Topic: Error in using curl and wolfssl to implement HTTPS
Hi everyone,
I am trying to use curl + wolfssl to implement HTTPS on arm linux, but there was an error.
When I use curl + OpenSSL to test the same code, there is no problem at all.
Curl version :7.74.0
Wolfsll version : 3.13.0
Openssl version :1.1.1.1i
The error message is as follows:
==========================================================
[1]About to verify certificate signature
[1]Verified Peer's cert
[1]DomainName match on common name failed
[1]Checking AltNames
[1] individual AltName check
[1] individual AltName check
[1] individual AltName check
[1] individual AltName check
[1] individual AltName check
[1] individual AltName check
[1] individual AltName check
[1] individual AltName check
[1] individual AltName check
[1] individual AltName check
[1]DomainName match on alt names failed too
[1]growing output buffer
[1]Shrinking output buffer
[0]wolfSSL error occurred, error = 322 line:8854 file:src/ssl.c
* subject alt name(s) or common name do not match "qnzthome.51110.com"
[1]CTX ref count not 0 yet, no free
[1]Shrinking input buffer
[1]CTX ref count down to 0, doing full free
==========================================================
Part of my test code is as follows:
==========================================================
#define TEST_URL "[url]https://qnzthome.51110.com/[/url]"
int total_size = 0;
static size_t save_response_callback(void *buffer,size_t size,size_t count,void *file_fp)
{
printf("recv data size :%d, %d byte\n", size, count);
total_size += (size * count);
return fwrite((char *)buffer, 1, count, (FILE *)file_fp);
}
void log_printf(const int level, const char *message)
{
if(NULL == message) return;
if(level <= 1)
printf("[%d]%s\n",level, message);
}
int main(int argc,char *argv[])
{
CURL * curl;
CURLcode res;
curl_global_init(CURL_GLOBAL_DEFAULT);
curl_version_info_data *info = curl_version_info(CURLVERSION_NOW);// no need for NULL check
int index = 0;
while(strlen(info->protocols[index]) != 0)
{
printf("%s ", info->protocols[index]);
index++;
if(info->protocols[index] == NULL)
break;
}
printf("\n version:%s, ssl version :%s\n", info->version, info->ssl_version);
FILE *fp = fopen("/tmp/nfs/pic.jpg", "w+");
curl = curl_easy_init();
wolfSSL_SetLoggingCb(log_printf);
wolfSSL_Debugging_ON();
char errbuf[CURL_ERROR_SIZE];
if(curl!=NULL){
printf("URL <%s>\n",TEST_URL);
curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errbuf);
curl_easy_setopt(curl,CURLOPT_URL,TEST_URL);
curl_easy_setopt(curl,CURLOPT_WRITEFUNCTION,&save_response_callback);
curl_easy_setopt(curl,CURLOPT_WRITEDATA,(void *)fp);
curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,1L);
curl_easy_setopt(curl,CURLOPT_CAINFO,"/tmp/nfs/cacert-1.pem");
curl_easy_setopt(curl,CURLOPT_SSL_VERIFYHOST, 2L);
curl_easy_setopt(curl,CURLOPT_VERBOSE,1);
curl_easy_setopt(curl,CURLOPT_TIMEOUT,30);
res = curl_easy_perform(curl);
printf("res : %d, total size %d\n", res, total_size);
if(res != CURLE_OK){
printf("curl_easy_perform error = %s, %s\n",curl_easy_strerror(res), errbuf);
}
curl_easy_cleanup(curl);
}
fclose(fp);
}
==========================================================
When porting wolfssl, the configuration is as follows:
==========================================================
./configure --host=${host} --prefix=${wolfssl_path}/wolfssl-3.13.0/install/ --disable-shared --enable-static --enable-tls13 --enable-ecc --enable-debug
==========================================================
Curl is configured as follows:
==========================================================
./configure --prefix=$(pwd)/install/${arch} --build=i686-pc-linux-gnu --host=${host} --enable-optimize --disable-werror --enable-ares=${cares_path}/lib/lib/lib/c-ares-1.17.1/install --enable-shared=no --enable-static=yes --enable-libgcc --disable-ipv6 --enable-versioned-symbols --enable-threaded-resolver --enable-pthreads --disable-verbose --enable-unix-sockets --without-zlib CFLAGS=-fPIC CPPFLAGS=-fPIC --disable-tftp --disable-ftp --disable-telnet --disable-pop3 --disable-imap --disable-mqtt -disable-smtp --disable-rtsp --disable-smb --with-wolfssl --without-ssl
==========================================================
Please give some clues to help me solve my problems
Thanks in advance