Topic: Persistent "ASN no signer error to confirm failure" with wolfSSL_write
hello,
im facing an issue with wolfSSL while trying to make a HTTPS GET request. consistently getting the error "ASN no signer error to confirm failure" from wolfSSL_write().
building wolfssl with -DWOLFSSL_SNI=yes (not sure if even need this for what I am experiencing)
trying to converse with googleapis (www. and .com.crt to form its cert file), pulled from here:
> echo | openssl s_client -servername googleapisurl_here -connect googleapisurl_here:443 2>/dev/null | openssl x509 > googleapis.crt
please replace googleapisurl_here with its actual url which i described; its a common one so i thought it would be one to get going.
-----BEGIN CERTIFICATE-----
MIIGEjCCBPqgAwIBAgIRAJC96aYrpkjdCk+xMq0hIgMwDQYJKoZIhvcNAQELBQAw
RjELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBM
TEMxEzARBgNVBAMTCkdUUyBDQSAxQzMwHhcNMjMwNDI0MTIwMDQzWhcNMjMwNzE3
MTIwMDQyWjAiMSAwHgYDVQQDExd1cGxvYWQudmlkZW8uZ29vZ2xlLmNvbTBZMBMG
ByqGSM49AgEGCCqGSM49AwEHA0IABIj1qbVJxqS2SxJoT9hnsvHoSxxOVglUpu/J
fKJgBWEi/JqqTFzEdUJ/l0FLMrX7V+0cFSSW805BkIrnmCEObhCjggPoMIID5DAO
BgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIw
ADAdBgNVHQ4EFgQUiQu2matbf7xXp7goSw5S731HwzcwHwYDVR0jBBgwFoAUinR/
r4XN7pXNPZzQ4kYU83E1HScwagYIKwYBBQUHAQEEXjBcMCcGCCsGAQUFBzABhhto
dHRwOi8vb2NzcC5wa2kuZ29vZy9ndHMxYzMwMQYIKwYBBQUHMAKGJWh0dHA6Ly9w
a2kuZ29vZy9yZXBvL2NlcnRzL2d0czFjMy5kZXIwggGYBgNVHREEggGPMIIBi4IX
dXBsb2FkLnZpZGVvLmdvb2dsZS5jb22CFCouY2xpZW50cy5nb29nbGUuY29tghEq
LmRvY3MuZ29vZ2xlLmNvbYISKi5kcml2ZS5nb29nbGUuY29tghMqLmdkYXRhLnlv
dXR1YmUuY29tghAqLmdvb2dsZWFwaXMuY29tghMqLnBob3Rvcy5nb29nbGUuY29t
ghcqLnlvdXR1YmUtM3JkLXBhcnR5LmNvbYIRdXBsb2FkLmdvb2dsZS5jb22CEyou
dXBsb2FkLmdvb2dsZS5jb22CEnVwbG9hZC55b3V0dWJlLmNvbYIUKi51cGxvYWQu
eW91dHViZS5jb22CH3VwbG9hZHMuc3RhZ2UuZ2RhdGEueW91dHViZS5jb22CFWJn
LWNhbGwtZG9uYXRpb24uZ29vZ4IbYmctY2FsbC1kb25hdGlvbi1hbHBoYS5nb29n
ghxiZy1jYWxsLWRvbmF0aW9uLWNhbmFyeS5nb29nghliZy1jYWxsLWRvbmF0aW9u
LWRldi5nb29nMCEGA1UdIAQaMBgwCAYGZ4EMAQIBMAwGCisGAQQB1nkCBQMwPAYD
VR0fBDUwMzAxoC+gLYYraHR0cDovL2NybHMucGtpLmdvb2cvZ3RzMWMzL3pkQVR0
MEV4X0ZrLmNybDCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB1ALNzdwfhhFD4Y4bW
BancEQlKeS2xZwwLh9zwAw55NqWaAAABh7NaL3sAAAQDAEYwRAIgPJ8i+m5FJHuO
qSoiL1a8MzoUV/by1jPiwqW2CvyvoRMCIB+MrCUaEPZcc4lLvuXxA9Xv55Hy/aiG
f+JfTSRVsH9xAHcArfe++nz/EMiLnT2cHj4YarRnKV3PsQwkyoWGNOvcgooAAAGH
s1ovkwAABAMASDBGAiEApuSxyx1u9VwzgtjTv8VgVZj7ZkRJcAVV4gasPEUSft4C
IQCdB8CEK35/P8eYk8+EecAYfJ9gzVJLNbUjKJ7iM5kkATANBgkqhkiG9w0BAQsF
AAOCAQEAClH1vHSTcKgN1J643wLbxtddXMKRqQHvXSY5S2tMLtgpbyX5hyxENqtJ
y0I44MdEFwoTjWlLspRG7ThgyVZhbnCRBEk8JVch8ivnu7cS9v9N+7h/VvyH+xxR
x/cCan7Ps9HE8PpEXNMDKe71oyE3I57lwbVTGQXtcuhacDnRulcYws+YUBCLlMWm
pYo4598a4q28Q7CNrqy6Kg4AP1sxNXwSlwsO21TAOOzrYX8Y4jtikmOO+/URUk1G
5cHSI/C+ymoNGG18qV61zMr67/t436VXaFvCfZOJI/H5c7KsU2qtDbvzSZiNUnhO
0LVl/rB0suTw73xhHUhvFcFasB5AAw==
-----END CERTIFICATE-----
I load that in from resources successfully after init.
heres the relevant code snippet, of which i just call test_wolf()
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>
#include <wolfssl/test.h>
#ifdef _WIN32
# include <Winsock2.h>
#else
# include <arpa/inet.h>
#endif
#include <errno.h>
#define MAX_SIZE 2048
void test_wolf() {
int sockfd;
int ret;
char buffer[MAX_SIZE];
const char* domain = "googleapis_url_here"; // please replace with instructions
const char* port = "443";
const char* url = "/youtube/v3/search?part=snippet&channelId=UCpVm7bg6pXKo1Pr6k5kxG9A&maxResults=1&key=AIzaSyAg4nh93xKESkGZvv7Ocv2PBBFAM1jyDSs";
WOLFSSL_CTX* ctx;
WOLFSSL* ssl;
struct addrinfo hints, *res;
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
if (getaddrinfo(domain, port, &hints, &res) != 0) {
perror("getaddrinfo error");
return -1;
}
sockfd = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
if (sockfd < 0) {
perror("socket error");
return -1;
}
if (connect(sockfd, res->ai_addr, res->ai_addrlen) < 0) {
perror("connect error");
return -1;
}
/// Initialize wolfSSL
wolfSSL_Debugging_ON();
wolfSSL_Init();
//wolfSSL_Debugging_ON(); /// tried before and after
/// Create and initialize WOLFSSL_CTX
ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
if (ctx == NULL) {
printf("wolfSSL_CTX_new error.\n");
return -1;
}
/// tried with and without this
if (wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, domain, strlen(domain)) != WOLFSSL_SUCCESS) {
printf("Error setting SNI\n");
return -1;
}
/// load in trust cert
path p = fmt { "trust/{0}.crt", { str(domain) }};
if (wolfSSL_CTX_load_verify_locations(ctx, p.cs(), null) != SSL_SUCCESS)
console.fault("trust not found: {0}", { str(p) });
else
console.log("loaded trust"); // this runs, i just have a trust/www.googleapis.com.crt
/// Create a WOLFSSL object
ssl = wolfSSL_new(ctx);
if (ssl == NULL) {
printf("wolfSSL_new error.\n");
return -1;
}
/// Associate the file descriptor with the WOLFSSL object
ret = wolfSSL_set_fd(ssl, sockfd);
if (ret != SSL_SUCCESS) {
printf("wolfSSL_set_fd error.\n");
return -1;
}
/// Send HTTPS request
snprintf(buffer, sizeof(buffer),
"GET %s HTTP/1.1\r\n"
"Host: %s\r\n"
"Connection: close\r\n"
"\r\n", url, domain);
printf("requesting url: %s\n", url);
ret = wolfSSL_write(ssl, buffer, strlen(buffer));
if (ret <= 0) {
int err = wolfSSL_get_error(ssl, ret);
char err_msg[80];
wolfSSL_ERR_error_string(err, err_msg);
printf("wolfSSL_write error: %s\n", err_msg);
printf("wolfSSL_write error.\n");
return -1;
}
/// Receive and print HTTPS response
do {
memset(buffer, 0, sizeof(buffer));
ret = wolfSSL_read(ssl, buffer, sizeof(buffer) - 1);
if (ret > 0) {
printf("%s", buffer);
}
} while (ret > 0);
/// Cleanup and return
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
close(sockfd);
freeaddrinfo(res);
return 0;
}