ustream-ssl does not currently work with client apps. They fail to connect immediately. uclient-fetch, for example, just show a 'Connection failed' message. This was due to a change in the SSL session struct.
While making small changes to my first attempt, I realized my testing was not completely flawed. Because of that, I failed to realize that while the struct change happened in in v3.13.2, but the API to change it at the SSL struct was only created in v4.1.0. Keeping some of the calls using CyaSSL, but then having to add new calls, only available as wolfSSL would become messy. So, I started by cleaning up the code, removing old CyaSSL remnants. After fixing that, uclient-fetch failed to run unless --no-check-certificate is used, which is not ideal. So I added the calls to perform CN validation. r Note that even wolfssl has a X509_check_host function, which could be used for openssl and wolfssl, they are not 100% compatible, and its definition is not really consistent from version to version. X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS is not defined, and even though wolfSSL_X509_check_host apparently only exists to implement the openssl function, they are not both enabled by --enable-opensslextra. The wolfSSL function is, but the openssl isn't. So I'm using the wolfssl call. As for testing, I run-tested each commit with wolfssl versions 3.10.4, 3.12.2, 3.15.3, and 4.1.0. Since the fist commit does not fix client-mode, I tested it using the example client/server apps (using a client built with a different version). Version 3.15.3 did not work with the server app, so I checked the current HEAD, and it does not work either, so it is not somehting I introduced. It works after the next fix is applied. Everything works as expected from the next commit on. Eneas -- Eneas U de Queiroz (3): Remove CyaSSL, WolfSSL < 3.10.4 support ustream-io-cyassl.c: fix client-mode connections wolfssl: enable CN validation CMakeLists.txt | 25 +++++++---- ustream-internal.h | 3 -- ustream-io-cyassl.c => ustream-io-wolfssl.c | 47 +++++---------------- ustream-openssl.c | 14 +++--- ustream-openssl.h | 4 ++ ustream-ssl.c | 3 ++ 6 files changed, 43 insertions(+), 53 deletions(-) rename ustream-io-cyassl.c => ustream-io-wolfssl.c (62%) _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel