Welcome to the wolfSSL Forums!

valcroft · 2019-02-19 19:32:43

valcroft
Member
Offline

Registered: 2019-02-05
Posts: 18

Topic: No CA signer to verify with error

I'm trying to have wolfSSL working with an Arduino Due. I'm testing it by connecting to google.com

What I did was generate a cert with this command:

openssl s_client -servername google.com -connect google.com:443 \
    </dev/null 2>/dev/null | openssl x509 -text

The end of my error logs are the ff.:

log 1: Certificate Policy extension not supported yet.
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: About to verify certificate signature
log 1: No CA signer to verify with
log 1: Failed to verify CA from chain
log 1: growing output buffer
log 1: alloc mem success
log 1: h0
log 1: h1
log 1: h2
log 1: h3
log 1: end of GrowOutputBuffer
log 1: end of CheckAvailableSize
log 1: SB0
log 1: SB1
log 1: SB4
log 1: 7
log 1: SBW0
EthernetSend

7
write end
log 1: SBW1
log 1: SBW2
log 1: SBW3
log 1: SB -1
log 1: Shrinking output buffer
log 1: SB end
log 1: Verifying Peer's cert
log 2: wolfSSL Entering GetExplicitVersion
log 2: wolfSSL Entering GetSerialNumber
log 1: Got Cert Header
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: Got Algo ID
log 1: Getting Cert Name
log 1: Getting Cert Name
log 1: Got Subject Name
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: Got Key
log 1: Parsed Past Key
log 2: wolfSSL Entering DecodeCertExtensions
log 2: wolfSSL Entering GetObjectId()
log 1: DecodeExtKeyUsage
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeAltNames
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeAuthInfo
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeSubjKeyId
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeBasicCaConstraint
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeAuthKeyId
log 2: wolfSSL Entering GetObjectId()
log 1: Certificate Policy extension not supported yet.
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeCrlDist
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: About to verify certificate signature
log 1: No CA signer to verify with
log 1: Failed to verify Peer's cert
log 1: No callback override available, fatal
log 3: wolfSSL Leaving ProcessPeerCerts, return -188
log 3: wolfSSL Leaving DoCertificate, return -188
log 3: wolfSSL Leaving DoHandShakeMsgType(), return -188
log 3: wolfSSL Leaving DoHandShakeMsg(), return -188
log 0: wolfSSL error occurred, error = -188
log 0: wolfSSL error occurred, error = -188
Ram used (bytes):
dynamic: 6352
static: 8016
stack: 296
Est. free ram: 83640
aft wolfSSL_conenct err: -1
log 2: wolfSSL Entering SSL_get_error
log 3: wolfSSL Leaving SSL_get_error, return -188
log 2: wolfSSL Entering ERR_error_string
TLS Connect Error: ASN no signer error to confirm failure
SSL version is log 2: wolfSSL Entering SSL_get_version
TLSv1.2
log 2: wolfSSL Entering wolfSSL_get_cipher
log 2: wolfSSL Entering SSL_get_current_cipher
log 2: wolfSSL Entering SSL_CIPHER_get_name
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
log 2: wolfSSL Entering SSL_write()
log 1: handshake not complete, trying to finish
log 2: wolfSSL Entering wolfSSL_negotiate
log 2: wolfSSL Entering SSL_connect()
log 1: ProcessReply retry in error state, not allowed
log 0: wolfSSL error occurred, error = -188
log 3: wolfSSL Leaving wolfSSL_negotiate, return -1
log 3: wolfSSL Leaving SSL_write(), return -1
log 2: wolfSSL Entering SSL_get_error
log 3: wolfSSL Leaving SSL_get_error, return -188
log 2: wolfSSL Entering ERR_error_string
TLS Write Error: ASN no signer error to confirm failure
log 2: wolfSSL Entering SSL_shutdown()
log 3: wolfSSL Leaving SSL_shutdown(), return -1
log 2: wolfSSL Entering SSL_free
log 1: CTX ref count not 0 yet, no free
log 1: Shrinking input buffer
log 3: wolfSSL Leaving SSL_free, return 0
Connection complete.

And then the cert I used was this:

byte ROOT_CERTS_PEM[] =
"-----BEGIN CERTIFICATE-----\n"
"MIIHxzCCBq+gAwIBAgIISq/AiE/4Ql0wDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE\n"
"BhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczElMCMGA1UEAxMc\n"
"R29vZ2xlIEludGVybmV0IEF1dGhvcml0eSBHMzAeFw0xOTAxMjkxNDU4MDBaFw0x\n"
"OTA0MjMxNDU4MDBaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n"
"MRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKDApHb29nbGUgTExDMRUw\n"
"EwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQm\n"
"MtUY17v51azgVGYJUdJAW3uhIdVQPSLnrhFak+s4wxf7kuLiJhnO0wv/jgorpowS\n"
"vTfiyCwobsezvohrOf9co4IFVDCCBVAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDgYD\n"
"VR0PAQH/BAQDAgeAMIIEGQYDVR0RBIIEEDCCBAyCDCouZ29vZ2xlLmNvbYINKi5h\n"
"bmRyb2lkLmNvbYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYISKi5jbG91ZC5nb29n\n"
"bGUuY29tggYqLmcuY2+CDiouZ2NwLmd2dDIuY29tggoqLmdncGh0LmNughYqLmdv\n"
"b2dsZS1hbmFseXRpY3MuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiou\n"
"Z29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyou\n"
"Z29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKC\n"
"DyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20u\n"
"dHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsq\n"
"Lmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5u\n"
"bIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBpcy5jb22C\n"
"DyouZ29vZ2xlYXBpcy5jboIUKi5nb29nbGVjb21tZXJjZS5jb22CESouZ29vZ2xl\n"
"dmlkZW8uY29tggwqLmdzdGF0aWMuY26CDSouZ3N0YXRpYy5jb22CEiouZ3N0YXRp\n"
"Y2NuYXBwcy5jboIKKi5ndnQxLmNvbYIKKi5ndnQyLmNvbYIUKi5tZXRyaWMuZ3N0\n"
"YXRpYy5jb22CDCoudXJjaGluLmNvbYIQKi51cmwuZ29vZ2xlLmNvbYIWKi55b3V0\n"
"dWJlLW5vY29va2llLmNvbYINKi55b3V0dWJlLmNvbYIWKi55b3V0dWJlZWR1Y2F0\n"
"aW9uLmNvbYIRKi55b3V0dWJla2lkcy5jb22CByoueXQuYmWCCyoueXRpbWcuY29t\n"
"ghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYILYW5kcm9pZC5jb22CG2RldmVs\n"
"b3Blci5hbmRyb2lkLmdvb2dsZS5jboIcZGV2ZWxvcGVycy5hbmRyb2lkLmdvb2ds\n"
"ZS5jboIEZy5jb4IIZ2dwaHQuY26CBmdvby5nbIIUZ29vZ2xlLWFuYWx5dGljcy5j\n"
"b22CCmdvb2dsZS5jb22CEmdvb2dsZWNvbW1lcmNlLmNvbYIYc291cmNlLmFuZHJv\n"
"aWQuZ29vZ2xlLmNuggp1cmNoaW4uY29tggp3d3cuZ29vLmdsggh5b3V0dS5iZYIL\n"
"eW91dHViZS5jb22CFHlvdXR1YmVlZHVjYXRpb24uY29tgg95b3V0dWJla2lkcy5j\n"
"b22CBXl0LmJlMGgGCCsGAQUFBwEBBFwwWjAtBggrBgEFBQcwAoYhaHR0cDovL3Br\n"
"aS5nb29nL2dzcjIvR1RTR0lBRzMuY3J0MCkGCCsGAQUFBzABhh1odHRwOi8vb2Nz\n"
"cC5wa2kuZ29vZy9HVFNHSUFHMzAdBgNVHQ4EFgQU4d6jiJq9XEX/VakZBbvn3GVy\n"
"338wDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR3wrhQmmd2drEtwobQg6B+pn66\n"
"SzAhBgNVHSAEGjAYMAwGCisGAQQB1nkCBQMwCAYGZ4EMAQICMDEGA1UdHwQqMCgw\n"
"JqAkoCKGIGh0dHA6Ly9jcmwucGtpLmdvb2cvR1RTR0lBRzMuY3JsMA0GCSqGSIb3\n"
"DQEBCwUAA4IBAQC7GErM5Cnc5PYfZ+c7S4py1RDd/Irf4TVNOL9VxlYcJkkJo7dG\n"
"VSPiZdEEUV9neMMmSY0mktTkzKYBdYK/y9ZWYCAcpqOZoiYtsbdJ1b5rH+mOI5NG\n"
"+PCGL532Ie6dG/aK+2hDFhMTItimIt1BO7Pxvsj8/zVTlFwjJGT4sTUj3h74rOLM\n"
"UAlPt4ag00tiPxWl4hPmE89StBlX+wGmzHHGjvgCpevS04JluOFFXD30gXxOHGZA\n"
"mZt3a6Y3w1wBae/xZtCl6p0C3+oFX0zzLlmMipq0wtw1pIjrhLnQcaZ5p+3TyR86\n"
"ByLwfJsIKcpYMY05KzEftqBQLaZ5qKFZS3/M\n"
"-----END CERTIFICATE-----\n";

My previous progress on this is in this link:
https://www.wolfssl.com/forums/topic132 … o-due.html

Current code is this:

/* wolfssl_client.ino
 *
 * Copyright (C) 2006-2018 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */
 #include <Arduino.h>
 //#include <sys/time.h>
 
 #include <wolfssl.h>
 #include <wolfssl/ssl.h>
 //#include <wolfssl/wolflogging.h>
 
 struct timeval {
   long tv_sec;
   long tv_usec;
 };
 
 int _gettimeofday( struct timeval *tv, void *tzvp)
 {
   //uint64_t t = __your_system_time_function_here__();  // get uptime in nanoseconds
   //tv->tv_sec = t / 1000000000;  // convert to seconds
   //tv->tv_usec = ( t % 1000000000 ) / 1000;  // get remaining microseconds
   /*
   long mt = millis();
   tv->tv_sec = mt/1000;
   tv->tv_usec = mt*1000;
   */
   long int mt = 1550041049;
   tv->tv_sec = mt;
   tv->tv_usec = 0;
   return 0;  // return non-zero for error
 } // end _gettimeofday()
 /*
 byte ROOT_CERTS_PEM[] = 
 "-----BEGIN CERTIFICATE-----\n"
"MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n"
"A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
"cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
"MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
"BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n"
"YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
"ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n"
"BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n"
"I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n"
"CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n"
"lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n"
"AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n"
"-----END CERTIFICATE-----\n";
 */

byte ROOT_CERTS_PEM[] =
"-----BEGIN CERTIFICATE-----\n"
"MIIHxzCCBq+gAwIBAgIISq/AiE/4Ql0wDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE\n"
"BhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczElMCMGA1UEAxMc\n"
"R29vZ2xlIEludGVybmV0IEF1dGhvcml0eSBHMzAeFw0xOTAxMjkxNDU4MDBaFw0x\n"
"OTA0MjMxNDU4MDBaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n"
"MRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKDApHb29nbGUgTExDMRUw\n"
"EwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQm\n"
"MtUY17v51azgVGYJUdJAW3uhIdVQPSLnrhFak+s4wxf7kuLiJhnO0wv/jgorpowS\n"
"vTfiyCwobsezvohrOf9co4IFVDCCBVAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDgYD\n"
"VR0PAQH/BAQDAgeAMIIEGQYDVR0RBIIEEDCCBAyCDCouZ29vZ2xlLmNvbYINKi5h\n"
"bmRyb2lkLmNvbYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYISKi5jbG91ZC5nb29n\n"
"bGUuY29tggYqLmcuY2+CDiouZ2NwLmd2dDIuY29tggoqLmdncGh0LmNughYqLmdv\n"
"b2dsZS1hbmFseXRpY3MuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiou\n"
"Z29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyou\n"
"Z29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKC\n"
"DyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20u\n"
"dHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsq\n"
"Lmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5u\n"
"bIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBpcy5jb22C\n"
"DyouZ29vZ2xlYXBpcy5jboIUKi5nb29nbGVjb21tZXJjZS5jb22CESouZ29vZ2xl\n"
"dmlkZW8uY29tggwqLmdzdGF0aWMuY26CDSouZ3N0YXRpYy5jb22CEiouZ3N0YXRp\n"
"Y2NuYXBwcy5jboIKKi5ndnQxLmNvbYIKKi5ndnQyLmNvbYIUKi5tZXRyaWMuZ3N0\n"
"YXRpYy5jb22CDCoudXJjaGluLmNvbYIQKi51cmwuZ29vZ2xlLmNvbYIWKi55b3V0\n"
"dWJlLW5vY29va2llLmNvbYINKi55b3V0dWJlLmNvbYIWKi55b3V0dWJlZWR1Y2F0\n"
"aW9uLmNvbYIRKi55b3V0dWJla2lkcy5jb22CByoueXQuYmWCCyoueXRpbWcuY29t\n"
"ghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYILYW5kcm9pZC5jb22CG2RldmVs\n"
"b3Blci5hbmRyb2lkLmdvb2dsZS5jboIcZGV2ZWxvcGVycy5hbmRyb2lkLmdvb2ds\n"
"ZS5jboIEZy5jb4IIZ2dwaHQuY26CBmdvby5nbIIUZ29vZ2xlLWFuYWx5dGljcy5j\n"
"b22CCmdvb2dsZS5jb22CEmdvb2dsZWNvbW1lcmNlLmNvbYIYc291cmNlLmFuZHJv\n"
"aWQuZ29vZ2xlLmNuggp1cmNoaW4uY29tggp3d3cuZ29vLmdsggh5b3V0dS5iZYIL\n"
"eW91dHViZS5jb22CFHlvdXR1YmVlZHVjYXRpb24uY29tgg95b3V0dWJla2lkcy5j\n"
"b22CBXl0LmJlMGgGCCsGAQUFBwEBBFwwWjAtBggrBgEFBQcwAoYhaHR0cDovL3Br\n"
"aS5nb29nL2dzcjIvR1RTR0lBRzMuY3J0MCkGCCsGAQUFBzABhh1odHRwOi8vb2Nz\n"
"cC5wa2kuZ29vZy9HVFNHSUFHMzAdBgNVHQ4EFgQU4d6jiJq9XEX/VakZBbvn3GVy\n"
"338wDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR3wrhQmmd2drEtwobQg6B+pn66\n"
"SzAhBgNVHSAEGjAYMAwGCisGAQQB1nkCBQMwCAYGZ4EMAQICMDEGA1UdHwQqMCgw\n"
"JqAkoCKGIGh0dHA6Ly9jcmwucGtpLmdvb2cvR1RTR0lBRzMuY3JsMA0GCSqGSIb3\n"
"DQEBCwUAA4IBAQC7GErM5Cnc5PYfZ+c7S4py1RDd/Irf4TVNOL9VxlYcJkkJo7dG\n"
"VSPiZdEEUV9neMMmSY0mktTkzKYBdYK/y9ZWYCAcpqOZoiYtsbdJ1b5rH+mOI5NG\n"
"+PCGL532Ie6dG/aK+2hDFhMTItimIt1BO7Pxvsj8/zVTlFwjJGT4sTUj3h74rOLM\n"
"UAlPt4ag00tiPxWl4hPmE89StBlX+wGmzHHGjvgCpevS04JluOFFXD30gXxOHGZA\n"
"mZt3a6Y3w1wBae/xZtCl6p0C3+oFX0zzLlmMipq0wtw1pIjrhLnQcaZ5p+3TyR86\n"
"ByLwfJsIKcpYMY05KzEftqBQLaZ5qKFZS3/M\n"
"-----END CERTIFICATE-----\n";

 #include <Ethernet2.h>

#include <freeRam.h>
 /*
 struct timeval {
   long      tv_sec;
   long tv_usec;
 };
 */
 
 /*
 int _gettimeofday( struct timeval *tv, void *tzvp )
 {
     //uint64_t t = __your_system_time_function_here__();  // get uptime in nanoseconds
     //tv->tv_sec = t / 1000000000;  // convert to seconds
     //tv->tv_usec = ( t % 1000000000 ) / 1000;  // get remaining microseconds
     long mt = millis();
     tv->tv_sec = mt/1000;
     tv->tv_usec = mt*1000;
     return 0;  // return non-zero for error
 } // end _gettimeofday()
 */
 
 
 
 
 //const char host[] = "192.168.1.148"; // server to connect to
 //const int port = 11111; // port on server to connect to
 const char host[] = "google.com";
 const int port = 443;
 
 int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
 int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
 int reconnect = 10;
 
 EthernetClient client;
 
 WOLFSSL_CTX* ctx = NULL;
 WOLFSSL* ssl = NULL;
 
 byte MAC_ADDR[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xEC };


// void wolfSSL_Logging_cb(const int logLevel, const char *const logMessage);

void wolfssl_custom_logging_cb(const int logLevel, const char *const logMessage) {
    Serial.print("log "); Serial.print(logLevel); Serial.print(": "); Serial.println(logMessage);
}


void setup() {


    Serial.begin(9600);


    if (Ethernet.begin(MAC_ADDR) == 0) {
        Serial.println("Failed to configure Ethernet using DHCP");
        return;
    }
    Serial.println(Ethernet.localIP());


    WOLFSSL_METHOD* method;

    freeRam();

    // Enable logging

    wolfSSL_Debugging_ON();


    wolfSSL_SetLoggingCb(&wolfssl_custom_logging_cb);


    wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP160K1);
    method = wolfTLSv1_2_client_method();
    //method = wolfTLSv1_3_client_method();
    if (method == NULL) {
        Serial.println("unable to get method");
        return;
    }

    //wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
    ctx = wolfSSL_CTX_new(method);
    if (ctx == NULL) {
    Serial.println("unable to get ctx");
    return;
    }

    /* Add cert to ctx */
    int x =     wolfSSL_CTX_load_verify_buffer(ctx, ROOT_CERTS_PEM,sizeof ROOT_CERTS_PEM, WOLFSSL_FILETYPE_PEM);
    int err            = 0;
    char errBuf[81];

    if (x != WOLFSSL_SUCCESS)
    {
        err = wolfSSL_get_error(ssl, 0);
        wolfSSL_ERR_error_string_n(err, errBuf, 80);
        Serial.print(F("ERR wolfSSL_CTX_Load_verify_buffer: "));
        Serial.println(errBuf);
        return;
    }
    
    // initialize wolfSSL using callback functions
    //wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
    wolfSSL_SetIOSend(ctx, EthernetSend);
    wolfSSL_SetIORecv(ctx, EthernetReceive);



    Serial.println("Setup success!");
    freeRam();
    return;
}
 
int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
    Serial.println("EthernetSend");
    int sent = 0;
    Serial.println(msg);
    Serial.println(sz);
    sent = client.write((byte*)msg, sz);

    return sent;
}
 
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
    int ret = 0;

    while (client.available() > 0 && ret < sz) {
        reply[ret++] = client.read();
    }

    return ret;
}
 
 void loop() {
    int err            = 0;
    int input          = 0;
    int total_input    = 0;
    char msg[]= "GET / HTTP/1.0\r\n\r\n"; // Get the root page
    int msgSz = (int)strlen(msg);
   //char msg[32]       = "hello wolfssl!";
   //int msgSz          = (int)strlen(msg);
    char errBuf[81];
    char reply[81];
    const char* cipherName;

    if (reconnect) {
        reconnect--;

        if (client.connect(host, port)) {

        Serial.print("Connected to ");
        Serial.println(host);
        // freeRam();

        if (ctx == NULL) {
            Serial.println("null ctx");
        }

        ssl = wolfSSL_new(ctx);
        freeRam();
        if (ssl == NULL) {
            Serial.println("Unable to allocate SSL object");
            //freeRam();

            err = wolfSSL_get_error(ssl, 0);
            wolfSSL_ERR_error_string_n(err, errBuf, 80);
            Serial.print("wolfSSL_new: ");
            Serial.println(errBuf);
            return;
        }

        err = wolfSSL_connect(ssl);
        freeRam();

        Serial.print(F("aft wolfSSL_conenct err: ")); Serial.println(err);
        if (err != WOLFSSL_SUCCESS) {
            err = wolfSSL_get_error(ssl, 0);
            wolfSSL_ERR_error_string(err, errBuf);
            Serial.print("TLS Connect Error: ");
            Serial.println(errBuf);
        }

        Serial.print("SSL version is ");
        Serial.println(wolfSSL_get_version(ssl));
        
        cipherName = wolfSSL_get_cipher(ssl);
        Serial.print("SSL cipher suite is ");
        Serial.println(cipherName);
        if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
        //if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
            
            Serial.print("Server response: ");
            while (client.available() || wolfSSL_pending(ssl)) {
            input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
            total_input += input;
            if (input < 0) {
                err = wolfSSL_get_error(ssl, 0);
                wolfSSL_ERR_error_string(err, errBuf);
                Serial.print("TLS Read Error: ");
                Serial.println(errBuf);
                break;
            } else if (input > 0) {
                reply[input] = '\0';
                Serial.print(reply);
            } else {
                Serial.println();
            }
            } 
        } else {
            err = wolfSSL_get_error(ssl, 0);
            wolfSSL_ERR_error_string(err, errBuf);
            Serial.print("TLS Write Error: ");
            Serial.println(errBuf);
        }
        
        wolfSSL_shutdown(ssl);
        wolfSSL_free(ssl);

        client.stop();
        Serial.println("Connection complete.");
        reconnect = 0;
        } else {
        Serial.println("Trying to reconnect...");
        }
    }
    delay(1000);
}

valcroft · 2019-02-19 20:32:43

valcroft
Member
Offline

Registered: 2019-02-05
Posts: 18

Re: No CA signer to verify with error

I have also tried putting in the two certs that appear when I put in the ff. command:

openssl s_client -showcerts -connect google.com:443 -CApath /etc/ssl/certs/

And also the active cert from here as I have read that the root CA is just what's needed ---- I changed the domain to a domain of a VPS that I own and had just put on SSL a few hours ago:
https://letsencrypt.org/certificates/

valcroft · 2019-02-20 00:17:03

valcroft
Member
Offline

Registered: 2019-02-05
Posts: 18

Re: No CA signer to verify with error

OK so I fixed this error by following this guide: https://craighesling.com/post/lets-encrypt-root-ca/

My new problem right now is that I just get a blank response.

Server response: log 2: wolfSSL Entering SSL_pending
log 2: wolfSSL Entering SSL_shutdown()
log 1: growing output buffer

log 1: alloc mem success
log 1: h0
log 1: h1
log 1: h2
log 1: h3
log 1: end of GrowOutputBuffer
log 1: end of CheckAvailableSize
log 2: wolfSSL Entering BuildMessage
log 3: wolfSSL Leaving BuildMessage, return 0
log 1: SB0
log 1: SB1
log 1: SB4
log 1: 31
log 1: SBW0
EthernetSend

31
write end
log 1: SBW1
log 1: SBW2
log 1: SBW3
log 1: SB -1
log 1: Shrinking output buffer

log 1: SB end
log 3: wolfSSL Leaving SSL_shutdown(), return 2
log 2: wolfSSL Entering SSL_free
log 1: CTX ref count not 0 yet, no free
log 3: wolfSSL Leaving SSL_free, return 0
Connection complete.

And doing this:

./examples/client/client -h scan-ssl.sandnox.com -p 443 -A trustidrootx3_chain.pem

results to this:

received record layer msg
got app DATA
wolfSSL Leaving ReceiveData(), return 79
wolfSSL Leaving wolfSSL_read_internal(), return 79
HTTP/1.1 400 Bad Request
Server: nginx/1.10.3 (Ubuntu)
Date: Wed, 20 Feb 2019
wolfSSL Entering SSL_shutdown()
growing output buffer

alex.abrahamson · 2019-02-21 20:08:47

alex.abrahamson
Member
Offline

From: Bozeman
Registered: 2017-07-06
Posts: 29

Re: No CA signer to verify with error

Hi valcroft,

Thanks for using wolfSSL! I'm sorry that you had been running into an issue and are now running into the problem with no data being given, or with the blank response. I'll look into this some more, and I'll try and figure out what could be causing this.

Thank you!

alex.abrahamson · 2019-02-25 11:42:11

alex.abrahamson
Member
Offline

From: Bozeman
Registered: 2017-07-06
Posts: 29

Re: No CA signer to verify with error

Hi valcroft,

Sorry for the delay in my reply. I looked at the example code you had shared and there didn't seem to be any obvious problems with it, so I looked at the certificates you had mentioned. The certificate you were defining in your code was an issued certificate for Google, which to me does not appear as if it would work, but as you're successfully connecting to the webserver and receiving the 400 response, it obviously succeeds when loaded in with trustidrootx3_chain.pem, so this may not be the issue but it is something to keep in mind.

In response to actually receiving the blank response from the webserver, the client is actually receiving something from the server - the "400 bad request" response (79 bytes long). Would you be able to pass in the "-g" option to the client application when connecting to the sandnox domain? This should resolve that "bad request"/empty response issue.

Thank you!

valcroft · 2019-02-25 18:01:06

valcroft
Member
Offline

Registered: 2019-02-05
Posts: 18

Re: No CA signer to verify with error

Hi! Thanks for replying Alex! I realize that my previous posts on this thread was confusing, just as a recap, what I'm doing is trying to enable HTTPS with scan-ssl.sandnox.com, which I configured with SSL via Let's Encrypt. And so I found the root CA for it from identrust. I attached the file here as well.

Ultimately, I would want to run this on an Arduino Due. But it appears that I'm having problems even just with client side on PC.

I tried using the -g option and it did improve the situation. Weirdly, I'm already putting in a GET request with the Arduino Due and received the same results before. Anyways shall look into that more later.

I'm confused though, I keep getting this error, upon running this command:

./examples/client/client -h scan-ssl.sandnox.com -p 443 -A trustidrootx3_chain.pem -g

:~/Downloads/wolfssl-3.15.7$ ./examples/client/client -h  scan-ssl.sandnox.com -p 443 -A trustidrootx3_chain.pem -g
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering TLSv1_2_client_method_ex
wolfSSL Entering wolfSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering SSL_CTX_set_default_passwd_cb
wolfSSL Entering wolfSSL_CTX_use_certificate_chain_file
Getting dynamic buffer
wolfSSL Entering PemToDer
Checking cert signature type
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Not ECDSA cert signature
wolfSSL Entering wolfSSL_CTX_use_PrivateKey_file
Getting dynamic buffer
wolfSSL Entering PemToDer
wolfSSL_CTX_load_verify_locations_ex
Getting dynamic buffer
Processing CA PEM file
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
   Processed a CA
Processed at least one valid CA. Other stuff OK
wolfSSL_CTX_load_verify_locations_ex
Getting dynamic buffer
Processing CA PEM file
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
DecodeExtKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
   Processed a CA
Processed at least one valid CA. Other stuff OK
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_set_fd
wolfSSL Entering SSL_set_read_fd
wolfSSL Leaving SSL_set_read_fd, return 1
wolfSSL Entering SSL_set_write_fd
wolfSSL Leaving SSL_set_write_fd, return 1
wolfSSL Entering SSL_connect()
wolfSSL Entering SendClientHello
Adding signature algorithms extension
growing output buffer

Signature Algorithms extension to write
Point Formats extension to write
Supported Groups extension to write
EMS extension to write
Shrinking output buffer

wolfSSL Leaving SendClientHello, return 0
connect state: CLIENT_HELLO_SENT
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing server hello
wolfSSL Entering DoServerHello
Point Formats extension received
wolfSSL Entering VerifyClientSuite
wolfSSL Leaving DoServerHello, return 0
Shrinking input buffer

wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing certificate
wolfSSL Entering DoCertificate
wolfSSL Entering ProcessPeerCerts
Loading peer's cert chain
    Put another cert into chain
    Put another cert into chain
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
DecodeExtKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAltNames
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
wolfSSL Entering ConfirmSignature
wolfSSL Leaving ConfirmSignature, return 0
Adding CA from chain
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
Verifying Peer's cert
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
DecodeExtKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAltNames
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
wolfSSL Entering ConfirmSignature
wolfSSL Leaving ConfirmSignature, return 0
Verified Peer's cert
wolfSSL Leaving ProcessPeerCerts, return 0
wolfSSL Leaving DoCertificate, return 0
Shrinking input buffer

wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing server key exchange
wolfSSL Entering DoServerKeyExchange
wolfSSL Entering RsaVerify
wolfSSL Leaving RsaVerify, return 83
wolfSSL Leaving DoServerKeyExchange, return 0
Shrinking input buffer

wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing server hello done
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
connect state: HELLO_AGAIN
connect state: HELLO_AGAIN_REPLY
connect state: FIRST_REPLY_DONE
connect state: FIRST_REPLY_FIRST
wolfSSL Entering SendClientKeyExchange
wolfSSL Entering EccMakeKey
wolfSSL Leaving EccMakeKey, return 0
wolfSSL Entering EccSharedSecret
wolfSSL Leaving EccSharedSecret, return 0
growing output buffer

Shrinking output buffer

wolfSSL Leaving SendClientKeyExchange, return 0
sent: client key exchange
connect state: FIRST_REPLY_SECOND
connect state: FIRST_REPLY_THIRD
growing output buffer

Shrinking output buffer

sent: change cipher spec
connect state: FIRST_REPLY_FOURTH
wolfSSL Entering SendFinished
growing output buffer

wolfSSL Entering BuildMessage
wolfSSL Leaving BuildMessage, return 0
Shrinking output buffer

wolfSSL Leaving SendFinished, return 0
sent: finished
connect state: FINISHED_DONE
received record layer msg
got CHANGE CIPHER SPEC
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing finished
wolfSSL Entering DoFinished
wolfSSL Leaving DoFinished, return 0
Shrinking input buffer

wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
connect state: SECOND_REPLY_DONE
wolfSSL Leaving SSL_connect(), return 1
wolfSSL Entering SSL_get_peer_certificate
wolfSSL Entering X509_get_issuer_name
wolfSSL Entering wolfSSL_X509_NAME_oneline
wolfSSL Entering wolfSSL_X509_get_subject_name
wolfSSL Entering wolfSSL_X509_NAME_oneline
peer's cert info:
 issuer : /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 subject: /CN=scan-ssl.sandnox.com
wolfSSL Entering wolfSSL_X509_get_next_altname
 altname = scan-ssl.sandnox.com
wolfSSL Entering wolfSSL_X509_get_next_altname
wolfSSL Entering wolfSSL_X509_get_serial_number
 serial number:03:ca:e9:b8:28:21:d5:49:9e:ff:b7:b1:80:8d:3d:78:3e:f6
wolfSSL Entering wolfSSL_FreeX509
wolfSSL Entering ExternalFreeX509
free called on non dynamic object, not freeing
wolfSSL Entering SSL_get_version
SSL version is TLSv1.2
wolfSSL Entering SSL_get_current_cipher
wolfSSL Entering SSL_CIPHER_get_name
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
SSL curve name is SECP256R1
Client Random : 43C475590D2A7BF177D8FBBF7F6481E561C33E1177631FC095A42B8AD1FC5245
SSL connect ok, sending GET...
wolfSSL Entering SSL_write()
growing output buffer

wolfSSL Entering BuildMessage
wolfSSL Leaving BuildMessage, return 0
Shrinking output buffer

wolfSSL Leaving SSL_write(), return 28
wolfSSL Entering wolfSSL_read()
wolfSSL Entering wolfSSL_read_internal()
wolfSSL Entering ReceiveData()
growing input buffer

received record layer msg
got app DATA
wolfSSL Leaving ReceiveData(), return 79
wolfSSL Leaving wolfSSL_read_internal(), return 79
HTTP/1.1 404 Not Found
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 26 Feb 2019 0
wolfSSL Entering wolfSSL_read()
wolfSSL Entering wolfSSL_read_internal()
wolfSSL Entering ReceiveData()
wolfSSL Leaving ReceiveData(), return 79
wolfSSL Leaving wolfSSL_read_internal(), return 79
2:47:00 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 151
wolfSSL Entering SSL_shutdown()
growing output buffer

wolfSSL Entering BuildMessage
wolfSSL Leaving BuildMessage, return 0
Shrinking output buffer

wolfSSL Leaving SSL_shutdown(), return 2
wolfSSL Entering SSL_free
CTX ref count not 0 yet, no free
Shrinking input buffer

wolfSSL Entering wolfSSL_BIO_free
wolfSSL Leaving SSL_free, return 0
wolfSSL Entering SSL_CTX_free
CTX ref count down to 0, doing full free
wolfSSL Entering wolfSSL_CertManagerFree
wolfSSL Leaving SSL_CTX_free, return 0
wolfSSL Entering wolfSSL_Cleanup
wolfSSL Entering wolfCrypt_Cleanup

I tried with Postman, making a GET scan-ssl.sandnox.com:443, and it actually gets the same results. I tried with GET https://scan-ssl.sandnox.com:443 and https://scan-ssl.sandox.com and the expected JSON response of 200 with the ff. is what I get:

{
    "status": "Temp API"
}

I hence tried doing the same with the wolfSSL client, but get mixed results of either the 404 or just the ff.:

~/Downloads/wolfssl-3.15.7$ ./examples/client/client -h  https://scan-ssl.sandnox.com -p 443 -A trustidrootx3_chain.pem -g
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering TLSv1_2_client_method_ex
wolfSSL Entering wolfSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_use_certificate_chain_file
Getting dynamic buffer
wolfSSL Entering PemToDer
Checking cert signature type
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Not ECDSA cert signature
wolfSSL Entering wolfSSL_CTX_use_PrivateKey_file
Getting dynamic buffer
wolfSSL Entering PemToDer
wolfSSL_CTX_load_verify_locations_ex
Getting dynamic buffer
Processing CA PEM file
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
   Processed a CA
Processed at least one valid CA. Other stuff OK
wolfSSL_CTX_load_verify_locations_ex
Getting dynamic buffer
Processing CA PEM file
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
DecodeExtKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
   Processed a CA
Processed at least one valid CA. Other stuff OK
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL error: no entry for host

I'm using Nginx as a proxy server, server-side btw if it matters, I've tried both the configurations with "Redirect to HTTPS", and the "No Redirect" and I receive the same results.

If it helps, here's the configurations I used with nginx.

This one with Redirect:

server {
  server_name scan-ssl.sandnox.com;
  location / {
    proxy_set_header  X-Real-IP  $remote_addr;
    proxy_set_header  Host       $http_host;
    proxy_pass        http://127.0.0.1:50000;
  }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/scan-ssl.sandnox.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/scan-ssl.sandnox.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = scan-ssl.sandnox.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


  listen 80;
  server_name scan-ssl.sandnox.com;
    return 404; # managed by Certbot


}

This one without redirect:

server {
  listen 80;
  server_name scan-ssl.sandnox.com;
  location / {
    proxy_set_header  X-Real-IP  $remote_addr;
    proxy_set_header  Host       $http_host;
    proxy_pass        http://127.0.0.1:50000;
  }

        listen 443 ssl;

    ssl_certificate /etc/letsencrypt/live/scan-ssl.sandnox.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/scan-ssl.sandnox.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

        error_log /var/log/nginx/error.log debug;

}

This is my code for the Arduino Due which I expect to behave similarly to the example client run via command line, and so far does. Except when I change the host to https://scan-ssl.sandnox.com:443 where I get stuck in an infinite loop with the Arduino Due:

/* wolfssl_client.ino
 *
 * Copyright (C) 2006-2018 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */
 #include <Arduino.h>
 //#include <sys/time.h>
 
 #include <wolfssl.h>
 #include <wolfssl/ssl.h>
 //#include <wolfssl/wolflogging.h>
 
 struct timeval {
   long tv_sec;
   long tv_usec;
 };
 
 int _gettimeofday( struct timeval *tv, void *tzvp)
 {
   //uint64_t t = __your_system_time_function_here__();  // get uptime in nanoseconds
   //tv->tv_sec = t / 1000000000;  // convert to seconds
   //tv->tv_usec = ( t % 1000000000 ) / 1000;  // get remaining microseconds
   /*
   long mt = millis();
   tv->tv_sec = mt/1000;
   tv->tv_usec = mt*1000;
   */
   //long int mt = 1550041049;
   long int mt = 1550633024 ;
   tv->tv_sec = mt;
   tv->tv_usec = 0;
   return 0;  // return non-zero for error
 } // end _gettimeofday()

byte ROOT_CERTS_PEM[] =

"-----BEGIN CERTIFICATE-----\n"
"MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/\n"
"MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\n"
"DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow\n"
"PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD\n"
"Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
"AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O\n"
"rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq\n"
"OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b\n"
"xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw\n"
"7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD\n"
"aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV\n"
"HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG\n"
"SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69\n"
"ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr\n"
"AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz\n"
"R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5\n"
"JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo\n"
"Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ\n"
"-----END CERTIFICATE-----\n";

 #include <Ethernet2.h>

#include <freeRam.h>
 /*
 struct timeval {
   long      tv_sec;
   long tv_usec;
 };
 */
 
 /*
 int _gettimeofday( struct timeval *tv, void *tzvp )
 {
     //uint64_t t = __your_system_time_function_here__();  // get uptime in nanoseconds
     //tv->tv_sec = t / 1000000000;  // convert to seconds
     //tv->tv_usec = ( t % 1000000000 ) / 1000;  // get remaining microseconds
     long mt = millis();
     tv->tv_sec = mt/1000;
     tv->tv_usec = mt*1000;
     return 0;  // return non-zero for error
 } // end _gettimeofday()
 */
 
 
 
 
 //const char host[] = "192.168.1.148"; // server to connect to
 //const int port = 11111; // port on server to connect to
 //const char host_1[] = "https://scan-ssl.sandnox.com";

 const char host[] = "scan-ssl.sandnox.com";
 const int port = 443;
 
 int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
 int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
 int reconnect = 10;
 
 EthernetClient client;
 
 WOLFSSL_CTX* ctx = NULL;
 WOLFSSL* ssl = NULL;
 
 byte MAC_ADDR[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xEC };


// void wolfSSL_Logging_cb(const int logLevel, const char *const logMessage);

void wolfssl_custom_logging_cb(const int logLevel, const char *const logMessage) {
    Serial.print("log "); Serial.print(logLevel); Serial.print(": "); Serial.println(logMessage);
}


void setup() {


    Serial.begin(9600);


    if (Ethernet.begin(MAC_ADDR) == 0) {
        Serial.println("Failed to configure Ethernet using DHCP");
        return;
    }
    Serial.println(Ethernet.localIP());


    WOLFSSL_METHOD* method;

    freeRam();

    // Enable logging

    wolfSSL_Debugging_ON();


    wolfSSL_SetLoggingCb(&wolfssl_custom_logging_cb);

    // WOLFSSL_ECC_X25519
    //wolfSSL_CTX_UseSupportedCurve(ssl, WOLFSSL_ECC_X25519);
    wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP160K1);
    method = wolfTLSv1_2_client_method();
    //method =  wolfSSLv23_client_method();
    //method = wolfTLSv1_3_client_method();
    if (method == NULL) {
        Serial.println("unable to get method");
        return;
    }

    //wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
    ctx = wolfSSL_CTX_new(method);
    if (ctx == NULL) {
    Serial.println("unable to get ctx");
    return;
    }

    /* Add cert to ctx */
    int x =     wolfSSL_CTX_load_verify_buffer(ctx, ROOT_CERTS_PEM,sizeof ROOT_CERTS_PEM, WOLFSSL_FILETYPE_PEM);
    int err            = 0;
    char errBuf[81];

    if (x != WOLFSSL_SUCCESS)
    {
        err = wolfSSL_get_error(ssl, 0);
        wolfSSL_ERR_error_string_n(err, errBuf, 80);
        Serial.print(F("ERR wolfSSL_CTX_Load_verify_buffer: "));
        Serial.println(errBuf);
        return;
    }
    

    if (wolfSSL_CTX_UseSNI(ctx, 0, host, (word16) XSTRLEN(host)) != WOLFSSL_SUCCESS) {
        wolfSSL_CTX_free(ctx); ctx = NULL;
        Serial.println('UseSNI failed');
        //err_sys("UseSNI failed");
    }
    // initialize wolfSSL using callback functions
    //wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
    wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);

    wolfSSL_SetIOSend(ctx, EthernetSend);
    wolfSSL_SetIORecv(ctx, EthernetReceive);



    Serial.println("Setup success!");
    freeRam();
    return;
}
 
int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
    Serial.println("EthernetSend");
    int sent = 0;
    Serial.println(msg);
    Serial.println(sz);
    sent = client.write((byte*)msg, sz);

    return sent;
}
 
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
    int ret = 0;

    while (client.available() > 0 && ret < sz) {
        reply[ret++] = client.read();
    }

    return ret;
}
 
 void loop() {
    int err            = 0;
    int input          = 0;
    int total_input    = 0;
    //char msg[]= "GET / HTTP/1.0\r\n\r\n"; // Get the root page
    char msg[] = "GET / HTTP/1.1\r\nHost: scan-ssl.sandnox.com\r\nConnection: close\r\n\r\n";
    int msgSz = (int)strlen(msg);
   //char msg[32]       = "hello wolfssl!";
   //int msgSz          = (int)strlen(msg);
    char errBuf[1000];
    char reply[1000];
    const char* cipherName;

    if (reconnect) {
        reconnect--;

        if (client.connect(host, port)) {

        Serial.print("Connected to ");
        Serial.println(host);
        // freeRam();

        if (ctx == NULL) {
            Serial.println("null ctx");
        }

        ssl = wolfSSL_new(ctx);
        freeRam();
        if (ssl == NULL) {
            Serial.println("Unable to allocate SSL object");
            //freeRam();

            err = wolfSSL_get_error(ssl, 0);
            wolfSSL_ERR_error_string_n(err, errBuf, 80);
            Serial.print("wolfSSL_new: ");
            Serial.println(errBuf);
            return;
        }

        err = wolfSSL_connect(ssl);
        freeRam();

        Serial.print(F("aft wolfSSL_conenct err: ")); Serial.println(err);
        if (err != WOLFSSL_SUCCESS) {
            err = wolfSSL_get_error(ssl, 0);
            wolfSSL_ERR_error_string(err, errBuf);
            Serial.print("TLS Connect Error: ");
            Serial.println(errBuf);
        }

        Serial.print("SSL version is ");
        Serial.println(wolfSSL_get_version(ssl));
        
        cipherName = wolfSSL_get_cipher(ssl);
        Serial.print("SSL cipher suite is ");
        Serial.println(cipherName);
        if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
        //if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
            
            Serial.print("Server response: ");
            while (client.available() || wolfSSL_pending(ssl)) {
                input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
                total_input += input;
                if (input < 0) {
                    err = wolfSSL_get_error(ssl, 0);
                    wolfSSL_ERR_error_string(err, errBuf);
                    Serial.print("TLS Read Error: ");
                    Serial.println(errBuf);
                    break;
                } else if (input > 0) {
                    reply[input] = '\0';
                    Serial.print(reply);
                } else {
                    Serial.println();
                }
            } 
        } else {
            err = wolfSSL_get_error(ssl, 0);
            wolfSSL_ERR_error_string(err, errBuf);
            Serial.print("TLS Write Error: ");
            Serial.println(errBuf);
        }
        
        wolfSSL_shutdown(ssl);
        wolfSSL_free(ssl);

        client.stop();
        Serial.println("Connection complete.");
        reconnect = 0;
        } else {
        Serial.println("Trying to reconnect...");
        }
    }
    delay(1000);
}

Thanks again for the help!

Post's attachments

trustidrootx3_chain.pem 1.29 kb, file has never been downloaded.

You don't have the permssions to download the attachments of this post.

valcroft · 2019-02-25 22:55:52

valcroft
Member
Offline

Registered: 2019-02-05
Posts: 18

Re: No CA signer to verify with error

Ok so this nginx config worked for me:

server {
    listen 80;
    server_name scan-ssl.sandnox.com;
   # return 301 https://$host$request_uri;
      error_log /var/log/nginx/error.log debug;
return 301 https://$server_name$request_uri;
}
server {
    listen 443 default ssl;
    server_name scan-ssl.sandnox.com;

  location / {
    proxy_set_header  X-Real-IP  $remote_addr;
    proxy_set_header  Host       $http_host;
    proxy_pass        http://127.0.0.1:50000;
  }
    ssl on;
    ssl_certificate /etc/letsencrypt/live/scan-ssl.sandnox.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/scan-ssl.sandnox.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
      error_log /var/log/nginx/error.log debug;
}

And apparently I neglected to check the client code example, and thus now changed GET /index.html to GET /. And increased the buffer size of reply[80] to reply[500].

My problem right now is that the Arduino Due still won't work ok haha.

valcroft · 2019-02-25 23:15:08

valcroft
Member
Offline

Registered: 2019-02-05
Posts: 18

Re: No CA signer to verify with error

Omg it finally worked I think on the Arduino Due!

What I fixed was just change the line in the Arduino example code from this:

// when sending data
            if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
                Serial.println("[Server response]: ");
                while (client.available() || wolfSSL_pending(ssl)) {

To this:

            bwritten = wolfSSL_write(ssl, (char *) msg, strlen(msg));
            Serial.print("[Bytes written= ]");
            Serial.println(bwritten);
            
            if (bwritten > 0) {
                Serial.println("[Server response]: ");
                while ( client.available() || wolfSSL_pending(ssl) ) {

These are the debug logs I'm getting. However, I'm not really sure but how would I know if this is really running thru HTTPS and not HTTP? Or if TLS is working ok?

 1: CB5
log 3: 192.168.0.112
Ram used (bytes): 
dynamic: 128
static: 6464
stack: 176
Est. free ram: 91536
log 2: wolfSSL Entering TLSv1_2_client_method_ex
log 2: wolfSSL Entering wolfSSL_CTX_new_ex
log 2: wolfSSL Entering wolfSSL_Init
log 2: wolfSSL Entering wolfCrypt_Init
log 2: wolfSSL Entering wolfSSL_CertManagerNew
log 3: wolfSSL Leaving WOLFSSL_CTX_new, return 0
log 2: wolfSSL Entering wolfSSL_CTX_load_verify_buffer
log 1: Processing CA PEM file
log 2: wolfSSL Entering PemToDer
log 1: Adding a CA
log 2: wolfSSL Entering GetExplicitVersion
log 2: wolfSSL Entering GetSerialNumber
log 1: Got Cert Header
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: Got Algo ID
log 1: Getting Cert Name
log 1: Getting Cert Name
log 1: Got Subject Name
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: Got Key
log 1: Parsed Past Key
log 2: wolfSSL Entering DecodeCertExtensions
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeBasicCaConstraint
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeKeyUsage
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeSubjKeyId
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1:     Parsed new CA
log 1:     Freeing Parsed CA
log 1:     Freeing der CA
log 1:         OK Freeing der CA
log 3: wolfSSL Leaving AddCA, return 0
log 1:    Processed a CA
log 1: Processed at least one valid CA. Other stuff OK
log 2: wolfSSL Entering wolfSSL_CTX_set_verify
log 1: CB7
Setup success!
Ram used (bytes): 
dynamic: 952
static: 6464
stack: 176
Est. free ram: 90712
Connected to scan-ssl.sandnox.com
log 2: wolfSSL Entering SSL_new
log 1: wolfSSL_new: in if SSL
log 1: CB5
log 3: wolfSSL Leaving SSL_new, return 0
Ram used (bytes): 
dynamic: 3144
static: 6464
stack: 2168
Est. free ram: 86528
log 2: wolfSSL Entering SSL_connect()
log 1: in CONNECT_BEGIN
log 2: wolfSSL Entering SendClientHello
log 1: SCH0
log 1: SCH1
log 1: Adding signature algorithms extension
log 1: SCH2
log 1: growing output buffer

log 1: alloc mem success
log 1: h0
log 1: h1
log 1: h2
log 1: h3
log 1: end of GrowOutputBuffer
log 1: end of CheckAvailableSize
log 1: SCH3
log 1: SCH4
log 1: SCH41
log 1: SCH5
log 1: SCH6
log 1: SCH8
log 1: SCH9
log 1: SCH10
log 1: Signature Algorithms extension to write
log 1: Point Formats extension to write
log 1: Supported Groups extension to write
log 1: SNI extension to write
log 1: SCH11
log 1: SCH15
log 1: SCH17
log 1: SCH170
log 1: SCH18
log 1: SCH20
log 1: SB0
log 1: SB1
log 1: SB4
log 1: 163
log 1: SBW0
EthernetSend

163
write end
log 1: SBW1
log 1: SBW2
log 1: SBW3
log 1: SB -1
log 1: Shrinking output buffer

log 1: SB end
log 1: SCH21
log 3: wolfSSL Leaving SendClientHello, return 0
log 1: SC end
log 1: aft SendClientHello
log 1: connect state: CLIENT_HELLO_SENT
log 1: growing input buffer

log 1: received record layer msg
log 2: wolfSSL Entering DoHandShakeMsg()
log 2: wolfSSL Entering DoHandShakeMsgType
log 1: processing server hello
log 2: wolfSSL Entering DoServerHello
log 1: Point Formats extension received
log 2: wolfSSL Entering VerifyClientSuite
log 3: wolfSSL Leaving DoServerHello, return 0
log 1: Shrinking input buffer

log 3: wolfSSL Leaving DoHandShakeMsgType(), return 0
log 3: wolfSSL Leaving DoHandShakeMsg(), return 0
log 1: growing input buffer

log 1: received record layer msg
log 2: wolfSSL Entering DoHandShakeMsg()
log 2: wolfSSL Entering DoHandShakeMsgType
log 1: processing certificate
log 2: wolfSSL Entering DoCertificate
log 2: wolfSSL Entering ProcessPeerCerts
log 1: Loading peer's cert chain
log 1:     Put another cert into chain
log 1:     Put another cert into chain
log 2: wolfSSL Entering GetExplicitVersion
log 2: wolfSSL Entering GetSerialNumber
log 1: Got Cert Header
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: Got Algo ID
log 1: Getting Cert Name
log 1: Getting Cert Name
log 1: Got Subject Name
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: Got Key
log 1: Parsed Past Key
log 2: wolfSSL Entering DecodeCertExtensions
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeBasicCaConstraint
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeKeyUsage
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeAuthInfo
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeAuthKeyId
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeCertPolicy
log 3: wolfSSL Leaving DecodeCertPolicy, return 0
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeCrlDist
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeSubjKeyId
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: About to verify certificate signature
log 2: wolfSSL Entering ConfirmSignature
log 3: wolfSSL Leaving ConfirmSignature, return 0
log 1: Adding CA from chain
log 1: Adding a CA
log 2: wolfSSL Entering GetExplicitVersion
log 2: wolfSSL Entering GetSerialNumber
log 1: Got Cert Header
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: Got Algo ID
log 1: Getting Cert Name
log 1: Getting Cert Name
log 1: Got Subject Name
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: Got Key
log 1: Parsed Past Key
log 2: wolfSSL Entering DecodeCertExtensions
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeBasicCaConstraint
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeKeyUsage
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeAuthInfo
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeAuthKeyId
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeCertPolicy
log 3: wolfSSL Leaving DecodeCertPolicy, return 0
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeCrlDist
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeSubjKeyId
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1:     Parsed new CA
log 1:     Freeing Parsed CA
log 1:     Freeing der CA
log 1:         OK Freeing der CA
log 3: wolfSSL Leaving AddCA, return 0
log 1: Verifying Peer's cert
log 2: wolfSSL Entering GetExplicitVersion
log 2: wolfSSL Entering GetSerialNumber
log 1: Got Cert Header
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: Got Algo ID
log 1: Getting Cert Name
log 1: Getting Cert Name
log 1: Got Subject Name
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: Got Key
log 1: Parsed Past Key
log 2: wolfSSL Entering DecodeCertExtensions
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeKeyUsage
log 2: wolfSSL Entering GetObjectId()
log 1: DecodeExtKeyUsage
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeBasicCaConstraint
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeSubjKeyId
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeAuthKeyId
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeAuthInfo
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeAltNames
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeCertPolicy
log 3: wolfSSL Leaving DecodeCertPolicy, return 0
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: About to verify certificate signature
log 2: wolfSSL Entering ConfirmSignature
log 3: wolfSSL Leaving ConfirmSignature, return 0
log 1: Verified Peer's cert
log 3: wolfSSL Leaving ProcessPeerCerts, return 0
log 3: wolfSSL Leaving DoCertificate, return 0
log 1: Shrinking input buffer

log 3: wolfSSL Leaving DoHandShakeMsgType(), return 0
log 3: wolfSSL Leaving DoHandShakeMsg(), return 0
log 1: growing input buffer

log 1: received record layer msg
log 2: wolfSSL Entering DoHandShakeMsg()
log 2: wolfSSL Entering DoHandShakeMsgType
log 1: processing server key exchange
log 2: wolfSSL Entering DoServerKeyExchange
log 2: wolfSSL Entering RsaVerify
log 3: wolfSSL Leaving RsaVerify, return 51
log 3: wolfSSL Leaving DoServerKeyExchange, return 0
log 1: Shrinking input buffer

log 3: wolfSSL Leaving DoHandShakeMsgType(), return 0
log 3: wolfSSL Leaving DoHandShakeMsg(), return 0
log 1: received record layer msg
log 2: wolfSSL Entering DoHandShakeMsg()
log 2: wolfSSL Entering DoHandShakeMsgType
log 1: processing server hello done
log 3: wolfSSL Leaving DoHandShakeMsgType(), return 0
log 3: wolfSSL Leaving DoHandShakeMsg(), return 0
log 1: connect state: HELLO_AGAIN
log 1: connect state: HELLO_AGAIN_REPLY
log 1: connect state: FIRST_REPLY_DONE
log 1: connect state: FIRST_REPLY_FIRST
log 2: wolfSSL Entering SendClientKeyExchange
log 2: wolfSSL Entering EccMakeKey
log 3: wolfSSL Leaving EccMakeKey, return 0
log 2: wolfSSL Entering EccSharedSecret
log 3: wolfSSL Leaving EccSharedSecret, return 0
log 1: growing output buffer

log 1: alloc mem success
log 1: h0
log 1: h1
log 1: h2
log 1: h3
log 1: end of GrowOutputBuffer
log 1: end of CheckAvailableSize
log 1: SB0
log 1: SB1
log 1: SB4
log 1: 75
log 1: SBW0
EthernetSend

75
write end
log 1: SBW1
log 1: SBW2
log 1: SBW3
log 1: SB -1
log 1: Shrinking output buffer

log 1: SB end
log 3: wolfSSL Leaving SendClientKeyExchange, return 0
log 1: sent: client key exchange
log 1: connect state: FIRST_REPLY_SECOND
log 1: connect state: FIRST_REPLY_THIRD
log 1: growing output buffer

log 1: alloc mem success
log 1: h0
log 1: h1
log 1: h2
log 1: h3
log 1: end of GrowOutputBuffer
log 1: end of CheckAvailableSize
log 1: SB0
log 1: SB1
log 1: SB4
log 1: 6
log 1: SBW0
EthernetSend

6
write end
log 1: SBW1
log 1: SBW2
log 1: SBW3
log 1: SB -1
log 1: Shrinking output buffer

log 1: SB end
log 1: sent: change cipher spec
log 1: connect state: FIRST_REPLY_FOURTH
log 2: wolfSSL Entering SendFinished
log 1: growing output buffer

log 1: alloc mem success
log 1: h0
log 1: h1
log 1: h2
log 1: h3
log 1: end of GrowOutputBuffer
log 1: end of CheckAvailableSize
log 2: wolfSSL Entering BuildMessage
log 3: wolfSSL Leaving BuildMessage, return 0
log 1: SB0
log 1: SB1
log 1: SB4
log 1: 45
log 1: SBW0
EthernetSend

45
write end
log 1: SBW1
log 1: SBW2
log 1: SBW3
log 1: SB -1
log 1: Shrinking output buffer

log 1: SB end
log 3: wolfSSL Leaving SendFinished, return 0
log 1: sent: finished
log 1: connect state: FINISHED_DONE
log 1: received record layer msg
log 1: got CHANGE CIPHER SPEC
log 1: growing input buffer

log 1: received record layer msg
log 2: wolfSSL Entering DoHandShakeMsg()
log 2: wolfSSL Entering DoHandShakeMsgType
log 1: processing finished
log 2: wolfSSL Entering DoFinished
log 3: wolfSSL Leaving DoFinished, return 0
log 1: Shrinking input buffer

log 3: wolfSSL Leaving DoHandShakeMsgType(), return 0
log 3: wolfSSL Leaving DoHandShakeMsg(), return 0
log 1: connect state: SECOND_REPLY_DONE
log 3: wolfSSL Leaving SSL_connect(), return 1
Ram used (bytes): 
dynamic: 3136
static: 6464
stack: 2168
Est. free ram: 86536
aft wolfSSL_conenct err: 1
SSL version is log 2: wolfSSL Entering SSL_get_version
TLSv1.2
log 2: wolfSSL Entering wolfSSL_get_cipher
log 2: wolfSSL Entering SSL_get_current_cipher
log 2: wolfSSL Entering SSL_CIPHER_get_name
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[msg to send]:
GET / HTTP/1.0
Host: scan-ssl.sandnox.com
Connection: close


log 2: wolfSSL Entering SSL_write()
log 1: growing output buffer

log 1: alloc mem success
log 1: h0
log 1: h1
log 1: h2
log 1: h3
log 1: end of GrowOutputBuffer
log 1: end of CheckAvailableSize
log 2: wolfSSL Entering BuildMessage
log 3: wolfSSL Leaving BuildMessage, return 0
log 1: SB0
log 1: SB1
log 1: SB4
log 1: 94
log 1: SBW0
EthernetSend

94
write end
log 1: SBW1
log 1: SBW2
log 1: SBW3
log 1: SB -1
log 1: Shrinking output buffer

log 1: SB end
log 3: wolfSSL Leaving SSL_write(), return 65
[Bytes written= ]65
[Server response]: 
log 2: wolfSSL Entering wolfSSL_read()
log 2: wolfSSL Entering wolfSSL_read_internal()
log 2: wolfSSL Entering ReceiveData()
log 1: growing input buffer

log 1: received record layer msg
log 1: got app DATA
log 1: Shrinking input buffer

log 3: wolfSSL Leaving ReceiveData(), return 514
log 3: wolfSSL Leaving wolfSSL_read_internal(), return 514
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 26 Feb 2019 06:12:41 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 28
Connection: close
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: *
ETag: W/"1c-UCPDcjEBKAAJOPBleMB23MZkIOM"
Vary: Accept-Encoding

{
    "status": "Temp API"
}log 2: wolfSSL Entering wolfSSL_read()
log 2: wolfSSL Entering wolfSSL_read_internal()
log 2: wolfSSL Entering ReceiveData()
log 1: growing input buffer

log 1: received record layer msg
log 1: got ALERT!
log 1: Got alert
log 1:     close notify
log 0: wolfSSL error occurred, error = 0
log 0: wolfSSL error occurred, error = -343
log 1: Zero return, no more data coming
log 3: wolfSSL Leaving wolfSSL_read_internal(), return 0

Read error
log 2: wolfSSL Entering SSL_pending
Bytes read= 0
[before shutdown]
log 2: wolfSSL Entering SSL_shutdown()
log 1: growing output buffer

log 1: alloc mem success
log 1: h0
log 1: h1
log 1: h2
log 1: h3
log 1: end of GrowOutputBuffer
log 1: end of CheckAvailableSize
log 2: wolfSSL Entering BuildMessage
log 3: wolfSSL Leaving BuildMessage, return 0
log 1: SB0
log 1: SB1
log 1: SB4
log 1: 31
log 1: SBW0
EthernetSend

31
write end
log 1: SBW1
log 1: SBW2
log 1: SBW3
log 1: SB -1
log 1: Shrinking output buffer

log 1: SB end
log 3: wolfSSL Leaving SSL_shutdown(), return 1
log 2: wolfSSL Entering SSL_free
log 1: CTX ref count not 0 yet, no free
log 1: Shrinking input buffer

log 3: wolfSSL Leaving SSL_free, return 0
Connection complete.

Welcome to the wolfSSL Forums!

No CA signer to verify with error

Posts: 8

1 Topic by valcroft 2019-02-19 19:32:43 (edited by valcroft 2019-02-19 19:50:03)

Topic: No CA signer to verify with error

2 Reply by valcroft 2019-02-19 20:32:43 (edited by valcroft 2019-02-19 22:06:17)

Re: No CA signer to verify with error

3 Reply by valcroft 2019-02-20 00:17:03 (edited by valcroft 2019-02-20 00:18:38)

Re: No CA signer to verify with error

4 Reply by alex.abrahamson 2019-02-21 20:08:47

Re: No CA signer to verify with error

5 Reply by alex.abrahamson 2019-02-25 11:42:11

Re: No CA signer to verify with error

6 Reply by valcroft 2019-02-25 18:01:06 (edited by valcroft 2019-02-25 19:49:41)

Re: No CA signer to verify with error

7 Reply by valcroft 2019-02-25 22:55:52

Re: No CA signer to verify with error

8 Reply by valcroft 2019-02-25 23:15:08 (edited by valcroft 2019-02-25 23:17:10)

Re: No CA signer to verify with error

Posts: 8