• Registered: 2016-03-09
  • Posts: 2

Topic: Tirtos Example Err 308

Hi Everyone,

First of all, i downloaded WolfSSL-3.8.0 from website and then compile successfully on visual studio 2015.

Server.exe and Client.exe working properly i have uploded ss for this situation.

Then i compile Tirtos example tcpEchoTLS. This example running as server so i need client.exe only.

For now, client.exe says "err = -308" whereas client.exe working normally with server.exe

In addition there is no connection problem. But i havent found any information this error.

Could anybody give me a advise for problem ?

Post's attachments

test.jpg
test.jpg 132.58 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

Share

  • From: Bozeman, MT
  • Registered: 2010-10-20
  • Posts: 650

Re: Tirtos Example Err 308

Hi elektro,

"-308" is a general socket error, which usually means something happened that caused the peer to shut down the connection.  Do you have any debug logs from the server side of the connection?  You can enable wolfSSL debug messages by compiling wolfSSL with DEBUG_WOLFSSL enabled, then calling wolfSSL_Debugging_ON() before any other wolfSSL function calls.

Thanks,
Chris

https://www.wolfssl.com

chrisc's Website

Share

3 Reply by Nimesh (edited by Nimesh 2017-03-31 01:44:36)

  • Registered: 2017-03-30
  • Posts: 19

Re: Tirtos Example Err 308

Hi,

I am getting same problem now.

By debugging echoclient.exe in visual studio 2013, i found the problem occurs at

static int GetInputData(WOLFSSL *ssl, word32 size)
{
    int in;
    int inSz;
    int maxLength;
    int usedLength;
    int dtlsExtra = 0;


    /* check max input length */
    usedLength = ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx;
    maxLength  = ssl->buffers.inputBuffer.bufferSize - usedLength;
    inSz       = (int)(size - usedLength);      /* from last partial read */

#ifdef WOLFSSL_DTLS
    if (ssl->options.dtls) {
        if (size < ssl->dtls_expected_rx)
            dtlsExtra = (int)(ssl->dtls_expected_rx - size);
        inSz = ssl->dtls_expected_rx;
    }
#endif

    if (inSz > maxLength) {
        if (GrowInputBuffer(ssl, size + dtlsExtra, usedLength) < 0)
            return MEMORY_E;
    }

    if (inSz <= 0)
        return BUFFER_ERROR;

    /* Put buffer data at start if not there */
    if (usedLength > 0 && ssl->buffers.inputBuffer.idx != 0)
        XMEMMOVE(ssl->buffers.inputBuffer.buffer,
                ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
                usedLength);

    /* remove processed data */
    ssl->buffers.inputBuffer.idx    = 0;
    ssl->buffers.inputBuffer.length = usedLength;

    /* read data from network */
    do {
        in = Receive(ssl,
                     ssl->buffers.inputBuffer.buffer +
                     ssl->buffers.inputBuffer.length,
                     inSz);
   if (in == -1)
[b]            return SOCKET_ERROR_E;    // Here it return.[/b]

in "ProcessReply(ssl)" in  "SSL_connect(ssl)" Function.

Please suggest me solution for this problem.

Share

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: Tirtos Example Err 308

I would recommend disabling client authentication on the server side. IE on the server you would not want to use the API "wolfSSL_CTX_set_verify"

If you do not call that API then client authentication will be disabled by default.

Do you intend to do client auth?

- Kaleb

Kaleb J. Himes's Website

Share

  • Registered: 2017-03-30
  • Posts: 19

Re: Tirtos Example Err 308

Hi Kaleb,

Thanks For your Reply.

Yes, i have to do client authentication.

If we didn't do client authentication than how can we perform secure communication.

Share

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: Tirtos Example Err 308

Hi Nimesh,

Ok thanks for confirming the need for client authentication.

To correctly do client-auth you need to load the CA that signed the client's certificate on the server side with the API wolfSSL_CTX_load_verify_locations(Take file input) or wolfSSL_CTX_load_verify_buffer(takes buffer input if you don't have a file system) prior to the client connecting to the server. You can see examples of this being done in <wolf-root>/examples/server/server.c when "doCliCertCheck" is set to 1 (by default).


Best Regards,

Kaleb

If the clients certificate is self-signed then you need to load the clients actual certificate with that API on the server prior to the client connecting.

Kaleb J. Himes's Website

Share