Topic: -188 err on wolfSSL_X509_verify_cert()
I have faced error when calling wolfSSL_X509_verify_cert()
this code have used as well before, but after shrink 1byte from OU function returns error as -188, ASN no signer error to confirm failure.
The value of wolfSSL_X509_STORE_CTX_get_error(ctx) is zero.
if ((ret = wolfSSL_X509_STORE_CTX_init(ctx, store, signCert, NULL)) != SSL_SUCCESS) {
printf(" Fail to init store context");
} else {
printf(" Success to init store context %d", ret);
}
if ((ret = wolfSSL_X509_verify_cert(ctx)) < 0) {
printf(" Fail to verify signing certificate, %d ", wolfSSL_X509_STORE_CTX_get_error(ctx));
char reason[100] = {0,};
wolfSSL_ERR_error_string(ret, reason);
printf(" Check certificate availability, error code = %d, %s", ret, reason);
} else {
printf(" Success to verify signing certificate");
}output
Success to init store context
Fail to verify signing certificate, 0
Check root certificate availability, error code = -188, ASN no signer error to confirm failure
To confirm the new certificate is fine, I checked with openssl like below.
$ openssl verify -verbose -CAfile ca2.cer CERT.pem
CERT.pem: OK
$ openssl verify -verbose -CAfile ca2.cer CERT_new.pem
CERT_new.pem: OK
Please advise to resolve.
Thanks.