Topic: Unable to load a Ca-certifcate with CyaSSL_CTX_load_verify_locations()

I was able to make use of the CyaSSL embedded SSL code to exchange some data between a client and a server application.
All worked very well as long as I used the certificate that came with the sources of CyaSSL.
But I now need make use of our own certificates.
The very first certificate that I want to use is the CA-certificate that we use in many other applications that do not use CyaSSL.
I use the function Cyassl_ctx_load_verify_locations() which itself calls other functions. One of them is the call to isCA().
This routine should set the cert.isCA flag. But when this routine is called with our ca-certificate this flag is nog set.
out certificate look like:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:ed:bc:7a:05:61:56:91:4a:c0:71:39:4c:90:9c:a7
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: DC=corp, DC=rabobank, CN=Rabobank Group Root CA
        Validity
            Not Before: Feb 12 09:36:27 2008 GMT
            Not After : Feb 12 09:43:49 2028 GMT
        Subject: DC=corp, DC=rabobank, CN=Rabobank Group Root CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (4096 bit)
                Modulus (4096 bit):
                    00:e1:e0:b6:6f:d4:a6:34:77:34:16:30:6c:7f:a9:
                    b6:f3:96:78:2e:e1:7d:34:64:3d:ee:48:7e:d9:a3:
                    d8:fd:c1:1a:18:be:5a:82:f3:32:2e:f3:5d:06:31:
                    09:b3:30:55:61:7c:7d:3b:55:d7:41:d2:fc:2f:e4:
                    ba:48:12:27:0e:21:ed:05:6c:cb:4e:85:6a:3a:8d:
                    db:80:92:a0:2b:10:9a:1d:bd:8a:3c:31:32:49:81:
                    a5:56:1c:77:f4:37:26:47:80:bc:91:29:7d:18:76:
                    8b:ab:30:db:16:df:50:7f:22:00:e0:3d:48:a8:7e:
                    e1:7b:3d:7c:3d:c1:9d:4a:32:98:7a:0d:d1:b7:a3:
                    57:c8:ab:44:9d:24:c9:78:5d:79:bf:53:fd:2c:63:
                    8b:f9:70:05:14:19:67:e2:63:b6:5e:70:4c:7e:db:
                    ea:6b:d6:fa:8e:0b:f2:93:79:b8:24:b0:12:ec:94:
                    fe:8e:ae:21:a1:ed:66:86:92:5d:7b:96:21:50:f3:
                    4f:f0:a3:d4:40:a9:bc:4c:91:d8:15:8c:37:8e:30:
                    d5:3d:60:93:4a:cc:cc:2e:0c:fe:d4:36:ab:49:02:
                    f2:46:57:d8:ff:ca:8d:15:c3:5b:5f:32:d5:d5:c7:
                    a6:ff:fc:f9:c9:2b:a8:c4:21:37:bb:79:6d:0d:b5:
                    74:dc:9d:cb:d4:e6:38:fb:8e:0e:c2:34:5a:9b:50:
                    00:5a:d9:71:5e:b8:a0:fc:8b:7d:ee:e2:1f:9e:77:
                    03:9b:ef:57:70:a9:eb:09:93:02:ff:a1:92:88:a1:
                    15:30:71:40:62:46:29:b4:45:35:6e:12:ff:13:55:
                    d4:f0:53:b5:2e:1a:cb:cb:44:d6:96:ad:33:4b:1f:
                    52:a5:64:3e:ea:e1:77:75:f3:31:93:7f:74:17:62:
                    44:8c:33:f1:cd:51:d8:1d:06:4c:94:f5:99:2c:37:
                    d0:fc:ae:3b:42:f9:36:c7:91:9d:40:af:de:8a:47:
                    dd:39:66:4c:3a:c9:68:30:7b:0b:d5:99:e0:e7:bf:
                    12:f0:a0:e3:6b:5f:07:66:42:96:f6:2a:7b:28:6a:
                    7e:b3:45:75:be:02:3f:e6:03:97:3b:e4:b6:b3:e8:
                    13:0a:17:ba:7c:fb:82:af:45:03:66:fc:4c:6a:20:
                    cc:fb:42:d3:99:e9:03:66:92:0f:01:1d:2e:a7:82:
                    52:b4:d5:e8:93:18:7c:77:4f:f2:51:9b:b3:bf:89:
                    51:e3:b9:39:b2:b5:42:d7:cc:13:92:4f:86:b0:c6:
                    c4:c7:79:20:c5:3b:1e:0d:64:47:37:f2:ae:30:24:
                    66:93:2e:29:dc:a5:28:84:7a:41:ed:2a:12:77:8b:
                    99:ea:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage:
            Digital Signature, Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
            CA:TRUE
            X509v3 Subject Key Identifier:
            D2:CC:AA:90:10:5A:D8:D1:94:9A:C2:EC:B7:B9:6C:09:19:4C:83:8B
            1.3.6.1.4.1.311.21.1:
                ...
    Signature Algorithm: sha1WithRSAEncryption
        70:f2:b0:ba:22:d2:13:6e:9a:25:4c:db:b1:2d:73:d2:ba:c3:
        6b:1c:1d:d7:f0:23:2f:72:9e:79:1f:b7:cc:14:12:a2:49:ac:
        6d:24:4f:0f:46:1f:70:46:e9:50:d0:dc:46:24:ad:8e:70:45:
        e3:be:f8:e8:8f:de:0d:35:c4:49:74:c9:d6:3e:96:dc:47:99:
        62:6c:13:f5:f1:17:84:b2:7d:a7:68:63:c3:06:ab:84:9a:2f:
        e2:04:d7:48:8c:3c:ea:4a:64:a8:13:c7:64:91:28:03:68:6b:
        6b:cc:fe:77:95:f3:63:9e:4a:a0:d2:2b:94:ac:97:1d:fc:10:
        cd:d0:6c:dd:ce:c2:79:ec:7d:5a:d3:b3:a0:c0:a1:d0:1b:9f:
        b8:a4:78:0b:b3:1d:8e:3a:c5:20:b8:f3:1a:f1:30:0b:37:e4:
        53:0f:48:22:20:0b:a0:8f:6d:b3:cb:71:6e:11:b9:97:23:dc:
        09:1a:09:63:2b:ca:4e:4c:5d:c9:8b:65:e0:1d:89:5d:dd:75:
        e9:2a:cb:4b:10:3c:8e:02:f3:42:52:5d:c2:7d:83:68:1d:0d:
        68:20:35:3f:46:19:cb:81:fb:a0:69:13:f9:4e:d7:bc:96:e8:
        d6:0f:29:bc:af:fd:ab:23:2a:e7:7f:0f:e8:cc:32:f4:38:22:
        28:ef:1e:6b:b0:f2:07:1e:f7:7d:4d:57:ea:13:0d:8c:1b:3f:
        13:de:13:4f:2c:12:db:c0:3d:96:21:ee:7d:c5:d0:01:79:43:
        34:16:22:aa:12:84:20:83:4b:45:a0:34:bf:fe:31:20:32:7e:
        47:d7:86:28:e4:ad:44:0c:df:cb:1f:bb:aa:b7:6d:18:09:17:
        c8:a8:26:35:88:cc:0f:80:b2:6a:43:e9:cb:f3:5a:e8:59:10:
        05:08:48:57:0b:2d:cc:db:1a:1f:38:e0:8f:47:c2:d6:39:43:
        a2:a8:7a:4d:80:55:ad:aa:d9:71:b2:42:fb:23:a2:00:e9:65:
        2a:9c:49:be:75:60:75:9e:ff:5d:4e:91:d6:f7:97:8f:5b:00:
        1d:a3:11:43:4c:8e:87:51:08:4a:0e:c6:3f:5f:c5:93:68:ea:
        b6:17:16:6c:d8:7b:b2:ad:ee:3a:24:d4:62:4f:0b:b0:df:d2:
        52:1d:e6:c4:93:58:b2:0b:80:af:38:9e:df:21:63:fb:f8:31:
        5d:56:d2:07:66:0d:c2:e9:86:29:16:56:33:f5:ec:ef:f7:4c:
        70:18:de:d2:1f:5b:38:27:3f:c8:1d:01:a7:85:72:dd:34:c6:
        da:f2:77:99:20:eb:16:9d:20:fe:0b:8c:4b:88:41:0d:da:da:
        cf:10:73:b3:71:fc:49:6a
-----BEGIN CERTIFICATE-----
MIIFfTCCA2WgAwIBAgIQd+28egVhVpFKwHE5TJCcpzANBgkqhkiG9w0BAQUFADBR
MRQwEgYKCZImiZPyLGQBGRYEY29ycDEYMBYGCgmSJomT8ixkARkWCHJhYm9iYW5r
MR8wHQYDVQQDExZSYWJvYmFuayBHcm91cCBSb290IENBMB4XDTA4MDIxMjA5MzYy
N1oXDTI4MDIxMjA5NDM0OVowUTEUMBIGCgmSJomT8ixkARkWBGNvcnAxGDAWBgoJ
kiaJk/IsZAEZFghyYWJvYmFuazEfMB0GA1UEAxMWUmFib2JhbmsgR3JvdXAgUm9v
dCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOHgtm/UpjR3NBYw
bH+ptvOWeC7hfTRkPe5Iftmj2P3BGhi+WoLzMi7zXQYxCbMwVWF8fTtV10HS/C/k
ukgSJw4h7QVsy06FajqN24CSoCsQmh29ijwxMkmBpVYcd/Q3JkeAvJEpfRh2i6sw
2xbfUH8iAOA9SKh+4Xs9fD3BnUoymHoN0bejV8irRJ0kyXhdeb9T/Sxji/lwBRQZ
Z+Jjtl5wTH7b6mvW+o4L8pN5uCSwEuyU/o6uIaHtZoaSXXuWIVDzT/Cj1ECpvEyR
2BWMN44w1T1gk0rMzC4M/tQ2q0kC8kZX2P/KjRXDW18y1dXHpv/8+ckrqMQhN7t5
bQ21dNydy9TmOPuODsI0WptQAFrZcV64oPyLfe7iH553A5vvV3Cp6wmTAv+hkoih
FTBxQGJGKbRFNW4S/xNV1PBTtS4ay8tE1patM0sfUqVkPurhd3XzMZN/dBdiRIwz
8c1R2B0GTJT1mSw30PyuO0L5NseRnUCv3opH3TlmTDrJaDB7C9WZ4Oe/EvCg42tf
B2ZClvYqeyhqfrNFdb4CP+YDlzvktrPoEwoXunz7gq9FA2b8TGogzPtC05npA2aS
DwEdLqeCUrTV6JMYfHdP8lGbs7+JUeO5ObK1QtfME5JPhrDGxMd5IMU7Hg1kRzfy
rjAkZpMuKdylKIR6Qe0qEneLmeofAgMBAAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBTSzKqQEFrY0ZSawuy3uWwJGUyDizAQBgkr
BgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQUFAAOCAgEAcPKwuiLSE26aJUzbsS1z
0rrDaxwd1/AjL3KeeR+3zBQSokmsbSRPD0YfcEbpUNDcRiStjnBF47746I/eDTXE
SXTJ1j6W3EeZYmwT9fEXhLJ9p2hjwwarhJov4gTXSIw86kpkqBPHZJEoA2hra8z+
d5XzY55KoNIrlKyXHfwQzdBs3c7Ceex9WtOzoMCh0BufuKR4C7MdjjrFILjzGvEw
CzfkUw9IIiALoI9ts8txbhG5lyPcCRoJYyvKTkxdyYtl4B2JXd116SrLSxA8jgLz
QlJdwn2DaB0NaCA1P0YZy4H7oGkT+U7XvJbo1g8pvK/9qyMq538P6Mwy9DgiKO8e
a7DyBx73fU1X6hMNjBs/E94TTywS28A9liHufcXQAXlDNBYiqhKEIINLRaA0v/4x
IDJ+R9eGKOStRAzfyx+7qrdtGAkXyKgmNYjMD4CyakPpy/Na6FkQBQhIVwstzNsa
Hzjgj0fC1jlDoqh6TYBVrarZcbJC+yOiAOllKpxJvnVgdZ7/XU6R1veXj1sAHaMR
Q0yOh1EISg7GP1/Fk2jqthcWbNh7sq3uOiTUYk8LsN/SUh3mxJNYsguArzie3yFj
+/gxXVbSB2YNwumGKRZWM/Xs7/dMcBje0h9bOCc/yB0Bp4Vy3TTG2vJ3mSDrFp0g
/guMS4hBDdrazxBzs3H8SWo=
-----END CERTIFICATE-----

Share

Re: Unable to load a Ca-certifcate with CyaSSL_CTX_load_verify_locations()

Hi,

Can you try using the most recent CyaSSL sources from GitHub (https://github.com/cyassl/cyassl) and see if your issue is resolved?  We recently made some changes to how CyaSSL processes CA certificates.  Please let me know if you are still having troubles.

Best Regards,
Chris

Re: Unable to load a Ca-certifcate with CyaSSL_CTX_load_verify_locations()

Chris,

Today I took the newest code from GitHub and after re-compiling and re-linking the runnables this problem is vanished. So many thanks for helping me out.

Kind regards,

Theo

Share