(3 replies, posted in wolfCrypt)


My sincere apologies for missing your follow-up post. I'm unsure how I missed it.

Did you get the answers to your questions? You will have to delete the inactive codes guarded with unused defines.

You can always contact support@wolfssl.com for a timely response.



Someone pointed out that your follow-up question was never answered.

My sincere apologies for missing your follow-up post.

Did you get the problems resolved?

You can always contact support@wolfssl.com for a timely response.



(2 replies, posted in wolfCrypt)

Hi bstraehl,

Thanks for contacting wolfSSL!

This sounds like a reasonable request to add a function that can convert time to a human-readable format.

We are tracking this request internally.

If there is a timeline associated with this please let me know so we can try to expedite the request.


Hi smith.jhn182,

Thanks for reaching out to wolfSSL!

You can re-validate a peer cert in a callback function.

But you would need to configure with OPENSSL_EXTRA.

See an example at https://github.com/wolfSSL/wolfssl-exam … back.c#L55

Please let me know if you run into any issues.


Hi Derry,

I'm glad to hear that you got it working.
If you are interested in contributing your changes, you can open a pull request at https://github.com/wolfSSL/wolfssl.


Hi thippeswamy_dr,

You can use wc_ecc_sign_hash_ex() and wc_ecc_verify_hash_ex() APIs for Elliptic Curve Digital Signature Algo (ECDSA) .

The output parameters r and s would contain the message signature.

You can get more info on the APIs and ECDSA on https://www.wolfssl.com/doxygen/group__ECC.html.

Hope this helps.



The basic configurations for wolfSSL and wolfSSH are as follows:

cd wolfssl
./configure --enable-ssh && make && sudo make install

cd wolfssh
./configure && make && sudo make install

You can see the default configurations in the autogenerated wolfssl/options.h.

Hope this helps.


(1 replies, posted in General Inquiries)

Hi Andrew,

Thanks for contacting wolfSSL!

You can send us email at support@wolfssl.com


(3 replies, posted in wolfCrypt)


Thanks for contacting wolfSSL!

Could you please elaborate on what you want to accomplish with unifdef?

You can use autotools or cmake to build wolfSSL library. wolfSSL is configured with some default configurations and they can be changed with `./configure --disable-funoption`.  You can display the list of options with `./configure -h`.  Configure auto-generates `wolfssl/wolfssl/options.h` containing the #define/#undef of features. 

You can run the wolfcrypt, benchmark, or client/server examples.


Let me know if this helps.

Hi Divyanshu,

Thanks for contacting wolfSSL!

It appears that the example certs have expired on January 7, 2021. We have recently addressed the issue.

Could you please apply the attached pr3641.diff from https://github.com/wolfSSL/wolfssl/pull/3641 and let me know if it works?

patch -p1 < pr3641.diff


Hi Derry,

Thanks for reaching out to wolfSSL with your question.

I think you have a couple of options to add the ARIA cipher.

1. You can create a new file `wolfssl/wolfcrypt/src/aria.c` similar to `wolfssl/wolfcrypt/src/aes.c`, add a build/configure option in configure.ac, update include.am, cipher suite names and etc. I would suggest your search for AES GCM to narrow down your search results.


2. You can consider adding a new macro (e.g. WOLFSSL_ARIA_CRYPT)  and create new file `wolfcrypt/src/port/aria/aria-aes.c` similar to `wolfcrypt/src/port/ti/ti-aes.c` with your implementations. You can edit wolfssl/wolfcrypt/src/aes.c and choose your implementations similar to the way we handle hardware acceleration support. 

If you need the cipher name changed then you would have to go with option #1. Otherwise, option #2 is easier and cleaner but the cipher name shows AES but you are really doing ARIA cipher.

Please let me know if this helps or you can also send us any follow-up questions to support@wolfssl.com.



Thanks for contacting wolfSSL!

Can you try
`./configure --enable-fips=v2 --enable-jni` and let me know if it works?

The ' --enable-fips=v2' option should be used to configure the latest commercial FIPS with certificate #3389.

Best Regards,

Hi stroebeljc,

Thanks for contacting wolfSSL!

We have made some improvements in our CMake build and that feature was likely missed.

I'll discuss this "enhancement" request with my colleague next week and get back to you.


Hi Martin,

Thanks for evaluating wolfSSL!

Loading two certs to the same ssl context with the same API is not possible since the second call replaces the first one.

I would consider this as an enhancement or a feature request. But it should be trivial and can be done in a couple of days or so.

We'd be more than happy to add this to our backlog.

If there is a timeline associated with having this port available, please let me know so we can expedite the request.

Hi Scotty2541,

Sorry to hear that you are having issues building wolfSSL library.

It looks like you are running into a common problem with Eclipse performing a wildcard search of *.c and *.s files and building all source code.

I think your proposed solution to add `#ifdef WOLFSSL_ARMASM` is good.

The preferred alternative solution is to remove source codes that are not relevant to your platform.
Specifically, you need to remove platform-specific assembly source files in
    -   wolfssl/wolfcrypt/src/port/*`dir
    -   wolfsslPort/wolfcrypt/src/aes_asm.asm
    -   wolfsslPort/wolfcrypt/src/aes_asm.S

Please let me know if this helps.

Hi Julia,

Thanks for reaching out with your question.

You can use:
wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_X448)
See https://www.wolfssl.com/doxygen/ssl_8h. … 9e61875b44

I believe --enable-debug configure option is all you need to display debug info of the server/client example application.

Hope this helps.