ((u_long**)target->h_addr_list)[0][0];
sockaddr.sin_port = htons(PORT);
std::cout << "Connecting... ";
if (::connect(socket, (struct sockaddr*)&sockaddr, sizeof(sockaddr)) == SOCKET_ERROR)
Exit(nullptr);
if (!(ssl = wolfSSL_new(ctx)))
Exit(ssl);
wolfSSL_set_fd(ssl, socket);
if (wolfSSL_connect(ssl) == SSL_SUCCESS)
Exit(ssl);
std::cout << " Done\n";
std::string data = "hello";
if (!Send(ssl, data))
Exit(ssl);
if (!Recv(ssl, data, data.size()))
Exit(ssl);
std::cout << "Respone: " << data;
Clean(ssl, ctx);
std::cout << "\nDone\n";
_getch();
return 0;
}Thanks for your answer.
About question 2.
1) I add certificate (wolfSSL_CTX_use_certificate_file) and private key file (wolfSSL_CTX_use_PrivateKey_file). What should I do next to use DHE?
2) What can I do with wolfSSL_CTX_set_cipher_list next?
If certificate file and the key will located in one directory with server - this is normal.
Client should not store any files (certificate, keys etc).
Can anybody help me please?
Hello everyone!
Not long time ago I has met with the library WolfSSL.
This library has made a big impression on me.
Immediately apologize for my English, I use google translate.
For the study I was wrote two simple programs: an echo server and client to add their support TLS 1.2.
I have a few questions:
1) It is necessary to make sure that the server has only worked with TLS and did not support the work of insecure channel. If the client connecting without TLS support, it must be disconnected by server. How this can be done (on the server side)?
2) It is necessary to add support for TLS to disposable keys were generated and unique to each session, and not store it on file in file system. I read about the mechanism of formation of the key for the current session in SSL/TLS - Ephemeral Diffie-Hellman. How to use it in WolfSSL library?
If possible, please give examples.
Thank you for attention.
Pages 1
wolfSSL - Embedded SSL Library → Posts by Alexander79
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.019 seconds (95% PHP - 5% DB) with 5 queries