[Privoxy-devel] WolfSSL support ready for testing

Roland Rosenfeld roland at spinnaker.de
Sun Mar 31 16:42:24 CEST 2024 

Hi Fabian!

> In the meantime I'd be interested to know how WolfSSL
> works on other platforms.

Expecting that I only have to switch from --with-mbedtls to
--with-wolfssl and install libwolfssl-dev (which is 5.5.4 on my
system), I just tried this out on my Debian (stable) system.

This doesn't seem to work as expected, since I got some errors in
wolfssl.c:
- In line 69 "RNG" is unknown (maybe this requires renaming to
  "WC_RNG"?)
- In line 739 "Md5" is unknown  (maybe this requires renaming to
  "wc_Md5"?)
- The Debian WolfSSL package is not compiled with
  --enable-renegotiation-indication, so the check on
  HAVE_RENEGOTIATION_INDICATION in line 1187 fails.
- In line 1204 the compilation fails because WOLFSSL_X509_V_OK does
  not exist, maybe this has to be changed to X509_V_OK?

With the above 3 modifications the package builds on my system with
the following two warnings:

wolfssl.c: In function ‘create_server_ssl_connection’:
wolfssl.c:1187:2: warning: #warning Looks like wolfssl has been compiled without HAVE_RENEGOTIATION_INDICATION [-Wcpp]
 1187 | #warning Looks like wolfssl has been compiled without HAVE_RENEGOTIATION_INDICATION
      |  ^~~~~~~
wolfssl.c: In function ‘generate_host_certificate’:
wolfssl.c:1866:4: warning: ‘__builtin_strncpy’ specified bound 64 equals destination size [-Wstringop-truncation]
 1866 |    strncpy(certificate.subject.commonName, csp->http->host, CTC_NAME_SIZE);
      |    ^


I did a first (short) test with this build and it seems to work as
expected, but in contrast to 3.0.34 with mbedtls I now see many log
entries like
 Error: Failed to shutdown server connection on socket 148 after 2
 attempts. ret: 0, error: 0, ok
(the socket number varies, everything else seems to happen on nearly
every request).


Just a first draft with wolfssl (without
--enable-renegotiation-indication).

Greetings
Roland
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.privoxy.org/pipermail/privoxy-devel/attachments/20240331/c645f724/attachment.bin>

More information about the Privoxy-devel mailing list