Hi,
   Recently, I am trying to replace openSSL library by wolfSSL library in our product (mainly for https connection with Poco library).
   But I can't find some openSSL APIs in wolfSSL's openSSL compatibility layer.

   For example:
   We used two openSSL APIs : SSL_ctrl() and SSL_CTX_ctrl(). But can't find them in wolfssl/openssl/ssl.h.
   So, in wolfSSL, which API are same with SSL_ctrl() and SSL_CTX_ctrl()?

Hi  dgarske,
     After add your new patch. I can import ECC key successfully.
     Thanks a lot.

     By the way, I have a doubt :   In ecc_sets[] array, why not include 25519 curve? and wolfSSL have the special APIs for 25519 curve. Why separate it with other curves?
     Sorry, I am not familiar with 25519 curve, just ask the story.

Hi dgarske,
    You means, currently it is impossible to import one ECC Brainpool curve key which generated by openSSL ?
    I am using below two APIs for import ecc keys. They can import SECP curve keys and verify signature successfully, but meet problem when the key curve is Brainpool.
   
    wolfSSL_KeyPemToDer()
    wc_EccPrivateKeyDecode()

    Finally, I found the reason, in wc_ecc_import_x963() function, always set the ECC curve id as the default "ECC_CURVE_DEF". Then in function wc_ecc_set_curve(), when variable curve_id equal as ECC_CURVE_DEF, it will check variable keysize with ecc_sets[].size. But, after enable macro "HAVE_ECC_BRAINPOOL", the logic become error.

   So, do you have any other suggestion? how to import a exist ECC private key?

Hi dgarske,
   Finally, I understood the design logic for wc_SignatureVerify() function, when the parameter is "WC_SIGNATURE_TYPE_RSA_W_ENC", case "WC_SIGNATURE_TYPE_RSA" also will be executed.
  Because I modified the source code under "WC_SIGNATURE_TYPE_RSA" case for verify signatures which include hash OID. After I recover to the original codes, everything is ok.

  Sorry for any inconvenience. This topic can be closed.

Hi,
   When I try to verify one signature which generated by ECC BrainpoolP256R1 curve, I meet trouble.
   Problem is : wc_ecc_verify_hash_ex() function always return fail. Because &v and r not matched.
   Any idea?

   Below code show details:

 /* does v == r */
   if (err == MP_OKAY) {
       if (mp_cmp(&v, r) == MP_EQ)/*here failed*/
           *stat = 1;

   I remember, V3.9.8 release note said wolfSSL already support BrainpoolP256R1 curve. Now, I am using V3.9.10 .
   on the other hand, I can't find the macro "HAVE_ECC_BRAINPOOL" definition in setting.h, I just add this definition in ecc.h, is it OK?

   Below is the private key, you can try to use it generate one signature and verify it. I think you will meet same problem with me.  (Note, private key is generated by openSSL, but signature is generated by wolfSSL function wc_SignatureGenerate())

    related private key

-----BEGIN EC PARAMETERS-----
BgkrJAMDAggBAQc=
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHgCAQEEIJyDj/+OyFULqczpz/ZNI3m5gxFl+Dw2o6/B0ljwYQC3oAsGCSskAwMC
CAEBB6FEA0IABCjxYfsLLiHZyIiwD3VaPg2qdpR5PLJJbVol6SBZnp++D60GBEOM
1pGaG/IcGY+rDSnNP9Y8RIimrIggqaMb9iU=
-----END EC PRIVATE KEY-----
dgarske wrote:

Hi Cxdinter,

Openssl adds a DER encoding on their RSA signature by default. Try using sig_type= "WC_SIGNATURE_TYPE_RSA_W_ENC".

Let me know if that helps.

Thanks,
David Garske, wolfSSL

Hi Dgarske,

Your suggestion can't reach my expectation.

Two situation:
1)if we use sig_type= "WC_SIGNATURE_TYPE_RSA_W_ENC" when calling wc_SignatureVerify() function, it is no significance. Because in wc_SignatureVerify() function, when go to case  "WC_SIGNATURE_TYPE_RSA_W_ENC", call wc_SignatureDerEncode() function, but this function is not used for signature verify. It is used for encode signature raw data to DER format. It can't be used ere!
   Please review the source code of wc_SignatureVerify() function, it should be add patch for avoid this mistake.

2)if we use  sig_type= "WC_SIGNATURE_TYPE_RSA_W_ENC" when calling wc_SignatureGenerate() function, it will generate the same signature data which openSSL API generated. So this signature data can be verified by openSSL API, but it can't be verified by wolfSSL API wc_SignatureVerify() !!

for point 1, I think we should be fix it.
for point 2, if wolfSSL still insist that wolfSSL only support verify those signatures which without hash OID, I can comprehend this situation. But, is it possible to add any parameter for this wc_SignatureVerify() function, let user know this function only support signatures which without hash OID.

What's your opinion?

dgarske wrote:

Hi cxdinter,

Thank you so much for the report.

It looks like that scenario could happen if your call to wc_RNG_GenerateBlock did not return 0 (in wc_ecc_make_key_ex at line 2507). In that case variable "a" would be un-initialized from the stack and the call to "mp_clear" could cause a seg fault due to invalid pointer.

Will you confirm your wc_RNG_GenerateBlock return code? It should be zero indicating success.

I've pushed a fix for that here:
https://github.com/wolfSSL/wolfssl/pull/626

Let me know if that helps.

Thanks,
David Garske, wolfSSL

Hi,
    Your analysis is correct. The return value of wc_RNG_GenerateBlock () is -199, not 0. So it caused crash.
    After added your patch, crash issue is fixed.
    But, I can't generate ECC key, because function returned when wc_RNG_GenerateBlock () return not 0.

    Finally, I find the root cause is : before use wc_RNG_GenerateBlock (), I haven't called wc_InitRng().
     
    Thanks a lot!

Hi,
    When I call wc_make_key_ex() function, I always met 'Segmentation fault' issue.
    The crash point is : at the end of this function, when call mp_clear(&a);  process crashed.
    Currently, I have no idea for this, could you please help me to resolve this issue? (wolfSSL version : 3.9.10)

     

wc_ecc_del_point_h(base, key->heap);
#ifndef USE_FAST_MATH
    mp_clear(&a);   /* This function cause crash*/
    mp_clear(&prime);
    mp_clear(&order);

Hi,
      I met problem when I used wc_SignatureVerify() to verify some RSA signature files. Because those signatures are all include hash OID value, but this API can't support it.
      I know if I use wc_SignatureGenerate() to generate RSA signature, this signature not include hash OID value and will be verified OK by wc_SignatureGenerated() function.

      In this situation, I can't use wolfSSL API to verify signatures which generated by other crypto tools(like openSSL).
      Is it possible to support it?

      Actually, I already submit a similar discussion several month ago. Below is the link address:
      https://www.wolfssl.com/forums/topic849 … erify.html

Hi Jacob,
    Thanks for your support.
    But, even I added options.h and settings.h, the issue still happen. So, I must modify the original source code in wc_signatureVerfiy().
    Could you please review my source code and the root cause analysis?(already attached in 2nd and 3rd floor)

cxdinter wrote:

Hi,
    I found the root cause and modified by myself.
    Please review attached source files, are they correct?
    By the way, in wc_SignatureVerify() function, currently, I only added patch for SHA1/SHA256/SHA384/SHA512, not include MD hash. Because I am not familiar with MD4/MD5...

http://www.autoimg.cn/album/g8/M14/2F/84/userphotos/2016/09/06/15/wKgHz1fOcCOAX4ioAAKhYKVpPgI430_s.jpg

Attached two source file : signature.c , asn.h

Hi,
    I found the root cause and fixed it by myself(after modified signature.c and asn.h).
    Please kindly help me to review attached source files, are they correct? (source file attached in 3rd floor, this floor attached one picture which used for analyze root cause).
    By the way, in wc_SignatureVerify() function, currently, I only added patch for SHA1/SHA256/SHA384/SHA512, not include MD hash. Because I am not familiar with MD4/MD5...

http://www.autoimg.cn/album/g8/M14/2F/84/userphotos/2016/09/06/15/wKgHz1fOcCOAX4ioAAKhYKVpPgI430_s.jpg

Hi,
   I am learning how to use wolfSSL APIs.
   When I use APIs to verify RSA signature, I meet troubles. The API wc_SignatureVerify() always crashed. Log mentioned 'Segmentation fault'. I debug into wc_SignatureVerify() function, and found the problem is caused by API wc_RsaSSL_Verify() when excute the last line ' XFREE(tmp, key->heap, DYNAMIC_TYPE_RSA).
   I paste my source code below, please help me to review it. Maybe I made mistake when I calling APIs??
   Notice : the RSA key's raw data N and E is exactly correct, and the signature is exactly correct which is generated by the private key based on  buffer[] array. I already verify this signature successfully by openSSL library.

   

   #ifndef    RSA_TEST_C
#define    RSA_TEST_C

#include <wolfssl/wolfcrypt/integer.h>
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/signature.h>


/*===============================================
* Array Name : rsa_public_N[]
* Description :  N modules of RSA 2048 bits key
*Encode Formate : raw data
* ================================================*/
static unsigned char rsa_public_N[256] = {
    0x8c, 0xeb, 0xeb, 0xd2, 0xf9, 0x25, 0xad, 0x08,
    0xef, 0x27, 0x75, 0xb8, 0xdb, 0xff, 0x37, 0xd3, 
    0xa5, 0x35, 0x8e, 0x01, 0xc1, 0x93, 0x1f, 0xcf, 
    0x25, 0x5f, 0xec, 0x64, 0x0f, 0x58, 0xf8, 0x27, 
    0x90, 0xd0, 0xa0, 0x0e, 0xdb, 0x84, 0xc3, 0x56, 
    0x27, 0x5f, 0xab, 0xb4, 0x8d, 0x0e, 0x32, 0xda, 
    0x66, 0x04, 0xf3, 0xc4, 0xa5, 0x94, 0xf1, 0xeb, 
    0x1a, 0x8e, 0x22, 0x98, 0xf7, 0x31, 0x2a, 0x51, 
    0x3a, 0xd5, 0xe5, 0x3d, 0xe5, 0x7a, 0x61, 0x62, 
    0x64, 0x67, 0x4b, 0x38, 0x66, 0x06, 0x5c, 0xfd, 
    0xa3, 0xca, 0xd2, 0xd6, 0x63, 0x3f, 0xc8, 0x5a, 
    0x66, 0x48, 0x34, 0xda, 0xb7, 0x9c, 0xfc, 0x8e, 
    0xfd, 0xed, 0xc1, 0xeb, 0xe6, 0xc5, 0xd3, 0x82, 
    0xfd, 0xd9, 0xf1, 0x87, 0x0a, 0x48, 0x0e, 0x96, 
    0x18, 0xfe, 0x49, 0x5b, 0xee, 0xb3, 0xc0, 0xbd, 
    0x55, 0x52, 0x26, 0x09, 0x67, 0xb3, 0xd6, 0xfe, 
    0xd7, 0x50, 0xbe, 0xf5, 0x0c, 0xe3, 0xad, 0x80, 
    0xc7, 0x81, 0x57, 0x49, 0x2e, 0x09, 0xa3, 0x1e, 
    0x6b, 0x21, 0x6f, 0x90, 0x44, 0xb2, 0x30, 0xbc, 
    0xc2, 0xe3, 0x85, 0x87, 0x0a, 0xdb, 0x31, 0x1d, 
    0x4f, 0x4b, 0xb2, 0x3a, 0xc5, 0x9f, 0x6f, 0xdb, 
    0xaa, 0x06, 0x52, 0x22, 0x29, 0xe8, 0xab, 0xa4, 
    0x96, 0x54, 0x04, 0x62, 0xf7, 0xaa, 0xba, 0x1b, 
    0x95, 0x83, 0xf4, 0x32, 0x6f, 0x04, 0xeb, 0x1c, 
    0xe4, 0x3d, 0x1c, 0xbc, 0x89, 0x60, 0x69, 0x6d, 
    0xda, 0x06, 0x84, 0xfd, 0x56, 0x4c, 0x93, 0xbb, 
    0xf8, 0xe2, 0xee, 0x2b, 0xe6, 0x0f, 0x04, 0x8c, 
    0x66, 0xb2, 0xa4, 0xb3, 0xd8, 0xba, 0xba, 0x65, 
    0xa0, 0x9d, 0xb6, 0xc8, 0xce, 0x6f, 0x8b, 0xd1, 
    0x48, 0x5a, 0x51, 0x60, 0x6b, 0x42, 0xff, 0xe6, 
    0x26, 0x40, 0xce, 0x59, 0x95, 0x1b, 0xbf, 0xa9, 
    0xaf, 0xfe, 0x56, 0x42, 0x87, 0x4a, 0x2c, 0xef,
};

/*===============================================
* Array Name : rsa_public_E[]
* Description :  exponent of RSA 2048 bits key
*Encode Formate : raw data
* ================================================*/
static unsigned char rsa_public_E[3] = {
    0x01, 0x00, 0x01,
};

/*===============================================
* Array Name : signature[]
* Description :  one signature which generated  by  RSA private key
*Encode Formate : raw data
* ================================================*/
static unsigned char signature[256] = {
        0x0e, 0xf0, 0x0a, 0x4d, 0xd9, 0xba, 0x43, 0xbc, 0x9f, 0xc7, 0x1f, 0xe0, 0x48, 0xa8, 0x3c, 0xc1,
        0x91, 0x18, 0x2a, 0x6b, 0x29, 0x0e, 0xed, 0x9a, 0xdd, 0x69, 0x59, 0x2d, 0x23, 0xda, 0x70, 0xf0,
        0x41, 0x57, 0x8f, 0x15, 0x05, 0x6f, 0x9b, 0xac, 0xce, 0x35, 0xc7, 0xba, 0x96, 0xf1, 0xb5, 0xf3,
        0xb6, 0x7d, 0xdc, 0xbc, 0x9b, 0xe1, 0xb0, 0xb3, 0x80, 0x28, 0xaa, 0x45, 0x3b, 0x4d, 0x41, 0xdc,
        0x10, 0x64, 0x54, 0x7d, 0x18, 0x35, 0x01, 0xff, 0x16, 0x57, 0xad, 0x56, 0xa1, 0x15, 0xfd, 0xca,
        0xd4, 0xac, 0x6d, 0x1f, 0xe9, 0x9e, 0x0d, 0xf1, 0x2c, 0x5a, 0xfe, 0xd3, 0xc9, 0xb8, 0x66, 0x01,
        0xf5, 0x4f, 0xb0, 0xa3, 0x4f, 0xb8, 0x5a, 0x5a, 0x94, 0xf4, 0xdb, 0xe8, 0xfd, 0x39, 0xbf, 0x3a,
        0xf5, 0x75, 0x8b, 0xfd, 0xaa, 0x43, 0x3c, 0x54, 0xd3, 0xca, 0x3b, 0x0c, 0x68, 0x07, 0x27, 0x13,
        0xf8, 0x50, 0xdd, 0x9e, 0x74, 0x60, 0xd1, 0xbc, 0x47, 0xef, 0x31, 0xbd, 0xa6, 0x42, 0x6c, 0x6a,
        0x72, 0xb7, 0xe1, 0x31, 0x76, 0x0f, 0x67, 0x69, 0x76, 0x95, 0x6d, 0x7d, 0xd8, 0xa7, 0xf5, 0xb8,
        0x4d, 0xf6, 0x2b, 0x5f, 0xfe, 0x57, 0x4a, 0xbe, 0x58, 0x18, 0xa1, 0xfa, 0xce, 0x6e, 0xdc, 0x05,
        0x29, 0x5e, 0xeb, 0xf0, 0x66, 0x5e, 0x94, 0x30, 0xba, 0xde, 0x61, 0x57, 0x8b, 0x19, 0x39, 0x23,
        0x5b, 0xcb, 0x4d, 0x6b, 0xae, 0x75, 0x22, 0xaa, 0x25, 0x4b, 0xb8, 0xdc, 0x37, 0x18, 0x2a, 0x0a,
        0xeb, 0x38, 0xe4, 0xf9, 0xa6, 0x08, 0x03, 0xe5, 0x3c, 0x27, 0xb1, 0x3e, 0x3b, 0xb7, 0xe3, 0xa5,
        0xe5, 0x38, 0x4e, 0x16, 0x54, 0x0b, 0x99, 0xcc, 0xc5, 0xd2, 0x17, 0xca, 0xfa, 0x02, 0x93, 0xfd,
        0xef, 0xae, 0x7d, 0x04, 0xfe, 0x1e, 0x2b, 0x62, 0xe0, 0xc1, 0x96, 0xde, 0x0f, 0x93, 0x1f, 0xfe
};


/*===============================================
* Function  Name : RSA_TEST
* Description :  a demo for SHA256/RSA Signature verify(by RSA raw data public key)
* Parameter :   None
* Return : 
*        0 : Positive response, NO Error.
        others : Error appear. Something is wrong.
* ================================================*/
int RSA_TEST(void)
{
    RsaKey pubkey;
    int stat = -1;
    unsigned char buffer[] = {
        /*T     h        i        s                 i       s                         a                 t       e      s       t                   f        i      l       e        .       \n  */
        0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x66, 0x69, 0x6c, 0x65, 0x2e, 0x0A
    };

    //import RSA Public Key
    wc_InitRsaKey(&pubkey, NULL);
    stat = wc_RsaPublicKeyDecodeRaw(rsa_public_N, sizeof(rsa_public_N), rsa_public_E, sizeof(rsa_public_E), &pubkey);
    if(stat != 0)
    {
        printf("import public key  error~~~~~~~ \n");
        return stat ;
    }
    //printf("come here???~~~~~~~ \n");
    /* verify signature start */    
    stat = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, buffer, sizeof(buffer), signature, sizeof(signature), &pubkey, sizeof(pubkey));
    printf("\nVerify signature [ %s ]\n", ((stat == 0) ? "Success" : "Fail"));

    /* free RSA Key*/
    wc_FreeRsaKey(&pubkey);

    return stat;
    
}

int  main(void)
{
    RSA_TEST();

    return 0;
}




#endif

Hi Chris,

Thanks for your confirmation.

My last question about this topic :
If I want to verify one sub-certificate by Root CA certificate, is there any function can used to input these two certificates directly and return a success or fail status? Or, maybe I must retrieve the root public key from Root CA certificate firstly, then use it to verify the sub-certificate?

Hi Chris,
    Thanks for your support. Your example is really helpful for me.
    I have another question about Certificate Sign Request(CSR) during TLS communication. After I called wc_MakeCertReq() to generate CSR, can I call wc_SignCert() to sign this DER certificate by myself? and then call wc_DerToPem() to generate PEM format certificate. Like below sequence, is it correct?


wc_InitCert()
wc_MakeCertReq() /*here generate CSR and generate a DER buffer*/
wc_SignCert() /*Sign DER Certificate*/
wc_DerToPem() /*use this function to generate PEM format certificate, if needed*/

Hi, I found some functions in asn.c and ssl.c.  If I call below functions sequentially, can I parse one PEM format certificate??

PemToDer()
InitDecodedCert()
ParseCert() /* get a result base on DecodedCert structure data*/

Hi,
   sorry, I found these APIs are all in ssl.c file. But most of them are not implemented.
   Is there any plan to implement these functions? or, is there any other similar functions can replace them?

   like :
   PEM_read_bio_WOLFSSL_X509
   wolfSSL_EVP_PKEY_get1_RSA
   wolfSSL_EVP_PKEY_get1_EC_KEY

Hi,
     I want to parse one user certificate(x509 PEM format) and retrieve public key and issuer information from this certificate.
     Could you please help me to confirm which APIs used for this requirement?

     I found there are have one named "ParseCert" function, but it seems only used for DER format and single key cert file.

     Thank you in advance!

Hi,
    Now I am working on a project which have the secure communication feature through TLS(between car radio and mobile phone). And our architect choose wolfSSL library to implement the secure communication.
    Before, I have experience on crypto algorithms(like SHA/HMAC/RSA/ECDSA), but I haven't experience about SSL/TLS protocol. I appreciate I have chance to learn more knowledge in this forum,   thanks a lot.

    By the way, our project team and purchase team already started to contact with your company for buying commercial license. But I don't know the business details, I am just a engineer.

Hi Chirs,
     After add configure C_EXTRA_FLAGS="-DWOLFSSL_STATIC_RSA".  The client test program works normally!
     It's a magic, thank you very much.
     But I still have a little doubt : when I configured --enable-debug, I still can see some error; But without debug information, every is ok. Could please kindly explain the difference? why debug log still have error?
     
     --enable-debug (below is the end part of debug log)

wolfSSL Entering wolfSSL_read()
wolfSSL Entering wolfSSL_read_internal()
wolfSSL Entering ReceiveData()
Embed receive connection closed
wolfSSL error occurred, error = -308
Peer reset or closed, connection done
wolfSSL error occurred, error = -397
wolfSSL Leaving wolfSSL_read_internal(), return 0
wolfSSL Entering SSL_shutdown()
wolfSSL Leaving SSL_shutdown(), return -1
wolfSSL Entering SSL_free
CTX ref count not 0 yet, no free
wolfSSL Entering BIO_free
wolfSSL Leaving SSL_free, return 0
wolfSSL Entering SSL_CTX_free
CTX ref count down to 0, doing full free
wolfSSL Entering wolfSSL_CertManagerFree
wolfSSL Leaving SSL_CTX_free, return 0
wolfSSL Entering wolfSSL_Cleanup

without debug information(every thing is ok)

SSL version is TLSv1.2
SSL cipher suite is TLS_RSA_WITH_AES_128_GCM_SHA256
SSL connect ok, sending GET...
Server response: HTTP/1.1 403 Forbidden
Date: Wed, 17 Aug 2016 06:25:01 GMT
Content-Length: 28
2
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE
HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</tit
le>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /in
dex.html
on this server.</p>
<hr>
<address>IBM_HTTP_Server at jazz.visteon.com
Port 9443</address>
</body></html>

on the other hand, I also learn  some skills from you.
Like "$ openssl s_client -connect host:port",  part of information is below

-----END CERTIFICATE-----
subject=/C=GB/ST=UK/L=CTS Slough/O=Visteon/OU=EIT/CN=s619784shvl22.ukslou1.savvis.net
issuer=/DC=com/DC=visteon/DC=ad/DC=vistcorp/CN=Visteon Corp. CA
---
No client certificate CA names sent
---
SSL handshake has read 4202 bytes and written 635 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES128-GCM-SHA256
    Session-ID: 7542000030FF5E127E03F091B919A5297F29208258585858A1FEB357000000E6
    Session-ID-ctx:
    Master-Key: AFA4A2F6256DD4DB0DF0740CCDD1E4DD4C6566CD6A4D7878F7BE222583BD0FBDA56CA0F475773C629EE4DD1DAA44D4E9
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1471460100
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---

chrisc wrote:

Hi,

"-313" means that the server has sent back a Fatal Alert to the client.  If this happens after the ClientHello message is sent, this most likely means that the client is not broadcasting support for a cipher suite or extension that the server requires.

To more accurately suggest a fix for the issue, can you provide:

1. wolfSSL debug log.  You can enable debugging by compiling wolfSSL with "--enable-debug".

2. Is this a publicly available server?  If so, can you share the host:port where we can reproduce the issue?

Some common solutions to this problem may be:

- If using ECC, the server requires the Supported Curves Extension to be enabled.  Compile wolfSSL with "--enable-supportedcurves" to resolve.
- wolfSSL has static key cipher suites disabled by default for security.  Please see note at the top of the README for instructions on re-enabling static-key cipher suites if your server requires them.

Thanks,
Chris

Hi,
thanks for your quick help.
I added debug information, and enabled some parameters by your suggestion. But still receive same error.
Actually, I using agency to visit this server. And you can't visit this server without  agency.

configure:
./configure --enable-opensslextra --enable-ecc --enable-supportedcurves --enable-debug --enable-psk --enable-aesccm

Debug information:

Shrinking output buffer

connect state: CLIENT_HELLO_SENT
received record layer msg
got ALERT!
Got alert
wolfSSL error occurred, error = 40
wolfSSL error occurred, error = -313
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -313
wolfSSL Entering ERR_error_string
err = -313, revcd alert fatal error
wolfSSL error: wolfSSL_connect failed

can I get more detail information in debug log for this error?
error 40 means what??

Hi,
   After I compiled wolfSSL v3.9.8 in my Linux computer, I started to learn this library by CyaSSL-Manual.pdf.
   But, when I run below command, I received error -313. I don't know why, could you please give some help?
   ./examples/client/client -h xxx.yyy.com -p zzz -d

    Note:
    1)all compile setting is default, I haven't changed any settings.
     2)In command line, the web address and port number is correct. I just can't disclose them here.....