wolfssl | wolfSSL library is a small , fast , portable implementation | TLS library

There are some C projects with structs full of ifdefs (for ex. WolfSSL https://github.com/wolfSSL/wolfssl/blob/bb70fee1ecff8945af8179f48e90d78ea7007c66/wolfssl/internal.h#L2792)

I have a website being served from a custom webserver, and it loads and works fine when loaded from a laptop/desktop browser, but loads inconsistently on mobile browsers. (In my case I tested specifically Samsung Internet and Chrome on Android)

(The exact behaviour is: load the web page, refresh, and then after a couple of refreshes it will sometimes not be able to load a background image, or any resource on the page at all - but only on mobile browsers)

In case this was just some cached data issue, I've cleared all browser data, restarted my phone, asked friends to try on their devices etc, but I've only been able to reproduce this on mobile devices.

My web server is written using liburing, nginx as a reverse proxy, though I doubt that would be the issue

I read Can Anyone Explain These Long Network Stalled Times? and it ocurred to me that an issue could be me using multiple different HTTP requests to get resources (I've not implemented Connection: Keep-Alive), but I also get this issue on WiFi, and I get the issue even when loading a single asset (such as a background image)

Additional possibly relevant info:

• I was initially having a similar issue on desktop as well, and I fixed it by using shutdown() before calling close() on the HTTP requests
• I'm using the following response headers:
  • Keep-Alive: timeout=0, max=0
  • Connection: close
  • Cache-Control: no-cache
• I'm using the following socket options:
  • SO_REUSEADDR (mainly for debug convenience)
  • SO_REUSEPORT (sockets in multiple threads bind to and listen on the same port)
  • SO_KEEPALIVE, TCP_KEEPIDLE, TCP_KEEPINTVL and TCP_KEEPCNT (to kill off inactive clients)
• Oddly enough though I think this disappears for a while after restarting my phone
• I have tried not using nginx, instead using WolfSSL for TLS, and I get the same issue

I am inclined to think that this could be an issue with what headers I'm setting in responses (or possibly some HTTPS specific detail I'm missing?), but I'm not sure And here's the actual site if anyone wants to verify the issue https://servertest.erewhon.xyz/

I am using an Ubuntu 20.04 machine along with the CLion IDE 2020.3.2 and I want to create an app using WolfSSL which would need the TLS1.3 implementation of it.

Using CLion, I cloned the official repository https://github.com/wolfSSL/wolfssl.git. CLion automatically built the project and I was able to run all the \wolfssl\examples perfectly. Thus, the resumption session does not work. I run both Server/Client with these arguments: client/server -v 4 -r And I am getting this output from the client side: didn't reuse session id!!! which I can verify from Wireshark that there was no resumption made but just another handshake.

At another build I did, where instead of cmake ( which is the default of CLion ) I used make I manged to run properly the resumption but for that I had to add in the configuration before the build this command: ./configure --enable-all which "Enables all wolfSSL features, excluding SSL v3".

What is the equivalent command of --enable-all I should use in my Cmake configuration ? Or what should I do so I can achieve properly the resumption?

I tried -DWOLFSSL_ALL -DENABLE_ALL and others but did not managed to do it. I tried including many of them separately to find which is the one that enables the resumption but nothing yet.

My server running on PC uses LibreSSL My client running on board uses wolfSSL Will handshake be success?

The cookie exchange initiated by HelloVerifyRequest described in section 4.2.1 of RFC 6347 is essential to DoS-protection in DTLS. Unless I'm overlooking something, the WolfSSL documentation does not really describe how to enable this cookie exchange with its DTLS implementation.

The closest I can find is the function wolfSSL_send_hrr_cookie, about which the manual states:

This function is called on the server side to indicate that a HelloRetryRequest message must contain a Cookie. The Cookie holds a hash of the current transcript so that another server process can handle the ClientHello in reply. The secret is used when generting the integrity check on the Cookie data.

As far as I understand, the HelloRetryRequest (compare HelloVerifyRequest) is TLS 1.3 terminology. DTLS 1.3 is not finalized. How does one enable and control the DTLS 1.0/1.2 cookie exchange in WolfSSL?

I need to use libcurl with https in my project, so I've built zlib, openssl and libcurl (with mingw32-make mingw32-ssl-zlib) successfully. But after I copied include libcurl.a libcurldll.a libcurl.dll to my project folder, sent a GET request to https://www.google.com it failed with error Unsupported protocol

My OPENSSL_PATH and ZLIB_PATH in my lib/Makefile.m32 src/Makefile.m32 are:
ZLIB_PATH = ../../zlib-1.2.8
OPENSSL_PATH = /c/OpenSSL

and the build log:

I'm trying to parse PKCS7 certificate using WolfSSL but its returning ERROR_CODE: -140 (ASN_PARSE_E) But i was able to parse the same certificate using OpenSSL.

I have Base64 encoded PKCS7 file which am decoding to receive a DER format PKCS7 cert. This DER format PKCS7 is what I'm trying to parse using wolfssl ,but the code returns -140 (ASN_PARSE_E).

I have built and install code to my directory /usr/local/lib:

ls /usr/local/lib:

I have a library which uses templates very much to avoid rewriting the same code many times . But as known this leads to horrible compile times and in visual studio also leads to heavy and slow intellisense which makes coding on a computer with 4 GB of ram very noisy .

However most classes are designed so that they only can be instantiated with particular types and templates are there to avoid rewriting for each type , this made me move most of the implementations to .cpp files and use explicit template instantiation there .

For example I have :