1 Reply by sanjay.sk.singh

(5 replies, posted in wolfSSL)

Kaleb J. Himes wrote:

Hi sanjay,

Could you tell us a little about the project you are working on? Is this an old solution you are bringing up to date or is this a new project?


Warm Regards,

Kaleb

Hi Kaleb,

This is new for Wolfssl. we are using openssl as of now but, due to transmission speed it taking 4 second for handshaking with gateway. we want to integrate the Wolfssl if can improve the speed.

Regards,
Sanjay

Go to forum: wolfSSL

2 Reply by sanjay.sk.singh

(5 replies, posted in wolfSSL)

dgarske wrote:

Hi Sanjay,

The call to set cipher list is failing, but you are not checking the return code. The correct syntax for the cipher suite is: `ECDHE-RSA-AES128-GCM-SHA256`. You can use this command to see a list of supported cipher suites: `./examples/client/client -e`.

`./examples/client/client -h 66.83.75.170 -p 443 -c ./certtest/Demo_Cert.pem -A ./certtest/CA_Root.pem -d -l ECDHE-RSA-AES128-GCM-SHA256`

Also we have some simple TLS client examples here:
https://github.com/wolfSSL/wolfssl-exam … master/tls

Let me know if that resolves the issue.

Thanks,
David Garske, wolfSSL

Hi David,

I replaced the wolfSSL_CTX_set_cipher_list(ctx,"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); line with wolfSSL_CTX_set_cipher_list(ctx,"ECDHE-RSA-AES128-GCM-SHA256");

but, still getting same error. As i informed you that it's working well with examples/client/client.c like below then getting success.
./examples/client/client -h 65.124.118.187 -p 443 -c ./certtest/Demo_Cert.pem -A ./certtest/Comodo_Root.pem -d

but, my code is not working. sad

I'm stuck here and not able to use this library.

Waiting for your suggestion.

Regards,
Sanjay

Go to forum: wolfSSL

3 Topic by sanjay.sk.singh

(5 replies, posted in wolfSSL)

Dear Team,

I'm testing with wolfssl to integrate with my project and for that i've written small code to connect with server. but, not able to connect.

Whereas, while i'm using examples/client/client.c file then connection is getting success with my certificate.
Kindly suggest the answer.

My code :
int sockfd, err;
    char errorString[80];

    WOLFSSL_CTX* ctx;
    WOLFSSL* ssl;
    WOLFSSL_METHOD* method;
    struct  sockaddr_in servAddr;
    const char message[] = "Hello, World!";

    /* create and set up socket */
    sockfd = socket(AF_INET, SOCK_STREAM, 0);
    printf("Socket created ID:%d \n",sockfd);
    memset(&servAddr, 0, sizeof(servAddr));
    servAddr.sin_family = AF_INET;   
    servAddr.sin_addr.s_addr = inet_addr("66.83.75.170");
    servAddr.sin_port = htons(SERV_PORT);
            
    wolfSSL_Debugging_ON();   
    /* initialize wolfssl library */
    wolfSSL_Init();
    method = wolfTLSv1_2_client_method(); /* use TLS v1.2 */
   
    /* make new ssl context */
    if ( (ctx = wolfSSL_CTX_new(method)) == NULL) {
        err_sys("wolfSSL_CTX_new error\n");
    }
   
    if (wolfSSL_CTX_use_certificate_chain_file(ctx, "certtest/Demo_Cert.pem") != SSL_SUCCESS) {
            wolfSSL_CTX_free(ctx);
            err_sys("can't load client cert file, check file and run from"
                    " wolfSSL home dir");
        }
   
       if (wolfSSL_CTX_use_PrivateKey_file(ctx, "certs/ca-key.pem", SSL_FILETYPE_PEM) != SSL_SUCCESS) {
            wolfSSL_CTX_free(ctx);
            err_sys("can't load client private key file, check file and run "
                    "from wolfSSL home dir");
        }
   
    wolfSSL_CTX_set_cipher_list(ctx,"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
   
    /* Add cert to ctx  Symantec_C3_G3.pem*/
    if (wolfSSL_CTX_load_verify_locations(ctx, "certtest/Comodo_Root.pem", 0) != SSL_SUCCESS) {
    wolfSSL_CTX_free(ctx);
        err_sys("Error loading certtest/Comodo_Root.pem\n");
    }
   
   
   
    wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE,0);
   
    /* make new wolfSSL struct */
    if ( (ssl = wolfSSL_new(ctx)) == NULL) {
        err_sys("wolfSSL_new error\n");
    }
       
                                 
    /* connect to socket */
    int conn = connect(sockfd, (struct sockaddr *) &servAddr, sizeof(servAddr));
    if(conn < 0)
    {
    wolfSSL_CTX_free(ctx);
    printf("TCP Connect error:%d\n",conn);
    err_sys("TCP Connect error return\n");
    }
   /* Connect wolfssl to the socket, server, then send message */
    if (wolfSSL_set_fd(ssl, sockfd) != SSL_SUCCESS) {
        wolfSSL_free(ssl);
        wolfSSL_CTX_free(ctx);
        err_sys("error in setting fd");
    }
   
    int Ret = wolfSSL_connect(ssl);
    if(Ret != SSL_SUCCESS)
    {
    printf("WolfSSL Test steps 8 \n");
       
    err = wolfSSL_get_error(ssl, 0);
    wolfSSL_ERR_error_string(err, errorString);
    printf("WolfSSL connect error :%d, %s\n",Ret,errorString);
    }
   
    if(Ret == SSL_SUCCESS)
        wolfSSL_write(ssl, message, strlen(message));

    /* frees all data before client termination */
    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
    wolfSSL_Cleanup();

Getting error 40 & -313

but, if i used the examples/client/client.c like below then getting success.

./examples/client/client -h 65.124.118.187 -p 443 -c ./certtest/Demo_Cert.pem -A ./certtest/Comodo_Root.pem -d


Kindly suggest the mistake in my code. I'm attaching the test certificate.

Regards,
Sanjay

Go to forum: wolfSSL

4 Reply by sanjay.sk.singh

(16 replies, posted in wolfSSL)

sanjay.sk.singh wrote:
sanjay.sk.singh wrote:
sanjay.sk.singh wrote:

Hi Chris,

I used the above but, not working. sending you the source code, compilation command & debug output.
Whereas, wolfssl examples/client/client.c is connecting perfectly with -h IP -p Port -d command with same ./configure <options>
I also tested with wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE,0);
Please advice.

Regards,
Sanjay

Hi Chris,

Please help me.

Regards,
Sanjay


Hi Chris,

I got the demo certificate from getway vendor (attached) for IP: 66.83.75.170 & port 443. Would you please help to integrate with wolfssl library with my code... I would be really very thankful to you.

Please guide me boss. 

Regards,
Sanjay Singh

Go to forum: wolfSSL

5 Reply by sanjay.sk.singh

(16 replies, posted in wolfSSL)

sanjay.sk.singh wrote:
sanjay.sk.singh wrote:
chrisc wrote:

Hi Sanjay,

The wolfSSL example client (./examples/client/client.c) uses the following files by default for those functions:

wolfSSL_CTX_use_certificate_chain_file() - ./certs/client-cert.pem
wolfSSL_CTX_use_PrivateKey_file() - ./certs/client-key.pem
wolfSSL_CTX_load_verify_locations() - ./certs/ca-cert.pem

Best Regards,
Chris

Hi Chris,

I used the above but, not working. sending you the source code, compilation command & debug output.
Whereas, wolfssl examples/client/client.c is connecting perfectly with -h IP -p Port -d command with same ./configure <options>
I also tested with wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE,0);
Please advice.

Regards,
Sanjay

Hi Chris,

Please help me.

Regards,
Sanjay

Go to forum: wolfSSL

6 Reply by sanjay.sk.singh

(16 replies, posted in wolfSSL)

sanjay.sk.singh wrote:
chrisc wrote:

Hi Sanjay,

The wolfSSL example client (./examples/client/client.c) uses the following files by default for those functions:

wolfSSL_CTX_use_certificate_chain_file() - ./certs/client-cert.pem
wolfSSL_CTX_use_PrivateKey_file() - ./certs/client-key.pem
wolfSSL_CTX_load_verify_locations() - ./certs/ca-cert.pem

Best Regards,
Chris

Hi Chris,

I used the above but, not working. sending you the source code, compilation command & debug output.
Whereas, wolfssl examples/client/client.c is connecting perfectly with -h IP -p Port -d command with same ./configure <options>
I also tested with wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE,0);
Please advice.

Regards,
Sanjay

Go to forum: wolfSSL

7 Reply by sanjay.sk.singh

(16 replies, posted in wolfSSL)

chrisc wrote:

Hi Sanjay,

The wolfSSL example client (./examples/client/client.c) uses the following files by default for those functions:

wolfSSL_CTX_use_certificate_chain_file() - ./certs/client-cert.pem
wolfSSL_CTX_use_PrivateKey_file() - ./certs/client-key.pem
wolfSSL_CTX_load_verify_locations() - ./certs/ca-cert.pem

Best Regards,
Chris

Hi Chris,

I used the above but, not working. sending you the source code, compilation command & debug output.
Whereas, wolfssl examples/client/client.c is connecting perfectly with -h IP -p Port -d command with same ./configure <options>

Please advice.

Regards,
Sanjay

Go to forum: wolfSSL

8 Reply by sanjay.sk.singh

(16 replies, posted in wolfSSL)

sanjay.sk.singh wrote:
chrisc wrote:

Hi Sanjay,

In client_test.c, you are disabling certificate validation when you call:

wolfSSL_CTX_set_verify(ctx,SSL_VERIFY_NONE ,0);

If you remove this line, your client will try to validate the server's certificate, using the root CA cert you have loaded with wolfSSL_CTX_load_verify_locations().  It looks like you have the incorrect CA certificate loaded (at least looking at the server certificate chain from my end.  When I look at your server's certificate chain, I see:

Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=demo.valuepaymentsystems.com
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

This means that in order to correctly validate the server, you would need to load the root most CA certificate with wolfSSL_CTX_load_verify_locations().  This would be "AddTrust External CA Root". 

 I have attached this certificate here for you to test.

When I run your test application using the attached certificate, my connection succeeds.  Can you capture a Wireshark trace of your connection and send me the .pcap file for analysis?

Thanks,
Chris

Hi Chris,

I didn't get any certificate attached here. I'm attaching wireshark log. Kindly suggest.

FYI... with Openssl, we no need any certificate to connect with given host.

Regards,
Sanjay


Also, kindly suggest the file which is being used in examples/client/client.c file for below API:

wolfSSL_CTX_use_certificate_chain_file()
wolfSSL_CTX_use_PrivateKey_file()
wolfSSL_CTX_load_verify_locations()

Go to forum: wolfSSL

9 Reply by sanjay.sk.singh

(16 replies, posted in wolfSSL)

chrisc wrote:

Hi Sanjay,

In client_test.c, you are disabling certificate validation when you call:

wolfSSL_CTX_set_verify(ctx,SSL_VERIFY_NONE ,0);

If you remove this line, your client will try to validate the server's certificate, using the root CA cert you have loaded with wolfSSL_CTX_load_verify_locations().  It looks like you have the incorrect CA certificate loaded (at least looking at the server certificate chain from my end.  When I look at your server's certificate chain, I see:

Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=demo.valuepaymentsystems.com
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

This means that in order to correctly validate the server, you would need to load the root most CA certificate with wolfSSL_CTX_load_verify_locations().  This would be "AddTrust External CA Root". 

 I have attached this certificate here for you to test.

When I run your test application using the attached certificate, my connection succeeds.  Can you capture a Wireshark trace of your connection and send me the .pcap file for analysis?

Thanks,
Chris

Hi Chris,

I didn't get any certificate attached here. I'm attaching wireshark log. Kindly suggest.

FYI... with Openssl, we no need any certificate to connect with given host.

Regards,
Sanjay

Go to forum: wolfSSL

10 Reply by sanjay.sk.singh

(16 replies, posted in wolfSSL)

chrisc wrote:

Hi Sanjay,

Thanks for sending your certificate over.  I noticed that "client.pem" included an encrypted RSA private key.  As I wasn't sure if this was a test cert/key pair, I removed your attachment from this post for security reasons but did have a chance to look at the file.

A few notes:

1. client.pem includes three items - a CA certificate, a peer certificate, and an RSA private key

2. You should only load the CA certificate with wolfSSL_CTX_load_verify_locations()

3.  The client's certificate (if doing mutual authentication) would be loaded with wolfSSL_CTX_use_certificate_file()

4.  The client's private key would be loaded with wolfSSL_CTX_use_PrivateKey_file(), but you first would need to register a password callback using wolfSSL_CTX_set_default_passwd_cb().  The password callback will be called during key decryption, allowing your callback to provide the password.

Regarding "DHE-RSA-AES256-SHA256", can you let me know the exact steps you are taking to compile the wolfSSL library and run the example client that results in you getting the ""DHE-RSA-AES256-SHA256" is undefined" error?

Thanks,
Chris

Hi Chris,

RSA & Loading .pem file is working now but, getting -313 error while handshake. Whereas, with other getway it's handshaking. I'm attaching all files like below for your reference. Kindly help me the steps to make it final. i would be really thankful to you. With this certificate file project is already running with Openssl library. but, i don't know why wolfssl is not connecting.

1. client_test.c  -> test source code
2. output.txt     -> Result / output with debug
3. Symantec_C3_G3.pem -> certificate file

Is it possible to do handshake without using any certificate file?

Please help me to complete this project as i have dead line for this now. Please please.

Regards,
Sanjay

Go to forum: wolfSSL

11 Reply by sanjay.sk.singh

(16 replies, posted in wolfSSL)

sanjay.sk.singh wrote:
chrisc wrote:

Hi Sanjay,

Going forward, while i'm using "wolfSSL_CTX_set_cipher_list(ctx, DHE-RSA-AES256-SHA256)" API then getting error:  "DHE-RSA-AES256-SHA256" is undefined.

The wolfSSL example client can be used with the "-e" option to view what cipher suites have been enabled for the given build configuration.  For example:

$ cd wolfssl-x.x.x
$ ./configure <options>
$ make
$ ./examples/client/client -e
DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305-OLD

Do you see "DHE-RSA-AES256-SHA256" in that list?

Also, wolfSSL_CTX_load_verify_locations(ctx, "client.pem", 0) producing "Error loading .pem file".

Can you verify that "client.pem" exists in your immediate directory?  It could also be that "client.pem" includes algorithms or key sizes that wolfSSL has not been compiled to support.  Are you able to share "client.pem"?  If not, can you look and see what algorithms and key sizes are used by that certificate?

Thanks,
Chris

Hi Chris,

Yes, the client.pem file exists in the same directory. I'm attaching the same for your reference. Please help me for this.

And i can see the "DHE-RSA-AES256-SHA256" in list after using the ./examples/client/client -e

And the attached client.pem is working with OpenSSL library. Please help me.

Regards,
Sanjay

Go to forum: wolfSSL

12 Reply by sanjay.sk.singh

(16 replies, posted in wolfSSL)

chrisc wrote:

Hi Sanjay,

Going forward, while i'm using "wolfSSL_CTX_set_cipher_list(ctx, DHE-RSA-AES256-SHA256)" API then getting error:  "DHE-RSA-AES256-SHA256" is undefined.

The wolfSSL example client can be used with the "-e" option to view what cipher suites have been enabled for the given build configuration.  For example:

$ cd wolfssl-x.x.x
$ ./configure <options>
$ make
$ ./examples/client/client -e
DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305-OLD

Do you see "DHE-RSA-AES256-SHA256" in that list?

Also, wolfSSL_CTX_load_verify_locations(ctx, "client.pem", 0) producing "Error loading .pem file".

Can you verify that "client.pem" exists in your immediate directory?  It could also be that "client.pem" includes algorithms or key sizes that wolfSSL has not been compiled to support.  Are you able to share "client.pem"?  If not, can you look and see what algorithms and key sizes are used by that certificate?

Thanks,
Chris

Hi Chris,

Yes, the client.pem file exists in the same directory. I'm attaching the same for your reference. Please help me for this.

Regards,
Sanjay

[Edited by chrisc to remove attachment]

Go to forum: wolfSSL

13 Reply by sanjay.sk.singh

(16 replies, posted in wolfSSL)

chrisc wrote:

By default, our configure script only compiles a shared library, to enable compilation of a static library, use the "--enable-static" option:

$ cd wolfssl-x.x.x
$ ./configure --enable-static
$ make

Best Regards,
Chris

Hi Chris,

Thanks, it works now. Going forward, while i'm using "wolfSSL_CTX_set_cipher_list(ctx, DHE-RSA-AES256-SHA256)" API then getting error:  "DHE-RSA-AES256-SHA256" is undefined.

Also, wolfSSL_CTX_load_verify_locations(ctx, "client.pem", 0) producing "Error loading .pem file".

The whole idea is to, integrate the wolfssl library at the place of openssl. currently, our used openssl library is taking 4 seconds time to encrypted handshake with server and we have to resolved it. so, we are referring wolfssl library. The Handshake, send data & receive data must be encrypted with TLS 1.2

Kindly help us how to resolve the above error and integrate the wolfssl for our project.

Regards,
Sanjay

Go to forum: wolfSSL

14 Topic by sanjay.sk.singh

(16 replies, posted in wolfSSL)

Hi Dear,

I wanted to know, how to make .a lib for wolfssl only. I tried as per my knowledge but, getting .la file.

Please guide me how do i generate .a file use it in my own project (linux based).

Regards,
Sanjay

Go to forum: wolfSSL