Hi rahul.c,

Check out our certificate generation with altnames example here: https://github.com/wolfSSL/wolfssl-exam … altnames.c
The IP address used is on line 196 (127.0.0.1 in the example): https://github.com/wolfSSL/wolfssl-exam … mes.c#L196
You can find more info on it here: https://github.com/wolfSSL/wolfssl-exam … er/certgen

Thanks,
Kareem

27

(11 replies, posted in wolfSSL (formerly CyaSSL))

Hello rahmanikivi724,

Your platform does have a hardware RNG, you can see the details here: https://www.st.com/en/microcontrollers- … 446re.html
So you should undefine NO_STM32_RNG so we use our STM32 hardware RNG support, which will include a wc_GenerateSeed implementation.  You should also undefine WOLFSSL_GENSEED_FORTEST.

Thanks,
Kareem

28

(16 replies, posted in wolfSSL (formerly CyaSSL))

Hi Alex2021,

"Client attempting to connect with different version" means the client and server's TLS versions are not matching.  What TLS version is your client using?
If for example your client is using TLS 1.0, you will need to define WOLFSSL_ALLOW_TLSV10.  If your client is using TLS 1.2, it may help to undefine WOLFSSL_TLS13.

Thanks,
Kareem

29

(11 replies, posted in wolfSSL (formerly CyaSSL))

You should have stm32f4xx_hal.h, it needs to be generated by STM32CubeIde.  You may be running into a path issue, make sure your include paths include stm32f4xx_hal.h.
You need to add your platform to the user_settings.h template, see our documentation: https://github.com/wolfSSL/wolfssl/tree … /STM32Cube and user_settings.h template under "#warning Please define a hardware platform!".  You should define NO_STM32_HASH/CRYPTO if applicable for your platform.  You do not need WOLFSSL_STM32F427_RNG defined.
Also see our video here: https://www.youtube.com/watch?v=pUd2HEfBp3w
For debugging, you need to build with DEBUG_WOLFSSL and you need to call wolfSSL_Debugging_ON() before any other code.

30

(11 replies, posted in wolfSSL (formerly CyaSSL))

Happy to help.

You need to define WOLFSSL_NO_SOCK as well, also make sure you are including options.h and settings.h before any other wolfSSL headers.  I would recommend you to use our STM32 user_settings.h template, found here: https://github.com/wolfSSL/wolfssl/blob … gs_stm32.h
Yes, you would need to modify this include to use your platform's header instead, most likely "stm32f446xx.h".  You can find this include in wolfssl/wolfcrypt/settings.h around line 1266.  However I would first try running wolfSSL_Init() and confirm that doesn't fix the issue.
You are using the correct data structure WC_RNG in your code.  After initializing the RNG with wc_InitRng, call wc_RNG_GenerateBlock or wc_RNG_GenerateByte to generate random data.

31

(11 replies, posted in wolfSSL (formerly CyaSSL))

Hi rahmanikivi724,

A couple of things to try.
First, you should always call wolfSSL_Init() before any other wolfSSL functions.
Second, try defining WOLFSSL_STM32F427_RNG to use our STM32F4xx codepath for your RNG.

If this doesn't help, please enable debugging by building with DEBUG_WOLFSSL and running wolfSSL_Debugging_ON() before your code, and attach debug logs.  The return code of wc_InitRng would also be helpful.

Thanks,
Kareem

Hello rahmanikivi724,

I would definitely recommend using our GCC-ARM example as you found, since it is set up for ARM platforms like yours.
Try defining NO_WOLFSSL_DIR to skip using DIR/dirent.h, and let me know if it helps.  You will want to include it in your CFLAGS, prefixed by -D.

Thanks,
Kareem

33

(1 replies, posted in wolfSSL (formerly CyaSSL))

Hi stillwater,

We do not currently support custom handshake extensions.  I can enter a feature request for you, but there's no guarantee of when it will be implemented.
Alternatively, you can contact us at facts@wolfssl.com to discuss code consulting for this feature.

Thanks,
Kareem

34

(3 replies, posted in wolfSSL (formerly CyaSSL))

Hello Mohannad,

Can you post your full configure line including LDFLAGS?  Does adding libgmp/pbc LDflags like this help?  LDFLAGS="-lpbc -lgmp ./configure ..."

Thanks,
Kareem

35

(1 replies, posted in wolfMQTT)

Hi rlev,

Yes, when using the MqttClient_Subscribe API to subscribe, you can pass as many topics as you'd like in the array MqttSubscribe->topics as long as you set topic_count correctly.
Here are a couple of examples that subscribe to a single topic, to expand them you'd just iterate over each topic and set their parameters accordingly:
https://github.com/wolfSSL/wolfMQTT/blo … ent.c#L383
https://github.com/wolfSSL/wolfMQTT/blo … ple.c#L399

Thanks,
Kareem

36

(3 replies, posted in wolfSSH)

Hi rr9mvp,

Unfortunately no, our SCP implementation is part of wolfSSH just like our SFTP, and they're all on the same platforms which does not currently include FreeRTOS without a POSIX API.

Thanks,
Kareem

37

(3 replies, posted in wolfSSH)

Hi rr9mvp,

While we have not ported wolfSSH/SFTP to FreeRTOS without POSIX, we have ported wolfSSH/SFTP to various platforms which you can find here:
https://github.com/wolfSSL/wolfssh/blob … ssh/port.h
https://github.com/wolfSSL/wolfssh/blob … src/port.c

If you are interested in having us help you port to your platform, please contact us at facts@wolfssl.com

Thanks,
Kareem

38

(2 replies, posted in wolfSSL (formerly CyaSSL))

Hi rlev,

You should be able to silence these warnings using:

-Wno-packed-not-aligned

I will look into getting these warnings fixed.

Thanks,
Kareem

39

(2 replies, posted in cURL)

Hello Gary,

Do you see this issue with curl for all sites, or just microsoft.com?
Can you try the WOLFSSL_ALLOW_NO_CN_IN_SAN flag?
If that doesn't help, please generate a debug log by rebuilding with WOLFSSL_DEBUG defined and attach it here.  Please also include your curl command line or code.

For wolfSSL's client, try using -A to pass in your CA cert, not -a.

Thanks,
Kareem

40

(1 replies, posted in wolfSSL (formerly CyaSSL))

Hello Andreas,

If you are using mutual auth you could set up OCSP stapling in both directions, you will need to configure your OCSP responder for this.  wolfSSL will parse and verify OCSP responses, but it won't create the response itself.

Thanks,
Kareem

Hi Noufal,

See here for examples and documentation on building wolfSSL with Yocto: https://github.com/wolfSSL/meta-wolfssl

Thanks,
Kareem

42

(4 replies, posted in wolfSSL (formerly CyaSSL))

I was able to reproduce your issue here.  It seems this server is not sending a correct record header, the record header has no version number so it is invalid.  Please confirm the server is set up correctly.

Thanks,
Kareem

Hello ENOTTY,

I was able to reproduce your issue on that commit.  Looks like we've just checked in a fix here:
https://github.com/wolfSSL/wolfssl/comm … 8a742dde57
I retested with this commit applied and everything is building for me now.  Let me know if it works for you.

Thanks,
Kareem

44

(4 replies, posted in wolfSSL (formerly CyaSSL))

Hello yuliang136,

When you are receiving an error, what url are you passing to the -h option?

Thanks,
Kareem

Hello,

Before pursuing this approach, we do have various options which will reduce our code size.  Can you share your user_settings.h (or ./configure line), what platform you're on, what cipher suites/algorithms you need and what code size you need?

Feel free to email us at support@wolfssl.com for private support if any of this info is confidential.

Thanks,
Kareem