Topic: Got Alert Fatal

Hi,

I am integrating Cyassl (cyassl-1.9.0) into our embedded system (Use Nucleus RTOS).  We will be buying the commercial licence once we got it working in our embedded device...

When I run Cyassl to connect to SUPL server (A-GPS servers), device is receiving fatal alert message. error -213. 

Cyassl Log pasted below.

I receive this alert fatal message with all three A-GPS servers that I have tried with.

   Server                        Port

   supl.nokia.com          7275
   supl.google.com        7275
   supl.vodafone.com     7275


Can you please suggest what might be going wrong?

Thank you very much.

Best Regards,
-- ccww

###################################################

Following is the Cyassl debug:
----------------------------------------

SSL: CyaSSL Entering SSL_connect()
SSL: connect state: CLIENT_HELLO_SENT
SSL: growing input buffer
SSL: received record layer msg
SSL: SSL: CyaSSL Entering DoHandShakeMsg()
SSL: processing server hello
SSL: SSL: CyaSSL Leaving DoHandShakeMsg(), return 0
SSL: received record layer msg
SSL: SSL: CyaSSL Entering DoHandShakeMsg()
SSL: processing certificate
SSL: SSL: CyaSSL Leaving DoHandShakeMsg(), return 0
SSL: received record layer msg
SSL: SSL: CyaSSL Entering DoHandShakeMsg()
SSL: processing server hello done
SSL: SSL: CyaSSL Leaving DoHandShakeMsg(), return 0
SSL: connect state: HELLO_AGAIN
SSL: connect state: HELLO_AGAIN_REPLY
SSL: connect state: FIRST_REPLY_DONE
SSL: connect state: FIRST_REPLY_FIRST
SSL: growing output buffer
SSL: Shrinking output buffer
SSL: connect state: FIRST_REPLY_SECOND
SSL: connect state: FIRST_REPLY_THIRD
SSL: connect state: FIRST_REPLY_FOURTH
SSL: connect state: FINISHED_DONE
SSL: received record layer msg
SSL: got ALERT!
SSL: SSL: CyaSSL error occurred, error = -213
SSL: err = -213, revcd alert fatal error
*** SSL: Error SSL_connect failed


#####################################################

Following is my Cyassl client call flow :
------------------------------------------------------

#######################################################

InitCyaSSL ();

CyaSSL_Debugging_ON ();

method = SSLv3_client_method ();
/* Also tried: TLSv1_client_method() */

ssl_ctx = SSL_CTX_new (method);

/* For testing purpose using the ca-cert.pem provided by Cyassl in certs directory.
    buff contains ca-cert.pem  (size = 3012) */

CyaSSL_CTX_load_verify_buffer (ssl_ctx, buff, size, SSL_FILETYPE_PEM);

/* Test purpose.. No verification */
ssl_set_verify_cb_fn (ssl_ctx, SSL_VERIFY_NONE, 0);

Nucleus TCP Socket Connected... sockid

ssl = SSL_new (ssl_ctx);

SSL_set_fd (ssl, sockid);

if (SSL_connect (ssl) != SSL_SUCCESS)
{
    char buffer[80];
    int  err = SSL_get_error (s, 0);

    ssl_print (AREA1, "SSL: err = %d, %s\n", err, ERR_error_string(err, buffer));
    ssl_print (AREA1, "*** SSL: Error SSL_connect failed");
    return SSL_FAILURE;
}

#########################################################

By any chance,  is this error to do with CA certificate?  If so,  can you please suggest me how I can obtain a
correct CA certificate for testing purpose to connect to the above mentioned SUPL servers?

Thanks in advance.

Share

Re: Got Alert Fatal

Hi,

I have also ran the client by loading the public CA cert downloaded from verisign  (knowledge center) website. Still I receive the same error. Got Alert Fatal (-213)

Attached is the CA cert.

Thanks.

Post's attachments

VRSN_C3_Secure_Server_CA_G2_recertified_PCA3G1.txt 1.66 kb, 1 downloads since 2011-06-27 

You don't have the permssions to download the attachments of this post.

Share

Re: Got Alert Fatal

Added a bit more debug:

The type in the alert message is 47. (Illegal parameter: A field in the handshake was out of range or inconsistent with other fields. This is always fatal.)

Thanks.

Share

Re: Got Alert Fatal

I too am experiencing much the same problem with the same error. I'm trying to move a codebase using gnutls (it was once openssl) over to cyassl due to it's lightweight design.

Not having much luck though.

Share

Re: Got Alert Fatal

Hi,

Are you porting over both client and server, or just one of the two?

Can you verify that all tests in the CTaoCrypt test application pass on your platform?  This is usually a good starting place to start narrowing down the problem.  After building CyaSSL embedded SSL, you can find the CTaoCrypt test app in the ./ctaocrypt/test directory.

If all tests pass, can you try sniffing the connection and sending the pcap file?  You can either post it here, PM it direct to me, or send it to support@yassl.com

Thanks,
Chris

Re: Got Alert Fatal

It is the client software only. I am trying to port an FTP client over, for use with existing FTP server software.

The ctacrypt test passes fine, and the bundled examples all work fine.

Can you point me towards some directions on sniffing the connection?

Share

Re: Got Alert Fatal

Hi,

You can sniff the connection using a tool such as Wireshark (http://www.wireshark.org/).  Start a new capture on the correct interface and port, then after you have gathered your desired packets, you are able to decode as SSL to see the SSL messages.

Best Regards,
Chris