You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by cyberrobot
Pages 1
Many thanks for your time!
Dear Chrisc,
My problems on finding the proper certificates still exists, after may trials I found some combinations that worked. Although I would be very cheerfull for a better understanding.
The combinations which worked for me are the following:
. google. com Equifax_Secure_CA.pem
. paypal. com Verisign_Class_3_Public_Primary_Certification_Authority.pem
. amazon. co.uk Verisign_Class_3_Public_Primary_Certification_Authority.pem
But the following combination make me wondering:
https:// www. microsoft. com GTE_CyberTrust_Global_Root.pem
because it did not verified.
I grabed these certificates from my Linux machine under /etc/ssl/certs path.
Could you please provide me some info about the certificated wolfssl needs in order to verify the server. I read on the wolfssl manuals that it uses the ROOT CA certifictes, these certificates are self signed rigth? If I use a self extracted and self signed certificate would it work?
Could you please provide some info or examples with public servers would be very appreciated!
Where can I find more info about the extraction of certificates and how do you extract/use them?
I use the wolfSSL_CTX_load_verify_locations() and the wolfSSL_CTX_load_verify_buffer() depending the platform I use (PC / embedded device).
Best Regards,
Cyberrobot
I have also tried with CyaSSL 3.0, but it behaves in the same manner. Without the server verification it works.
Hi I have the same problem (on Ubuntu), I copy the Root CA from a website at PEM file format and then transform it to DER via openssl and storing it in a buffer but the authentication fails.
EDIT: Finally I found the solution to my ignorance, you have to grab the ROOT certificate of the CA signed the server (It must say self signed), for google is the Equifax_Secure_CA.pem(TLS_v1.2) / amazon.uk Verisigned (TLS_v1) and it's stored to my OS as it should be.
Both CyaSSL_CTX_load_verify_locations and CyaSSL_CTX_load_verify_buffer worked like a charm.
Example : amazon.co.uk any one of these certificates fail... (find them attached on the file).
I got them with the command:
openssl s_client -showcerts -connect amazon.co.uk:443 </dev/null
I Still can't find a solution to the next one :
Another Issue is when verification fails and I try to get some info from the call of verify callback.
e.g printf(""%s",(ctx_ob->current_cert->subjectCN));
there is nothing there.... 
Hello I'm working on a wolfSSL project at the moment and I was wondering how to port some certifications on my application. The only example that works is that mention before on this thread for "vpn-students.poly.edu".
If I use a root certificate at .pem format from cacert.org the ssl authentication fails:
Failed to verify Peer's cert
No callback override available, fatal
The certificate I use is attached.
The code functions I use are the following:
wolfSSL_Debugging_ON();
wolfSSL_Init();
ssl->method=wolfTLSv1_client_method();
ssl->ctx = wolfSSL_CTX_new(ssl->method);
wolfSSL_CTX_set_verify(ssl->ctx, SSL_VERIFY_PEER, 0);
wolfSSL_CTX_load_verify_locations(ssl->ctx,"./cacert.pem",0);
/*or converted with hexdump*/
wolfSSL_CTX_load_verify_buffer(sock_ssl->ctx,eco_cert,sizeof(eco_cert), SSL_FILETYPE_PEM);
ssl->ssl = wolfSSL_new(ssl->ctx);
wolfSSL_set_fd(ssl->ssl, ssl->ID);
ret=wolfSSL_connect(ssl->ssl);
if (ret!= SSL_SUCCESS){err = wolfSSL_get_error(sock_ssl->ssl, ret);}The Error Code i get is -155.... can anyone provide any advise...
Pages 1
wolfSSL - Embedded SSL Library → Posts by cyberrobot
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.015 seconds (95% PHP - 5% DB) with 4 queries