RECENT SUPPORT NEWS

So, what’s new with the wolfSSL support team? Take a look below to check out the most recent news.
Or sign up to receive weekly email notifications containing the latest news from wolfSSL.

Certificate Signing Request (CSR) generation with wolfSSL

Over the past year we have had multiple inquiries regarding Certificate Signing Request (CSR) generation from users looking to programatically generate a CSR using wolfSSL. To better assist our users with this feature we have setup a ready-made example in our GitHub examples repository and we are adding a section about CSR functionality to the wolfSSL manual. The example mentioned can be found using the link below:
https://github.com/wolfSSL/wolfssl-examples/blob/master/certgen/csr_example.c

The new manual section will be in chapter 7: Section 7.9 “Certificate Signing Request (CSR) Generation” and is located on our website here: https://www.wolfssl.com/docs/wolfssl-manual/ch7/

Some notes on CSR’s and wolfSSL:

To configure wolfSSL for CSR generation please add these options:
./configure --enable-certreq --enable-certgen

wolfSSL can generate a CSR for a requesting party which is then be sent to a Certificate Authority for use in issuing a certificate for that party.

wolfSSL can either generate a certificate from scratch with all mandatory fields set or it can generate a CSR from scratch with optional fields excluded.

 

Limitation:

As some items are deemed “optional” in a CSR that are otherwise “mandatory” in a certificate, wolfSSL’s parsing engine does not yet support consuming a CSR for use in generating a certificate. The wolfSSL parsing engine strictly checks all features required in a certificate and considers them to be mandatory. Passing in a CSR that does not contain these features results in an error from the parsing engine at this time. wolfSSL does not yet have a timeline for adding the additional parsing rules to allow CSR consumption but if this is a feature you would like to see added please send the wolfSSL team a note at support@wolfssl.com so an upvote can be added on your behalf to that feature enhancement! Unique users requesting a specific feature escalates the priority of that feature so let the wolfSSL team know!

If you have any questions concerning CSR generation, feedback on the example provided, or anything else for that matter, please contact us anytime at support@wolfssl.com! Our support staff are ready, wiling, and eager to help our end users in any way they can!

How do I manage the build configuration of wolfSSL?

The MOST common support issue we see is a mis-configuration between APP and Library. If you compile the wolfSSL library independant of your application using you MUST include the same configure options in the application as were used in the library.

If building with “./configure” the build system will generate the file <wolf-root>/wolfssl/options.h with all the settings needed for your application. Simply add the lines:

#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h>
/* other wolf headers below */

If building the wolfSSL sources directly the options.h will not contain any generated configuration. In that case our recommended option is to define the preprocessor macro “WOLFSSL_USER_SETTINGS” in your project and create your own “user_settings.h” file. Make sure the file is somewhere in your include path. You can use the same include pattern above, but exclude the options.h.

Here are some example “user_settings.h” you can use for reference:

  • Windows: /IDE/WIN/user_settings.h
  • GCC ARM: /IDE/GCC-ARM/Header/user_settings.h
  • NXP ARM: /IDE/ROWLEY-CROSSWORKS-ARM/user_settings.h
  • Xcode: /IDE/XCODE/user_settings.h

More information on managing the build configuration of wolfSSL can be found in Chapter 2 of the wolfSSL User Manual. For other questions that may not have been answered by this post, please check out our Frequently Asked Questions (FAQ) page or contact us.

Weekly updates

Archives

Latest Tweets