1 Reply by PedroA

(6 replies, posted in wolfSSL)

Hi chrisc,

I added windows styled new-lines because that's how they were in the .pem file. I thought it was a standard and did not try changing to \n.

You were correct about the CA:TRUE basic constraint. GitHub's one is working fine on my computer now and I will test it on the Wii later tonight (I don't think this has anything to do with the crash but I hope it does).

It's a homebrew Twitter client. I don't want to release it without HTTPS support because oAuth credentials would be exposed and I read Twitter will be forcing HTTPS soon anyway.

Thanks a lot,
Pedro

Go to forum: wolfSSL

2 Reply by PedroA

(6 replies, posted in wolfSSL)

chrisc wrote:

You can build only the CyaSSL library (no examples, testsuite, etc.) by running:

make src/libcyassl.la

Exactly what I wanted.

CyaSSL_CTX_load_verify_buffer() returns SSL_BAD_FILE. CyaSSL_Init() does not return SSL_SUCCESS* either which is something I find worse.
*The CyaSSL API reference states CyaSSL_Init() returns SSL_SUCCESS (1) on success which, looking at the code, is wrong. It returns 0 when no error is found. CyaSSL_Init does return 0 on my Wii.
This is exactly what I do:

export ac_cv_func_realloc_0_nonnull=yes
export ac_cv_func_malloc_0_nonnull=yes
//otherwise the compiler throws an error with undefinded reference to rpl_malloc and rpl_realloc when compiling the project, devkitpro's malloc and realloc are standard anyway

./configure --disable-shared CC=/opt/devkitpro/devkitPPC/bin/powerpc-eabi-gcc --host=ppc --without-zlib --enable-singleThreaded --prefix=/opt/devkitpro/portlibs/ppc RANLIB=/opt/devkitpro/devkitPPC/bin/powerpc-eabi-ranlib CFLAGS="-DDEVKITPRO -DGEKKO -DNO_WRITEV -DOPENSSL_EXTRA" LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"
//README + http://code.google.com/p/wmb-asm/source/browse/trunk/libyellhttp/cyasslcompile?r=614

make src/libcyassl.la

I copy the library/headers to the corresponding devkitpro folder and compile my project adding -lcyassl to the makefile (and the CFLAGS="-DDEVKITPRO -DGEKKO -DNO_WRITEV -DOPENSSL_EXTRA" because at least DNO_WRITEV is needed so I added all of them just in case).

I'm trying to load a single CA root certificate from a buffer, the code is as I showed earlier:

const char cert[]= "-----BEGIN CERTIFICATE-----\r\nMIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ\r\nBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh\r\nc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcy\r\nMTowOAYDVQQLEzEoYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp\r\nemVkIHVzZSBvbmx5MR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMB4X\r\nDTk4MDUxODAwMDAwMFoXDTI4MDgwMTIzNTk1OVowgcExCzAJBgNVBAYTAlVTMRcw\r\nFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xhc3MgMyBQdWJsaWMg\r\nUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMTowOAYDVQQLEzEo\r\nYykgMTk5OCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5\r\nMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMIGfMA0GCSqGSIb3DQEB\r\nAQUAA4GNADCBiQKBgQDMXtERXVxp0KvTuWpMmR9ZmDCOFoUgRm1HP9SFIIThbbP4\r\npO0M8RcPO/mn+SXXwc+EY/J8Y8+iR/LGWzOOZEAEaMGAuWQcRXfH2G71lSk8UOg0\r\n13gfqLptQ5GVj0VXXn7F+8qkBOvqlzdUMG+7AUcyM83cV5tkaWH4mx0ciU9cZwID\r\nAQABMA0GCSqGSIb3DQEBBQUAA4GBAFFNzb5cy5gZnBWyATl4Lk0PZ3BwmcYQWpSk\r\nU01UbSuvDV1Ai2TT1+7eVmGSX6bEHRBhNtMsJzzoKQm5EWR0zLVznxxIqbxhAe7i\r\nF6YM40AIOw7n60RzKprxaZLvcRTDOaxxp5EJb+RxBrO6WVcmeQD2+A2iMzAo1KpY\r\noJ2daZH9\r\n-----END CERTIFICATE-----";
// http://www.verisign.com/repository/roots/root-certificates/PCA-3G2.pem
CyaSSL_CTX_load_verify_buffer(tmp->ctx, (const unsigned char *)cert, strlen(cert), SSL_FILETYPE_PEM);

It does not work on my computer either so it's not about it running on the Wii. I don't know what could be wrong. Any ideas?

I'm going to try to identify the exact point of the crash.

Thank you,
Pedro

Go to forum: wolfSSL

3 Reply by PedroA

(6 replies, posted in wolfSSL)

Hello Chris,

I read the README file and ran setting LDFLAGS to what is recommended there as follows:

./configure --disable-shared CC=/opt/devkitpro/devkitPPC/bin/powerpc-eabi-gcc --host=ppc --without-zlib --enable-singleThreaded RANLIB=/opt/devkitpro/devkitPPC/bin/powerpc-eabi-ranlib CFLAGS="-DDEVKITPRO -DGEKKO" CPPFLAGS="-DNO_WRITEV -DOPENSSL_EXTRA" LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"

LDFLAGS="-g -mrvl -mcpu=750 -meabi -mhard-float -Wl,-Map,$(notdir $@).map"

The build fails when trying to compile the client example (which is expected but somehow messy to fix and I wanted to know if there was a more straightforward way of doing this).

As I stated the program (when compiling the source files with the whole project) crashes (it compiles without warnings) when I call ssl = CyaSSL_new(ctx), which I think is something that happens somewhere in InitSSL() (possibly because of an incorrect use of the CyaSSL_CTX_load_verify_buffer();? I'm not sure if the string I'm passing is appropriated nor if the arguments I'm using are the correct ones )

I'm basically doing this:

const char cert[]= "-----BEGIN CERTIFICATE-----\r\nMIIDAjCCAmsCEH3Z/gfPqB63EHln+6eJNMYwDQYJKoZIhvcNAQEFBQAwgcExCzAJ\r\nBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE8MDoGA1UECxMzQ2xh[...]\r\n-----END CERTIFICATE-----";
    tmp->ctx = CyaSSL_CTX_new(CyaSSLv23_client_method()); //ctx is a member of a c++ class, this code is at the function that initializes the class
    CyaSSL_CTX_load_verify_buffer(tmp->ctx, (const unsigned char *)cert, strlen(cert), SSL_FILETYPE_PEM);

    //on the member function which does the actual request
    CYASSL* ssl;
    ssl = CyaSSL_new(this->ctx); //crashes at this point

//I defined these:
#define NO_WRITEV
#define SINGLE_THREADED
#define DEVKITPRO
#define OPENSSL_EXTRA
#define SIZEOF_LONG_LONG 8
#define BIG_ENDIAN_ORDER
#define NO_FILESYSTEM
#define NO_CYASSL_SERVER

#ifndef GEKKO
    #define GEKKO
#endif

Any clues? I'm hoping this is an obvious answer and somebody here can save me plenty of time smile

Thank you!

PS: I'm trying to do HTTPS requests, that's all I need.

Go to forum: wolfSSL

4 Topic by PedroA

(6 replies, posted in wolfSSL)

CyaSSL embedded SSL claims to have Wii support through DevKitPro. Am I supposed to be able to compile it out of the configure script? can somebody give me a hand there? It seems examples do not compile (which is something I understand but taking them off the makefile seems to mess everything and I did not manage to compile the library)

I also tried to compile the source files with my project and it compiles fine but I don't get further than a crash when calling ssl = CyaSSL_new(ctx);

Can I have a look at the code you compiled with devkitpro? if it is still around.

Thank you smile

Edit: I do not have any problem to compile the source files with the project instead of using cyassl as a static/shared library, but which defines should I turn on to have the code work on the Wii? Your Wii code would also help a lot tongue

Go to forum: wolfSSL