[Ovmsdev] Time for release 3.2.016?

Michael Balzer dexter at expeedo.de
Mon Feb 22 02:28:23 HKT 2021 

Steve,

I finally found some time to test the mongoose-wolfssl branch. Three 
issues so far…


The first isn't related to the Mongoose wolfSSL change, just stumbled 
upon it because I did some "before" tests. So this currently applies to 
the wolfSSH/SSL update in "master" as well:

Each ssh connect on my test module leaks 88 bytes of RAM in the NetMan task:

D (158332) ssh: SSH command request: stat
OVMS# mo me
Free 8-bit 72088/268932, 32-bit 6672/11028, SPIRAM 3988500/4194252
--Task--     Total DRAM D/IRAM   IRAM SPIRAM   +/- DRAM D/IRAM IRAM SPIRAM
OVMS NetMan           0    964      0     84         +0    +88 +0     +0

The same leak is in the wolfSSL version.


Second is, the Mongoose/wolfSSL version doesn't validate CA certs the 
mbedTLS version has no issues with:

I (340220) ovms-server-v2: Connection is ovms.dexters-web.de:6870 TEST1
E (340670) ovms-server-v2: mg_connect(ovms.dexters-web.de:6870) failed: 
Invalid SSL CA cert
E (340670) ovms-server-v2: Status: Error: Connection failed


Third, and probably the most disappointing one: the Mongoose/wolfSSL 
version uses more memory, not less. After booting, the module has ~3.5K 
less of 8 bit RAM available than with the mbedTLS version.

mbedTLS:

OVMS# mo me
Free 8-bit 73196/268928, 32-bit 6672/11028, SPIRAM 3988540/4194252

wolfSSL:

OVMS# mo me
Free 8-bit 69676/266084, 32-bit 6672/11028, SPIRAM 3988540/4194252


Is it possible there still are other components using mbedTLS?

Regards,
Michael


Am 18.02.21 um 08:56 schrieb Stephen Casner:
> Well, it turns out that Mongoose also has an OpenSSL library
> abstraction layer as an alternative to MBEDTLS, and wolfSSL has an
> OpenSSL compatibility layer.  I have verified that we can plug the two
> together without bloodshed.  I've made a mongoose-wolfssl branch with
> this change implemented, but I have not tested it thoroughly.  I can
> run server v2 and make connections to it through the app and the
> server -- that uses SSL now, right?
>
> I have also not done anything to reduce or remove MBEDTLS yet.  I
> don't know if there are other dependencies.
>
> Please check it out.
>
>                                                          -- Steve

-- 
Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
Fon 02333 / 833 5735 * Handy 0176 / 206 989 26


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20210221/426aa798/attachment.sig>

More information about the OvmsDev mailing list