I used this interface to load certificate. The certificate's period of validity is 2015-2037. If the system date is 2000, this interface return not success. So would this interface check if the certificate is expire? Is it using the system time to compare?

Hi Chris,
I got the err is SSL_ERROR_WANT_READ but not SOCKET_PEER_CLOSED_E.
I know wolfSSL_recv() should return 0 if peer has reset or closed the socket.
But this issue is the wifi is abort suddenly before peer can closed the socket.

Hi Chris,
Thanks for your reply. But I want to know how can I judge if the network is abort from the return value?

I have a server and client connected though wifi.

server receive code:
    int32_t recv_len = 0;
    char errbuffer[WOLFSSL_MAX_ERROR_SZ];
    unsigned int err;
    unsigned int rc = 0;
    do
    {
        recv_len = wolfSSL_recv(ssl, buffer, length, flags);
        Tr_Wrn("wolfSSL_read->recv_len:%d", recv_len);
        if (recv_len < 0)
        {
            err = wolfSSL_get_error(ssl, 0);
            Tr_Err("err = %d, %s\n", err, wolfSSL_ERR_error_string(err, errbuffer));
            if ((err == SSL_ERROR_WANT_READ) || (err == SSL_ERROR_WANT_WRITE))
            {
                Tr_Wrn("err SSL_ERROR_WANT_READ / SSL_ERROR_WANT_WRITE");
            }
            else
            {
                return -1;
            }
        }
        else if (recv_len == 0 )
        {
            Tr_Wrn("peer socket closed!!!");
            return 0;
        }
        else
        {
            rc += recv_len;
            buffer += recv_len;
        }
    } while((recv_len < 0) && ((err == SSL_ERROR_WANT_READ) || (err == SSL_ERROR_WANT_WRITE)));


The flags is set MSG_DONTWAIT. When server is receiving a big data from client, the wifi is broken suddenly.
Print log is:
viwi: 26037048-[viwi soc]-W-00:13:23.800-SSLSocket.cpp-79-wolfSSL_read->recv_len:-1
viwi: 26037049-[viwi soc]-E-00:13:23.800-SSLSocket.cpp-83-err = 2, non-blocking socket wants data to be read
viwi: 26037050-[viwi soc]-W-00:13:23.800-SSLSocket.cpp-86-err SSL_ERROR_WANT_READ / SSL_ERROR_WANT_WRITE
viwi: 26037051-[viwi soc]-W-00:13:23.801-SSLSocket.cpp-79-wolfSSL_read->recv_len:-1
viwi: 26037052-[viwi soc]-E-00:13:23.801-SSLSocket.cpp-83-err = 2, non-blocking socket wants data to be read
viwi: 26037053-[viwi soc]-W-00:13:23.801-SSLSocket.cpp-86-err SSL_ERROR_WANT_READ / SSL_ERROR_WANT_WRITE
viwi: 26037054-[viwi soc]-W-00:13:23.801-SSLSocket.cpp-79-wolfSSL_read->recv_len:-1
viwi: 26037055-[viwi soc]-E-00:13:23.801-SSLSocket.cpp-83-err = 2, non-blocking socket wants data to be read
viwi: 26037056-[viwi soc]-W-00:13:23.801-SSLSocket.cpp-86-err SSL_ERROR_WANT_READ / SSL_ERROR_WANT_WRITE
viwi: 26037057-[viwi soc]-W-00:13:23.801-SSLSocket.cpp-79-wolfSSL_read->recv_len:-1
viwi: 26037058-[viwi soc]-E-00:13:23.801-SSLSocket.cpp-83-err = 2, non-blocking socket wants data to be read
viwi: 26037059-[viwi soc]-W-00:13:23.801-SSLSocket.cpp-86-err SSL_ERROR_WANT_READ / SSL_ERROR_WANT_WRITE
viwi: 26037060-[viwi soc]-W-00:13:23.801-SSLSocket.cpp-79-wolfSSL_read->recv_len:-1
viwi: 26037061-[viwi soc]-E-00:13:23.801-SSLSocket.cpp-83-err = 2, non-blocking socket wants data to be read
viwi: 26037062-[viwi soc]-W-00:13:23.801-SSLSocket.cpp-86-err SSL_ERROR_WANT_READ / SSL_ERROR_WANT_WRITE
viwi: 26037063-[viwi soc]-W-00:13:23.801-SSLSocket.cpp-79-wolfSSL_read->recv_len:-1
viwi: 26037064-[viwi soc]-E-00:13:23.801-SSLSocket.cpp-83-err = 2, non-blocking socket wants data to be read
viwi: 26037065-[viwi soc]-W-00:13:23.801-SSLSocket.cpp-86-err SSL_ERROR_WANT_READ / SSL_ERROR_WANT_WRITE
viwi: 26037066-[viwi soc]-W-00:13:23.801-SSLSocket.cpp-79-wolfSSL_read->recv_len:-1
viwi: 26037067-[viwi soc]-E-00:13:23.801-SSLSocket.cpp-83-err = 2, non-blocking socket wants data to be read
viwi: 26037068-[viwi soc]-W-00:13:23.801-SSLSocket.cpp-86-err SSL_ERROR_WANT_READ / SSL_ERROR_WANT_WRITE
viwi: 26037069-[viwi soc]-W-00:13:23.801-SSLSocket.cpp-79-wolfSSL_read->recv_len:-1
viwi: 26037070-[viwi soc]-E-00:13:23.801-SSLSocket.cpp-83-err = 2, non-blocking socket wants data to be read
viwi: 26037071-[viwi soc]-W-00:13:23.801-SSLSocket.cpp-86-err SSL_ERROR_WANT_READ / SSL_ERROR_WANT_WRITE
viwi: 26037072-[viwi soc]-W-00:13:23.801-SSLSocket.cpp-79-wolfSSL_read->recv_len:-1
viwi: 26037073-[viwi soc]-E-00:13:23.801-SSLSocket.cpp-83-err = 2, non-blocking socket wants data to be read
viwi: 26037074-[viwi soc]-W-00:13:23.801-SSLSocket.cpp-86-err SSL_ERROR_WANT_READ / SSL_ERROR_WANT_WRITE
viwi: 26037075-[viwi soc]-W-00:13:23.801-SSLSocket.cpp-79-wolfSSL_read->recv_len:-1
viwi: 26037076-[viwi soc]-E-00:13:23.801-SSLSocket.cpp-83-err = 2, non-blocking socket wants data to be read
viwi: 26037077-[viwi soc]-W-00:13:23.801-SSLSocket.cpp-86-err SSL_ERROR_WANT_READ / SSL_ERROR_WANT_WRITE
viwi: 26037078-[viwi soc]-W-00:13:23.801-SSLSocket.cpp-79-wolfSSL_read->recv_len:-1
viwi: 26037079-[viwi soc]-E-00:13:23.801-SSLSocket.cpp-83-err = 2, non-blocking socket wants data to be read
viwi: 26037080-[viwi soc]-W-00:13:23.801-SSLSocket.cpp-86-err SSL_ERROR_WANT_READ / SSL_ERROR_WANT_WRITE


And will not stop printing this log.

So I want to know how can i know the connecting is broken and stop receiving.

Hi Kaleb,
Thanks very much for you reply.

I implement a application with wolfSSL. I have two questions.
Q1:
When I call wolfSSL_free, my application crash.
backtrace:
#0  0x01026384 in _list_release () from C:\QNX650\target\qnx6/armle-v7/lib/libc.so.3
#1  0x01027fd4 in __free () from C:\QNX650\target\qnx6/armle-v7/lib/libc.so.3
#2  0x001f3050 in FreeCiphers (ssl=0x275138) at src/internal.c:1645
#3  0x001fce80 in SSL_ResourceFree (ssl=0x699ab664) at src/internal.c:3564
#4  0x001fd1dc in FreeSSL (ssl=0x275138, heap=0x11b8) at src/internal.c:3890
#5  0x001d2410 in wolfSSL_free (ssl=0x275138) at src/ssl.c:384

Why crash occured here?
I new a ctx by calling wolfSSL_CTX_new, then I new two ssl object ssl1 and ssl2 based on the same ctx.
If I free ssl1 by calling wolfSSL_free(ssl1), is the ctx is also freed? Does it influence ssl2?

Q2:
A crash is occured when wolfSSL_write is called.
backtrace:
#0  SendBuffered (ssl=0x2724d8) at src/internal.c:4855
4855    src/internal.c: No such file or directory.
        in src/internal.c
(gdb) bt
#0  SendBuffered (ssl=0x2724d8) at src/internal.c:4855
#1  0x001f5870 in SendData (ssl=0x2724d8, data=0x26f1d8, sz=125) at src/internal.c:10780
#2  0x001d1f90 in wolfSSL_write (ssl=0x2724d8, data=0x26f1d8, sz=125) at src/ssl.c:1033

Hi Kaleb,
Thanks for your kindly reply. I printed the correct digest.

Best Regards.

I implement a generate hmac digest function, but i find the length of digest is not fixed. It changes as the plain text length changes.
Please have a look my code and if there is some incorrect please point it out.

I implement a process based on wolfssl in QNX platform. And I compiled all WolfSSL sources with the following definitions:
-DOPENSSL_EXTRA -DHAVE_STUNNEL -DWOLFSSL_ALWAYS_VERIFY_CB -DATOMIC_USER -g -DDEBUG -DDEBUG_WOLFSSL -DWOLFSSL_HAVE_MIN -DHAVE_AESGCM -DWOLFSSL_KEY_GEN -DWOLFSSL_CERT_GEN -DWOLFSSL_CERT_REQ -DHAVE_ECC -Wall -Wno-unused -DHAVE_NULL_CIPHER -DWOLFSSL_STATIC_PSK -DHAVE_TLS_EXTENSIONS -DHAVE_SECURE_RENEGOTIATION -DNO_SESSION_CACHE

Set the CipherSuit(ECDHE-ECDSA-AES128-GCM-SHA256)

I transfer a file on one socket using POSIX recv() and send(), the transmission speed is 13760kbps. And I transfer the same file on the same socket using wolfSSL_read() and wolfSSL_write(), the the transmission speed is 2552kbps.

So, my question is if it is normal that the two transmission speed is such a big gap.

hi Kaleb,
     I'm sorry to reply late. And thanks for your kindly answer.
     My project is working on a special situation and it require the server to verify every clients. I made mistakes when loading verify certification. However, it works well accroding to your answer.

Thanks very much.

Hi Kaleb,
Thanks for your reply.And i want to confirm somethings i'm not sure yet.

To do client authentication (if that is your desire) the chain loaded into the "VerifyLocations" should be "client-cert" and the "ca cert"

According to your reply, if i want to do client authentication,  the server-side or client-side should load the chain which made with "client-cert" and "ca-cert"?

I implement a process based on wolfssl in QNX platform.
Set the CipherSuit(ECDHE-ECDSA-AES128-GCM-SHA256), load server.cert, server.key, ca.cert.
Then a client connecting with some corresponding authentications, Verification OK.

However, server-side load certchain.cert instead of ca.cert, the Verification is not OK.
And the -188 error is printed in the server-side function VerifyCallback().

I made the certification chain by writing server.cert and ca.cert to a new file certchain.cert.
Is this method of make certification chain correct?

And What can be the cause of the error -188 and how can I solve this?
Thank You.

server.cer:
-----BEGIN CERTIFICATE-----
MIIBzjCCAXSgAwIBAgIIAT8Lw/rhH90wCgYIKoZIzj0EAwIwbTELMAkGA1UEBhMC
ZGUxDzANBgNVBAgMBmJlcmxpbjEPMA0GA1UEBwwGYmVybGluMQwwCgYDVQQKDANp
YXYxDjAMBgNVBAsMBXZjZDIxMR4wHAYDVQQDDBVWSU49V1ZXWlpaM0NaRlA0MDAx
NjgwIhgPMjAxNTAxMzEwNzA4MTFaGA8yMDE2MDYxNTA3MDgxMVowaTELMAkGA1UE
BhMCZGUxDzANBgNVBAgMBmJlcmxpbjEPMA0GA1UEBwwGYmVybGluMQwwCgYDVQQK
DANpYXYxDjAMBgNVBAsMBXZjZDIxMRowGAYDVQQDDBFVU0FHRT1WaVdpIFNlcnZl
cjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGbsi52pPLltJC0kg2NRIThRcWtU
R93q84fsscTB2cxecauTHU4mMA62IqAFoc2ueI32zGVqxZNrX5dGr6LCwQcwCgYI
KoZIzj0EAwIDSAAwRQIhANYv2Gc4UUIKD6hsT/EaKecFxfz1LgYv4uFRlyAoLev1
AiBJDvBX0+pPjgTSX+zajNiIBnssitpNtWMG3+osJuMH4A==
-----END CERTIFICATE-----


ca.cer:
-----BEGIN CERTIFICATE-----
MIIB4zCCAYqgAwIBAgIIAb9ffAF3qDYwCgYIKoZIzj0EAwIwbTELMAkGA1UEBhMC
ZGUxDzANBgNVBAgMBmJlcmxpbjEPMA0GA1UEBwwGYmVybGluMQwwCgYDVQQKDANp
YXYxDjAMBgNVBAsMBXZjZDIxMR4wHAYDVQQDDBVWSU49V1ZXWlpaM0NaRlA0MDAx
NjgwIhgPMjAxNTAxMzEwNzA4MTFaGA8yMDE2MDYxNTA3MDgxMVowbTELMAkGA1UE
BhMCZGUxDzANBgNVBAgMBmJlcmxpbjEPMA0GA1UEBwwGYmVybGluMQwwCgYDVQQK
DANpYXYxDjAMBgNVBAsMBXZjZDIxMR4wHAYDVQQDDBVWSU49V1ZXWlpaM0NaRlA0
MDAxNjgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS9wg9h9M63AW8Se/WBIiwJ
zTg3VvZeeJ2+6QWLE+tGkpa2svkMWKg4u85dJvB/k3vv/uiH+n+VwqvIFerYpSQB
oxAwDjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCICFtUyZt9wissRUY
heK7maQXI8x0wpD1ymrW1/BXcLPAAiB/lggjxYETD7m+NROj2jQsSyWHkFdIq2MI
X/CpG/SY5g==
-----END CERTIFICATE-----

certchain.cer:
-----BEGIN CERTIFICATE-----
MIIBzjCCAXSgAwIBAgIIAT8Lw/rhH90wCgYIKoZIzj0EAwIwbTELMAkGA1UEBhMC
ZGUxDzANBgNVBAgMBmJlcmxpbjEPMA0GA1UEBwwGYmVybGluMQwwCgYDVQQKDANp
YXYxDjAMBgNVBAsMBXZjZDIxMR4wHAYDVQQDDBVWSU49V1ZXWlpaM0NaRlA0MDAx
NjgwIhgPMjAxNTAxMzEwNzA4MTFaGA8yMDE2MDYxNTA3MDgxMVowaTELMAkGA1UE
BhMCZGUxDzANBgNVBAgMBmJlcmxpbjEPMA0GA1UEBwwGYmVybGluMQwwCgYDVQQK
DANpYXYxDjAMBgNVBAsMBXZjZDIxMRowGAYDVQQDDBFVU0FHRT1WaVdpIFNlcnZl
cjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGbsi52pPLltJC0kg2NRIThRcWtU
R93q84fsscTB2cxecauTHU4mMA62IqAFoc2ueI32zGVqxZNrX5dGr6LCwQcwCgYI
KoZIzj0EAwIDSAAwRQIhANYv2Gc4UUIKD6hsT/EaKecFxfz1LgYv4uFRlyAoLev1
AiBJDvBX0+pPjgTSX+zajNiIBnssitpNtWMG3+osJuMH4A==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB4zCCAYqgAwIBAgIIAb9ffAF3qDYwCgYIKoZIzj0EAwIwbTELMAkGA1UEBhMC
ZGUxDzANBgNVBAgMBmJlcmxpbjEPMA0GA1UEBwwGYmVybGluMQwwCgYDVQQKDANp
YXYxDjAMBgNVBAsMBXZjZDIxMR4wHAYDVQQDDBVWSU49V1ZXWlpaM0NaRlA0MDAx
NjgwIhgPMjAxNTAxMzEwNzA4MTFaGA8yMDE2MDYxNTA3MDgxMVowbTELMAkGA1UE
BhMCZGUxDzANBgNVBAgMBmJlcmxpbjEPMA0GA1UEBwwGYmVybGluMQwwCgYDVQQK
DANpYXYxDjAMBgNVBAsMBXZjZDIxMR4wHAYDVQQDDBVWSU49V1ZXWlpaM0NaRlA0
MDAxNjgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS9wg9h9M63AW8Se/WBIiwJ
zTg3VvZeeJ2+6QWLE+tGkpa2svkMWKg4u85dJvB/k3vv/uiH+n+VwqvIFerYpSQB
oxAwDjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0cAMEQCICFtUyZt9wissRUY
heK7maQXI8x0wpD1ymrW1/BXcLPAAiB/lggjxYETD7m+NROj2jQsSyWHkFdIq2MI
X/CpG/SY5g==
-----END CERTIFICATE-----

Hi Kaleb J. Himes,
Thanks for your kindly answer. This issue is solved.
The reason is client-side has some error.

Best Regards

I implement a process based on wolfssl in QNX platform.
The Cipher Suit set ECDHE-ECDSA-AES128-GCM-SHA256.
Server accept a connect and ssl handshake is ok. Then Server calling wolfSSL_read().
The first call can read correct data, but the second call wolfSSL_read() return -313.
And the error 80 is not found in wolfssl source code.
What can be the cause of it and how can I solve this?

Thank You.


Here is some error log:
wolfSSL Entering wolfSSL_read()
wolfSSL Entering wolfSSL_read_internal()
wolfSSL Entering ReceiveData()
growing input buffer

wolfSSL Entering AesGcmDecrypt
received record layer msg
got ALERT!
Got alert
wolfSSL error occurred, error = 80
wolfSSL error occurred, error = -313
wolfSSL Leaving wolfSSL_read_internal(), return -313
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -313