[Libwebsockets] working with wolfssl
treyweaver at fastmail.net
Wed May 12 20:23:15 CEST 2021
Thanks for your email!
Here is what I am using for WolfSSL configure:
./configure --host=arm-linux-gnueabihf --build=arm-linux-gnueabihf --enable-opensslextra --enable-libwebsockets --enable-static --enable-debug --enable-examples --enable-harden --enable-hc128
And here are the AM_FLAGS flags after a ./configure:
AM_CFLAGS = -DHAVE_FFDHE_2048 -DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS -DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB -DOPENSSL_ALL -DWOLFSSL_EITHER_SIDE -DWC_RSA_NO_PADDING -DWC_RSA_PSS -D_POSIX_THREADS -g -DDEBUG -DDEBUG_WOLFSSL -fvisibility=hidden -DHAVE_THREAD_LS -pthread -DWOLFSSL_LIBWEBSOCKETS -DOPENSSL_NO_EC -DTFM_TIMING_RESISTANT -DECC_TIMING_RESISTANT -DWC_RSA_BLINDING -DHAVE_AESGCM -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DNO_DSA -DHAVE_ECC -DTFM_ECC256 -DECC_SHAMIR -DNO_RC4 -DHAVE_HC128 -DNO_RABBIT -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH -DHAVE_CHACHA -DHAVE_HASHDRBG -DHAVE_OCSP -DHAVE_OPENSSL_CMD -DHAVE_TLS_EXTENSIONS -DHAVE_SUPPORTED_CURVES -DHAVE_EXTENDED_MASTER -DNO_RC4 -DHAVE_ENCRYPT_THEN_MAC -DNO_PSK -DNO_MD4 -DWOLFSSL_ENCRYPTED_KEYS -DWC_NO_ASYNC_THREADING -DHAVE_DH_DEFAULT_PARAMS -DNO_DES3 -Wall -Wno-unused
As you can see there is not flag for HAVE_EX_DATA.
This is not my expertise so I may be missing something.
So it may be a wolfssl issue!
On Wed, May 12, 2021, at 3:25 AM, Andy Green wrote:
> On 5/10/21 11:01 PM, andy at warmcat.com wrote:
> > On May 10, 2021 7:46:38 PM UTC, Trey Weaver <treyweaver at fastmail.net> wrote:
> >> Andy, your email helped!
> >> For some reason the wolfssl was not building with the openssl api even
> >> though I had the --enable-opensslextra option on. So I got past that
> >> issue.
> > I think you solved that.
> >> I am compiling on the Arm (iMX6 -- Solid Run Module) both the WolfSSL
> >> and libwebsockets. Here are the cmake and configure for both.
> >> WolfSSL
> >> ./configure --enable-opensslextra --enable-static –-enable-debug
> >> --enable-examples --enable-harden --host=arm-linux-gnueabihf
> >> --enable-hc128
> > A couple of years ago we had an FAE from wolfssl discuss supporting it in lws with us, on behalf of his paying customers that wanted to use it in lws, and then provided a patch on lws which I gratefully took. Later I added the CI build against wolfssl to make sure it didn't regress, we now build against openssl3, boringssl and libressl in CI too.
> > For whatever reason, I guess from his perspective it was easier for this to meddle with wolfssl than adapt lws bits, part of the adaptation was he added a --enable-libwebsockets config flag on wolfssl that you also need.
> > I tried the --enable-libwebsockets flag and it did not solve the problem.
> I think you should try it a bit harder, wolfSSL_get_ex_new_index()
> exists in wolfssl
> ...but it is dependent on building wolfssl with HAVE_EX_DATA
> configuration. When you choose --enable-libwebsockets on wolfssl, it
> sets that
> so I think you need to nuke your wolfssl build artifacts, rebuild with
> --enable-libwebsockets, and do the make install if you did it before.
More information about the Libwebsockets