On your build platform what are sizeof(cyassl_word), sizeof(long int), sizeof(long long), and sizeof(fp_digit)?

Did you add CYASSL_DTLS to only the server's preprocessor options or to the server, client, and CyaSSL library's preprocessor options?

Wireshark usually picks the protocol based on the port number, so it knows that 443 is HTTP over TLS and decodes it as expected. Our test server uses port 11111 so Wireshark isn’t assuming anything about it. You need to select one of the packets and bring up the pop-up menu selecting “Decode As…”, then select “SSL” from the list of protocols.

Some of the functions listed on that page require other features we normally disable. Adding --enable-sessioncerts should give you wolfSSL_X509_get_serial_number, wolfSSL_get_sessionID, and the chain functions. Adding --enable-certgen will add wolfSSL_PemCertToDer. The other functions listed on that webpage should be available to you, though.

They eventually expire, but they aren't deleted. If you use an expired saved session, the connection will perform a new handshake.

The functions CyaSSL_CTX_set_timeout() and CyaSSL_set_timeout() will adjust the expiry time in seconds.

We recently added many DHE-PSK cipher suites last week. The code specifies a new key-exchange algorithm, dhe_psk_kea, which is handled alongside the diffie_hellman_kea and psk_kea. So, you might want to check that out and see if solves your issue. The DHE-PSK key exchange doesn't sign the message like in ECDHE and regular DH(E).

Our tutorial does not cover DTLS. You can take a look at our example echoserver and echoclient that comes with the wolfSSL library.

The fact it doesn't compile is a bug. That was an oversight.

That variable hash is used to calculate the "finished" hash, which is an concatenation of the MD5 and SHA-1 hashes of the messages concatenated together and then encrypted. That hash array is of length FINISHED_SZ, or SHA_DIGEST_SIZE + MD5_DIGEST_SIZE. For TLSv1.2, they decided that just the specified hash should be used, and they added the ability to specify other hashes like SHA-256 and SHA-384, which we also support. The strange looking &hash[MD5_HASH_SIZE] is trying to set the pointer into the hash storage after the old MD5 portion. (Trying to do it the new way while letting the old way work.)

Unless you change the value of FINISHED_SZ, you are getting a buffer overflow with your patch.

Which configure settings are you using? I'm guessing you have at the least:

$ ./configure --disable-oldtls --disable-md5

To clarify "OCSP stapling", we do not support that yet. That involves a TLS Hello extension that we haven't added yet. We do the lookup when receiving the peer's certificate with the Certificates handshake message.

You've probably seen the change in our GitHub repository, but the OCSP interface has been changed to parallel the CRL interface. It no longer requires including the file internal.h.

The OCSP lookup currently only checks the signature against an attached CA certificate.

In commit 67b1b00a, there was a fix to allow a server to be missing a requested nonce, as they are supposed to be optional. There have been several other improvements to the OCSP code in the last few months. (Note, it has been tested against connections to the thawte.com and google.com webserver using SSL.)

I have fixed this with commit fe4f104. It'll be rolled into the next embedded SSL release.

Just to clarify, does it work if you leave out both --disable-aesni and --enable-aesni? AES-NI support is disabled by default.

Most projects don't use them directly. We try to wrap optional code with preprocessor switches to make the build smaller for resource constrained embedded systems.