Topic: Don't have RSA

I wrote the server and client by myself. I tested it with my own certificate chain and verified the server and client handshake. My server has a 4-layer certificate chain, including the root certificate, intermediate certificate 1, intermediate certificate 2, and leaf certificate. I checked the log and it reported: Don't have RSA. Has anyone encountered this problem? I will attach the logs of my server and client.

server log:
info, level:(2) wolfSSL Entering wolfSSL_Init
info, level:(2) wolfSSL Entering wolfCrypt_Init
info, level:(2) wolfSSL Entering TLSv1_2_server_method_ex
info, level:(2) wolfSSL Entering wolfSSL_CTX_new_ex
info, level:(2) wolfSSL Entering wolfSSL_CertManagerNew
info, level:(1) heap param is null
info, level:(1) DYNAMIC_TYPE_CERT_MANAGER Allocating = 184 bytes
info, level:(3) wolfSSL Leaving wolfSSL_CTX_new_ex, return 0
info, new ctx success!
info, level:(2) wolfSSL Entering wolfSSL_CTX_use_certificate_chain_buffer_format
info, level:(2) wolfSSL Entering PemToDer
info, level:(1) Processing Cert Chain
info, level:(2) wolfSSL Entering PemToDer
info, level:(1)    Consumed another Cert in Chain
info, level:(2) wolfSSL Entering PemToDer
info, level:(1)    Consumed another Cert in Chain
info, level:(1) Finished Processing Cert Chain
info, level:(1) Checking cert signature type
info, level:(1) Getting Cert Name
info, level:(1) Getting Cert Name
info, level:(2) wolfSSL Entering GetAlgoId
info, level:(1) ECDSA/ED25519/ED448 cert signature
info, load cer buffer success!
info, level:(2) wolfSSL Entering wolfSSL_CTX_use_PrivateKey_buffer
info, level:(2) wolfSSL Entering PemToDer
info, level:(3) wolfSSL Leaving wolfSSL_CTX_use_PrivateKey_buffer, return 1
info, level:(2) wolfSSL Entering check_cert_key
info, level:(1) Getting Cert Name
info, level:(1) Getting Cert Name
info, level:(2) wolfSSL Entering GetAlgoId
info, level:(2) wolfSSL Entering DecodeCertExtensions
info, ckh test oid:(128)
info, level:(2) wolfSSL Entering DecodeSubjKeyId
info, ckh test oid:(131)
info, level:(2) wolfSSL Entering DecodeAltNames
info, ckh test oid:(149)
info, level:(2) wolfSSL Entering DecodeAuthKeyId
info, ckh test oid:(69)
info, level:(2) wolfSSL Entering DecodeAuthInfo
info, ckh test oid:(129)
info, level:(2) wolfSSL Entering DecodeKeyUsage
info, verify:0, criticalExt:0
selfSigned:(0)
type:(0)
verify:(0)
cert->extAuthKeyIdSet:(1)
cert->ca:((null))
int,type:0
info, level:(1) Checking ECC key pair
info, level:(2) wolfSSL Entering wolfSSL_CTX_set_cipher_list
info, load key buffer success!
info, tcp server init sucess! wait tcp connect!
info, level:(2) wolfSSL Entering wolfSSL_new
info, level:(2) wolfSSL Entering ReinitSSL
info, level:(1) RNG_HEALTH_TEST_CHECK_SIZE = 128
info, level:(1) sizeof(seedB_data)         = 128
info, level:(1) opened /dev/urandom.
info, level:(1) rnd read...
info, level:(2) wolfSSL Entering SetSSL_CTX
info, level:(2) wolfSSL Entering wolfSSL_NewSession
info, level:(1) InitSSL done. return 0 (success)
info, level:(1) wolfSSL_new InitSSL success
info, level:(3) wolfSSL Leaving wolfSSL_new InitSSL =, return 0
info, level:(2) wolfSSL Entering wolfSSL_accept
info, level:(2) wolfSSL Entering ReinitSSL
info, level:(2) wolfSSL Entering RetrySendAlert
info, level:(2) wolfSSL Entering RetrySendAlert
my_callbackiorecv sz:(5)
rbuf ret:(5)
info, level:(1) growing input buffer
my_callbackiorecv sz:(99)
rbuf ret:(99)
info, level:(1) received record layer msg
info, level:(1) got HANDSHAKE
info, level:(2) wolfSSL Entering DoHandShakeMsg
info, level:(2) wolfSSL Entering EarlySanityCheckMsgReceived
info, level:(3) wolfSSL Leaving EarlySanityCheckMsgReceived, return 0
info, level:(2) wolfSSL Entering DoHandShakeMsgType
info, level:(1) processing client hello
info, level:(2) wolfSSL Entering DoClientHello
info, level:(1) Matched No Compression
info, level:(1) Adding signature algorithms extension
info, level:(1) Signature Algorithms extension received
info, level:(1) Point Formats extension received
info, level:(1) Supported Groups extension received
info, level:(2) wolfSSL Entering MatchSuite
info, level:(2) wolfSSL Entering VerifyServerSuite
info, level:(1) Requires RSA
info, level:(1) Don't have RSA
info, level:(1) Could not verify suite validity, continue
info, level:(2) wolfSSL Entering VerifyServerSuite
info, level:(1) Requires ECC
info, level:(1) Verified suite validity
info, level:(3) wolfSSL Leaving DoClientHello, return 0
info, level:(3) wolfSSL Leaving DoHandShakeMsgType(), return 0
info, level:(3) wolfSSL Leaving DoHandShakeMsg(), return 0
info, level:(1) Shrinking input buffer
info, level:(1) accept state ACCEPT_FIRST_REPLY_DONE
info, level:(2) wolfSSL Entering SendServerHello
info, level:(1) growing output buffer
info, level:(2) wolfSSL Entering wolfSSL_get_options
info, level:(1) Point Formats extension to write
my_callbackiosend sz:(87)
info, level:(1) Shrinking output buffer
info, level:(3) wolfSSL Leaving SendServerHello, return 0
info, level:(1) accept state SERVER_HELLO_SENT
info, level:(2) wolfSSL Entering SendCertificate
info, level:(1) growing output buffer
my_callbackiosend sz:(1768)
info, level:(1) Shrinking output buffer
info, level:(3) wolfSSL Leaving SendCertificate, return 0
info, level:(1) accept state CERT_SENT
info, level:(2) wolfSSL Entering SendCertificateStatus
info, level:(3) wolfSSL Leaving SendCertificateStatus, return 0
info, level:(1) accept state CERT_STATUS_SENT
info, level:(2) wolfSSL Entering SendServerKeyExchange
info, level:(1) Using ephemeral ECDH
info, level:(2) wolfSSL Entering EccMakeKey
info, level:(3) wolfSSL Leaving EccMakeKey, return 0
info, level:(1) Trying ECC private key, RSA didn't work
info, level:(1) Using ECC private key
info, level:(2) wolfSSL Entering EccSign
info, level:(3) wolfSSL Leaving EccSign, return 0
info, level:(2) wolfSSL Entering SendHandshakeMsg
info, level:(1) growing output buffer
my_callbackiosend sz:(153)
info, level:(1) Shrinking output buffer
info, level:(3) wolfSSL Leaving SendServerKeyExchange, return 0
info, level:(1) accept state KEY_EXCHANGE_SENT
info, level:(1) accept state CERT_REQ_SENT
info, level:(2) wolfSSL Entering SendServerHelloDone
info, level:(1) growing output buffer
my_callbackiosend sz:(9)
info, level:(1) Shrinking output buffer
info, level:(3) wolfSSL Leaving SendServerHelloDone, return 0
info, level:(1) accept state SERVER_HELLO_DONE
info, level:(2) wolfSSL Entering RetrySendAlert
my_callbackiorecv sz:(5)

client log:
info, level:(2) wolfSSL Entering wolfSSL_Init
info, level:(2) wolfSSL Entering wolfCrypt_Init
info, level:(2) wolfSSL Entering TLSv1_2_client_method_ex
info, level:(2) wolfSSL Entering wolfSSL_CTX_new_ex
info, level:(2) wolfSSL Entering wolfSSL_CertManagerNew
info, level:(1) heap param is null
info, level:(1) DYNAMIC_TYPE_CERT_MANAGER Allocating = 184 bytes
info, level:(3) wolfSSL Leaving wolfSSL_CTX_new_ex, return 0
info, level:(2) wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex
info, level:(1) Processing CA PEM file
info, level:(2) wolfSSL Entering PemToDer
info, level:(1) Adding a CA
info, level:(1) Getting Cert Name
info, level:(1) Getting Cert Name
info, level:(2) wolfSSL Entering GetAlgoId
info, level:(2) wolfSSL Entering DecodeCertExtensions
info, ckh test oid:(151)
info, level:(2) wolfSSL Entering DecodeExtKeyUsage
info, ckh test oid:(133)
info, level:(2) wolfSSL Entering DecodeBasicCaConstraint
info, ckh test oid:(128)
info, level:(2) wolfSSL Entering DecodeSubjKeyId
info, ckh test oid:(146)
info, level:(2) wolfSSL Entering DecodeCertPolicy
info, level:(3) wolfSSL Leaving DecodeCertPolicy, return 0
info, ckh test oid:(149)
info, level:(2) wolfSSL Entering DecodeAuthKeyId
info, ckh test oid:(129)
info, level:(2) wolfSSL Entering DecodeKeyUsage
info, verify:1, criticalExt:0
selfSigned:(1)
type:(6)
verify:(1)
cert->extAuthKeyIdSet:(1)
int,type:6
info, level:(1)         Parsed new CA
info, level:(1)         Freeing Parsed CA
info, level:(1)         Freeing der CA
info, level:(1)                 OK Freeing der CA
info, level:(3) wolfSSL Leaving AddCA, return 0
info, level:(1)    Processed a CA
info, level:(1) Processed at least one valid CA. Other stuff OK
info, level:(3) wolfSSL Leaving wolfSSL_CTX_load_verify_buffer_ex, return 1
info, create tcp client success!
info, connect success! socketfd:(3)
info, connect baidu.com success!
info, level:(2) wolfSSL Entering wolfSSL_new
info, level:(2) wolfSSL Entering ReinitSSL
info, level:(1) RNG_HEALTH_TEST_CHECK_SIZE = 128
info, level:(1) sizeof(seedB_data)         = 128
info, level:(1) opened /dev/urandom.
info, level:(1) rnd read...
info, level:(2) wolfSSL Entering SetSSL_CTX
info, level:(2) wolfSSL Entering wolfSSL_NewSession
info, level:(1) InitSSL done. return 0 (success)
info, level:(1) wolfSSL_new InitSSL success
info, level:(3) wolfSSL Leaving wolfSSL_new InitSSL =, return 0
info, level:(1) TLS 1.2 or lower
info, level:(2) wolfSSL Entering wolfSSL_connect
info, level:(2) wolfSSL Entering ReinitSSL
info, level:(2) wolfSSL Entering RetrySendAlert
info, level:(2) wolfSSL Entering SendClientHello
info, level:(1) Adding signature algorithms extension
info, level:(1) growing output buffer
info, level:(1) Signature Algorithms extension to write
info, level:(1) Point Formats extension to write
info, level:(1) Supported Groups extension to write
my_callbackiosend sz:(104)
info, level:(1) Shrinking output buffer
info, level:(3) wolfSSL Leaving SendClientHello, return 0
info, level:(1) connect state: CLIENT_HELLO_SENT
info, level:(1) Server state up to needed state.
info, level:(1) Progressing server state...
info, level:(1) ProcessReply...
info, level:(2) wolfSSL Entering RetrySendAlert
my_callbackiorecv sz:(5)
rbuf ret:(5)
info, level:(1) growing input buffer
my_callbackiorecv sz:(82)
rbuf ret:(82)
info, level:(1) received record layer msg
info, level:(1) got HANDSHAKE
info, level:(2) wolfSSL Entering DoHandShakeMsg
info, level:(2) wolfSSL Entering EarlySanityCheckMsgReceived
info, level:(3) wolfSSL Leaving EarlySanityCheckMsgReceived, return 0
info, level:(2) wolfSSL Entering DoHandShakeMsgType
info, level:(1) processing server hello
info, level:(2) wolfSSL Entering DoServerHello
info, level:(1) Point Formats extension received
info, level:(2) wolfSSL Entering wolfSSL_get_options
info, level:(2) wolfSSL Entering VerifyClientSuite
info, level:(3) wolfSSL Leaving DoServerHello, return 0
info, level:(3) wolfSSL Leaving DoHandShakeMsgType(), return 0
info, level:(3) wolfSSL Leaving DoHandShakeMsg(), return 0
info, level:(1) Shrinking input buffer
info, level:(1) ProcessReply done.
info, level:(1) Progressing server state...
info, level:(1) ProcessReply...
info, level:(2) wolfSSL Entering RetrySendAlert
my_callbackiorecv sz:(5)
rbuf ret:(5)
info, level:(1) growing input buffer
my_callbackiorecv sz:(1763)
rbuf ret:(1763)
info, level:(1) received record layer msg
info, level:(1) got HANDSHAKE
info, level:(2) wolfSSL Entering DoHandShakeMsg
info, level:(2) wolfSSL Entering EarlySanityCheckMsgReceived
info, level:(3) wolfSSL Leaving EarlySanityCheckMsgReceived, return 0
info, level:(2) wolfSSL Entering DoHandShakeMsgType
info, level:(1) processing certificate
info, level:(2) wolfSSL Entering DoCertificate
info, level:(2) wolfSSL Entering ProcessPeerCerts
info, level:(1) Loading peer's cert chain
info, level:(1)         Put another cert into chain
info, level:(1)         Put another cert into chain
info, level:(1)         Put another cert into chain
info, level:(1) Getting Cert Name
info, level:(1) Getting Cert Name
info, level:(2) wolfSSL Entering GetAlgoId
info, level:(2) wolfSSL Entering DecodeCertExtensions
info, ckh test oid:(133)
info, level:(2) wolfSSL Entering DecodeBasicCaConstraint
info, ckh test oid:(128)
info, level:(2) wolfSSL Entering DecodeSubjKeyId
info, ckh test oid:(149)
info, level:(2) wolfSSL Entering DecodeAuthKeyId
info, ckh test oid:(69)
info, level:(2) wolfSSL Entering DecodeAuthInfo
info, ckh test oid:(129)
info, level:(2) wolfSSL Entering DecodeKeyUsage
info, verify:1, criticalExt:0
selfSigned:(0)
type:(38)
verify:(1)
cert->extAuthKeyIdSet:(1)
info, signers:(), row:(8)
info, ret:([)
cert->ca:([)
info, level:(1) CA found
int,type:38
info, level:(2) wolfSSL Entering ConfirmSignature
info, level:(3) wolfSSL Leaving ConfirmSignature, return 0
info, level:(1) Adding CA from chain
info, level:(1) Modifying SSL_CTX CM not SSL specific CM
info, level:(1) Adding a CA
info, level:(1) Getting Cert Name
info, level:(1) Getting Cert Name
info, level:(2) wolfSSL Entering GetAlgoId
info, level:(2) wolfSSL Entering DecodeCertExtensions
info, ckh test oid:(133)
info, level:(2) wolfSSL Entering DecodeBasicCaConstraint
info, ckh test oid:(128)
info, level:(2) wolfSSL Entering DecodeSubjKeyId
info, ckh test oid:(149)
info, level:(2) wolfSSL Entering DecodeAuthKeyId
info, ckh test oid:(69)
info, level:(2) wolfSSL Entering DecodeAuthInfo
info, ckh test oid:(129)
info, level:(2) wolfSSL Entering DecodeKeyUsage
info, verify:0, criticalExt:0
selfSigned:(0)
type:(6)
verify:(0)
cert->extAuthKeyIdSet:(1)
info, signers:(), row:(8)
info, ret:([)
cert->ca:([)
info, level:(1) CA found
int,type:6
info, level:(1)         Parsed new CA
info, level:(1)         Freeing Parsed CA
info, level:(1)         Freeing der CA
info, level:(1)                 OK Freeing der CA
info, level:(3) wolfSSL Leaving AddCA, return 0
info, level:(1) Getting Cert Name
info, level:(1) Getting Cert Name
info, level:(2) wolfSSL Entering GetAlgoId
info, level:(2) wolfSSL Entering DecodeCertExtensions
info, ckh test oid:(133)
info, level:(2) wolfSSL Entering DecodeBasicCaConstraint
info, ckh test oid:(128)
info, level:(2) wolfSSL Entering DecodeSubjKeyId
info, ckh test oid:(149)
info, level:(2) wolfSSL Entering DecodeAuthKeyId
info, ckh test oid:(69)
info, level:(2) wolfSSL Entering DecodeAuthInfo
info, ckh test oid:(129)
info, level:(2) wolfSSL Entering DecodeKeyUsage
info, verify:1, criticalExt:0
selfSigned:(0)
type:(38)
verify:(1)
cert->extAuthKeyIdSet:(1)
info, signers:(), row:(1)
info, ret:([)
cert->ca:([)
info, level:(1) CA found
int,type:38
info, level:(2) wolfSSL Entering ConfirmSignature
info, level:(3) wolfSSL Leaving ConfirmSignature, return 0
info, level:(1) Adding CA from chain
info, level:(1) Modifying SSL_CTX CM not SSL specific CM
info, level:(1) Adding a CA
info, level:(1) Getting Cert Name
info, level:(1) Getting Cert Name
info, level:(2) wolfSSL Entering GetAlgoId
info, level:(2) wolfSSL Entering DecodeCertExtensions
info, ckh test oid:(133)
info, level:(2) wolfSSL Entering DecodeBasicCaConstraint
info, ckh test oid:(128)
info, level:(2) wolfSSL Entering DecodeSubjKeyId
info, ckh test oid:(149)
info, level:(2) wolfSSL Entering DecodeAuthKeyId
info, ckh test oid:(69)
info, level:(2) wolfSSL Entering DecodeAuthInfo
info, ckh test oid:(129)
info, level:(2) wolfSSL Entering DecodeKeyUsage
info, verify:0, criticalExt:0
selfSigned:(0)
type:(6)
verify:(0)
cert->extAuthKeyIdSet:(1)
info, signers:(), row:(1)
info, ret:([)
cert->ca:([)
info, level:(1) CA found
int,type:6
info, level:(1)         Parsed new CA
info, level:(1)         Freeing Parsed CA
info, level:(1)         Freeing der CA
info, level:(1)                 OK Freeing der CA
info, level:(3) wolfSSL Leaving AddCA, return 0
info, level:(1) Verifying Peer's cert
info, level:(1) Getting Cert Name
info, level:(1) Getting Cert Name
info, level:(2) wolfSSL Entering GetAlgoId
info, level:(2) wolfSSL Entering DecodeCertExtensions
info, ckh test oid:(128)
info, level:(2) wolfSSL Entering DecodeSubjKeyId
info, ckh test oid:(131)
info, level:(2) wolfSSL Entering DecodeAltNames
info, ckh test oid:(149)
info, level:(2) wolfSSL Entering DecodeAuthKeyId
info, ckh test oid:(69)
info, level:(2) wolfSSL Entering DecodeAuthInfo
info, ckh test oid:(129)
info, level:(2) wolfSSL Entering DecodeKeyUsage
info, verify:1, criticalExt:0
selfSigned:(0)
type:(0)
verify:(1)
cert->extAuthKeyIdSet:(1)
info, signers:(), row:(4)
info, ret:([)
cert->ca:([)
info, level:(1) CA found
int,type:0
info, level:(2) wolfSSL Entering ConfirmSignature
info, level:(3) wolfSSL Leaving ConfirmSignature, return 0
info, level:(1) Verified Peer's cert
info, level:(3) wolfSSL Leaving ProcessPeerCerts, return 0
info, level:(3) wolfSSL Leaving DoCertificate, return 0
info, level:(3) wolfSSL Leaving DoHandShakeMsgType(), return 0
info, level:(3) wolfSSL Leaving DoHandShakeMsg(), return 0
info, level:(1) Shrinking input buffer
info, level:(1) ProcessReply done.
info, level:(1) Progressing server state...
info, level:(1) ProcessReply...
info, level:(2) wolfSSL Entering RetrySendAlert
my_callbackiorecv sz:(5)
rbuf ret:(5)
info, level:(1) growing input buffer
my_callbackiorecv sz:(148)
rbuf ret:(148)
info, level:(1) received record layer msg
info, level:(1) got HANDSHAKE
info, level:(2) wolfSSL Entering DoHandShakeMsg
info, level:(2) wolfSSL Entering EarlySanityCheckMsgReceived
info, level:(3) wolfSSL Leaving EarlySanityCheckMsgReceived, return 0
info, level:(2) wolfSSL Entering DoHandShakeMsgType
info, level:(1) processing server key exchange
info, level:(2) wolfSSL Entering DoServerKeyExchange
info, level:(2) wolfSSL Entering EccVerify
info, level:(3) wolfSSL Leaving EccVerify, return -330
info, level:(3) wolfSSL Leaving DoServerKeyExchange, return -330
info, level:(3) wolfSSL Leaving DoHandShakeMsgType(), return -330
info, level:(3) wolfSSL Leaving DoHandShakeMsg(), return -330
info, level:(0) wolfSSL error occurred, error = -330
info, level:(0) wolfSSL error occurred, error = -330
info, ret:(-1)
info, ssl connect falied!
info, level:(2) wolfSSL Entering wolfSSL_write
info, level:(1) handshake not complete, trying to finish
info, level:(2) wolfSSL Entering wolfSSL_negotiate
info, level:(1) TLS 1.2 or lower
info, level:(2) wolfSSL Entering wolfSSL_connect
info, level:(2) wolfSSL Entering ReinitSSL
info, level:(2) wolfSSL Entering RetrySendAlert
info, level:(1) Server state up to needed state.
info, level:(1) Progressing server state...
info, level:(1) ProcessReply...
info, level:(1) ProcessReply retry in error state, not allowed
info, level:(0) wolfSSL error occurred, error = -330
info, level:(3) wolfSSL Leaving wolfSSL_negotiate, return -1
info, level:(3) wolfSSL Leaving wolfSSL_write, return -1
info.http send ret:(-1)
info, level:(2) wolfSSL Entering wolfSSL_read
info, level:(2) wolfSSL Entering wolfSSL_read_internal
info, level:(2) wolfSSL Entering ReceiveData
info, level:(1) User calling wolfSSL_read in error state, not allowed
info, level:(3) wolfSSL Leaving wolfSSL_read_internal, return -330
rbuf ret:(-1) rbuf:()

Share

Re: Don't have RSA

Hi chenkanghao001,

Here is a relevant piece of code that shows up in your debug message:

        if (CipherRequires(first, second, REQUIRES_RSA)) {
            WOLFSSL_MSG("Requires RSA");
            if (ssl->options.haveRSA == 0) {
                WOLFSSL_MSG("Don't have RSA");
                return 0;
            }
        }

Can I ask you how you configure and build wolfssl? Can you let us know what configuration flags you use? 

Also, can you give us some hints as to how you initialize your server and client?

I ask these things because perhaps you are disabling RSA somehow.

Warm regards, Anthony

Share

Re: Don't have RSA

There is another possibility that the root cause of your failure is here:

 wolfSSL Leaving EccVerify, return -330

Can you please also share your certificates and what ECC curves you share in those certificates?

Share

Re: Don't have RSA

I think I messed up the code yesterday. I restarted my computer today and rewrote the experiment. It works. Sorry to disturb your time.

Share

Re: Don't have RSA

Good to know!  Glad you got it resolved.  Can you let us know a bit about yourself?
Where are you located?
What are your goals?
Is the nature of this project academic, commercial, or personal?
We love knowing how our code is being used and any information you are willing to share helps us to better understand our user base.

Warm regards, Anthony

Share

Re: Don't have RSA

Hello

I am currently testing this for personal use. I will test some features that are not available in mbedtls

Share

Re: Don't have RSA

Thanks for letting me know. If you would like to share more details about yourself and your project in a more private setting, please email me at anthony@wolfssl.com.

Warm regards,  Anthony

Share