Add SM Cipher certificate test header: certs_test_sm.h #6825
Conversation
|
retest this please |
|
retest this please Jenkins |
|
fails test for special characters found |
JacobBarthelmeh
assigned
gojimmypi and unassigned
JacobBarthelmeh,
gojimmypi and
wolfSSL-Bot
cleaned |
JacobBarthelmeh
left a comment
JacobBarthelmeh
left a comment
There was a problem hiding this comment.
I like the addition of certs_test_sm.h but thinking on it more, should it go into the wolfsm repository and get added to wolfssl with the wolfsm/install.sh script?
wolfssl/certs_test_sm.h
Outdated
| @@ -0,0 +1,8400 @@ | |||
| /* certs_test_sm.h */ | |||
| /* This file was generated using: ./gencertbuf_sm.pl */ | |||
There was a problem hiding this comment.
was gencertbuf_sm.pl supposed to be in this PR?
There was a problem hiding this comment.
Yes, see #6681 although the correct name is gencert_sm.sh and needs to be cleaned up.
There was a problem hiding this comment.
I've revised the original PR to instead use the existing gencertbuf.pl to generate both files.
@JacobBarthelmeh : yes, good catch. I agree the certs should be copied with SM install instead. I'll be creating a new PR over there in |
|
@JacobBarthelmeh would you like me to also move the certs/sm2 files to wolfSSL/wolfsm as well & include in the respective install.sh? cc: @SparkiDev |
|
I'm planning to instead update existing |
gojimmypi
force-pushed
the
cert-test-sm
branch
from
80990ff to
76c8929
Compare
|
Jenkins retest this please. For Cannot contact wolf-linux-cloud-node-[n]: java.lang.InterruptedException |
gojimmypi
requested review from
wolfSSL-Bot
and removed request for
bandi13
gojimmypi
force-pushed
the
cert-test-sm
branch
from
76c8929 to
ee4fb9c
Compare
gojimmypi
force-pushed
the
cert-test-sm
branch
from
62b7026 to
8678d6f
Compare
|
Jenkins retest this please. For org.jenkinsci.plugins.workflow.support.steps.AgentOfflineException: Unable to create live FilePath for wolf-linux-cloud-node-[n]; wolf-linux-cloud-node-[n] was marked offline |
|
Heads up the current SM2 certs expire in a couple of months: November 11. I can put up a separate PR to refresh them sooner. See scripts in |
gojimmypi
force-pushed
the
cert-test-sm
branch
from
8678d6f to
ae76092
Compare
|
The changes in this PR were merged in #9218 |
3 participants
Description
This update adds the
certs_test_sm.hfile: the SM Cipher specific certs in array format, partially addressing #6681.Contents were semi-manually generated using gencertbuf.pl. I still need to create a script to automatically refresh it.
I'm in the process of polishing my Espressif examples that support the SM ciphers and need to have this file available not only here, but also in the ESP Registry. See also #6708
edit: Here's an example of how this file is used in the ESP32
wolfssl_clientTLS example.edit(2): Reminder that the SM cipher code needs to be installed into wolfSSL from wolfsm:
Fixes zd# n/a
Testing
Tested with ESP32 embedded apps only.
edit(3): Reminder for sample commandline testing (See wolfsm testing-tls):
./examples/client/client -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 \ -c ./certs/sm2/client-sm2.pem \ -k ./certs/sm2/client-sm2-priv.pem \ -A ./certs/sm2/root-sm2.pem -C ./examples/server/server -v 3 -l ECDHE-ECDSA-SM4-CBC-SM3 \ -c ./certs/sm2/server-sm2.pem \ -k ./certs/sm2/server-sm2-priv.pem \ -A ./certs/sm2/client-sm2.pem -VExample listening server on ESP32: (the one not working is the ESP32-H2, which has no built-in WiFi)
Checklist