Michael,
I finally found some time to test the mongoose-wolfssl branch.
Thanks,
The first isn't related to the Mongoose wolfSSL change, just stumbled upon it because I did some "before" tests. So this currently applies to the wolfSSH/SSL update in "master" as well:
Each ssh connect on my test module leaks 88 bytes of RAM in the NetMan task:
D (158332) ssh: SSH command request: stat OVMS# mo me Free 8-bit 72088/268932, 32-bit 6672/11028, SPIRAM 3988500/4194252 --Task-- Total DRAM D/IRAM IRAM SPIRAM +/- DRAM D/IRAM IRAM SPIRAM OVMS NetMan 0 964 0 84 +0 +88 +0 +0
The same leak is in the wolfSSL version.
I recall something like this from when I first implemented SSH. This may be the socket structure that LWIP creates. It keeps a pool of 10 of them, if I remember right, and doesn't reuse them until all 10 have been created.
Second is, the Mongoose/wolfSSL version doesn't validate CA certs the mbedTLS version has no issues with:
I (340220) ovms-server-v2: Connection is ovms.dexters-web.de:6870 TEST1 E (340670) ovms-server-v2: mg_connect(ovms.dexters-web.de:6870) failed: Invalid SSL CA cert E (340670) ovms-server-v2: Status: Error: Connection failed
When I implemented the SSH features I trimmed down the set of algorithms in wolfcrypt to those that were useful for our application. The only one that I found I needed to bring back was PSK as detected because of an undefined symbol in the link. It's possible that now some more need to be brought back. I'm sure there's more to learn by diagnosis that I might need to do by compiling in some more logging. What would I need to do to repeat this test?
Third, and probably the most disappointing one: the Mongoose/wolfSSL version uses more memory, not less. After booting, the module has ~3.5K less of 8 bit RAM available than with the mbedTLS version.
mbedTLS:
OVMS# mo me Free 8-bit 73196/268928, 32-bit 6672/11028, SPIRAM 3988540/4194252
wolfSSL:
OVMS# mo me Free 8-bit 69676/266084, 32-bit 6672/11028, SPIRAM 3988540/4194252
Is it possible there still are other components using mbedTLS?
I saw in the configuration that libsodium uses mbedTLS. As I mentioned, I did not do anything at this point to trim the mbedTLS configuration. -- Steve