[Ovmsdev] Time for release 3.2.016?
Michael Balzer
dexter at expeedo.de
Mon Feb 22 02:28:23 HKT 2021
Steve,
I finally found some time to test the mongoose-wolfssl branch. Three
issues so far…
The first isn't related to the Mongoose wolfSSL change, just stumbled
upon it because I did some "before" tests. So this currently applies to
the wolfSSH/SSL update in "master" as well:
Each ssh connect on my test module leaks 88 bytes of RAM in the NetMan task:
D (158332) ssh: SSH command request: stat
OVMS# mo me
Free 8-bit 72088/268932, 32-bit 6672/11028, SPIRAM 3988500/4194252
--Task-- Total DRAM D/IRAM IRAM SPIRAM +/- DRAM D/IRAM IRAM SPIRAM
OVMS NetMan 0 964 0 84 +0 +88 +0 +0
The same leak is in the wolfSSL version.
Second is, the Mongoose/wolfSSL version doesn't validate CA certs the
mbedTLS version has no issues with:
I (340220) ovms-server-v2: Connection is ovms.dexters-web.de:6870 TEST1
E (340670) ovms-server-v2: mg_connect(ovms.dexters-web.de:6870) failed:
Invalid SSL CA cert
E (340670) ovms-server-v2: Status: Error: Connection failed
Third, and probably the most disappointing one: the Mongoose/wolfSSL
version uses more memory, not less. After booting, the module has ~3.5K
less of 8 bit RAM available than with the mbedTLS version.
mbedTLS:
OVMS# mo me
Free 8-bit 73196/268928, 32-bit 6672/11028, SPIRAM 3988540/4194252
wolfSSL:
OVMS# mo me
Free 8-bit 69676/266084, 32-bit 6672/11028, SPIRAM 3988540/4194252
Is it possible there still are other components using mbedTLS?
Regards,
Michael
Am 18.02.21 um 08:56 schrieb Stephen Casner:
> Well, it turns out that Mongoose also has an OpenSSL library
> abstraction layer as an alternative to MBEDTLS, and wolfSSL has an
> OpenSSL compatibility layer. I have verified that we can plug the two
> together without bloodshed. I've made a mongoose-wolfssl branch with
> this change implemented, but I have not tested it thoroughly. I can
> run server v2 and make connections to it through the app and the
> server -- that uses SSL now, right?
>
> I have also not done anything to reduce or remove MBEDTLS yet. I
> don't know if there are other dependencies.
>
> Please check it out.
>
> -- Steve
--
Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal
Fon 02333 / 833 5735 * Handy 0176 / 206 989 26
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openvehicles.com/pipermail/ovmsdev/attachments/20210221/426aa798/attachment.sig>
More information about the OvmsDev
mailing list