You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by moises.guimaraes
Pages 1
Hi situara.whistler,
As you can see in our manual, wolfSSL does NOT support multiple 'virtual' servers, therefore, we only support one certificate or certificate chain at a time.
There is one function that might help you: TLSX_SNI_GetFromBuffer();
It parses a ClientHello and extracts the SNI inside of it. This way it would be possible to forward the connection to a specific WOLFSSL_CTX containing the desired certificate.
Hi jesussotofan,
I got the following results:
>>> from wolfcrypt import ciphers
>>> vector = "1234567890abcdef"
>>> clave = "1234567890abcdef1234567890abcdef"
>>> texto = "hola mundo"
>>>
>>> aes = ciphers.Aes(clave, ciphers.MODE_CBC, vector)
>>>
>>> aes.encrypt(texto)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python2.7/dist-packages/wolfcrypt/ciphers.py", line 109, in encrypt
"string must be a multiple of %d in length" % self.block_size)
ValueError: string must be a multiple of 16 in length
>>>
>>> ciphertext = aes.encrypt(texto+"FFFFFF")
>>> ciphertext
"\xd1\x1e\xe16(\x93'\xd9\n\xf4s\x96M\xd6gQ"
>>> aes.decrypt(ciphertext)
'hola mundoFFFFFF'
>>>
The function _set_key(ciphers._ENCRYPTION) should not be called by end users. This is a private function. After creating the Aes object, you should call encrypt() or decrypt() and remember that the param to be encrypted or decrypted must be multiple of 16 in length.
Happy Hacking o/
Hi jesussotofan,
I'm testing it right now on my raspberry pi. I'll let you know the results soon.
[ ]'s
Hi earlenceferns,
It appears that mozilla.org does not supports the OCSP nonce extension, you can remove it at client.c by replacing:
wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR_OCSP,
WOLFSSL_CSR_OCSP_USE_NONCE)
with:
wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR_OCSP,
0)
There was also a bug in the certificate lookup, a fix is in progress for that one. You can track it here:
Hi,
Indeed, we don't have API functions to retrieve that information. This functionality is not supported.
The way you did it, by dumping the desired data inside DecodeSingleResponse() is one of the paths I'd suggest you to follow.
[ ]'s
Moisés
Hi Sungyun,
How I can build the srp feature in master version ?
First, you'll need to call ./autogen.sh when using our source code directly from github, it will generate the configure and makefile files for you.
Do you have SRP client / server sample code ?
Our implementation of SRP only computes the values, it doesn't handles communication. Each protocol or software that uses SRP have it's own way to exchange the SRP values over the network.
In order to better answer your other questions, could you explain to me how are you trying to use SRP? You should also notice that our implementation of SRP is a part of wolfCrypt and hasn't been integrated to our SSL/TLS implementation (wolfSSL) yet.
Best regards,
Moisés
You're right desowin,
Currently we don't do any fragmentation on handshake messages, so we must fix that prior to get full Maximum Fragment Length support. The fix is in our roadmap, but I don't have a release date for it yet.
Hello Luca,
Thanks for the request, I'll add not just SNI, but all the TLS extensions on my task list.
I let you know when we have some update on the planning.
Moisés
Hi Daniel,
I pushed the fix to our embedded SSL github HEAD. Thanks for the catch.
Best regards,
Moisés
Hi Chris,
I've found two other strange things:
Section 6.2 Timeout Callback:
"These extensions can call be called with either..." (I'm not sure if this is right or wrong due to my limited english skills)
Section 10.3.2 DES and 3DES:
3des decryption function is mistyped.
[]'s
Moisés
ok Chris, thanks 
Hi there,
I was trying to test wolfSSL with valgrind. But all the tests fail when I'm using --enable-valgrind. The same does NOT happen when valgrind is disabled.
Maybe this is not a problem, as the valgrind warnings say that it is unstable on mac OS 10.8. Could someone test it in another platform to check if it is OK?
The 'make test' output is attached.
[]'s
Moisés Guimarães
Hi guys, I've found this in the wolfSSL documentation section 2.4.3:
USE_CERT_BUFFERS_1024 enables 1024-bit test certificate...
USE_CERT_BUFFERS_2048 enables 1024-bit test certificate...
Shouldn't it be 2048-bit in the second one?
[]'s
Moisés Guimarães
Pages 1
wolfSSL - Embedded SSL Library → Posts by moises.guimaraes
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.017 seconds (95% PHP - 5% DB) with 5 queries