1

(6 replies, posted in wolfSSL)

Kaleb,
This is great.   Thanks so much for taking  the time to explain this!  We really appreciate the verbose response.
Thanks,
Bob

2

(6 replies, posted in wolfSSL)

Kaleb, That worked perfectly, thanks so much!  This brings up another question.  Is there a easy, or not so easy, way of determining the root?  In this case it didn't seem apparent.  In checking different servers I have been iterating though the certificates they provide (other than the server's certificate itself) during the handshake and then trying to find those certificates by serial number and loading  them.   How should I determine the root? 
Thanks again!
Bob
p.s. I just downloaded the source a couple days ago, so it should be the latest release.  I am not at the office right now, I can get you the version on Monday if that's important.

3

(6 replies, posted in wolfSSL)

Hi, I am in the process of evaluating WolfSSL for use in our products.  We are basically a client application that connects to many different servers(that we do not control).  I have hit a problem verifying a certificate(-188 error from wolf (No CA signer to verify with)).  This is verifiable through windows schannel and through an online cert checker.  I list the url and snipped from my code. Hopefully someone can tell me what is happening. 

The url is netconnectvar1.paymentech.net on port 443


in user_settings.h of the library added
#define DEBUG_WOLFSSL


#define NO_FILESYSTEM
#pragma message("No FIleSystem!")

///// my application ...
int MySend( WOLFSSL *ssl, char *buf, int sz, void *ctx)
{
    CMyClient* p = (CMyClient*) ctx;
    return p->Send(buf,sz);
}

int MyRecv( WOLFSSL *ssl, char *buf, int sz, void *ctx)
{
    CMyClient* p = (CMyClient*) ctx;
    return p->Receive(buf,sz);
}

void MyLogging(const int logLevel, const char *const logMessage)
{
    CString s = logMessage;
    TRACE("L->%d Msg->%s\n",logLevel,s.Left(256));
}
BYTE ROOT_CERTS_PEM[] =
//syamntec G4
//513fb9743870b73440418d30930699ff
"-----BEGIN CERTIFICATE-----\n"
"MIIFODCCBCCgAwIBAgIQUT+5dDhwtzRAQY0wkwaZ/zANBgkqhkiG9w0BAQsFADCB\n"
"yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
"ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp\n"
"U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW\n"
"ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0\n"
"aG9yaXR5IC0gRzUwHhcNMTMxMDMxMDAwMDAwWhcNMjMxMDMwMjM1OTU5WjB+MQsw\n"
"CQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAdBgNV\n"
"BAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVjIENs\n"
"YXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MIIBIjANBgkqhkiG9w0BAQEFAAOC\n"
"AQ8AMIIBCgKCAQEAstgFyhx0LbUXVjnFSlIJluhL2AzxaJ+aQihiw6UwU35VEYJb\n"
"A3oNL+F5BMm0lncZgQGUWfm893qZJ4Itt4PdWid/sgN6nFMl6UgfRk/InSn4vnlW\n"
"9vf92Tpo2otLgjNBEsPIPMzWlnqEIRoiBAMnF4scaGGTDw5RgDMdtLXO637QYqzu\n"
"s3sBdO9pNevK1T2p7peYyo2qRA4lmUoVlqTObQJUHypqJuIGOmNIrLRM0XWTUP8T\n"
"L9ba4cYY9Z/JJV3zADreJk20KQnNDz0jbxZKgRb78oMQw7jW2FUyPfG9D72MUpVK\n"
"Fpd6UiFjdS8W+cRmvvW1Cdj/JwDNRHxvSz+w9wIDAQABo4IBYzCCAV8wEgYDVR0T\n"
"AQH/BAgwBgEB/wIBADAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vczEuc3ltY2Iu\n"
"Y29tL3BjYTMtZzUuY3JsMA4GA1UdDwEB/wQEAwIBBjAvBggrBgEFBQcBAQQjMCEw\n"
"HwYIKwYBBQUHMAGGE2h0dHA6Ly9zMi5zeW1jYi5jb20wawYDVR0gBGQwYjBgBgpg\n"
"hkgBhvhFAQc2MFIwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20v\n"
"Y3BzMCgGCCsGAQUFBwICMBwaGmh0dHA6Ly93d3cuc3ltYXV0aC5jb20vcnBhMCkG\n"
"A1UdEQQiMCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTUzNDAdBgNVHQ4E\n"
"FgQUX2DPYZBV34RDFIpgKrL1evRDGO8wHwYDVR0jBBgwFoAUf9Nlp8Ld7LvwMAnz\n"
"Qzn6Aq8zMTMwDQYJKoZIhvcNAQELBQADggEBAF6UVkndji1l9cE2UbYD49qecxny\n"
"H1mrWH5sJgUs+oHXXCMXIiw3k/eG7IXmsKP9H+IyqEVv4dn7ua/ScKAyQmW/hP4W\n"
"Ko8/xabWo5N9Q+l0IZE1KPRj6S7t9/Vcf0uatSDpCr3gRRAMFJSaXaXjS5HoJJtG\n"
"QGX0InLNmfiIEfXzf+YzguaoxX7+0AjiJVgIcWjmzaLmFN5OUiQt/eV5E1PnXi8t\n"
"TRttQBVSK/eHiXgSgW7ZTaoteNTCLD0IX4eRnh8OsN4wUmSGiaqdZpwOdgyA8nTY\n"
"Kvi4Os7X1g8RvmurFPW9QaAiY4nxug9vKWNmLT+sjHLF+8fk1A/yO0+MKcc=\n"
"-----END CERTIFICATE-----\n"
//250ce8e030612e9f2b89f7054d7cf8fd
"-----BEGIN CERTIFICATE-----\n"
"MIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4/TANBgkqhkiG9w0BAQUFADBf\n"
"MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT\n"
"LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw\n"
"HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx\n"
"FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz\n"
"dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv\n"
"ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz\n"
"IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi\n"
"MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8\n"
"RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb\n"
"ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR\n"
"TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/\n"
"Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH\n"
"iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB\n"
"AAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0\n"
"dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjA9\n"
"BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy\n"
"aXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYI\n"
"KwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQU\n"
"j+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29t\n"
"L3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v\n"
"b2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMC\n"
"BggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUA\n"
"A4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5K\n"
"lCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZ\n"
"tOxFNfeKW/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3/\n"
"-----END CERTIFICATE-----\n"
};

bool SendAuthWolf(const CString packet, const bool bIsDebit,const CString debitConfpacket)
{
    gPort = (443);
    gHost = ("netconnectvar1.paymentech.net");

    //int sockfd;
    WOLFSSL_CTX* ctx;
    WOLFSSL* ssl;
    wolfSSL_method_func method = NULL;
    wolfSSL_Init();
   
    wolfSSL_SetLoggingCb(MyLogging);
    wolfSSL_Debugging_ON();   

    CMyClient cl;
    if(!cl.ConnectToServer(gHost,gPort,10000) )
    {
        err_sys("Connect Failed");
    }


    method = wolfTLSv1_2_client_method_ex; /* use TLS v1.2 */

    /* make new ssl context */
    if ( (ctx = wolfSSL_CTX_new(method(NULL))) == NULL)
    {
          err_sys("wolfSSL_CTX_new error");
    }
   
   
    wolfSSL_SetIOSend(ctx,MySend);
    wolfSSL_SetIORecv(ctx,MyRecv);

    ssl = wolfSSL_new(ctx);
    if (ssl == NULL)
    {
        wolfSSL_CTX_free(ctx);
        err_sys("unable to get SSL object");
    }


    /* Add cert to ctx */
    int x =     wolfSSL_CTX_load_verify_buffer(ctx, ROOT_CERTS_PEM,sizeof ROOT_CERTS_PEM, WOLFSSL_FILETYPE_PEM);

if (x != WOLFSSL_SUCCESS)
{
    x = wolfSSL_get_error(ssl, 0);
    CString errStr;
    errStr.Format("%d",x);
    AfxMessageBox( errStr);
}

    /* Connect wolfssl to the socket, server, then send message */

    wolfSSL_SetIOWriteCtx(ssl,&cl);
    wolfSSL_SetIOReadCtx(ssl,&cl);


    int ret,err;

    ret = wolfSSL_connect(ssl);
    if (ret != WOLFSSL_SUCCESS)
    {
        err = wolfSSL_get_error(ssl, 0);
        CString errStr,temp = wc_GetErrorString(err);
        errStr.Format(_T("%s[%d]"),temp,err);
        AfxMessageBox( errStr);
    }
    char buffer[5000];
   
    #define CRLF "\r\n"   
    m_lastError = "Value Not Set";   

    CString payLoad = "TEST PAYLOAD GOES HERE";
    CString Packet =    "POST /interfaces/bp10emu HTTP/1.0"            CRLF;
    Packet +=            "Host: " + gHost; Packet +=                             CRLF;
    Packet +=            "Content-Type: application/x-www-form-urlencoded"    CRLF;
    CString content;
    content.Format("Content-Length: %d"CRLF,payLoad.GetLength());
    Packet +=            content;
    Packet +=            CRLF;
    Packet +=            payLoad;
    wolfSSL_write(ssl, Packet, Packet.GetLength());
    memset(buffer,'\0',sizeof buffer);
    int bytes = wolfSSL_read(ssl, buffer, sizeof buffer);
    if(bytes > 0)
    {
        printf("%s",buffer);
        m_strAuthResponse = buffer;
    }
    /* frees all data before client termination */
    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
    wolfSSL_Cleanup();
    cl.CloseConnection();
    return 555 != 0;
}
Thanks in Advance,
Bob