1 (edited by codemaster 2015-09-27 01:33:48)

Topic: [SOLVED] RaspberryPI err = -313

Good morning guys,
just compiled WolfSSL in Raspberry PI and have this error msg while trying to connect to every server i choose.



root@raspberrypi:/Dev/WOLF/wolfssl-3.6-2.8/examples/client# ./client -h  bitmarket.pl  -p 443
err = -313, revcd alert fatal error
wolfSSL error: SSL_connect failed
root@raspberrypi:/Dev/WOLF/wolfssl-3.6-2.8/examples/client# ./client -h  bitmarket.pl  -p 443 -x
err = -313, revcd alert fatal error
wolfSSL error: SSL_connect failed
root@raspberrypi:/Dev/WOLF/wolfssl-3.6-2.8/examples/client# ./client -h bitmarket.pl -p 443 -x -d
err = -313, revcd alert fatal error
wolfSSL error: SSL_connect failed
root@raspberrypi:/Dev/WOLF/wolfssl-3.6-2.8/examples/client# uname -a
Linux raspberrypi 3.18.11+ #781 PREEMPT Tue Apr 21 18:02:18 BST 2015 armv6l GNU/Linux
root@raspberrypi:/Dev/WOLF/wolfssl-3.6-2.8/examples/client#

However, MACOSX works like acharm

MacBook-Pro:client codemaster$ uname -a
Darwin MacBook-Pro.local 14.5.0 Darwin Kernel Version 14.5.0: Wed Jul 29 02:26:53 PDT 2015; root:xnu-2782.40.9~1/RELEASE_X86_64 x86_64
MacBook-Pro:client codemaster$ ./client -h  bitmarket.pl  -p 443
err = -188, ASN no signer error to confirm failure
wolfSSL error: SSL_connect failed
MacBook-Pro:client codemaster$ ./client -h  bitmarket.pl -p 443 -x -d
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Server response: HTTP/1.1 400 Bad Request
Server: cloudflare-nginx
Date: Sun, 27 Sep 2015 08:2


Thank you for any input into this, i just moved out from OpenSSL Crap and WolfSSL is really making a diff if working.

Share

Re: [SOLVED] RaspberryPI err = -313

Hi,

Are you using the same version of wolfSSL on both Pi and OSX?  wolfSSL "3.6-2.8" doesn't sound like one of our versions.

What options were used to compile wolfSSL on the Pi?

Thanks,
Chris

3 (edited by codemaster 2015-09-28 14:01:22)

Re: [SOLVED] RaspberryPI err = -313

Here is the version


RASPBERRY

oot@raspberrypi:/Dev/wolfssl/examples/client# ./client -v
client 3.6.8 NOTE: All files relative to wolfSSL home dir
-?          Help, print this usage
-h <host>   Host to connect to, default 127.0.0.1
-p <num>    Port to connect on, not 0, default 11111
-v <num>    SSL version [0-3], SSLv3(0) - TLS1.2(3)), default 3
-l <str>    Cipher list
-c <file>   Certificate file,           default ./certs/client-cert.pem
-k <file>   Key file,                   default ./certs/client-key.pem
-A <file>   Certificate Authority file, default ./certs/ca-cert.pem
-Z <num>    Minimum DH key bits,        default 1024
-b <num>    Benchmark <num> connections and print stats
-s          Use pre Shared keys
-t          Track wolfSSL memory use
-d          Disable peer checks
-D          Override Date Errors example
-g          Send server HTTP GET
-u          Use UDP DTLS, add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2
-m          Match domain name in cert
-N          Use Non-blocking sockets
-r          Resume session
-w          Wait for bidirectional shutdown
-f          Fewer packets/group messages
-x          Disable client cert/key loading
-X          Driven by eXternal test case
root@raspberrypi:/Dev/wolfssl/examples/client#

MACOS

MacBook-Pro:client codemaster$ ./client -v
client 3.6.8 NOTE: All files relative to wolfSSL home dir
-?          Help, print this usage
-h <host>   Host to connect to, default 127.0.0.1
-p <num>    Port to connect on, not 0, default 11111
-v <num>    SSL version [0-3], SSLv3(0) - TLS1.2(3)), default 3
-l <str>    Cipher list
-c <file>   Certificate file,           default ./certs/client-cert.pem
-k <file>   Key file,                   default ./certs/client-key.pem
-A <file>   Certificate Authority file, default ./certs/ca-cert.pem
-Z <num>    Minimum DH key bits,        default 1024
-b <num>    Benchmark <num> connections and print stats
-s          Use pre Shared keys
-t          Track wolfSSL memory use
-d          Disable peer checks
-D          Override Date Errors example
-g          Send server HTTP GET
-u          Use UDP DTLS, add -v 2 for DTLSv1 (default), -v 3 for DTLSv1.2
-m          Match domain name in cert
-N          Use Non-blocking sockets
-r          Resume session
-w          Wait for bidirectional shutdown
-f          Fewer packets/group messages
-x          Disable client cert/key loading
-X          Driven by eXternal test case

Gitclonned and configured with:

./configure --enable-static --disable-shared




Outputs:

root@raspberrypi:/Dev/wolfssl/examples/client# ./client -h bitmarket.pl -p 443 -d -x
err = -313, revcd alert fatal error
wolfSSL error: SSL_connect failed

MacBook-Pro:client codemaster$ ./client -h bitmarket.pl -p 443 -d -x
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Server response: HTTP/1.1 400 Bad Request
Server: cloudflare-nginx
Date: Mon, 28 Sep 2015 20:5

Let me know what else is needed..

Share

Re: [SOLVED] RaspberryPI err = -313

Thanks for the extra info.

I ran a SSL Server Test on your server:
https://www.ssllabs.com/ssltest/analyze … amp;latest

That server only supports cipher suites with either static RSA or ECDHE.  We recently disabled static key cipher suites unless explicitly enabled.  ECC is disabled by default unless you are compiling wolfSSL on x86_64.  Removing these two things meant that wolfSSL and bitmarket.pl had no common cipher suites.

To resolve this either:

1.  Enable ECC (./configure --enable-ecc)
2.  Enable static key RSA suites (./configure C_EXTRA_FLAGS="-DWOLFSSL_STATIC_RSA"

#1 is preferred, as it will give you ECDHE-RSA suites that provide perfect forward secrecy.

Best Regards,
Chris

Re: [SOLVED] RaspberryPI err = -313

@ChrisC,
thank you very much - that saves me a lot of work, i will have a look in a moment and come back with the results.

Share

Re: [SOLVED] RaspberryPI err = -313

Chris - thanks again!

Worked like a charm


root@raspberrypi:/Dev/wolfssl/examples/client# ./client -h bitmarket.pl -p 443 -d -x
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Server response: HTTP/1.1 400 Bad Request
Server: cloudflare-nginx
Date: Tue, 29 Sep 2015 06:5

Share