[Ovmsdev] TLS CA question
Craig Leres
leres at xse.com
Fri Mar 12 09:46:45 HKT 2021
On 3/10/21 11:23 PM, Stephen Casner wrote:
> Michael and anyone else who's game:
>
> I now have an updated mongoose-wolfssl branch ready to be tested. The
> reason for the 90-second lockup mentioned in the previous post is a
> whole lot of math for a prime-number validation that's part of the
> Diffie-Hellman step. It was actually 87 seconds for Mark's server and
> 28 seconds for Michael's due to differences in certificates. That
> prime-number validation is required for FIPS compliance, which WolfSSL
> supports, but we don't need it. I spent quite a while digging into
> this to find where the process was getting stuck. Finally I got help
> from WolfSSL support suggesting a configuration option that avoids
> this extra check.
>
> So now I have an implementation using mongoose with wolfssl that
> connects successfully to both servers with a 3-4 second delay. (I
> don't recall what the delay was for the MBEDTLS-based implementation.)
> I think the memory usage looks OK. I still have not taken any steps
> to reduce any resources used by the MBEDTLS code as accessed for other
> purposes.
>
> Included in the debugging was another version update on the Wolf code
> to wolfssh 1.4.6 and wolfssl 4.7.0.
I tried building/booting this on my dev module( 3.2.016-66-g93e0cf3e);
but for some time now the for-v3.3 branch has been broken for me. When
the module first boots the web gui works long enough for me to login and
then it times out. From that point on I can't get the web gui or ssh to
respond. It will return pings. The serial console is fine (and that's
how I switch back to build based on master).
I just did a fresh reboot and captured the serial console output and
noticed this:
W (4484) ssh: Couldn't initialize wolfSSL debugging, error -174:
Unknown error code
I think it happened around the time I lost wifi connectivity.
My sdkconfig is close to support/sdkconfig.default.hw31, I have
CONFIG_SPIRAM_CACHE_WORKAROUND turned off along with a lot of vehicles.
Craig
More information about the OvmsDev
mailing list