Files
wolfssl/examples
Juliusz Sosinowicz 061311d6ca zd/21661: harden X.509 chain validation, session ticket identity binding, and peer cert restore
- x509_str: require CA:TRUE unconditionally in wolfSSL_X509_verify_cert;
  verify leaf signature even when verify_cb overrides INVALID_CA
- x509_str: align WOLFSSL_X509_V_ERR_INVALID_CA with OpenSSL value (79)
  so OPENSSL_COEXIST builds compile; bump WC_OSSL_V509_V_ERR_MAX to 80
  and extend error_test() missing-value table for the new gaps
- asn: reject embedded NUL in dNSName / rfc822Name / URI SAN entries
- internal: re-verify restored ticket peer cert against trust store with
  CRL/OCSP checks; clear stale state from session cache on verification
  failure
- ticket: bind SNI and ALPN into session ticket via compile-time selected
  hash (TICKET_BINDING_HASH_TYPE); reject resumption on mismatch in both
  TLS 1.3 and TLS 1.2 paths
- ticket: defer SNI/ALPN binding check until after extensions are parsed
  by consolidating into VerifyTicketBinding(), called once after
  ALPN_Select in DoTls13ClientHello and DoClientHello; the early
  per-call sites ran before extensions were parsed and rejected valid
  resumptions in nginx, haproxy, grpc, and CPython integration tests
- ssl_sess: free previous session in wolfSSL_d2i_SSL_SESSION before
  overwrite
- examples/client: increase SESSION_TICKET_LEN fallback from 256 to 2048
  to support larger tickets
- tests: update SAN NUL fixtures and add parse-time rejection coverage;
  add test_tls13_ticket_peer_cert_reverify for CA-removal scenario; skip
  it under WOLFSSL_NO_DEF_TICKET_ENC_CB
2026-05-06 16:45:58 +02:00
..
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-03-11 10:21:16 +01:00

wolfSSL examples directory

client and server

These directories contain a client (client.c) and server (server.c) that utilize a variety of the wolfSSL library's capabilities. The manner in which both programs operate can depend on the configure or can be specified at run-time depending on the end goal. Both applications contain testing as well as benchmarking code.

Compile

./configure
make

Usage

./examples/server/server

./examples/client/client

Run ./examples/server/server -h and ./examples/client/client -h for usage details.

For simpler wolfSSL TLS server/client examples, visit https://github.com/wolfSSL/wolfssl-examples/tree/master/tls

echoclient and echoserver

These directories contain a client (echoclient.c) and server (echoserver.c) that establish a connection encrypted by wolfSSL. Like the names indicate, once the connection has been established any messages entered into echoclient are sent to and displayed on the echoserver and are then echoed back to echoclient. The nature of the encryption, as well as additional behavior of the two programs, depends on how wolfSSL was configured ( DTLS enabled/disabled, Filesystem enabled/disabled, etc ... ).

Compile

./configure
make

Usage

./examples/echoserver/echoserver

./examples/echoclient/echoclient

benchmark

The benchmark directory offers an application that can help you grasp just how well wolfSSL's TLS functionality is performing on your local machine.

Compile

./configure
make

Usage

./examples/benchmark/tls_bench

The tls_bench executable can also be compiled separately with gcc -lwolfssl -lpthread -o tls_bench tls_bench.c.

Run ./examples/benchmark/tls_bench -? for usage details.

sctp

This directory contains servers and clients that demonstrate wolfSSL's DTLS-SCTP support.

Compile

./configure --enable-sctp
make

Usage

./examples/sctp/sctp-server

./examples/sctp/sctp-client

and

./examples/sctp/sctp-server-dtls

./examples/sctp/sctp-client-dtls

configs

This directory contains example wolfSSL configuration file templates for use when autoconf is not available, such as building with a custom IDE.

See configs/README.md for more details.

asn1

This directory contains an example that prints the ASN.1 data of a BER/DER or PEM encoded file. Configure wolfSSL with --enable-asn-print.

pem

This directory contains an example of converting to/from PEM and DER. Configure wolfSSL with --enable-coding