Steve, I finally found some time to test the mongoose-wolfssl branch. Three issues so far… The first isn't related to the Mongoose wolfSSL change, just stumbled upon it because I did some "before" tests. So this currently applies to the wolfSSH/SSL update in "master" as well: Each ssh connect on my test module leaks 88 bytes of RAM in the NetMan task: D (158332) ssh: SSH command request: stat OVMS# mo me Free 8-bit 72088/268932, 32-bit 6672/11028, SPIRAM 3988500/4194252 --Task-- Total DRAM D/IRAM IRAM SPIRAM +/- DRAM D/IRAM IRAM SPIRAM OVMS NetMan 0 964 0 84 +0 +88 +0 +0 The same leak is in the wolfSSL version. Second is, the Mongoose/wolfSSL version doesn't validate CA certs the mbedTLS version has no issues with: I (340220) ovms-server-v2: Connection is ovms.dexters-web.de:6870 TEST1 E (340670) ovms-server-v2: mg_connect(ovms.dexters-web.de:6870) failed: Invalid SSL CA cert E (340670) ovms-server-v2: Status: Error: Connection failed Third, and probably the most disappointing one: the Mongoose/wolfSSL version uses more memory, not less. After booting, the module has ~3.5K less of 8 bit RAM available than with the mbedTLS version. mbedTLS: OVMS# mo me Free 8-bit 73196/268928, 32-bit 6672/11028, SPIRAM 3988540/4194252 wolfSSL: OVMS# mo me Free 8-bit 69676/266084, 32-bit 6672/11028, SPIRAM 3988540/4194252 Is it possible there still are other components using mbedTLS? Regards, Michael Am 18.02.21 um 08:56 schrieb Stephen Casner:
Well, it turns out that Mongoose also has an OpenSSL library abstraction layer as an alternative to MBEDTLS, and wolfSSL has an OpenSSL compatibility layer. I have verified that we can plug the two together without bloodshed. I've made a mongoose-wolfssl branch with this change implemented, but I have not tested it thoroughly. I can run server v2 and make connections to it through the app and the server -- that uses SSL now, right?
I have also not done anything to reduce or remove MBEDTLS yet. I don't know if there are other dependencies.
Please check it out.
-- Steve
-- Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal Fon 02333 / 833 5735 * Handy 0176 / 206 989 26