[OpenWrt-Devel] [PATCH ustream-ssl v2 0/3] wolfssl updates
Eneas U de Queiroz
cotequeiroz at gmail.com
Wed Sep 18 22:18:00 EDT 2019
ustream-ssl does not currently work with client apps. They fail to
connect immediately. uclient-fetch, for example, just show a
'Connection failed' message. This was due to a change in the SSL
While making small changes to my first attempt, I realized my testing
was not completely flawed.
Because of that, I failed to realize that while the struct change
happened in in v3.13.2, but the API to change it at the SSL struct was
only created in v4.1.0.
Keeping some of the calls using CyaSSL, but then having to add new
calls, only available as wolfSSL would become messy. So, I started
by cleaning up the code, removing old CyaSSL remnants.
After fixing that, uclient-fetch failed to run unless
--no-check-certificate is used, which is not ideal. So I added the
calls to perform CN validation. r
Note that even wolfssl has a X509_check_host function, which could
be used for openssl and wolfssl, they are not 100% compatible, and its
definition is not really consistent from version to version.
X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS is not defined, and even though
wolfSSL_X509_check_host apparently only exists to implement the openssl
function, they are not both enabled by --enable-opensslextra.
The wolfSSL function is, but the openssl isn't. So I'm using the
As for testing, I run-tested each commit with wolfssl versions 3.10.4,
3.12.2, 3.15.3, and 4.1.0. Since the fist commit does not fix
client-mode, I tested it using the example client/server apps (using a
client built with a different version). Version 3.15.3 did not work
with the server app, so I checked the current HEAD, and it does not work
either, so it is not somehting I introduced. It works after the next
fix is applied.
Everything works as expected from the next commit on.
Eneas U de Queiroz (3):
Remove CyaSSL, WolfSSL < 3.10.4 support
ustream-io-cyassl.c: fix client-mode connections
wolfssl: enable CN validation
CMakeLists.txt | 25 +++++++----
ustream-internal.h | 3 --
ustream-io-cyassl.c => ustream-io-wolfssl.c | 47 +++++----------------
ustream-openssl.c | 14 +++---
ustream-openssl.h | 4 ++
ustream-ssl.c | 3 ++
6 files changed, 43 insertions(+), 53 deletions(-)
rename ustream-io-cyassl.c => ustream-io-wolfssl.c (62%)
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
More information about the openwrt-devel