Intel has been kind enough to show us how to use WolfSSL on the Galileo board, but only in a client mode. Turns out that, there are some issues that will be encountered when running a WolfSSL server on the Galileo with the EthernetServer mode.
I’ve had to learn this the hard way.
Date
The EthernetServer will fail to load the server certificate as the internal clock is stuck in the past. Therefore, we need to set the system date of the Galileo board to the present. Since there is no NTP client built into the Galileo 2 board, we are forced to use rdate instead.
So, telnet into the Galileo board and run the following command:
$ rdate tick.greyware.com
I suppose that the best way to do this is to incorporate a system() command into the setup() code of the Arduino sketch to automatically synchronise the date.
ECC Support
WolfSSL has removed static key based cipher-suites since 3.6.6. Therefore, it needs to be configured to support say, ECDHE based cipher-suites. Unfortunately, this is not automatically enabled during library configuration unless you’re using x86_64, which the Galileo board isn’t.
Therefore, the solution is to configure the library with the –enable-ecc option enabled.
$ ./configure --prefix=$HOME/wolfssl/ --target=i586-poky-linux-uclibc --host=i586-poky-linux-uclibc --enable-ecc
Otherwise, we will face the inability to communicate with the Galileo board when debugging using OpenSSL with the Galileo board complaining that there are no matching cipher suites right after receiving a Client Hello. The Galileo board then teminates the handshake without sending a Server Hello.
Technical Intercourse 