1 Reply by jackwang

(3 replies, posted in wolfSSL)

Hi Chris,

Sorry for the late response. The problem got solved. One cause is rejectUnauthorized needs to be true, the other cause is the certificate/key files were not generated correctly.

Thanks again for your support.
Jack

Go to forum: wolfSSL

2 Topic by jackwang

(3 replies, posted in wolfSSL)

I’m encountering a strange problem: Client authentication still passed even though client-cert.pem and client-key.pem are not loaded in wolfssl client. Client authentication check has been enabled at server side.

Client side (STM32F2+FreeRTOS):
1)    Add wolfssl files into my project.

2)   
#define FREERTOS
#define WOLFSSL_LWIP
#define WOLFSSL_STM32F2
#define WOLFSSL_IAR_ARM
#define WOLFSSL_STATIC_RSA

#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA

#define WOLFSSL_LOW_MEMORY
#define DEBUG_WOLFSSL
#define NO_INLINE
#define NO_WOLFSSL_SERVER
#define NO_DES3
#define NO_DH
#define NO_MD4
#define NO_RC4
#define NO_MD5
#define NO_SESSION_CACHE
#define NO_ERROR_STRINGS
#define NO_OLD_TLS
#define NO_PWDBASED
#define NO_HC128
#define NO_SHA512
#define NO_DSA
#define WC_NO_RSA_OAEP
#define NO_CERT
#define USER_TICKS
#define USER_TIME
#define USER_TIME_TJZ_DEF

3)    Key code:

wolfSSL_SetLoggingCb(wolfSSL_Logging);
wolfSSL_Debugging_ON();
wolfSSL_library_init();
wolfSSL_load_error_strings();

ssl_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
wolfSSL_CTX_set_cipher_list(ssl_ctx, "AES128-SHA");
//wolfSSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, 0);
wolfSSL_CTX_load_verify_buffer(ssl_ctx, ca_cert_der_1024, sizeof_ca_cert_der_1024, SSL_FILETYPE_ASN1);

sockfd = socket(xxxx);
connect(sockfd, xxxx,xxxx);

ssl = wolfSSL_new(ssl_ctx);
wolfSSL_set_fd(ssl , sockfd );

4)    Use wolfSSL_read()/wolfSSL_write() to send and receive message from server.

Server side: Node.js
Key code:

    var wsCa = fs.readFileSync(path.resolve(config.secure.wsCa), 'utf8');
    var wsServerCert = fs.readFileSync(path.resolve(config.secure.wsServerCert), 'utf8');
    var wsServerKey = fs.readFileSync(path.resolve(config.secure.wsServerKey), 'utf8');

    var wsOptions = {
        key: wsServerKey,
        cert: wsServerCert,
        ca: wsCa,
        requestCert : true,
        secureProtocol: 'TLSv1_2_method',
        ciphers: [
            'ECDHE-RSA-AES128-GCM-SHA256',
            'ECDHE-ECDSA-AES128-GCM-SHA256',
            'ECDHE-RSA-AES256-GCM-SHA384',
            'ECDHE-ECDSA-AES256-GCM-SHA384',
            'DHE-RSA-AES128-GCM-SHA256',
            'ECDHE-RSA-AES128-SHA256',
            'DHE-RSA-AES128-SHA256',
            'ECDHE-RSA-AES256-SHA384',
            'DHE-RSA-AES256-SHA384',
            'ECDHE-RSA-AES256-SHA256',
            'DHE-RSA-AES256-SHA256',
            'HIGH',
            '!aNULL',
            '!eNULL',
            '!EXPORT',
            '!DES',
            '!RC4',
            '!MD5',
            '!PSK',
            '!SRP',
            '!CAMELLIA'
        ].join(':'),
         honorCipherOrder: true
    };

    ws_server = https.createServer(wsOptions, app);
    wss = new WebSocketServer({
        server: ws_server
        });

Can you pls help to find the cause of the problem?

Thanks a lot!
Jack

Go to forum: wolfSSL