You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by avlec
Pages 1
Out of curiosity what was the set of config options that was determined, I am trying to do something similar
Hey Kareem,
Would there be anyway to refresh the time without having to restart the application (swupdate)?
Thanks Kareem,
That all seems to make sense!
Thanks for the quick reply Kareem,
I am using Yocto to build for my device and was having trouble getting it to build 5.6.0. There was an error about a missing build-time command colrm, then there appears to be some more complex problem where it generates a header file in a different directory which it then of course cannot see (options.h.in).
Anyways, I was able to try with version 5.5.4 and saw the following error
wolfSSL error occurred, error = 150 line:14287 file:../git/wolfcrypt/src/asn.c
wolfSSL error occurred, error = 162 line:10343 file:../git/src/x509.c
wolfSSL error occurred, error = 188 line:22181 file:../git/wolfcrypt/src/asn.c
[ERROR] : SWUPDATE failed [0] ERROR : Signature verification failed
[ERROR] : SWUPDATE failed [0] ERROR : Compatible SW not found
The first error indicated that the system time was before the certificates which is correct. So I fixed that and then tried updating again and it just had a repeat of the last error. What's weird is when I updated the system time then restarted swupdate it works without a hitch. Similarly if I set the date to something current earlier in the init cycle than swupdate it works.
We have an application come in a bit after swupdate starts up that manages the time, so I guess with glibc that works for some reason where with musl it doesnt?
Hello wolfSSL community,
I am evaluating the use of wolfSSL (5.3.0) as an alternative to OpenSSL and was looking at a patch for swupdate that allows wolfSSL to fit. I have tested this patch with glibc and it works. However, switching to musl seems to allow the certificate loading when swupdate starts works but later on when the actual update is triggered failure strikes when verifying the signature. This is making use of the PKCS7 functionality to handle CMS.
With wolfSSL 5.3.0 it seems under the opinion that there is "No certificate in buffer" at least from the comment in the source.
wolfSSL error occurred, error = 162 line:9308 file:../git/src/x509.c
[ERROR] : SWUPDATE failed [0] ERROR : Signature verification failed
[ERROR] : SWUPDATE failed [0] ERROR : Compatible SW not found
These are the patches I'm using incase something is wrong with that implementation that doesn't show up on glibc.
- swupdate Patch 0/2 https://groups.google.com/g/swupdate/c/VYbam7AvMgE
- swupdate Patch 1/2 https://groups.google.com/g/swupdate/c/Q5Vie_hU190
- swupdate Patch 2/2 https://groups.google.com/g/swupdate/c/WFrWg_w1ows
Pages 1
wolfSSL - Embedded SSL Library → Posts by avlec
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.015 seconds (95% PHP - 5% DB) with 4 queries