RECENT SUPPORT NEWS

So, what’s new with the wolfSSL support team? Take a look below to check out the most recent news.
Or sign up to receive weekly email notifications containing the latest news from wolfSSL.

Configuring the wolfSSH Lightweight SSH Library

wolfSSL provides many different embedded libraries and products, one of which is the wolfSSH Lightweight SSH library. wolfSSH is a lightweight SSHv2 server library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set. It also includes many different example applications, such as an example client, echoclient, server, echoserver, and a port forwarding example.

To configure the library when downloading it from GitHub (https://github.com/wolfSSL/wolfssh), the first step required is to run the autogen.sh script from within the root directory of wolfSSH. This script sets up the library for use with autotools. Once the autogen.sh script has been run, the library can be configured as desired and then built. If downloaded from the wolfSSL website (https://www.wolfssl.com/download/)  use of autogen.sh is not required. The configure script can take many features, some of which are outlined below:

--enable-debug Add debug code - this turns off optimizations

(default: disabled)

--enable-keygen Enable key generation

(default: disabled)

--enable-scp Enable scp support

(default: disabled)

--enable-sftp Enable SFTP support

(default: disabled)

--enable-fwd Enable TCP/IP forwarding support

(default: disabled)

All of the wolfSSH configure options can be viewed by running the configure script with the "-h" option. These configure options may also be prefixed with "--disable" as well, to disable features that are enabled by default.

The wolfSSH library can be downloaded by either cloning the wolfSSH GitHub repository (https://github.com/wolfssl/wolfssh.git), or by viewing the wolfSSL download page. For more information about using wolfSSH, please contact facts@wolfssl.com.

wolfSSL 24×7 support

wolfSSL provides support on four levels, one of which is the 24x7 support level. This support level includes many key features not available on the others, such as an unlimited number of support incidents, around-the-clock support from dedicated members of the wolfSSL support team, and remains in effect for an entire year.

wolfSSL provides three other levels of paid support, which also include some of the same features provided by 24x7 support. More details on the wolfSSL support packages and levels can be viewed here: https://www.wolfssl.com/products/support-packages-options/

wolfSSL also provides support for the latest version of the TLS protocol, TLS 1.3! Read more about wolfSSL's implementation and the protocol itself here: https://www.wolfssl.com/docs/tls13/

For more information, please contact facts@wolfssl.com.

Certificate Signing Request (CSR) generation with wolfSSL

Over the past year we have had multiple inquiries regarding Certificate Signing Request (CSR) generation from users looking to programatically generate a CSR using wolfSSL. To better assist our users with this feature we have setup a ready-made example in our GitHub examples repository and we are adding a section about CSR functionality to the wolfSSL manual. The example mentioned can be found using the link below:
https://github.com/wolfSSL/wolfssl-examples/blob/master/certgen/csr_example.c

The new manual section will be in chapter 7: Section 7.9 “Certificate Signing Request (CSR) Generation” and is located on our website here: https://www.wolfssl.com/docs/wolfssl-manual/ch7/

Some notes on CSR’s and wolfSSL:

To configure wolfSSL for CSR generation please add these options:
./configure --enable-certreq --enable-certgen

wolfSSL can generate a CSR for a requesting party which is then be sent to a Certificate Authority for use in issuing a certificate for that party.

wolfSSL can either generate a certificate from scratch with all mandatory fields set or it can generate a CSR from scratch with optional fields excluded.

 

Limitation:

As some items are deemed “optional” in a CSR that are otherwise “mandatory” in a certificate, wolfSSL’s parsing engine does not yet support consuming a CSR for use in generating a certificate. The wolfSSL parsing engine strictly checks all features required in a certificate and considers them to be mandatory. Passing in a CSR that does not contain these features results in an error from the parsing engine at this time. wolfSSL does not yet have a timeline for adding the additional parsing rules to allow CSR consumption but if this is a feature you would like to see added please send the wolfSSL team a note at support@wolfssl.com so an upvote can be added on your behalf to that feature enhancement! Unique users requesting a specific feature escalates the priority of that feature so let the wolfSSL team know!

If you have any questions concerning CSR generation, feedback on the example provided, or anything else for that matter, please contact us anytime at support@wolfssl.com! Our support staff are ready, wiling, and eager to help our end users in any way they can!

How do I manage the build configuration of wolfSSL?

The MOST common support issue we see is a mis-configuration between APP and Library. If you compile the wolfSSL library independant of your application using you MUST include the same configure options in the application as were used in the library.

If building with “./configure” the build system will generate the file <wolf-root>/wolfssl/options.h with all the settings needed for your application. Simply add the lines:

#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h>
/* other wolf headers below */

If building the wolfSSL sources directly the options.h will not contain any generated configuration. In that case our recommended option is to define the preprocessor macro “WOLFSSL_USER_SETTINGS” in your project and create your own “user_settings.h” file. Make sure the file is somewhere in your include path. You can use the same include pattern above, but exclude the options.h.

Here are some example “user_settings.h” you can use for reference:

  • Windows: /IDE/WIN/user_settings.h
  • GCC ARM: /IDE/GCC-ARM/Header/user_settings.h
  • NXP ARM: /IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h
  • Xcode: /IDE/XCODE/user_settings.h

More information on managing the build configuration of wolfSSL can be found in Chapter 2 of the wolfSSL User Manual. For other questions that may not have been answered by this post, please check out our Frequently Asked Questions (FAQ) page or contact us.

Weekly updates

Archives

Latest Tweets