wolfssl icon indicating copy to clipboard operation
wolfssl copied to clipboard
verified publisher icon wolfSSL

Cannot Load Falcon or Sphincs certificates with example server

Open NomanNasirMinhas opened this issue 2 years ago • 3 comments

Version

5.6.6

Description

I have built wolfssl with liboqs on WSL Ubuntu. I generated Sphincs, Falcon, and Dilithium certificates by using oqs-ossl3. The dilithum certificates are working fine with wolfssl but Falcon and Sphincs ones are failing with wolfSSL error: can't load ca file, Please run from wolfSSL home dir. cert issue

NomanNasirMinhas avatar Dec 27 '23 10:12 NomanNasirMinhas

Hello @NomanNasirMinhas ,

Thank you for letting us know about your problem. I'm glad at least Dilithium is working.

Please note that we do not support SPHINCS+ in TLS 1.3 as it is simply not practical for online applications.

Falcon should be working, but perhaps there has been some sort of change in recent versions of liboqs. Can you please let me know what version of liboqs you are building against? Just so you know, we build against version 0.8.0 of liboqs.

Warm regards, Anthony

anhu avatar Dec 27 '23 16:12 anhu

I think the mentioned issue with the Falcon certificates is related to the updates OIDs of Falcon in the current OQS code. With the updated OIDs (see #7109) I can load Falcon certificates generated by current OpenSSL with the OQS Provider.

Frauschi avatar Jan 04 '24 15:01 Frauschi

Hi @NomanNasirMinhas ,

Please let us know if the fixes in https://github.com/wolfSSL/wolfssl/pull/7109 resolve this issue.

Thanks, David Garske, wolfSSL

dgarske avatar Jan 18 '24 01:01 dgarske