Skip to content

Generate Test ECC CA + Cert Leaf File: server-ecc-cert.pem #9231

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
gojimmypi wants to merge 1 commit into from
Closed

Generate Test ECC CA + Cert Leaf File: server-ecc-cert.pem #9231

gojimmypi wants to merge 1 commit into from

Conversation

@gojimmypi
Copy link
Contributor

@gojimmypi gojimmypi commented Sep 22, 2025
edited
Loading

Description

Adds a new ./certs/server-ecc-cert.pem file containing both:

  • Server ECC cert leaf: ./certs/server-ecc.pem
  • ECC CA cert: ./certs/ca-ecc-cert.pem

In particular, adds a new static const unsigned char server_ecc_cert[] to wolfssl/certs_test.h allowing an embedded server to easily have access to leaf + CA.

See also new certs:

Fixes zd# n/a

Testing

How did you test?

Manually tested with my WIP Embedded ESP32 Server and this TLS 1.3 command-line client:

./examples/client/client -h 192.168.1.107 -p 11111 -v 4 -A ./certs/ca-ecc-cert.pem -c ./certs/client-ecc-cert.pem -k ./certs/ecc-client-key.pem
Alternate cert chain used
 issuer : /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/[email protected]
 subject: /C=US/ST=Washington/L=Seattle/O=Elliptic/OU=ECC/CN=www.wolfssl.com/[email protected]
 serial number:03
SSL version is TLSv1.3
SSL cipher suite is TLS13-AES128-GCM-SHA256
SSL signature algorithm is SHA256
SSL curve name is SECP256R1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICojCCAkigAwIBAgIBAzAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzAR
BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dv
bGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlwdGlj
MQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5oxW5eS
IX/wzxjakRECNIboIFgzC4A0idijgYkwgYYwHQYDVR0OBBYEFF1dJu+sfjb5m3YV
K0olAiPvsokwMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD86UhMAwGA1Ud
EwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBEG
CWCGSAGG+EIBAQQEAwIGQDAKBggqhkjOPQQDAgNIADBFAiEAi4Kl0vbKhLqtLd42
6SpN7ksgRrqrTtAQbuswtn7Yr4wCIAZ0QGqpMVT+IJ3GbSvfHapj2vyXUIeSae5j
V7bs4un6
-----END CERTIFICATE-----
Session timeout set to 500 seconds
Client Random : A2C361D0EAE0766E6321B6C609DB0C3EC749EDA316FF75599344A4490665493A
SSL-Session:
    Protocol  : unknown
    Cipher    : NONE
    Session-ID:
    Session-ID-ctx:
    Master-Key: 7707D730DE65861906707C8C14AF1C7E50C6A0093D1199E603C62A121FCF988D00000000000000000000000000000000
    TLS session ticket: NONE
    Start Time: 0
    Timeout   : 0 (sec)
    Extended master secret: no
I hear you fa shizzle!

And TLS 1.2

gojimmypi@raspberrypi:~/workspace/wolfssl $ ./examples/client/client -h 192.168.1.107 -p 11111 -v 3   -A ./certs/ca-ecc-cert.pem  -c ./certs/client-ecc-cert.pem  -k ./certs/ecc-client-key.pem
Alternate cert chain used
 issuer : /C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Development/CN=www.wolfssl.com/[email protected]
 subject: /C=US/ST=Washington/L=Seattle/O=Elliptic/OU=ECC/CN=www.wolfssl.com/[email protected]
 serial number:03
SSL version is TLSv1.2
SSL cipher suite is ECDHE-ECDSA-AES128-GCM-SHA256
SSL signature algorithm is SHA256
SSL curve name is SECP256R1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICojCCAkigAwIBAgIBAzAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzAR
BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dv
bGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNz
bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjQxMjE4
MjEyNTMwWhcNMjcwOTE0MjEyNTMwWjCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgM
Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlwdGlj
MQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG
SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5oxW5eS
IX/wzxjakRECNIboIFgzC4A0idijgYkwgYYwHQYDVR0OBBYEFF1dJu+sfjb5m3YV
K0olAiPvsokwMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD86UhMAwGA1Ud
EwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBEG
CWCGSAGG+EIBAQQEAwIGQDAKBggqhkjOPQQDAgNIADBFAiEAi4Kl0vbKhLqtLd42
6SpN7ksgRrqrTtAQbuswtn7Yr4wCIAZ0QGqpMVT+IJ3GbSvfHapj2vyXUIeSae5j
V7bs4un6
-----END CERTIFICATE-----
Session timeout set to 500 seconds
Client Random : 1F0830B432AEF848A8F1B970D9D7B829F23A88B4191ADA69A4283BA3C7970E59
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    Session-ID: F8F809C15D9EC70A00A4196908A04532ABC68A539653BC07402EEE1D62B73BB9
    Session-ID-ctx:
    Master-Key: B8272A4D0A5A91D3642AA6ABB440DB53E69079285C4B0DB10B6911A5F0F3E93758993727559F6AFD39A1B5CA953C331B
    TLS session ticket: NONE
    Start Time: 1758580907
    Timeout   : 500 (sec)
    Extended master secret: no
I hear you fa shizzle!

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@gojimmypi gojimmypi self-assigned this Sep 22, 2025
@gojimmypi
Copy link
Contributor Author

gojimmypi commented Sep 23, 2025
edited
Loading

Jenkins retest this please

For ERROR: wolfSSL » PRB-140-3-tests # 6526 was deleted Setting overall build result to FAILURE

@gojimmypi gojimmypi mentioned this pull request Sep 24, 2025
Open
4 tasks
@dgarske
Copy link
Contributor

dgarske commented Oct 2, 2025

This PR doesn't make sense. If you need to trust more than one certificate just call wolfSSL_CTX_load_verify_buffer multiple times. If you need to have a chain to send to peer then build the combined certificate in memory. I don't like adding this to everyone's cert_test.h for an edge case.

@dgarske dgarske closed this Oct 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wolfSSL-Bot wolfSSL-Bot Awaiting requested review from wolfSSL-Bot

Assignees

@gojimmypi gojimmypi

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gojimmypi @dgarske @wolfSSL-Bot