1 (edited by akhi_gangwar 2020-06-24 04:43:34)

Topic: [SOLVED] Getting -188 while connecting using wolfsslconnect

Hi All,
I am trying to connect to the MQTT server (AWS). I am using ti rtos with tm4c129encpdt microcontroller.
While connecting to server, I am using the root ca, certificate, and private key. I put these using buffer apis which is given below in the code.
When I am trying to connect, I am getting the error -188. Can anyone help me in this?
My code is -

// structure

typedef struct TLSDataParams {

    WOLFSSL *ssl_aws;
    WOLFSSL_CTX* ctx_aws ;

    int sockfd_aws;
    struct sockaddr_in g_addr_aws ;
    Error_Block eb;
} TLSDataParams;

///actual code

    Error_init(&tlsDataParams->eb);
    wolfSSL_Init();
    tlsDataParams->ctx_aws = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
    if (tlsDataParams->ctx_aws == 0){
      //  logg("****Error****: WolfSSL_CTX error", "");
        exitApp(tlsDataParams->ctx_aws);
        return -1;
    }
    uint8_t *der = NULL;
    uint32_t len, ret1;
    ret1 = CertConv_pem2der(tlsParams->pRootCALocation, root_ca_pem_len, &der, &len);
    if (ret1 != 0){
        //logg("***Error***: cert conversion to .der fail", "");
        return -1;
    }
    status = wolfSSL_CTX_load_verify_buffer(tlsDataParams->ctx_aws, der, len, SSL_FILETYPE_ASN1);
    if (status != SSL_SUCCESS){
       // logg("tcpHandler: Error loading ca_cert_der_2048\n", "");
        exitApp(tlsDataParams->ctx_aws);
        return -1;
    }

    *der = NULL; len =0;
    ret1 = CertConv_pem2der(tlsParams->pDeviceCertLocation, client_cert_pem_len, &der, &len);
    if (ret1 != 0){
        //logg("***Error***: cert conversion to .der fail", "");
        return -1;
    }
    status = wolfSSL_CTX_use_certificate_buffer (tlsDataParams->ctx_aws, der, len, SSL_FILETYPE_ASN1);
    if (status != SSL_SUCCESS){
     //   logg("tcpHandler: Error loading ca_cert_der_2048\n", "");
        exitApp(tlsDataParams->ctx_aws);
        return -1;
    }

    *der = NULL; len =0;
    ret1 = CertConv_pem2der(tlsParams->pDevicePrivateKeyLocation, client_private_key_pem_len, &der, &len);
    if (ret1 != 0){
        //logg("***Error***: cert conversion to .der fail", "");
        return -1;
    }
    status = wolfSSL_CTX_use_PrivateKey_buffer (tlsDataParams->ctx_aws, der, len, SSL_FILETYPE_ASN1);
    if (status != SSL_SUCCESS){
     //   logg("tcpHandler: Error loading ca_cert_der_2048\n", "");
        exitApp(tlsDataParams->ctx_aws);
        return -1;
    }

    tlsDataParams->ssl_aws = wolfSSL_new(tlsDataParams->ctx_aws);
    if (tlsDataParams->ssl_aws == NULL){
 //       logg("tcpHandler: wolfSSL_new error.\n", "");
        exitApp(tlsDataParams->ctx_aws);
        return -1;
    }

    tlsDataParams->sockfd_aws= socket(AF_INET, SOCK_STREAM, 0);
    if (tlsDataParams->sockfd_aws < 0){
      //  logInt("***Error***: ftp socket creation failed val is %d", "", sockfd);
        return -1;
    }

     memset((char *) &tlsDataParams->g_addr_aws, 0, sizeof(tlsDataParams->g_addr_aws));
     tlsDataParams->g_addr_aws.sin_family = AF_INET;
     tlsDataParams->g_addr_aws.sin_port = htons(tlsParams->DestinationPort);

     strcat(tlsParams->pDestinationURL, ":");  strcat(tlsParams->pDestinationURL, portStr);
     strcpy(url,tlsParams->pDestinationURL);

     if (HTTPCli_initSockAddr((struct sockaddr *) &tlsDataParams->g_addr_aws,  tlsParams->pDestinationURL, 0) < 0){
       //  logg("ftp: ***ERROR*** - address not resolved.", "");
         tlsDataParams->sockfd_aws = 0;
         return -1;
     }

     ret = connect(tlsDataParams->sockfd_aws, (struct sockaddr *)&tlsDataParams->g_addr_aws, sizeof(tlsDataParams->g_addr_aws));
     if(ret < 0){
         wolfSSL_free(tlsDataParams->ssl_aws);
         close(tlsDataParams->sockfd_aws);
         exitApp(tlsDataParams->ctx_aws);
         return -1;
     }
     wolfSSL_set_fd(tlsDataParams->ssl_aws, tlsDataParams->sockfd_aws);

     ret = wolfSSL_connect(tlsDataParams->ssl_aws); // this return failure
     if(ret < 0){
         char buffer[80];
        error =  wolfSSL_get_error(tlsDataParams->ssl_aws , 0); // this returns -188
         return -1;
     }
     else if(ret == SSL_SUCCESS){
         tlsDataParams->sockfd_aws = wolfSSL_get_fd(tlsDataParams->ssl_aws);

     }

EDIT: I am able to enable logs in wolfssl. I am attaching the log file. I am finding it difficult to understand.
Thanks

Akhilesh

Post's attachments

wolfsslLogs.txt 7.51 kb, 1 downloads since 2020-06-24 

You don't have the permssions to download the attachments of this post.

Share

Re: [SOLVED] Getting -188 while connecting using wolfsslconnect

Hi akhi_gangwar,

The error -188 means a certificate could not be validated to a trusted peer. The TLS Peer is sending 4 certificates and some of these are not validating. By default wolfSSL expects all provided certificates get validated. My guess is you are loading an intermediate CA and not the root CA. You can either load the correct root CA or you can add our `WOLFSSL_ALT_CERT_CHAINS` build option. This option only requires the peer's provided certificate matches to a loaded/trusted cert.

Also you can load PEM files directly using SSL_FILETYPE_PEM.

Thanks,
David Garske, wolfSSL

Share

Re: [SOLVED] Getting -188 while connecting using wolfsslconnect

Hi David,
Can you let me know how to add the `WOLFSSL_ALT_CERT_CHAINS' build option? I am using ti rtos. Can it be done in runtime or by setting some flag in settings.h or somewhere else?
I tried with SSL_FILETYPE_PEM but some error I was facing. I'll try again. Thanks smile

Thanks

Share

Re: [SOLVED] Getting -188 while connecting using wolfsslconnect

Hi akhi_gangwar,

Usually you'll have a user_settings.h file to put build settings, which is enabled with WOLFSSL_USER_SETTINGS. See entry 1 in our FAQ here. https://www.wolfssl.com/docs/frequently … r_wolfSSL?

Make sure you do not have NO_CODING defining, which will disable the base 64 decode support and prevent PEM support.

Thanks,
David Garske, wolfSSL

Share

Re: [SOLVED] Getting -188 while connecting using wolfsslconnect

Hi David,
I found the correct root ca. It is the starfield class 2 root ca. This certificate is working fine cc3100 wifi chip. With cc3100, I am using SL apis which is provided by TI for TLS.
Now with wolfssl, I am getting reset while handshaking. My device resets every time. I don't know why. Wolfssl is used with ethernet here.
I am pasting the logs-

wolfSSL Entering WOLFSSL_CTX_new
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_load_verify_buffer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
wolfSSL Entering wolfSSL_CTX_use_certificate_buffer
Checking cert signature type
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Not ECDSA cert signature
wolfSSL Entering wolfSSL_CTX_use_PrivateKey_buffer
wolfSSL Entering GetMyVersion
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_set_fd
wolfSSL Leaving SSL_set_fd, return 1
wolfSSL Entering wolfSSL_send()
wolfSSL Entering SSL_write()
handshake not complete, trying to finish
wolfSSL Entering wolfSSL_negotiate
wolfSSL Entering SSL_connect()
growing output buffer

Shrinking output buffer

connect state: CLIENT_HELLO_SENT
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing server hello
wolfSSL Entering VerifyClientSuite
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
More messages in record
received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing certificate
Loading peer's cert chain
    Put another cert into chain
    Put another cert into chain
    Put another cert into chain
    Put another cert into chain
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
Adding CA from chain
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
Adding CA from chain
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
Adding CA from chain
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
Verifying Peer's cert
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAltNames
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeExtKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
Verified Peer's cert
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
More messages in record
received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing server key exchange
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
More messages in record
received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing certificate request
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
More messages in record
received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType

381396:Starting Main // device resets

Let me know.
Thanks

Share

Re: [SOLVED] Getting -188 while connecting using wolfsslconnect

Hi akhi_gangwar,

The next operation is the "processing server hello done", which uses decryption. Have you run the wolfCrypt test yet to validate your platform's individual algorithms?

Here is an example for calling wolfcrypt/test/test.c:
https://github.com/wolfSSL/wolfssl/blob … est_main.c

Have you made sure your thread has enough stack space? Depending on the build options and cipher suite you may need up to 30KB in of stack space. You can reduce the stack requirement using build options like `WOLFSSL_SMALL_STACK` and `ALT_ECC_SIZE`. Here is a useful list I put together:
https://github.com/wolfSSL/wolfssl/tree … ng-options

Thanks,
David Garske, wolfSSL

Thanks,
David Garske, wolfSSL

Share

Re: [SOLVED] Getting -188 while connecting using wolfsslconnect

Hi David,
while trying this, I am getting linking error even though I have included everything.
unresolved symbol wolfcrypt_test, first referenced in ./modules/httpTask/httpsProcessor.obj
I included this path #include <wolfcrypt/test/test.h> and tried to extern too, still, I am getting this error while building.

Also, I increased the stack size and got nothing. The reset is still there.

Thanks
Akhilesh Gangwar

Share

Re: [SOLVED] Getting -188 while connecting using wolfsslconnect

Hi akhi_gangwar,

Make sure you don't have `NO_CRYPT_TEST` defined in your user_settings.h. This will make sure the wolfCrypt test code is available. Usually a reset like that is caused by a hard-fault or a watchdog. Is there anyway to determine cause of reset on your platform? Most have a reset reason register. Micros like ARM have a hard fault interrupt handler, which shows the PC instruction where the fault occurred.

Thanks,
David Garske, wolfSSL

Share

Re: [SOLVED] Getting -188 while connecting using wolfsslconnect

Hi David,

wolfcrypt_test(&args) -> aes_test() -> wc_AesCbcEncrypt -> AesAlign16 -> ROM_AESDataProcess

AES is not working. It goes into some hard loop when it calls ROM_AESDataProcess.
This is the logs after I commented the AES

Running wolfcrypt tests...

MD5      test passed!
MD4      test passed!
SHA      test passed!
SHA-256  test passed!
HMAC-MD5 test passed!
HMAC-SHA test passed!
HMAC-SHA256 test passed!
ARC4     test passed!
HC-128   test passed!
Rabbit   test passed!
DES      test passed!
DES3     test passed!
RANDOM   test passed!
RSA      test passed!
DH       test passed!
DSA      test passed!
PWDBASED test passed!
ECC      test failed!
 error = -1014

Do you have any idea why it is not working??

Thanks

Share

Re: [SOLVED] Getting -188 while connecting using wolfsslconnect

Hi akhi_gangwar,

I see now that you are using the TI hardware acceleration in ti-aes.c. Have you tried running without the hardware acceleration? For that you'd just not define `WOLFSSL_TI_CRYPT`.

I will have another engineer who's worked on the TI parts review this report. It could be there is a new issue with tm4c129encpdt  and `AesAlign16`.

Also I cannot see where -1014 would be generated from the ecc_test, is it possible to share the stack information for the error or enable logging with DEBUG_WOLFSSL and wolfSSL_Debugging_ON()?

Thanks,
David Garske, wolfSSL

Share

Re: [SOLVED] Getting -188 while connecting using wolfsslconnect

akhi_gangwar,

I can confirm we have only tested WOLFSSL_TI_CRYPT on TM4C1294NCPDT, we have not tested the hardware acceleration works correctly on the TM4C129ENCPDT. There are likely some subtle changes that would be required to make it work. Can you confirm that you linked the correct library also to be sure? The build instructions for wolfSSL with TIRTOS will output two separate libraries, wolfssl.aem4f and wolfssl_tm4c_hw.aem4f. If you have the setting WOLFSSL_TI_CRYPT and accidentally link wolfssl.aem4f that can cause issues. Also double check that your application is including <wolfssl/wolfcrypt/settings.h> BEFORE all other wolfSSL headers. If the settings are not included first that can lead to undefined behavior.

Warm Regards,

Kaleb

Re: [SOLVED] Getting -188 while connecting using wolfsslconnect

Hi Kaleb and David,
WOLFSSL_TI_CRYPT  is not defined in my settings. Also, I am using wolfssl_tm4c_hw.aem4f file.
In https, everything is working fine. In mqtt, this issue arises.
There is one difference between both-

In https, I am using the only root ca, hence doing only server verification.

In mqtt, I am using client private key, client certificate and root ca also, hence server as well as client verification.

I never faced the reset in the HTTPS handshake.

Is this something related to it? Because, in https, I don't get any reset.

Can it be a memory issue? Though I can't see anything printing on console. My memory consumption of ram is about 98% after compiling the project which included 90KB of the heap and enough stack for all tasks.
I am creating tls for https, then using it, then deleting it every time for now to avoid any memory issue. Then I am using mqtt.


Thanks,

Akhi

Share

Re: [SOLVED] Getting -188 while connecting using wolfsslconnect

Hi Kaleb and David,,
It's not memory related issue. I tested on some test project where I have 83% usage and there also I am getting reset and https is working fine as usual.

Thanks
Akhi

Share

14 (edited by akhi_gangwar 2020-07-03 04:26:07)

Re: [SOLVED] Getting -188 while connecting using wolfsslconnect

Hi Kaleb and David,
I am now able to pass all the tests but still getting the reset. I included the WOLFSSL_TI_CRYPT in the user_settings.h.
I freed up memory also. Same logs are there in wolfssl.
MD5      test passed!
MD4      test passed!
SHA      test passed!
SHA-256  test passed!
HMAC-MD5 test passed!
HMAC-SHA test passed!
HMAC-SHA256 test passed!
ARC4     test passed!
HC-128   test passed!
Rabbit   test passed!
DES      test passed!
DES3     test passed!
AES      test passed!
RANDOM   test passed!
RSA      test passed!
DH       test passed!
DSA      test passed!
PWDBASED test passed!
ECC      test passed!

Thanks
Akhi

Share

Re: [SOLVED] Getting -188 while connecting using wolfsslconnect

Akhi,

Can you double check that the certificate and key you are using for the server are a pair? If you are unsure how to check it I provide an example here awhile back that hasn't yet been merged or reviewed but you can  copy/paste the app to test your cert and key are in fact a pair or not:

https://github.com/wolfSSL/wolfssl-exam … /206/files

Warm Regards,

K

Re: [SOLVED] Getting -188 while connecting using wolfsslconnect

Hi Kaleb,
Already the same certificate and key I am using and it's working on cc3100, not using wolfssl there.
I have 3 buffers-
1. root ca
2. certificate client
3. client private key

Which key pair you are talking about? buffer 2 and 3?
I'll try though this and will let you know.

Thanks

Share

Re: [SOLVED] Getting -188 while connecting using wolfsslconnect

akhi_gangwar,

We have checked the following so far:

1) Crypto tests are all passing (crypto operating normally)
2) cert/key work in another test (assuming they are in fact being used in mutual auth in that test)
3) you are confirming they are a pair just to be sure.

The next things that could lead to a reset are:

1) A collision between heap and stack, double check the device has sufficient memory allocated for the task expecially if using USE_FAST_MATH which requires more stack than heap or change to using integer.c instead of tfm.c and remove the USE_FAST_MATH settings.

2) A mismatch in settings between app and library can lead to undefined behavior. When using user_settings.h make sure the pre-processor macros at the project level include the define WOLFSSL_USER_SETTINGS and that your application includes the header <wolfssl/wolfcrypt/settings.h> BEFORE ALL OTHER wolfSSL headers and is pulling in user_settings.h.

Warm Regards,

K

Re: [SOLVED] Getting -188 while connecting using wolfsslconnect

Hi Kaleb,
This si the setting I am using by default in settings.h

#ifdef WOLFSSL_TIRTOS
    #define SIZEOF_LONG_LONG 8
    #define NO_WRITEV
    #define NO_WOLFSSL_DIR
    #define USE_FAST_MATH
    #define TFM_TIMING_RESISTANT
    #define NO_DEV_RANDOM
    #define NO_FILESYSTEM
    #define USE_CERT_BUFFERS_2048
    #define NO_ERROR_STRINGS
    #define USER_TIME
    #define HAVE_ECC

    #ifdef __IAR_SYSTEMS_ICC__
        #pragma diag_suppress=Pa089
    #elif !defined(__GNUC__)
        /* Suppress the sslpro warning */
        #pragma diag_suppress=11
    #endif

    #include <ti/sysbios/hal/Seconds.h>
#endif

I made user_setings.h and put the
#define WOLFSSL_TI_CRYPT
//#define DEBUG_WOLFSSL.

setting wise I think settings.h is already included in every step as https is working. I tried to comment USE_FAST_MATH also. Still no improvement, https is working and mqtt resets.
How much stack and heap on an average it needed? I have 32KB of stack for this task and 90KB of heap for the system. Out of 30KB of stack, peak of stack before handshake was 13KB which means we have still 17KB of stack left just before the handshaking in mqtt. For heap, I have 47KB of left before handshake.

Share

Re: [SOLVED] Getting -188 while connecting using wolfsslconnect

Hi Kaleb and David,
I resolved this issue. I put it on hold and tried after a few days.
Actually, the issue was because of external fragmentation. Even though I was having enough heap, the size of 5kb approx was not free, which was asking during the handshaking.
I had t increase the heap by approx 20kb and now it's working all fine. Though I will test a few more things in this, but, for now, it is working all fine.

Thanks for your support and follow up.

Share