Topic: swupdate PKCS7_verify failing with Musl
Hello wolfSSL community,
I am evaluating the use of wolfSSL (5.3.0) as an alternative to OpenSSL and was looking at a patch for swupdate that allows wolfSSL to fit. I have tested this patch with glibc and it works. However, switching to musl seems to allow the certificate loading when swupdate starts works but later on when the actual update is triggered failure strikes when verifying the signature. This is making use of the PKCS7 functionality to handle CMS.
With wolfSSL 5.3.0 it seems under the opinion that there is "No certificate in buffer" at least from the comment in the source.
wolfSSL error occurred, error = 162 line:9308 file:../git/src/x509.c
[ERROR] : SWUPDATE failed  ERROR : Signature verification failed
[ERROR] : SWUPDATE failed  ERROR : Compatible SW not found
These are the patches I'm using incase something is wrong with that implementation that doesn't show up on glibc.
- swupdate Patch 0/2 https://groups.google.com/g/swupdate/c/VYbam7AvMgE
- swupdate Patch 1/2 https://groups.google.com/g/swupdate/c/Q5Vie_hU190
- swupdate Patch 2/2 https://groups.google.com/g/swupdate/c/WFrWg_w1ows