Topic: Not connecting

Working on a legacy embedded IoT device. enabled debug, do not see why the connection is not made.

running 3.8.0 library libctaocrypt_fp0_debug.a

====
[wolf] wolfSSL Entering WOLFSSL_CTX_new
[wolf] wolfSSL Entering wolfSSL_CertManagerNew
[wolf] wolfSSL Leaving WOLFSSL_CTX_new, return 0
[wolf] wolfSSL Entering wolfSSL_CTX_load_verify_buffer
[wolf] Processing CA PEM file
[wolf] wolfSSL Entering PemToDer
[wolf] Adding a CA
[wolf] wolfSSL Entering GetExplicitVersion
[wolf] wolfSSL Entering GetMyVersion
[wolf] Got Cert Header
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Algo ID
[wolf] Getting Cert Name
[wolf] Getting Cert Name
[wolf] Got Subject Name
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Key
[wolf] Parsed Past Key
[wolf] wolfSSL Entering DecodeCertExtensions
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeBasicCaConstraint
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeKeyUsage
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeSubjKeyId
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf]     Parsed new CA
[wolf]     Freeing Parsed CA
[wolf]     Freeing der CA
[wolf]         OK Freeing der CA
[wolf] wolfSSL Leaving AddCA, return 0
[wolf]    Processed a CA
[wolf] wolfSSL Entering PemToDer
[wolf] Couldn't find PEM header
[wolf] CA Parse failed, no progress in file.
[wolf] Do not continue search for other certs in file
[wolf] Processed at least one valid CA. Other stuff OK
[wolf] wolfSSL Entering wolfSSL_CTX_use_certificate_buffer
[wolf] wolfSSL Entering PemToDer
[wolf] Checking cert signature type
[wolf] wolfSSL Entering GetExplicitVersion
[wolf] wolfSSL Entering GetMyVersion
[wolf] Got Cert Header
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Algo ID
[wolf] Getting Cert Name
[wolf] Getting Cert Name
[wolf] Got Subject Name
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Key
[wolf] Not ECDSA cert signature
[wolf] wolfSSL Entering wolfSSL_CTX_use_PrivateKey_buffer
[wolf] wolfSSL Entering PemToDer
[wolf] wolfSSL Entering GetMyVersion
[wolf] wolfSSL Entering wolfSSL_CTX_set_verify
[wolf] wolfSSL Entering SSL_new
[wolf] wolfSSL Leaving SSL_new, return 0
[wolf] wolfSSL Entering SSL_set_fd
[wolf] wolfSSL Leaving SSL_set_fd, return 1
[wolf] wolfSSL Entering SSL_connect()
[wolf] growing output buffer

[wolf] Shrinking output buffer

[wolf] connect state: CLIENT_HELLO_SENT
[wolf] growing input buffer

[wolf] received record layer msg
[wolf] wolfSSL Entering DoHandShakeMsg()
[wolf] wolfSSL Entering DoHandShakeMsgType
[wolf] processing server hello
[wolf] wolfSSL Entering VerifyClientSuite
[wolf] wolfSSL Leaving DoHandShakeMsgType(), return 0
[wolf] wolfSSL Leaving DoHandShakeMsg(), return 0
[wolf] growing input buffer

[wolf] received record layer msg
[wolf] wolfSSL Entering DoHandShakeMsg()
[wolf] wolfSSL Entering DoHandShakeMsgType
[wolf] processing certificate
[wolf] Loading peer's cert chain
[wolf]     Put another cert into chain
[wolf]     Put another cert into chain
[wolf]     Put another cert into chain
[wolf]     Put another cert into chain
[wolf] wolfSSL Entering GetExplicitVersion
[wolf] wolfSSL Entering GetMyVersion
[wolf] Got Cert Header
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Algo ID
[wolf] Getting Cert Name
[wolf] Getting Cert Name
[wolf] Got Subject Name
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Key
[wolf] Parsed Past Key
[wolf] wolfSSL Entering DecodeCertExtensions
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeBasicCaConstraint
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeKeyUsage
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeSubjKeyId
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeAuthKeyId
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeAuthInfo
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeCrlDist
[wolf] wolfSSL Entering GetObjectId()
[wolf] Certificate Policy extension not supported yet.
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Chain cert not verified by option, not adding as CA

[wolf] wolfSSL Entering GetExplicitVersion
[wolf] wolfSSL Entering GetMyVersion
[wolf] Got Cert Header
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Algo ID
[wolf] Getting Cert Name
[wolf] Getting Cert Name
[wolf] Got Subject Name
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Key
[wolf] Parsed Past Key
[wolf] wolfSSL Entering DecodeCertExtensions
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeBasicCaConstraint
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeKeyUsage
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeSubjKeyId
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeAuthKeyId
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeAuthInfo
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeCrlDist
[wolf] wolfSSL Entering GetObjectId()
[wolf] Certificate Policy extension not supported yet.
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Chain cert not verified by option, not adding as CA
[wolf] wolfSSL Entering GetExplicitVersion
[wolf] wolfSSL Entering GetMyVersion
[wolf] Got Cert Header
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Algo ID
[wolf] Getting Cert Name
[wolf] Getting Cert Name
[wolf] Got Subject Name
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Key
[wolf] Parsed Past Key
[wolf] wolfSSL Entering DecodeCertExtensions
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeBasicCaConstraint
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeKeyUsage
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeExtKeyUsage
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeSubjKeyId
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeAuthKeyId
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeAuthInfo
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeCrlDist
[wolf] wolfSSL Entering GetObjectId()
[wolf] Certificate Policy extension not supported yet.
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Chain cert not verified by option, not adding as CA
[wolf] Verifying Peer's cert
[wolf] wolfSSL Entering GetExplicitVersion
[wolf] wolfSSL Entering GetMyVersion
[wolf] Got Cert Header
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Algo ID
[wolf] Getting Cert Name
[wolf] Getting Cert Name
[wolf] Got Subject Name
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Key
[wolf] Parsed Past Key
[wolf] wolfSSL Entering DecodeCertExtensions
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeAuthKeyId
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeSubjKeyId
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeAltNames
[wolf] wolfSSL Entering GetObjectId()
[wolf] Certificate Policy extension not supported yet.
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeKeyUsage
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeExtKeyUsage
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeCrlDist
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeAuthInfo
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeBasicCaConstraint
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Verified Peer's cert
[wolf] wolfSSL Leaving DoHandShakeMsgType(), return 0
[wolf] wolfSSL Leaving DoHandShakeMsg(), return 0
[wolf] received record layer msg
[wolf] wolfSSL Entering DoHandShakeMsg()
[wolf] wolfSSL Entering DoHandShakeMsgType
[wolf] processing server key exchange
[wolf] wolfSSL Leaving DoHandShakeMsgType(), return 0
[wolf] wolfSSL Leaving DoHandShakeMsg(), return 0
[wolf] received record layer msg
[wolf] wolfSSL Entering DoHandShakeMsg()
[wolf] wolfSSL Entering DoHandShakeMsgType
[wolf] processing certificate request
[wolf] wolfSSL Leaving DoHandShakeMsgType(), return 0
[wolf] wolfSSL Leaving DoHandShakeMsg(), return 0
[wolf] received record layer msg
[wolf] wolfSSL Entering DoHandShakeMsg()
[wolf] wolfSSL Entering DoHandShakeMsgType
[wolf] processing server hello done
[wolf] wolfSSL Leaving DoHandShakeMsgType(), return 0
[wolf] wolfSSL Leaving DoHandShakeMsg(), return 0
[wolf] connect state: HELLO_AGAIN
[wolf] connect state: HELLO_AGAIN_REPLY
[wolf] connect state: FIRST_REPLY_DONE
[wolf] growing output buffer

[wolf] Shrinking output buffer

[wolf] sent: certificate
[wolf] connect state: FIRST_REPLY_FIRST
[wolf] growing output buffer

[wolf] Shrinking output buffer

[wolf] sent: client key exchange
[wolf] connect state: FIRST_REPLY_SECOND
[wolf] growing output buffer

[wolf] wolfSSL Entering GetMyVersion
[wolf] wolfSSL Entering VerifyRsaSign
[wolf] Shrinking output buffer

[wolf] sent: certificate verify
[wolf] connect state: FIRST_REPLY_THIRD
[wolf] growing output buffer

[wolf] Shrinking output buffer

[wolf] sent: change cipher spec
[wolf] connect state: FIRST_REPLY_FOURTH
[wolf] growing output buffer

[wolf] Shrinking output buffer

[wolf] sent: finished
[wolf] connect state: FINISHED_DONE
[wolf] received record layer msg
[wolf] got CHANGE CIPHER SPEC
[wolf] received record layer msg
[wolf] wolfSSL Entering DoHandShakeMsg()
[wolf] wolfSSL Entering DoHandShakeMsgType
[wolf] processing finished
[wolf] wolfSSL Leaving DoHandShakeMsgType(), return 0
[wolf] wolfSSL Leaving DoHandShakeMsg(), return 0
[wolf] connect state: SECOND_REPLY_DONE
[wolf] Shrinking input buffer

[wolf] wolfSSL Leaving SSL_connect(), return 1
[wolf] wolfSSL Entering SSL_shutdown()
[wolf] growing output buffer

[wolf] Shrinking output buffer

[wolf] wolfSSL Leaving SSL_shutdown(), return 2
[wolf] wolfSSL Entering SSL_free
[wolf] CTX ref count not 0 yet, no free
[wolf] wolfSSL Leaving SSL_free, return 0
[wolf] wolfSSL Entering wolfSSL_CTX_UnloadCAs
[wolf] wolfSSL Entering wolfSSL_CertManagerUnloadCAs
[wolf] wolfSSL Entering SSL_CTX_free
[wolf] CTX ref count down to 0, doing full free
[wolf] wolfSSL Entering wolfSSL_CertManagerFree
[wolf] wolfSSL Leaving SSL_CTX_free, return 0

=====

Share

Re: Not connecting

Hi Dwayne,

Welcome to the wolfSSL Forums.

Could you tell us a bit about your project and your location for our support records?

There is not a clear error in the log you shared. It could be that the peer sent an alert, but I would have expected to see that recorded in the log. Are you able to generate a packet capture of the failing handshake?

We always recommend using the latest version of the library. Often we have already resolved issues that you may be experiencing.

Is this a new failure that was previously working? Do you know what changed?

Lastly, if you'd prefer, you can open a support ticket by emailing support@wolfssl.com

Thanks,
Eric - wolfSSL Support

3 (edited by Dwayne 2024-10-04 09:08:12)

Re: Not connecting

> Could you tell us a bit about your project and your location for our support records?

Working on a release update for existing product based on Marvell 88mw300 module.
problems talking to new cloud setup

> Are you able to generate a packet capture of the failing handshake?

running wifi, will have to create setup to capture. does the debug have a capture that can be enabled?

> Is this a new failure that was previously working? Do you know what changed?

problems talking to new aws cloud setup

Share

Re: Not connecting

Hi Dwayne,

Thanks for sharing these details. AWS has several requirements for TLS versions and extensions. It might be worthwhile to try updating the wolfSSL version. The latest release is v5.7.2

If this is related to a commercial project, you should open a new issue by emailing support@wolfssl.com or through the zendesk portal at https://wolfssl.zendesk.com.