You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → wolfSSL → How to make .a file (wolfssl-3.12.0)
Hi Dear,
I wanted to know, how to make .a lib for wolfssl only. I tried as per my knowledge but, getting .la file.
Please guide me how do i generate .a file use it in my own project (linux based).
Regards,
Sanjay
By default, our configure script only compiles a shared library, to enable compilation of a static library, use the "--enable-static" option:
$ cd wolfssl-x.x.x
$ ./configure --enable-static
$ makeBest Regards,
Chris
By default, our configure script only compiles a shared library, to enable compilation of a static library, use the "--enable-static" option:
$ cd wolfssl-x.x.x $ ./configure --enable-static $ makeBest Regards,
Chris
Hi Chris,
Thanks, it works now. Going forward, while i'm using "wolfSSL_CTX_set_cipher_list(ctx, DHE-RSA-AES256-SHA256)" API then getting error: "DHE-RSA-AES256-SHA256" is undefined.
Also, wolfSSL_CTX_load_verify_locations(ctx, "client.pem", 0) producing "Error loading .pem file".
The whole idea is to, integrate the wolfssl library at the place of openssl. currently, our used openssl library is taking 4 seconds time to encrypted handshake with server and we have to resolved it. so, we are referring wolfssl library. The Handshake, send data & receive data must be encrypted with TLS 1.2
Kindly help us how to resolve the above error and integrate the wolfssl for our project.
Regards,
Sanjay
Hi Sanjay,
Going forward, while i'm using "wolfSSL_CTX_set_cipher_list(ctx, DHE-RSA-AES256-SHA256)" API then getting error: "DHE-RSA-AES256-SHA256" is undefined.
The wolfSSL example client can be used with the "-e" option to view what cipher suites have been enabled for the given build configuration. For example:
$ cd wolfssl-x.x.x
$ ./configure <options>
$ make
$ ./examples/client/client -e
DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305-OLDDo you see "DHE-RSA-AES256-SHA256" in that list?
Also, wolfSSL_CTX_load_verify_locations(ctx, "client.pem", 0) producing "Error loading .pem file".
Can you verify that "client.pem" exists in your immediate directory? It could also be that "client.pem" includes algorithms or key sizes that wolfSSL has not been compiled to support. Are you able to share "client.pem"? If not, can you look and see what algorithms and key sizes are used by that certificate?
Thanks,
Chris
Hi Sanjay,
Going forward, while i'm using "wolfSSL_CTX_set_cipher_list(ctx, DHE-RSA-AES256-SHA256)" API then getting error: "DHE-RSA-AES256-SHA256" is undefined.
The wolfSSL example client can be used with the "-e" option to view what cipher suites have been enabled for the given build configuration. For example:
$ cd wolfssl-x.x.x $ ./configure <options> $ make $ ./examples/client/client -e DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305-OLDDo you see "DHE-RSA-AES256-SHA256" in that list?
Also, wolfSSL_CTX_load_verify_locations(ctx, "client.pem", 0) producing "Error loading .pem file".
Can you verify that "client.pem" exists in your immediate directory? It could also be that "client.pem" includes algorithms or key sizes that wolfSSL has not been compiled to support. Are you able to share "client.pem"? If not, can you look and see what algorithms and key sizes are used by that certificate?
Thanks,
Chris
Hi Chris,
Yes, the client.pem file exists in the same directory. I'm attaching the same for your reference. Please help me for this.
Regards,
Sanjay
[Edited by chrisc to remove attachment]
chrisc wrote:Hi Sanjay,
Going forward, while i'm using "wolfSSL_CTX_set_cipher_list(ctx, DHE-RSA-AES256-SHA256)" API then getting error: "DHE-RSA-AES256-SHA256" is undefined.
The wolfSSL example client can be used with the "-e" option to view what cipher suites have been enabled for the given build configuration. For example:
$ cd wolfssl-x.x.x $ ./configure <options> $ make $ ./examples/client/client -e DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-POLY1305-OLDDo you see "DHE-RSA-AES256-SHA256" in that list?
Also, wolfSSL_CTX_load_verify_locations(ctx, "client.pem", 0) producing "Error loading .pem file".
Can you verify that "client.pem" exists in your immediate directory? It could also be that "client.pem" includes algorithms or key sizes that wolfSSL has not been compiled to support. Are you able to share "client.pem"? If not, can you look and see what algorithms and key sizes are used by that certificate?
Thanks,
ChrisHi Chris,
Yes, the client.pem file exists in the same directory. I'm attaching the same for your reference. Please help me for this.
And i can see the "DHE-RSA-AES256-SHA256" in list after using the ./examples/client/client -e
And the attached client.pem is working with OpenSSL library. Please help me.
Regards,
Sanjay
Hi Sanjay,
Thanks for sending your certificate over. I noticed that "client.pem" included an encrypted RSA private key. As I wasn't sure if this was a test cert/key pair, I removed your attachment from this post for security reasons but did have a chance to look at the file.
A few notes:
1. client.pem includes three items - a CA certificate, a peer certificate, and an RSA private key
2. You should only load the CA certificate with wolfSSL_CTX_load_verify_locations()
3. The client's certificate (if doing mutual authentication) would be loaded with wolfSSL_CTX_use_certificate_file()
4. The client's private key would be loaded with wolfSSL_CTX_use_PrivateKey_file(), but you first would need to register a password callback using wolfSSL_CTX_set_default_passwd_cb(). The password callback will be called during key decryption, allowing your callback to provide the password.
Regarding "DHE-RSA-AES256-SHA256", can you let me know the exact steps you are taking to compile the wolfSSL library and run the example client that results in you getting the ""DHE-RSA-AES256-SHA256" is undefined" error?
Thanks,
Chris
Hi Sanjay,
Thanks for sending your certificate over. I noticed that "client.pem" included an encrypted RSA private key. As I wasn't sure if this was a test cert/key pair, I removed your attachment from this post for security reasons but did have a chance to look at the file.
A few notes:
1. client.pem includes three items - a CA certificate, a peer certificate, and an RSA private key
2. You should only load the CA certificate with wolfSSL_CTX_load_verify_locations()
3. The client's certificate (if doing mutual authentication) would be loaded with wolfSSL_CTX_use_certificate_file()
4. The client's private key would be loaded with wolfSSL_CTX_use_PrivateKey_file(), but you first would need to register a password callback using wolfSSL_CTX_set_default_passwd_cb(). The password callback will be called during key decryption, allowing your callback to provide the password.
Regarding "DHE-RSA-AES256-SHA256", can you let me know the exact steps you are taking to compile the wolfSSL library and run the example client that results in you getting the ""DHE-RSA-AES256-SHA256" is undefined" error?
Thanks,
Chris
Hi Chris,
RSA & Loading .pem file is working now but, getting -313 error while handshake. Whereas, with other getway it's handshaking. I'm attaching all files like below for your reference. Kindly help me the steps to make it final. i would be really thankful to you. With this certificate file project is already running with Openssl library. but, i don't know why wolfssl is not connecting.
1. client_test.c -> test source code
2. output.txt -> Result / output with debug
3. Symantec_C3_G3.pem -> certificate file
Is it possible to do handshake without using any certificate file?
Please help me to complete this project as i have dead line for this now. Please please.
Regards,
Sanjay
Hi Sanjay,
In client_test.c, you are disabling certificate validation when you call:
wolfSSL_CTX_set_verify(ctx,SSL_VERIFY_NONE ,0);If you remove this line, your client will try to validate the server's certificate, using the root CA cert you have loaded with wolfSSL_CTX_load_verify_locations(). It looks like you have the incorrect CA certificate loaded (at least looking at the server certificate chain from my end. When I look at your server's certificate chain, I see:
Certificate chain
0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=demo.valuepaymentsystems.com
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA RootThis means that in order to correctly validate the server, you would need to load the root most CA certificate with wolfSSL_CTX_load_verify_locations(). This would be "AddTrust External CA Root". I have attached this certificate here for you to test.
When I run your test application using the attached certificate, my connection succeeds. Can you capture a Wireshark trace of your connection and send me the .pcap file for analysis?
Thanks,
Chris
Thanks Chris this also helped to me.
Best regards
Hi Sanjay,
In client_test.c, you are disabling certificate validation when you call:
wolfSSL_CTX_set_verify(ctx,SSL_VERIFY_NONE ,0);If you remove this line, your client will try to validate the server's certificate, using the root CA cert you have loaded with wolfSSL_CTX_load_verify_locations(). It looks like you have the incorrect CA certificate loaded (at least looking at the server certificate chain from my end. When I look at your server's certificate chain, I see:
Certificate chain 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=demo.valuepaymentsystems.com i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root 3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA RootThis means that in order to correctly validate the server, you would need to load the root most CA certificate with wolfSSL_CTX_load_verify_locations(). This would be "AddTrust External CA Root".
I have attached this certificate here for you to test.When I run your test application using the attached certificate, my connection succeeds. Can you capture a Wireshark trace of your connection and send me the .pcap file for analysis?
Thanks,
Chris
Hi Chris,
I didn't get any certificate attached here. I'm attaching wireshark log. Kindly suggest.
FYI... with Openssl, we no need any certificate to connect with given host.
Regards,
Sanjay
chrisc wrote:Hi Sanjay,
In client_test.c, you are disabling certificate validation when you call:
wolfSSL_CTX_set_verify(ctx,SSL_VERIFY_NONE ,0);If you remove this line, your client will try to validate the server's certificate, using the root CA cert you have loaded with wolfSSL_CTX_load_verify_locations(). It looks like you have the incorrect CA certificate loaded (at least looking at the server certificate chain from my end. When I look at your server's certificate chain, I see:
Certificate chain 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=demo.valuepaymentsystems.com i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root 3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA RootThis means that in order to correctly validate the server, you would need to load the root most CA certificate with wolfSSL_CTX_load_verify_locations(). This would be "AddTrust External CA Root".
I have attached this certificate here for you to test.When I run your test application using the attached certificate, my connection succeeds. Can you capture a Wireshark trace of your connection and send me the .pcap file for analysis?
Thanks,
ChrisHi Chris,
I didn't get any certificate attached here. I'm attaching wireshark log. Kindly suggest.
FYI... with Openssl, we no need any certificate to connect with given host.
Regards,
Sanjay
Also, kindly suggest the file which is being used in examples/client/client.c file for below API:
wolfSSL_CTX_use_certificate_chain_file()
wolfSSL_CTX_use_PrivateKey_file()
wolfSSL_CTX_load_verify_locations()
Hi Sanjay,
The wolfSSL example client (./examples/client/client.c) uses the following files by default for those functions:
wolfSSL_CTX_use_certificate_chain_file() - ./certs/client-cert.pem
wolfSSL_CTX_use_PrivateKey_file() - ./certs/client-key.pem
wolfSSL_CTX_load_verify_locations() - ./certs/ca-cert.pem
Best Regards,
Chris
Hi Sanjay,
The wolfSSL example client (./examples/client/client.c) uses the following files by default for those functions:
wolfSSL_CTX_use_certificate_chain_file() - ./certs/client-cert.pem
wolfSSL_CTX_use_PrivateKey_file() - ./certs/client-key.pem
wolfSSL_CTX_load_verify_locations() - ./certs/ca-cert.pemBest Regards,
Chris
Hi Chris,
I used the above but, not working. sending you the source code, compilation command & debug output.
Whereas, wolfssl examples/client/client.c is connecting perfectly with -h IP -p Port -d command with same ./configure <options>
Please advice.
Regards,
Sanjay
chrisc wrote:Hi Sanjay,
The wolfSSL example client (./examples/client/client.c) uses the following files by default for those functions:
wolfSSL_CTX_use_certificate_chain_file() - ./certs/client-cert.pem
wolfSSL_CTX_use_PrivateKey_file() - ./certs/client-key.pem
wolfSSL_CTX_load_verify_locations() - ./certs/ca-cert.pemBest Regards,
ChrisHi Chris,
I used the above but, not working. sending you the source code, compilation command & debug output.
Whereas, wolfssl examples/client/client.c is connecting perfectly with -h IP -p Port -d command with same ./configure <options>
I also tested with wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE,0);
Please advice.Regards,
Sanjay
sanjay.sk.singh wrote:chrisc wrote:Hi Sanjay,
The wolfSSL example client (./examples/client/client.c) uses the following files by default for those functions:
wolfSSL_CTX_use_certificate_chain_file() - ./certs/client-cert.pem
wolfSSL_CTX_use_PrivateKey_file() - ./certs/client-key.pem
wolfSSL_CTX_load_verify_locations() - ./certs/ca-cert.pemBest Regards,
ChrisHi Chris,
I used the above but, not working. sending you the source code, compilation command & debug output.
Whereas, wolfssl examples/client/client.c is connecting perfectly with -h IP -p Port -d command with same ./configure <options>
I also tested with wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE,0);
Please advice.Regards,
Sanjay
Hi Chris,
Please help me.
Regards,
Sanjay
sanjay.sk.singh wrote:sanjay.sk.singh wrote:Hi Chris,
I used the above but, not working. sending you the source code, compilation command & debug output.
Whereas, wolfssl examples/client/client.c is connecting perfectly with -h IP -p Port -d command with same ./configure <options>
I also tested with wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE,0);
Please advice.Regards,
SanjayHi Chris,
Please help me.
Regards,
Sanjay
Hi Chris,
I got the demo certificate from getway vendor (attached) for IP: 66.83.75.170 & port 443. Would you please help to integrate with wolfssl library with my code... I would be really very thankful to you.
Please guide me boss.
Regards,
Sanjay Singh
wolfSSL - Embedded SSL Library → wolfSSL → How to make .a file (wolfssl-3.12.0)
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.026 seconds (92% PHP - 8% DB) with 10 queries