Hi! I've tried using WolfSSL with the Arduino Due. And I thought it was going on well at some point, but then I now have these consistent errors where the entire thing hangs at "lg 2: wolfSSL Entering SSL_CTX_free". I use a W5500 with the Ethernet2 library btw.

This happens because what I do is everytime I get a LAN connection or connection "error", I reinitialize the ethernet connection with "Ethernet.begin()", and then reinitialize the wolfSSLSetup. But to accomodate for potential memory leak, I put this on top of the whole process:

    if (ctx != NULL) {
        Serial.println(F("[wolfSSLSetup]: ctx not null, so freed"));

        wolfSSL_CTX_free(ctx); ctx = NULL;
    }

I think it gets stuck right at that line above and I'm not sure why.

The errors that happen actually that by logic makes my code reinitialize the Ethernet connection and the wolfSSL setup is either an error -308 or -150.

Right now, I'm thinking that perhaps this error would get fixed if I don't do the setup for reloading wolfSSL instead, but only do the "Ethernet.begin()" thing when there's a LAN disconnect. Idea is I would like the node to be able to reconnect on its own without human interference.

Below is the wrapper code I use to make use of WolfSSL with the Arduino Due:

#include <Arduino.h>


// Type definitions
typedef unsigned int   word32;

struct timeval {
  long tv_sec;
  long tv_usec;
};

// Custom RNG Function
int  myRngFunc(byte* output, unsigned int sz)
{
    unsigned int i;
    randomSeed(analogRead(0));

    for (i = 0; i < sz; i++) {
        output[i] = random(0, 254);
    }

    return 0;
}


// Get Unix timestmap via NTP


// A UDP instance to let us send and receive packets over UDP
EthernetUDP Udp;
unsigned int localPort = 8888;       // local port to listen for UDP packets

//long int CURRENT_TIMESTAMP = 2208988800UL;


long int getUnixNTP()
{

    int repeat = 20;
    int res = 0;

    unsigned long epoch =  2208988800U;
    char timeServer[] = "time.nist.gov"; // time.nist.gov NTP server
    const int NTP_PACKET_SIZE = 48; // NTP time stamp is in the first 48 bytes of the message
    byte packetBuffer[ NTP_PACKET_SIZE]; //buffer to hold incoming and outgoing packets


    for (int i = 0; i < repeat; i++) {
        res = 0;

        res = Udp.begin(localPort);
        if (res == 0) {
            Serial.println("UDPE0");
            Udp.stop();
            return -1;
        }
    
    
    
    
    
        // Send an NTP Packet to the given address
    
        // set all bytes in the buffer to 0
        memset(packetBuffer, 0, NTP_PACKET_SIZE);
        // Initialize values needed to form NTP request
        // (see URL above for details on the packets)
        packetBuffer[0] = 0b11100011;   // LI, Version, Mode
        packetBuffer[1] = 0;     // Stratum, or type of clock
        packetBuffer[2] = 6;     // Polling Interval
        packetBuffer[3] = 0xEC;  // Peer Clock Precision
        // 8 bytes of zero for Root Delay & Root Dispersion
        packetBuffer[12]  = 49;
        packetBuffer[13]  = 0x4E;
        packetBuffer[14]  = 49;
        packetBuffer[15]  = 52;
    
        // all NTP fields have been given values, now
        // you can send a packet requesting a timestamp:
        Serial.println(F("before udp begin packet"));
        res = Udp.beginPacket(timeServer, 123); //NTP requests are to port 123
        if (res == 0) {
            Serial.println("UDPE1");
            Udp.stop();
            return -1;
        }
        Udp.write(packetBuffer, NTP_PACKET_SIZE);
        res = Udp.endPacket();
        if (res == 0) {
            Serial.println("UDPE2");
            Udp.stop();
            return -1;
        }
        Serial.println(F("afterx udp end"));
    
        // wait to see if a reply is available
        delay(1000);
    
        if ( Udp.parsePacket() ) {
            Serial.println(F("UDP1"));
    
            // We've received a packet, read the data from it
            Udp.read(packetBuffer, NTP_PACKET_SIZE); // read the packet into the buffer
            Serial.println(F("UDP2"));
    
            //the timestamp starts at byte 40 of the received packet and is four bytes,
            // or two words, long. First, esxtract the two words:
    
            unsigned long highWord = word(packetBuffer[40], packetBuffer[41]);
            unsigned long lowWord = word(packetBuffer[42], packetBuffer[43]);
            Serial.println(F("UDP3"));
    
            // combine the four bytes (two words) into a long integer
            // this is NTP time (seconds since Jan 1 1900):
            unsigned long secsSince1900 = highWord << 16 | lowWord;
            Serial.print(F("Seconds since Jan 1 1900 = "));
            Serial.println(secsSince1900);
    
            // now convert NTP time into everyday time:
            Serial.print(F("Unix time = "));
            // Unix time starts on Jan 1 1970. In seconds, that's 2208988800:
            const unsigned long seventyYears = 2208988800UL;
            // subtract seventy years:
            epoch = secsSince1900 - seventyYears;
            // print Unix time:
            Serial.println(epoch);
    
            /*
                // print the hour, minute and second:
                Serial.print(F("The UTC time is "));       // UTC is the time at Greenwich Meridian (GMT)
                Serial.print((epoch  % 86400L) / 3600); // print the hour (86400 equals secs per day)
                Serial.print(':');
                if ( ((epoch % 3600) / 60) < 10 ) {
                // In the first 10 minutes of each hour, we'll want a leading '0'
                Serial.print('0');
                }
                Serial.print((epoch  % 3600) / 60); // print the minute (3600 equals secs per minute)
                Serial.print(':');
                if ( (epoch % 60) < 10 ) {
                // In the first 10 seconds of each minute, we'll want a leading '0'
                Serial.print('0');
                }
                Serial.println(epoch % 60); // print the second
            */
           Udp.stop();
           break;
        }
        Udp.stop();
        if (i == repeat - 1) {
            Serial.println("[ntp]: reached 20 err");
            return -1;
        }
    }

    return epoch;
}

int _gettimeofday( struct timeval *tv, void *tzvp)
{
  //uint64_t t = __your_system_time_function_here__();  // get uptime in nanoseconds
  //tv->tv_sec = t / 1000000000;  // convert to seconds
  //tv->tv_usec = ( t % 1000000000 ) / 1000;  // get remaining microseconds
  /*
  long mt = millis();
  tv->tv_sec = mt/1000;
  tv->tv_usec = mt*1000;
  */
  //long int mt = 1550041049;

  //long int mt = 1550633024 ;

    long int CURRENT_TIMESTAMP = 2208988800UL;

    CURRENT_TIMESTAMP = getUnixNTP();

    if (CURRENT_TIMESTAMP == -1) {
        return -1;
    }

    Serial.print("[_gettimeofday]: "); Serial.println(CURRENT_TIMESTAMP);
    tv->tv_sec = CURRENT_TIMESTAMP;
    tv->tv_usec = 0;
    return 0;  // return non-zero for error
} // end _gettimeofday()



// Custom logger
void wolfssl_custom_logging_cb(const int logLevel, const char *const logMessage) {
    Serial.print(F("lg ")); Serial.print(logLevel); Serial.print(F(": ")); Serial.println(logMessage);
 }


// Connection variables and functions

WOLFSSL_CTX* ctx = NULL;
WOLFSSL* ssl = NULL;

int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
EthernetClient client;


int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
    Serial.println(F("[EthernetSend]"));
    int sent = 0;
    Serial.print(F("[EthernetSend] msg "));
    Serial.println(msg);
    Serial.print(F("[EthernetSend] sz "));
    Serial.println(sz);
    sent = client.write((byte*)msg, sz);


    // size_t EthernetClient::write(uint8_t b) {
    //     return write(&b, 1);
    //   }
    //   size_t EthernetClient::write(const uint8_t *buf, size_t size) {
    //     if (_sock == MAX_SOCK_NUM) {
    //       setWriteError();
    //       return 0;
    //     }
    //     if (!send(_sock, buf, size)) {
    //       setWriteError();
    //       return 0;
    //     }
    //     return size;
    //   }

    // Error handling
    // Max Sock Num
    // Error in writing
    if (sent == 0) {
        sent = -1;
    }

    return sent;
}

int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
    Serial.println(F("[EthernetReceive]"));
    int ret = 0;

    if (client.available() > 0) {
        Serial.println(F("ETR0"));
    }

    if (ret < sz) {
        Serial.println(F("ETR1"));
    }
    Serial.print("ret: ");
    Serial.println(ret);
    Serial.print("sz: ");
    Serial.println(sz);
    Serial.println("ETRLOOP");
    while (client.available() > 0 && ret < sz) {

        reply[ret++] = client.read();
        

    }
    Serial.println(ret);

    //Serial.println(reply);
    Serial.println("ETR2");
    if (ret != sz) {
        Serial.println("ETR3");
        Serial.println(ret);
        Serial.println(sz);
        return -1; //  return SOCKET_ERROR_E;

    }
    return ret;
}



int8_t wolfSSLSetup(byte * ROOT_CERTS_PEM, unsigned int size_cert, const char * host) {
    WOLFSSL_METHOD* method;

    freeRam();

    // If not init, then ctx is not null
    if (ctx != NULL) {
        Serial.println(F("[wolfSSLSetup]: ctx not null, so freed"));

        wolfSSL_CTX_free(ctx); ctx = NULL;
    }

    // Enable logging

    wolfSSL_Debugging_ON();

    wolfSSL_SetLoggingCb(&wolfssl_custom_logging_cb);

    // WOLFSSL_ECC_X25519
    //wolfSSL_CTX_UseSupportedCurve(ssl, WOLFSSL_ECC_X25519);
    wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP160K1);
    method = wolfTLSv1_2_client_method();
    //method =  wolfSSLv23_client_method();
    //method = wolfTLSv1_3_client_method();
    if (method == NULL) {
        Serial.println(F("[wolfTLSv1_2_client_method] unable to get method"));
        return -1;
    }

    //wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);




    ctx = wolfSSL_CTX_new(method);
    if (ctx == NULL) {
        Serial.println(F("[wolfSSL_CTX_new] unable to get ctx"));
        return -1;
    }
    /*
    Serial.println((char *)ROOT_CERTS_PEM);
    Serial.println(sizeof((&ROOT_CERTS_PEM)[0]));
    Serial.println(sizeof (&ROOT_CERTS_PEM)[0]);
    Serial.println((char *)ROOT_CERTS_PEM_0);
    Serial.println(sizeof(ROOT_CERTS_PEM_0));
    Serial.println(sizeof ROOT_CERTS_PEM_0);
    */
    /* Add cert to ctx */
    int x =     wolfSSL_CTX_load_verify_buffer(ctx, ROOT_CERTS_PEM,size_cert, WOLFSSL_FILETYPE_PEM);
    int err            = 0;
    char errBuf[81];

    if (x != WOLFSSL_SUCCESS) {
        Serial.println(F("WolfSSL not success with ctx load"));
        err = wolfSSL_get_error(ssl, 0);
        wolfSSL_ERR_error_string_n(err, errBuf, 80);
        Serial.print(F("ERR wolfSSL_CTX_Load_verify_buffer: "));
        Serial.println(errBuf);
        return -1;
    }

    if (wolfSSL_CTX_UseSNI(ctx, 0, host, (word16) XSTRLEN(host)) != WOLFSSL_SUCCESS) {
        Serial.println(F("WolfSSL failed UseSNI"));

        wolfSSL_CTX_free(ctx); ctx = NULL;
        Serial.println(F("UseSNI failed"));
        //err_sys("UseSNI failed"));
        return -1;
    }
    // initialize wolfSSL using callback functions
    //wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
    wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);

    wolfSSL_SetIOSend(ctx, EthernetSend);
    wolfSSL_SetIORecv(ctx, EthernetReceive);

    Serial.println(F("Setup success!"));
    freeRam();

    return 0;
}

int8_t SSLRequest(const char * host, const int port, char * msg, char * errBuf, char * reply)
{
    int err            = 0;
    int input          = 0;
    int total_input    = 0;

    int msgSz = (int)strlen(msg);

    const char* cipherName;

    int bwritten = 0;
    int8_t ifSuccess = 0;

    int reconnect = 10;

    int8_t res = 0;

    while (1) {

        if (reconnect > 0) {
            reconnect--;

            res = client.connect(host, port);
            Serial.print("[client.connect ret]: "); Serial.println(res);
            if (res > 0) {
                Serial.print(F("[SSLRequest] Connected to "));
                Serial.println(host);
                // freeRam();

                if (ctx == NULL) {
                    Serial.println(F("[SSLRequest] null ctx"));
                } 

                ssl = wolfSSL_new(ctx);
                Serial.println(F("SSLRequest"));
                freeRam();
                if (ssl == NULL) {
                    Serial.println(F("[SSLRequest] Unable to allocate SSL object"));
                    //freeRam();

                    err = wolfSSL_get_error(ssl, 0);
                    wolfSSL_ERR_error_string_n(err, errBuf, 80);
                    Serial.print(F("[SSLRequest] wolfSSL_new: "));
                    Serial.println(errBuf);
                    client.stop();
                    return -1;
                }

                err = wolfSSL_connect(ssl);
                freeRam();

                Serial.print(F("[SSLRequest] aft wolfSSL_connect err: ")); Serial.println(err);
                if (err != WOLFSSL_SUCCESS) {
                    err = wolfSSL_get_error(ssl, 0);
                    wolfSSL_ERR_error_string(err, errBuf);
                    Serial.print(F("[SSLRequest] TLS Connect Error: "));
                    Serial.println(errBuf);
                    wolfSSL_shutdown(ssl);
                    wolfSSL_free(ssl);
                    client.stop();

                    return -1;
                }

                Serial.print(F("[SSLRequest] SSL version is "));
                Serial.println(wolfSSL_get_version(ssl));

                cipherName = wolfSSL_get_cipher(ssl);
                Serial.print(F("[SSLRequest] SSL cipher suite is "));
                Serial.println(cipherName);
                Serial.println(F("[msg to send]:"));
                Serial.println(msg);
                Serial.println(strlen(msg));

                bwritten = wolfSSL_write(ssl, (char *) msg, strlen(msg));
                Serial.print(F("[SSLRequest] [Bytes written= ]"));
                Serial.println(bwritten);
                freeRam();

                if (bwritten > 0) {
                    Serial.println(F("[SSLRequest] [Server response]: "));
                    while ( client.available() || wolfSSL_pending(ssl) ) {
                        input = wolfSSL_read(ssl, reply, 1000-1);
                        total_input += input;
                        Serial.println(F("[SSLRequest]: Input"));
                        if ( input > 0 ) {
                            reply[input] = '\0';
                            Serial.print(reply);
                        } else {
                            Serial.println();
                            Serial.println(F("Read error"));
                            //return -1;
                        }
                    }

                    Serial.print(F("[SSLRequest] Bytes read= "));
                    Serial.println(total_input);
                } else {
                    err = wolfSSL_get_error(ssl, 0);
                    wolfSSL_ERR_error_string(err, errBuf);
                    Serial.print(F("[SSLRequest] LS Write Error: "));
                    Serial.println(errBuf);
                    //return -1;
                }
                freeRam();

                Serial.println(F("[SSLRequest] [before shutdown]"));
                wolfSSL_shutdown(ssl);
                wolfSSL_free(ssl);

                client.stop();
                Serial.println(F("[SSLRequest] Connection complete."));
                reconnect = 0;
                freeRam();
                ifSuccess = 1;

            } else {
                Serial.println(F("[SSLRequest] Trying to reconnect..."));
            }
        } else {
            if (ifSuccess == 1) {
                return 0; // Transaction completed succssfully
            } else {
                client.stop();

                return -2; // Transaction completed, but did not send properly
            }
        }
        Serial.println(F("[SSLRequest]: before delay 5000"));
        delay(2000);

    }
}

2

(7 replies, posted in wolfSSL)

Omg it finally worked I think on the Arduino Due!

What I fixed was just change the line in the Arduino example code from this:

// when sending data
            if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
                Serial.println("[Server response]: ");
                while (client.available() || wolfSSL_pending(ssl)) {

To this:

            bwritten = wolfSSL_write(ssl, (char *) msg, strlen(msg));
            Serial.print("[Bytes written= ]");
            Serial.println(bwritten);
            
            if (bwritten > 0) {
                Serial.println("[Server response]: ");
                while ( client.available() || wolfSSL_pending(ssl) ) {

These are the debug logs I'm getting. However, I'm not really sure but how would I know if this is really running thru HTTPS and not HTTP? Or if TLS is working ok?

 1: CB5
log 3: 192.168.0.112
Ram used (bytes): 
dynamic: 128
static: 6464
stack: 176
Est. free ram: 91536
log 2: wolfSSL Entering TLSv1_2_client_method_ex
log 2: wolfSSL Entering wolfSSL_CTX_new_ex
log 2: wolfSSL Entering wolfSSL_Init
log 2: wolfSSL Entering wolfCrypt_Init
log 2: wolfSSL Entering wolfSSL_CertManagerNew
log 3: wolfSSL Leaving WOLFSSL_CTX_new, return 0
log 2: wolfSSL Entering wolfSSL_CTX_load_verify_buffer
log 1: Processing CA PEM file
log 2: wolfSSL Entering PemToDer
log 1: Adding a CA
log 2: wolfSSL Entering GetExplicitVersion
log 2: wolfSSL Entering GetSerialNumber
log 1: Got Cert Header
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: Got Algo ID
log 1: Getting Cert Name
log 1: Getting Cert Name
log 1: Got Subject Name
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: Got Key
log 1: Parsed Past Key
log 2: wolfSSL Entering DecodeCertExtensions
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeBasicCaConstraint
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeKeyUsage
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeSubjKeyId
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1:     Parsed new CA
log 1:     Freeing Parsed CA
log 1:     Freeing der CA
log 1:         OK Freeing der CA
log 3: wolfSSL Leaving AddCA, return 0
log 1:    Processed a CA
log 1: Processed at least one valid CA. Other stuff OK
log 2: wolfSSL Entering wolfSSL_CTX_set_verify
log 1: CB7
Setup success!
Ram used (bytes): 
dynamic: 952
static: 6464
stack: 176
Est. free ram: 90712
Connected to scan-ssl.sandnox.com
log 2: wolfSSL Entering SSL_new
log 1: wolfSSL_new: in if SSL
log 1: CB5
log 3: wolfSSL Leaving SSL_new, return 0
Ram used (bytes): 
dynamic: 3144
static: 6464
stack: 2168
Est. free ram: 86528
log 2: wolfSSL Entering SSL_connect()
log 1: in CONNECT_BEGIN
log 2: wolfSSL Entering SendClientHello
log 1: SCH0
log 1: SCH1
log 1: Adding signature algorithms extension
log 1: SCH2
log 1: growing output buffer

log 1: alloc mem success
log 1: h0
log 1: h1
log 1: h2
log 1: h3
log 1: end of GrowOutputBuffer
log 1: end of CheckAvailableSize
log 1: SCH3
log 1: SCH4
log 1: SCH41
log 1: SCH5
log 1: SCH6
log 1: SCH8
log 1: SCH9
log 1: SCH10
log 1: Signature Algorithms extension to write
log 1: Point Formats extension to write
log 1: Supported Groups extension to write
log 1: SNI extension to write
log 1: SCH11
log 1: SCH15
log 1: SCH17
log 1: SCH170
log 1: SCH18
log 1: SCH20
log 1: SB0
log 1: SB1
log 1: SB4
log 1: 163
log 1: SBW0
EthernetSend

163
write end
log 1: SBW1
log 1: SBW2
log 1: SBW3
log 1: SB -1
log 1: Shrinking output buffer

log 1: SB end
log 1: SCH21
log 3: wolfSSL Leaving SendClientHello, return 0
log 1: SC end
log 1: aft SendClientHello
log 1: connect state: CLIENT_HELLO_SENT
log 1: growing input buffer

log 1: received record layer msg
log 2: wolfSSL Entering DoHandShakeMsg()
log 2: wolfSSL Entering DoHandShakeMsgType
log 1: processing server hello
log 2: wolfSSL Entering DoServerHello
log 1: Point Formats extension received
log 2: wolfSSL Entering VerifyClientSuite
log 3: wolfSSL Leaving DoServerHello, return 0
log 1: Shrinking input buffer

log 3: wolfSSL Leaving DoHandShakeMsgType(), return 0
log 3: wolfSSL Leaving DoHandShakeMsg(), return 0
log 1: growing input buffer

log 1: received record layer msg
log 2: wolfSSL Entering DoHandShakeMsg()
log 2: wolfSSL Entering DoHandShakeMsgType
log 1: processing certificate
log 2: wolfSSL Entering DoCertificate
log 2: wolfSSL Entering ProcessPeerCerts
log 1: Loading peer's cert chain
log 1:     Put another cert into chain
log 1:     Put another cert into chain
log 2: wolfSSL Entering GetExplicitVersion
log 2: wolfSSL Entering GetSerialNumber
log 1: Got Cert Header
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: Got Algo ID
log 1: Getting Cert Name
log 1: Getting Cert Name
log 1: Got Subject Name
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: Got Key
log 1: Parsed Past Key
log 2: wolfSSL Entering DecodeCertExtensions
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeBasicCaConstraint
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeKeyUsage
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeAuthInfo
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeAuthKeyId
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeCertPolicy
log 3: wolfSSL Leaving DecodeCertPolicy, return 0
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeCrlDist
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeSubjKeyId
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: About to verify certificate signature
log 2: wolfSSL Entering ConfirmSignature
log 3: wolfSSL Leaving ConfirmSignature, return 0
log 1: Adding CA from chain
log 1: Adding a CA
log 2: wolfSSL Entering GetExplicitVersion
log 2: wolfSSL Entering GetSerialNumber
log 1: Got Cert Header
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: Got Algo ID
log 1: Getting Cert Name
log 1: Getting Cert Name
log 1: Got Subject Name
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: Got Key
log 1: Parsed Past Key
log 2: wolfSSL Entering DecodeCertExtensions
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeBasicCaConstraint
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeKeyUsage
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeAuthInfo
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeAuthKeyId
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeCertPolicy
log 3: wolfSSL Leaving DecodeCertPolicy, return 0
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeCrlDist
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeSubjKeyId
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1:     Parsed new CA
log 1:     Freeing Parsed CA
log 1:     Freeing der CA
log 1:         OK Freeing der CA
log 3: wolfSSL Leaving AddCA, return 0
log 1: Verifying Peer's cert
log 2: wolfSSL Entering GetExplicitVersion
log 2: wolfSSL Entering GetSerialNumber
log 1: Got Cert Header
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: Got Algo ID
log 1: Getting Cert Name
log 1: Getting Cert Name
log 1: Got Subject Name
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: Got Key
log 1: Parsed Past Key
log 2: wolfSSL Entering DecodeCertExtensions
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeKeyUsage
log 2: wolfSSL Entering GetObjectId()
log 1: DecodeExtKeyUsage
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeBasicCaConstraint
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeSubjKeyId
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeAuthKeyId
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeAuthInfo
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeAltNames
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeCertPolicy
log 3: wolfSSL Leaving DecodeCertPolicy, return 0
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: About to verify certificate signature
log 2: wolfSSL Entering ConfirmSignature
log 3: wolfSSL Leaving ConfirmSignature, return 0
log 1: Verified Peer's cert
log 3: wolfSSL Leaving ProcessPeerCerts, return 0
log 3: wolfSSL Leaving DoCertificate, return 0
log 1: Shrinking input buffer

log 3: wolfSSL Leaving DoHandShakeMsgType(), return 0
log 3: wolfSSL Leaving DoHandShakeMsg(), return 0
log 1: growing input buffer

log 1: received record layer msg
log 2: wolfSSL Entering DoHandShakeMsg()
log 2: wolfSSL Entering DoHandShakeMsgType
log 1: processing server key exchange
log 2: wolfSSL Entering DoServerKeyExchange
log 2: wolfSSL Entering RsaVerify
log 3: wolfSSL Leaving RsaVerify, return 51
log 3: wolfSSL Leaving DoServerKeyExchange, return 0
log 1: Shrinking input buffer

log 3: wolfSSL Leaving DoHandShakeMsgType(), return 0
log 3: wolfSSL Leaving DoHandShakeMsg(), return 0
log 1: received record layer msg
log 2: wolfSSL Entering DoHandShakeMsg()
log 2: wolfSSL Entering DoHandShakeMsgType
log 1: processing server hello done
log 3: wolfSSL Leaving DoHandShakeMsgType(), return 0
log 3: wolfSSL Leaving DoHandShakeMsg(), return 0
log 1: connect state: HELLO_AGAIN
log 1: connect state: HELLO_AGAIN_REPLY
log 1: connect state: FIRST_REPLY_DONE
log 1: connect state: FIRST_REPLY_FIRST
log 2: wolfSSL Entering SendClientKeyExchange
log 2: wolfSSL Entering EccMakeKey
log 3: wolfSSL Leaving EccMakeKey, return 0
log 2: wolfSSL Entering EccSharedSecret
log 3: wolfSSL Leaving EccSharedSecret, return 0
log 1: growing output buffer

log 1: alloc mem success
log 1: h0
log 1: h1
log 1: h2
log 1: h3
log 1: end of GrowOutputBuffer
log 1: end of CheckAvailableSize
log 1: SB0
log 1: SB1
log 1: SB4
log 1: 75
log 1: SBW0
EthernetSend

75
write end
log 1: SBW1
log 1: SBW2
log 1: SBW3
log 1: SB -1
log 1: Shrinking output buffer

log 1: SB end
log 3: wolfSSL Leaving SendClientKeyExchange, return 0
log 1: sent: client key exchange
log 1: connect state: FIRST_REPLY_SECOND
log 1: connect state: FIRST_REPLY_THIRD
log 1: growing output buffer

log 1: alloc mem success
log 1: h0
log 1: h1
log 1: h2
log 1: h3
log 1: end of GrowOutputBuffer
log 1: end of CheckAvailableSize
log 1: SB0
log 1: SB1
log 1: SB4
log 1: 6
log 1: SBW0
EthernetSend

6
write end
log 1: SBW1
log 1: SBW2
log 1: SBW3
log 1: SB -1
log 1: Shrinking output buffer

log 1: SB end
log 1: sent: change cipher spec
log 1: connect state: FIRST_REPLY_FOURTH
log 2: wolfSSL Entering SendFinished
log 1: growing output buffer

log 1: alloc mem success
log 1: h0
log 1: h1
log 1: h2
log 1: h3
log 1: end of GrowOutputBuffer
log 1: end of CheckAvailableSize
log 2: wolfSSL Entering BuildMessage
log 3: wolfSSL Leaving BuildMessage, return 0
log 1: SB0
log 1: SB1
log 1: SB4
log 1: 45
log 1: SBW0
EthernetSend

45
write end
log 1: SBW1
log 1: SBW2
log 1: SBW3
log 1: SB -1
log 1: Shrinking output buffer

log 1: SB end
log 3: wolfSSL Leaving SendFinished, return 0
log 1: sent: finished
log 1: connect state: FINISHED_DONE
log 1: received record layer msg
log 1: got CHANGE CIPHER SPEC
log 1: growing input buffer

log 1: received record layer msg
log 2: wolfSSL Entering DoHandShakeMsg()
log 2: wolfSSL Entering DoHandShakeMsgType
log 1: processing finished
log 2: wolfSSL Entering DoFinished
log 3: wolfSSL Leaving DoFinished, return 0
log 1: Shrinking input buffer

log 3: wolfSSL Leaving DoHandShakeMsgType(), return 0
log 3: wolfSSL Leaving DoHandShakeMsg(), return 0
log 1: connect state: SECOND_REPLY_DONE
log 3: wolfSSL Leaving SSL_connect(), return 1
Ram used (bytes): 
dynamic: 3136
static: 6464
stack: 2168
Est. free ram: 86536
aft wolfSSL_conenct err: 1
SSL version is log 2: wolfSSL Entering SSL_get_version
TLSv1.2
log 2: wolfSSL Entering wolfSSL_get_cipher
log 2: wolfSSL Entering SSL_get_current_cipher
log 2: wolfSSL Entering SSL_CIPHER_get_name
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[msg to send]:
GET / HTTP/1.0
Host: scan-ssl.sandnox.com
Connection: close


log 2: wolfSSL Entering SSL_write()
log 1: growing output buffer

log 1: alloc mem success
log 1: h0
log 1: h1
log 1: h2
log 1: h3
log 1: end of GrowOutputBuffer
log 1: end of CheckAvailableSize
log 2: wolfSSL Entering BuildMessage
log 3: wolfSSL Leaving BuildMessage, return 0
log 1: SB0
log 1: SB1
log 1: SB4
log 1: 94
log 1: SBW0
EthernetSend

94
write end
log 1: SBW1
log 1: SBW2
log 1: SBW3
log 1: SB -1
log 1: Shrinking output buffer

log 1: SB end
log 3: wolfSSL Leaving SSL_write(), return 65
[Bytes written= ]65
[Server response]: 
log 2: wolfSSL Entering wolfSSL_read()
log 2: wolfSSL Entering wolfSSL_read_internal()
log 2: wolfSSL Entering ReceiveData()
log 1: growing input buffer

log 1: received record layer msg
log 1: got app DATA
log 1: Shrinking input buffer

log 3: wolfSSL Leaving ReceiveData(), return 514
log 3: wolfSSL Leaving wolfSSL_read_internal(), return 514
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 26 Feb 2019 06:12:41 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 28
Connection: close
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Access-Control-Allow-Origin: *
ETag: W/"1c-UCPDcjEBKAAJOPBleMB23MZkIOM"
Vary: Accept-Encoding

{
    "status": "Temp API"
}log 2: wolfSSL Entering wolfSSL_read()
log 2: wolfSSL Entering wolfSSL_read_internal()
log 2: wolfSSL Entering ReceiveData()
log 1: growing input buffer

log 1: received record layer msg
log 1: got ALERT!
log 1: Got alert
log 1:     close notify
log 0: wolfSSL error occurred, error = 0
log 0: wolfSSL error occurred, error = -343
log 1: Zero return, no more data coming
log 3: wolfSSL Leaving wolfSSL_read_internal(), return 0

Read error
log 2: wolfSSL Entering SSL_pending
Bytes read= 0
[before shutdown]
log 2: wolfSSL Entering SSL_shutdown()
log 1: growing output buffer

log 1: alloc mem success
log 1: h0
log 1: h1
log 1: h2
log 1: h3
log 1: end of GrowOutputBuffer
log 1: end of CheckAvailableSize
log 2: wolfSSL Entering BuildMessage
log 3: wolfSSL Leaving BuildMessage, return 0
log 1: SB0
log 1: SB1
log 1: SB4
log 1: 31
log 1: SBW0
EthernetSend

31
write end
log 1: SBW1
log 1: SBW2
log 1: SBW3
log 1: SB -1
log 1: Shrinking output buffer

log 1: SB end
log 3: wolfSSL Leaving SSL_shutdown(), return 1
log 2: wolfSSL Entering SSL_free
log 1: CTX ref count not 0 yet, no free
log 1: Shrinking input buffer

log 3: wolfSSL Leaving SSL_free, return 0
Connection complete.

3

(7 replies, posted in wolfSSL)

Ok so this nginx config worked for me:

server {
    listen 80;
    server_name scan-ssl.sandnox.com;
   # return 301 https://$host$request_uri;
      error_log /var/log/nginx/error.log debug;
return 301 https://$server_name$request_uri;
}
server {
    listen 443 default ssl;
    server_name scan-ssl.sandnox.com;

  location / {
    proxy_set_header  X-Real-IP  $remote_addr;
    proxy_set_header  Host       $http_host;
    proxy_pass        http://127.0.0.1:50000;
  }
    ssl on;
    ssl_certificate /etc/letsencrypt/live/scan-ssl.sandnox.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/scan-ssl.sandnox.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
      error_log /var/log/nginx/error.log debug;
}

And apparently I neglected to check the client code example, and thus now changed GET /index.html to GET /. And increased the buffer size of reply[80] to reply[500].

My problem right now is that the Arduino Due still won't work ok haha.

4

(7 replies, posted in wolfSSL)

Hi! Thanks for replying Alex! I realize that my previous posts on this thread was confusing, just as a recap, what I'm doing is trying to enable HTTPS with scan-ssl.sandnox.com, which I configured with SSL via Let's Encrypt. And so I found the root CA for it from identrust. I attached the file here as well.

Ultimately, I would want to run this on an Arduino Due. But it appears that I'm having problems even just with client side on PC.

I tried using the -g option and it did improve the situation. Weirdly, I'm already putting in a GET request with the Arduino Due and received the same results before. Anyways shall look into that more later.

I'm confused though, I keep getting this error, upon running this command:

./examples/client/client -h scan-ssl.sandnox.com -p 443 -A trustidrootx3_chain.pem -g
:~/Downloads/wolfssl-3.15.7$ ./examples/client/client -h  scan-ssl.sandnox.com -p 443 -A trustidrootx3_chain.pem -g
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering TLSv1_2_client_method_ex
wolfSSL Entering wolfSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering SSL_CTX_set_default_passwd_cb
wolfSSL Entering wolfSSL_CTX_use_certificate_chain_file
Getting dynamic buffer
wolfSSL Entering PemToDer
Checking cert signature type
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Not ECDSA cert signature
wolfSSL Entering wolfSSL_CTX_use_PrivateKey_file
Getting dynamic buffer
wolfSSL Entering PemToDer
wolfSSL_CTX_load_verify_locations_ex
Getting dynamic buffer
Processing CA PEM file
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
   Processed a CA
Processed at least one valid CA. Other stuff OK
wolfSSL_CTX_load_verify_locations_ex
Getting dynamic buffer
Processing CA PEM file
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
DecodeExtKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
   Processed a CA
Processed at least one valid CA. Other stuff OK
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_set_fd
wolfSSL Entering SSL_set_read_fd
wolfSSL Leaving SSL_set_read_fd, return 1
wolfSSL Entering SSL_set_write_fd
wolfSSL Leaving SSL_set_write_fd, return 1
wolfSSL Entering SSL_connect()
wolfSSL Entering SendClientHello
Adding signature algorithms extension
growing output buffer

Signature Algorithms extension to write
Point Formats extension to write
Supported Groups extension to write
EMS extension to write
Shrinking output buffer

wolfSSL Leaving SendClientHello, return 0
connect state: CLIENT_HELLO_SENT
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing server hello
wolfSSL Entering DoServerHello
Point Formats extension received
wolfSSL Entering VerifyClientSuite
wolfSSL Leaving DoServerHello, return 0
Shrinking input buffer

wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing certificate
wolfSSL Entering DoCertificate
wolfSSL Entering ProcessPeerCerts
Loading peer's cert chain
    Put another cert into chain
    Put another cert into chain
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
DecodeExtKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAltNames
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
wolfSSL Entering ConfirmSignature
wolfSSL Leaving ConfirmSignature, return 0
Adding CA from chain
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
Verifying Peer's cert
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
wolfSSL Entering OBJ_osn2nid
Getting Cert Name
wolfSSL Entering OBJ_osn2nid
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
DecodeExtKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAltNames
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
wolfSSL Entering ConfirmSignature
wolfSSL Leaving ConfirmSignature, return 0
Verified Peer's cert
wolfSSL Leaving ProcessPeerCerts, return 0
wolfSSL Leaving DoCertificate, return 0
Shrinking input buffer

wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing server key exchange
wolfSSL Entering DoServerKeyExchange
wolfSSL Entering RsaVerify
wolfSSL Leaving RsaVerify, return 83
wolfSSL Leaving DoServerKeyExchange, return 0
Shrinking input buffer

wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing server hello done
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
connect state: HELLO_AGAIN
connect state: HELLO_AGAIN_REPLY
connect state: FIRST_REPLY_DONE
connect state: FIRST_REPLY_FIRST
wolfSSL Entering SendClientKeyExchange
wolfSSL Entering EccMakeKey
wolfSSL Leaving EccMakeKey, return 0
wolfSSL Entering EccSharedSecret
wolfSSL Leaving EccSharedSecret, return 0
growing output buffer

Shrinking output buffer

wolfSSL Leaving SendClientKeyExchange, return 0
sent: client key exchange
connect state: FIRST_REPLY_SECOND
connect state: FIRST_REPLY_THIRD
growing output buffer

Shrinking output buffer

sent: change cipher spec
connect state: FIRST_REPLY_FOURTH
wolfSSL Entering SendFinished
growing output buffer

wolfSSL Entering BuildMessage
wolfSSL Leaving BuildMessage, return 0
Shrinking output buffer

wolfSSL Leaving SendFinished, return 0
sent: finished
connect state: FINISHED_DONE
received record layer msg
got CHANGE CIPHER SPEC
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing finished
wolfSSL Entering DoFinished
wolfSSL Leaving DoFinished, return 0
Shrinking input buffer

wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
connect state: SECOND_REPLY_DONE
wolfSSL Leaving SSL_connect(), return 1
wolfSSL Entering SSL_get_peer_certificate
wolfSSL Entering X509_get_issuer_name
wolfSSL Entering wolfSSL_X509_NAME_oneline
wolfSSL Entering wolfSSL_X509_get_subject_name
wolfSSL Entering wolfSSL_X509_NAME_oneline
peer's cert info:
 issuer : /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 subject: /CN=scan-ssl.sandnox.com
wolfSSL Entering wolfSSL_X509_get_next_altname
 altname = scan-ssl.sandnox.com
wolfSSL Entering wolfSSL_X509_get_next_altname
wolfSSL Entering wolfSSL_X509_get_serial_number
 serial number:03:ca:e9:b8:28:21:d5:49:9e:ff:b7:b1:80:8d:3d:78:3e:f6
wolfSSL Entering wolfSSL_FreeX509
wolfSSL Entering ExternalFreeX509
free called on non dynamic object, not freeing
wolfSSL Entering SSL_get_version
SSL version is TLSv1.2
wolfSSL Entering SSL_get_current_cipher
wolfSSL Entering SSL_CIPHER_get_name
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
SSL curve name is SECP256R1
Client Random : 43C475590D2A7BF177D8FBBF7F6481E561C33E1177631FC095A42B8AD1FC5245
SSL connect ok, sending GET...
wolfSSL Entering SSL_write()
growing output buffer

wolfSSL Entering BuildMessage
wolfSSL Leaving BuildMessage, return 0
Shrinking output buffer

wolfSSL Leaving SSL_write(), return 28
wolfSSL Entering wolfSSL_read()
wolfSSL Entering wolfSSL_read_internal()
wolfSSL Entering ReceiveData()
growing input buffer

received record layer msg
got app DATA
wolfSSL Leaving ReceiveData(), return 79
wolfSSL Leaving wolfSSL_read_internal(), return 79
HTTP/1.1 404 Not Found
Server: nginx/1.10.3 (Ubuntu)
Date: Tue, 26 Feb 2019 0
wolfSSL Entering wolfSSL_read()
wolfSSL Entering wolfSSL_read_internal()
wolfSSL Entering ReceiveData()
wolfSSL Leaving ReceiveData(), return 79
wolfSSL Leaving wolfSSL_read_internal(), return 79
2:47:00 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 151
wolfSSL Entering SSL_shutdown()
growing output buffer

wolfSSL Entering BuildMessage
wolfSSL Leaving BuildMessage, return 0
Shrinking output buffer

wolfSSL Leaving SSL_shutdown(), return 2
wolfSSL Entering SSL_free
CTX ref count not 0 yet, no free
Shrinking input buffer

wolfSSL Entering wolfSSL_BIO_free
wolfSSL Leaving SSL_free, return 0
wolfSSL Entering SSL_CTX_free
CTX ref count down to 0, doing full free
wolfSSL Entering wolfSSL_CertManagerFree
wolfSSL Leaving SSL_CTX_free, return 0
wolfSSL Entering wolfSSL_Cleanup
wolfSSL Entering wolfCrypt_Cleanup

I tried with Postman, making a GET scan-ssl.sandnox.com:443, and it actually gets the same results. I tried with GET https://scan-ssl.sandnox.com:443 and https://scan-ssl.sandox.com and the expected JSON response of 200 with the ff. is what I get:

{
    "status": "Temp API"
}

I hence tried doing the same with the wolfSSL client, but get mixed results of either the 404 or just the ff.:

~/Downloads/wolfssl-3.15.7$ ./examples/client/client -h  https://scan-ssl.sandnox.com -p 443 -A trustidrootx3_chain.pem -g
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering TLSv1_2_client_method_ex
wolfSSL Entering wolfSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_use_certificate_chain_file
Getting dynamic buffer
wolfSSL Entering PemToDer
Checking cert signature type
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Not ECDSA cert signature
wolfSSL Entering wolfSSL_CTX_use_PrivateKey_file
Getting dynamic buffer
wolfSSL Entering PemToDer
wolfSSL_CTX_load_verify_locations_ex
Getting dynamic buffer
Processing CA PEM file
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
   Processed a CA
Processed at least one valid CA. Other stuff OK
wolfSSL_CTX_load_verify_locations_ex
Getting dynamic buffer
Processing CA PEM file
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
DecodeExtKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
   Processed a CA
Processed at least one valid CA. Other stuff OK
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL error: no entry for host

I'm using Nginx as a proxy server, server-side btw if it matters, I've tried both the configurations with "Redirect to HTTPS", and the "No Redirect" and I receive the same results.

If it helps, here's the configurations I used with nginx.

This one with Redirect:

server {
  server_name scan-ssl.sandnox.com;
  location / {
    proxy_set_header  X-Real-IP  $remote_addr;
    proxy_set_header  Host       $http_host;
    proxy_pass        http://127.0.0.1:50000;
  }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/scan-ssl.sandnox.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/scan-ssl.sandnox.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = scan-ssl.sandnox.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


  listen 80;
  server_name scan-ssl.sandnox.com;
    return 404; # managed by Certbot


}

This one without redirect:

server {
  listen 80;
  server_name scan-ssl.sandnox.com;
  location / {
    proxy_set_header  X-Real-IP  $remote_addr;
    proxy_set_header  Host       $http_host;
    proxy_pass        http://127.0.0.1:50000;
  }

        listen 443 ssl;

    ssl_certificate /etc/letsencrypt/live/scan-ssl.sandnox.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/scan-ssl.sandnox.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

        error_log /var/log/nginx/error.log debug;

}

This is my code for the Arduino Due which I expect to behave similarly to the example client run via command line, and so far does. Except when I change the host to https://scan-ssl.sandnox.com:443 where I get stuck in an infinite loop with the Arduino Due:

/* wolfssl_client.ino
 *
 * Copyright (C) 2006-2018 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */
 #include <Arduino.h>
 //#include <sys/time.h>
 
 #include <wolfssl.h>
 #include <wolfssl/ssl.h>
 //#include <wolfssl/wolflogging.h>
 
 struct timeval {
   long tv_sec;
   long tv_usec;
 };
 
 int _gettimeofday( struct timeval *tv, void *tzvp)
 {
   //uint64_t t = __your_system_time_function_here__();  // get uptime in nanoseconds
   //tv->tv_sec = t / 1000000000;  // convert to seconds
   //tv->tv_usec = ( t % 1000000000 ) / 1000;  // get remaining microseconds
   /*
   long mt = millis();
   tv->tv_sec = mt/1000;
   tv->tv_usec = mt*1000;
   */
   //long int mt = 1550041049;
   long int mt = 1550633024 ;
   tv->tv_sec = mt;
   tv->tv_usec = 0;
   return 0;  // return non-zero for error
 } // end _gettimeofday()

byte ROOT_CERTS_PEM[] =

"-----BEGIN CERTIFICATE-----\n"
"MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/\n"
"MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\n"
"DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow\n"
"PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD\n"
"Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\n"
"AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O\n"
"rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq\n"
"OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b\n"
"xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw\n"
"7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD\n"
"aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV\n"
"HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG\n"
"SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69\n"
"ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr\n"
"AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz\n"
"R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5\n"
"JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo\n"
"Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ\n"
"-----END CERTIFICATE-----\n";

 #include <Ethernet2.h>

#include <freeRam.h>
 /*
 struct timeval {
   long      tv_sec;
   long tv_usec;
 };
 */
 
 /*
 int _gettimeofday( struct timeval *tv, void *tzvp )
 {
     //uint64_t t = __your_system_time_function_here__();  // get uptime in nanoseconds
     //tv->tv_sec = t / 1000000000;  // convert to seconds
     //tv->tv_usec = ( t % 1000000000 ) / 1000;  // get remaining microseconds
     long mt = millis();
     tv->tv_sec = mt/1000;
     tv->tv_usec = mt*1000;
     return 0;  // return non-zero for error
 } // end _gettimeofday()
 */
 
 
 
 
 //const char host[] = "192.168.1.148"; // server to connect to
 //const int port = 11111; // port on server to connect to
 //const char host_1[] = "https://scan-ssl.sandnox.com";

 const char host[] = "scan-ssl.sandnox.com";
 const int port = 443;
 
 int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
 int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
 int reconnect = 10;
 
 EthernetClient client;
 
 WOLFSSL_CTX* ctx = NULL;
 WOLFSSL* ssl = NULL;
 
 byte MAC_ADDR[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xEC };


// void wolfSSL_Logging_cb(const int logLevel, const char *const logMessage);

void wolfssl_custom_logging_cb(const int logLevel, const char *const logMessage) {
    Serial.print("log "); Serial.print(logLevel); Serial.print(": "); Serial.println(logMessage);
}


void setup() {


    Serial.begin(9600);


    if (Ethernet.begin(MAC_ADDR) == 0) {
        Serial.println("Failed to configure Ethernet using DHCP");
        return;
    }
    Serial.println(Ethernet.localIP());


    WOLFSSL_METHOD* method;

    freeRam();

    // Enable logging

    wolfSSL_Debugging_ON();


    wolfSSL_SetLoggingCb(&wolfssl_custom_logging_cb);

    // WOLFSSL_ECC_X25519
    //wolfSSL_CTX_UseSupportedCurve(ssl, WOLFSSL_ECC_X25519);
    wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP160K1);
    method = wolfTLSv1_2_client_method();
    //method =  wolfSSLv23_client_method();
    //method = wolfTLSv1_3_client_method();
    if (method == NULL) {
        Serial.println("unable to get method");
        return;
    }

    //wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
    ctx = wolfSSL_CTX_new(method);
    if (ctx == NULL) {
    Serial.println("unable to get ctx");
    return;
    }

    /* Add cert to ctx */
    int x =     wolfSSL_CTX_load_verify_buffer(ctx, ROOT_CERTS_PEM,sizeof ROOT_CERTS_PEM, WOLFSSL_FILETYPE_PEM);
    int err            = 0;
    char errBuf[81];

    if (x != WOLFSSL_SUCCESS)
    {
        err = wolfSSL_get_error(ssl, 0);
        wolfSSL_ERR_error_string_n(err, errBuf, 80);
        Serial.print(F("ERR wolfSSL_CTX_Load_verify_buffer: "));
        Serial.println(errBuf);
        return;
    }
    

    if (wolfSSL_CTX_UseSNI(ctx, 0, host, (word16) XSTRLEN(host)) != WOLFSSL_SUCCESS) {
        wolfSSL_CTX_free(ctx); ctx = NULL;
        Serial.println('UseSNI failed');
        //err_sys("UseSNI failed");
    }
    // initialize wolfSSL using callback functions
    //wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
    wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);

    wolfSSL_SetIOSend(ctx, EthernetSend);
    wolfSSL_SetIORecv(ctx, EthernetReceive);



    Serial.println("Setup success!");
    freeRam();
    return;
}
 
int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
    Serial.println("EthernetSend");
    int sent = 0;
    Serial.println(msg);
    Serial.println(sz);
    sent = client.write((byte*)msg, sz);

    return sent;
}
 
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
    int ret = 0;

    while (client.available() > 0 && ret < sz) {
        reply[ret++] = client.read();
    }

    return ret;
}
 
 void loop() {
    int err            = 0;
    int input          = 0;
    int total_input    = 0;
    //char msg[]= "GET / HTTP/1.0\r\n\r\n"; // Get the root page
    char msg[] = "GET / HTTP/1.1\r\nHost: scan-ssl.sandnox.com\r\nConnection: close\r\n\r\n";
    int msgSz = (int)strlen(msg);
   //char msg[32]       = "hello wolfssl!";
   //int msgSz          = (int)strlen(msg);
    char errBuf[1000];
    char reply[1000];
    const char* cipherName;

    if (reconnect) {
        reconnect--;

        if (client.connect(host, port)) {

        Serial.print("Connected to ");
        Serial.println(host);
        // freeRam();

        if (ctx == NULL) {
            Serial.println("null ctx");
        }

        ssl = wolfSSL_new(ctx);
        freeRam();
        if (ssl == NULL) {
            Serial.println("Unable to allocate SSL object");
            //freeRam();

            err = wolfSSL_get_error(ssl, 0);
            wolfSSL_ERR_error_string_n(err, errBuf, 80);
            Serial.print("wolfSSL_new: ");
            Serial.println(errBuf);
            return;
        }

        err = wolfSSL_connect(ssl);
        freeRam();

        Serial.print(F("aft wolfSSL_conenct err: ")); Serial.println(err);
        if (err != WOLFSSL_SUCCESS) {
            err = wolfSSL_get_error(ssl, 0);
            wolfSSL_ERR_error_string(err, errBuf);
            Serial.print("TLS Connect Error: ");
            Serial.println(errBuf);
        }

        Serial.print("SSL version is ");
        Serial.println(wolfSSL_get_version(ssl));
        
        cipherName = wolfSSL_get_cipher(ssl);
        Serial.print("SSL cipher suite is ");
        Serial.println(cipherName);
        if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
        //if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
            
            Serial.print("Server response: ");
            while (client.available() || wolfSSL_pending(ssl)) {
                input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
                total_input += input;
                if (input < 0) {
                    err = wolfSSL_get_error(ssl, 0);
                    wolfSSL_ERR_error_string(err, errBuf);
                    Serial.print("TLS Read Error: ");
                    Serial.println(errBuf);
                    break;
                } else if (input > 0) {
                    reply[input] = '\0';
                    Serial.print(reply);
                } else {
                    Serial.println();
                }
            } 
        } else {
            err = wolfSSL_get_error(ssl, 0);
            wolfSSL_ERR_error_string(err, errBuf);
            Serial.print("TLS Write Error: ");
            Serial.println(errBuf);
        }
        
        wolfSSL_shutdown(ssl);
        wolfSSL_free(ssl);

        client.stop();
        Serial.println("Connection complete.");
        reconnect = 0;
        } else {
        Serial.println("Trying to reconnect...");
        }
    }
    delay(1000);
}
 

Thanks again for the help!

5

(7 replies, posted in wolfSSL)

OK so I fixed this error by following this guide: https://craighesling.com/post/lets-encrypt-root-ca/

My new problem right now is that I just get a blank response.

Server response: log 2: wolfSSL Entering SSL_pending
log 2: wolfSSL Entering SSL_shutdown()
log 1: growing output buffer

log 1: alloc mem success
log 1: h0
log 1: h1
log 1: h2
log 1: h3
log 1: end of GrowOutputBuffer
log 1: end of CheckAvailableSize
log 2: wolfSSL Entering BuildMessage
log 3: wolfSSL Leaving BuildMessage, return 0
log 1: SB0
log 1: SB1
log 1: SB4
log 1: 31
log 1: SBW0
EthernetSend

31
write end
log 1: SBW1
log 1: SBW2
log 1: SBW3
log 1: SB -1
log 1: Shrinking output buffer

log 1: SB end
log 3: wolfSSL Leaving SSL_shutdown(), return 2
log 2: wolfSSL Entering SSL_free
log 1: CTX ref count not 0 yet, no free
log 3: wolfSSL Leaving SSL_free, return 0
Connection complete.

And doing this:

./examples/client/client -h scan-ssl.sandnox.com -p 443 -A trustidrootx3_chain.pem

results to this:

received record layer msg
got app DATA
wolfSSL Leaving ReceiveData(), return 79
wolfSSL Leaving wolfSSL_read_internal(), return 79
HTTP/1.1 400 Bad Request
Server: nginx/1.10.3 (Ubuntu)
Date: Wed, 20 Feb 2019
wolfSSL Entering SSL_shutdown()
growing output buffer

6

(7 replies, posted in wolfSSL)

I have also tried putting in the two certs that appear when I put in the ff. command:

openssl s_client -showcerts -connect google.com:443 -CApath /etc/ssl/certs/

And also the active cert from here as I have read that the root CA is just what's needed ---- I changed the domain to a domain of a VPS that I own and had just put on SSL a few hours ago:
https://letsencrypt.org/certificates/

7

(7 replies, posted in wolfSSL)

I'm trying to have wolfSSL working with an Arduino Due. I'm testing it by connecting to google.com

What I did was generate a cert with this command:

openssl s_client -servername google.com -connect google.com:443 \
    </dev/null 2>/dev/null | openssl x509 -text

The end of my error logs are the ff.:

log 1: Certificate Policy extension not supported yet.
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: About to verify certificate signature
log 1: No CA signer to verify with
log 1: Failed to verify CA from chain
log 1: growing output buffer

log 1: alloc mem success
log 1: h0
log 1: h1
log 1: h2
log 1: h3
log 1: end of GrowOutputBuffer
log 1: end of CheckAvailableSize
log 1: SB0
log 1: SB1
log 1: SB4
log 1: 7
log 1: SBW0
EthernetSend

7
write end
log 1: SBW1
log 1: SBW2
log 1: SBW3
log 1: SB -1
log 1: Shrinking output buffer

log 1: SB end
log 1: Verifying Peer's cert
log 2: wolfSSL Entering GetExplicitVersion
log 2: wolfSSL Entering GetSerialNumber
log 1: Got Cert Header
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: Got Algo ID
log 1: Getting Cert Name
log 1: Getting Cert Name
log 1: Got Subject Name
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: Got Key
log 1: Parsed Past Key
log 2: wolfSSL Entering DecodeCertExtensions
log 2: wolfSSL Entering GetObjectId()
log 1: DecodeExtKeyUsage
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeAltNames
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeAuthInfo
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeSubjKeyId
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeBasicCaConstraint
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeAuthKeyId
log 2: wolfSSL Entering GetObjectId()
log 1: Certificate Policy extension not supported yet.
log 2: wolfSSL Entering GetObjectId()
log 2: wolfSSL Entering DecodeCrlDist
log 2: wolfSSL Entering GetAlgoId
log 2: wolfSSL Entering GetObjectId()
log 1: About to verify certificate signature
log 1: No CA signer to verify with
log 1: Failed to verify Peer's cert
log 1:     No callback override available, fatal
log 3: wolfSSL Leaving ProcessPeerCerts, return -188
log 3: wolfSSL Leaving DoCertificate, return -188
log 3: wolfSSL Leaving DoHandShakeMsgType(), return -188
log 3: wolfSSL Leaving DoHandShakeMsg(), return -188
log 0: wolfSSL error occurred, error = -188
log 0: wolfSSL error occurred, error = -188
Ram used (bytes):
dynamic: 6352
static: 8016
stack: 296
Est. free ram: 83640
aft wolfSSL_conenct err: -1
log 2: wolfSSL Entering SSL_get_error
log 3: wolfSSL Leaving SSL_get_error, return -188
log 2: wolfSSL Entering ERR_error_string
TLS Connect Error: ASN no signer error to confirm failure
SSL version is log 2: wolfSSL Entering SSL_get_version
TLSv1.2
log 2: wolfSSL Entering wolfSSL_get_cipher
log 2: wolfSSL Entering SSL_get_current_cipher
log 2: wolfSSL Entering SSL_CIPHER_get_name
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
log 2: wolfSSL Entering SSL_write()
log 1: handshake not complete, trying to finish
log 2: wolfSSL Entering wolfSSL_negotiate
log 2: wolfSSL Entering SSL_connect()
log 1: ProcessReply retry in error state, not allowed
log 0: wolfSSL error occurred, error = -188
log 3: wolfSSL Leaving wolfSSL_negotiate, return -1
log 3: wolfSSL Leaving SSL_write(), return -1
log 2: wolfSSL Entering SSL_get_error
log 3: wolfSSL Leaving SSL_get_error, return -188
log 2: wolfSSL Entering ERR_error_string
TLS Write Error: ASN no signer error to confirm failure
log 2: wolfSSL Entering SSL_shutdown()
log 3: wolfSSL Leaving SSL_shutdown(), return -1
log 2: wolfSSL Entering SSL_free
log 1: CTX ref count not 0 yet, no free
log 1: Shrinking input buffer

log 3: wolfSSL Leaving SSL_free, return 0
Connection complete.

And then the cert I used was this:

byte ROOT_CERTS_PEM[] =
"-----BEGIN CERTIFICATE-----\n"
"MIIHxzCCBq+gAwIBAgIISq/AiE/4Ql0wDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE\n"
"BhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczElMCMGA1UEAxMc\n"
"R29vZ2xlIEludGVybmV0IEF1dGhvcml0eSBHMzAeFw0xOTAxMjkxNDU4MDBaFw0x\n"
"OTA0MjMxNDU4MDBaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n"
"MRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKDApHb29nbGUgTExDMRUw\n"
"EwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQm\n"
"MtUY17v51azgVGYJUdJAW3uhIdVQPSLnrhFak+s4wxf7kuLiJhnO0wv/jgorpowS\n"
"vTfiyCwobsezvohrOf9co4IFVDCCBVAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDgYD\n"
"VR0PAQH/BAQDAgeAMIIEGQYDVR0RBIIEEDCCBAyCDCouZ29vZ2xlLmNvbYINKi5h\n"
"bmRyb2lkLmNvbYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYISKi5jbG91ZC5nb29n\n"
"bGUuY29tggYqLmcuY2+CDiouZ2NwLmd2dDIuY29tggoqLmdncGh0LmNughYqLmdv\n"
"b2dsZS1hbmFseXRpY3MuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiou\n"
"Z29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyou\n"
"Z29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKC\n"
"DyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20u\n"
"dHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsq\n"
"Lmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5u\n"
"bIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBpcy5jb22C\n"
"DyouZ29vZ2xlYXBpcy5jboIUKi5nb29nbGVjb21tZXJjZS5jb22CESouZ29vZ2xl\n"
"dmlkZW8uY29tggwqLmdzdGF0aWMuY26CDSouZ3N0YXRpYy5jb22CEiouZ3N0YXRp\n"
"Y2NuYXBwcy5jboIKKi5ndnQxLmNvbYIKKi5ndnQyLmNvbYIUKi5tZXRyaWMuZ3N0\n"
"YXRpYy5jb22CDCoudXJjaGluLmNvbYIQKi51cmwuZ29vZ2xlLmNvbYIWKi55b3V0\n"
"dWJlLW5vY29va2llLmNvbYINKi55b3V0dWJlLmNvbYIWKi55b3V0dWJlZWR1Y2F0\n"
"aW9uLmNvbYIRKi55b3V0dWJla2lkcy5jb22CByoueXQuYmWCCyoueXRpbWcuY29t\n"
"ghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYILYW5kcm9pZC5jb22CG2RldmVs\n"
"b3Blci5hbmRyb2lkLmdvb2dsZS5jboIcZGV2ZWxvcGVycy5hbmRyb2lkLmdvb2ds\n"
"ZS5jboIEZy5jb4IIZ2dwaHQuY26CBmdvby5nbIIUZ29vZ2xlLWFuYWx5dGljcy5j\n"
"b22CCmdvb2dsZS5jb22CEmdvb2dsZWNvbW1lcmNlLmNvbYIYc291cmNlLmFuZHJv\n"
"aWQuZ29vZ2xlLmNuggp1cmNoaW4uY29tggp3d3cuZ29vLmdsggh5b3V0dS5iZYIL\n"
"eW91dHViZS5jb22CFHlvdXR1YmVlZHVjYXRpb24uY29tgg95b3V0dWJla2lkcy5j\n"
"b22CBXl0LmJlMGgGCCsGAQUFBwEBBFwwWjAtBggrBgEFBQcwAoYhaHR0cDovL3Br\n"
"aS5nb29nL2dzcjIvR1RTR0lBRzMuY3J0MCkGCCsGAQUFBzABhh1odHRwOi8vb2Nz\n"
"cC5wa2kuZ29vZy9HVFNHSUFHMzAdBgNVHQ4EFgQU4d6jiJq9XEX/VakZBbvn3GVy\n"
"338wDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR3wrhQmmd2drEtwobQg6B+pn66\n"
"SzAhBgNVHSAEGjAYMAwGCisGAQQB1nkCBQMwCAYGZ4EMAQICMDEGA1UdHwQqMCgw\n"
"JqAkoCKGIGh0dHA6Ly9jcmwucGtpLmdvb2cvR1RTR0lBRzMuY3JsMA0GCSqGSIb3\n"
"DQEBCwUAA4IBAQC7GErM5Cnc5PYfZ+c7S4py1RDd/Irf4TVNOL9VxlYcJkkJo7dG\n"
"VSPiZdEEUV9neMMmSY0mktTkzKYBdYK/y9ZWYCAcpqOZoiYtsbdJ1b5rH+mOI5NG\n"
"+PCGL532Ie6dG/aK+2hDFhMTItimIt1BO7Pxvsj8/zVTlFwjJGT4sTUj3h74rOLM\n"
"UAlPt4ag00tiPxWl4hPmE89StBlX+wGmzHHGjvgCpevS04JluOFFXD30gXxOHGZA\n"
"mZt3a6Y3w1wBae/xZtCl6p0C3+oFX0zzLlmMipq0wtw1pIjrhLnQcaZ5p+3TyR86\n"
"ByLwfJsIKcpYMY05KzEftqBQLaZ5qKFZS3/M\n"
"-----END CERTIFICATE-----\n";


My previous progress on this is in this link:
https://www.wolfssl.com/forums/topic132 … o-due.html

Current code is this:

/* wolfssl_client.ino
 *
 * Copyright (C) 2006-2018 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */
 #include <Arduino.h>
 //#include <sys/time.h>
 
 #include <wolfssl.h>
 #include <wolfssl/ssl.h>
 //#include <wolfssl/wolflogging.h>
 
 struct timeval {
   long tv_sec;
   long tv_usec;
 };
 
 int _gettimeofday( struct timeval *tv, void *tzvp)
 {
   //uint64_t t = __your_system_time_function_here__();  // get uptime in nanoseconds
   //tv->tv_sec = t / 1000000000;  // convert to seconds
   //tv->tv_usec = ( t % 1000000000 ) / 1000;  // get remaining microseconds
   /*
   long mt = millis();
   tv->tv_sec = mt/1000;
   tv->tv_usec = mt*1000;
   */
   long int mt = 1550041049;
   tv->tv_sec = mt;
   tv->tv_usec = 0;
   return 0;  // return non-zero for error
 } // end _gettimeofday()
 /*
 byte ROOT_CERTS_PEM[] = 
 "-----BEGIN CERTIFICATE-----\n"
"MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n"
"A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
"cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
"MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
"BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n"
"YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
"ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n"
"BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n"
"I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n"
"CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n"
"lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n"
"AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n"
"-----END CERTIFICATE-----\n";
 */

byte ROOT_CERTS_PEM[] =
"-----BEGIN CERTIFICATE-----\n"
"MIIHxzCCBq+gAwIBAgIISq/AiE/4Ql0wDQYJKoZIhvcNAQELBQAwVDELMAkGA1UE\n"
"BhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczElMCMGA1UEAxMc\n"
"R29vZ2xlIEludGVybmV0IEF1dGhvcml0eSBHMzAeFw0xOTAxMjkxNDU4MDBaFw0x\n"
"OTA0MjMxNDU4MDBaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlh\n"
"MRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKDApHb29nbGUgTExDMRUw\n"
"EwYDVQQDDAwqLmdvb2dsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQm\n"
"MtUY17v51azgVGYJUdJAW3uhIdVQPSLnrhFak+s4wxf7kuLiJhnO0wv/jgorpowS\n"
"vTfiyCwobsezvohrOf9co4IFVDCCBVAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDgYD\n"
"VR0PAQH/BAQDAgeAMIIEGQYDVR0RBIIEEDCCBAyCDCouZ29vZ2xlLmNvbYINKi5h\n"
"bmRyb2lkLmNvbYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYISKi5jbG91ZC5nb29n\n"
"bGUuY29tggYqLmcuY2+CDiouZ2NwLmd2dDIuY29tggoqLmdncGh0LmNughYqLmdv\n"
"b2dsZS1hbmFseXRpY3MuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiou\n"
"Z29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyou\n"
"Z29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKC\n"
"DyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20u\n"
"dHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsq\n"
"Lmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5u\n"
"bIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBpcy5jb22C\n"
"DyouZ29vZ2xlYXBpcy5jboIUKi5nb29nbGVjb21tZXJjZS5jb22CESouZ29vZ2xl\n"
"dmlkZW8uY29tggwqLmdzdGF0aWMuY26CDSouZ3N0YXRpYy5jb22CEiouZ3N0YXRp\n"
"Y2NuYXBwcy5jboIKKi5ndnQxLmNvbYIKKi5ndnQyLmNvbYIUKi5tZXRyaWMuZ3N0\n"
"YXRpYy5jb22CDCoudXJjaGluLmNvbYIQKi51cmwuZ29vZ2xlLmNvbYIWKi55b3V0\n"
"dWJlLW5vY29va2llLmNvbYINKi55b3V0dWJlLmNvbYIWKi55b3V0dWJlZWR1Y2F0\n"
"aW9uLmNvbYIRKi55b3V0dWJla2lkcy5jb22CByoueXQuYmWCCyoueXRpbWcuY29t\n"
"ghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYILYW5kcm9pZC5jb22CG2RldmVs\n"
"b3Blci5hbmRyb2lkLmdvb2dsZS5jboIcZGV2ZWxvcGVycy5hbmRyb2lkLmdvb2ds\n"
"ZS5jboIEZy5jb4IIZ2dwaHQuY26CBmdvby5nbIIUZ29vZ2xlLWFuYWx5dGljcy5j\n"
"b22CCmdvb2dsZS5jb22CEmdvb2dsZWNvbW1lcmNlLmNvbYIYc291cmNlLmFuZHJv\n"
"aWQuZ29vZ2xlLmNuggp1cmNoaW4uY29tggp3d3cuZ29vLmdsggh5b3V0dS5iZYIL\n"
"eW91dHViZS5jb22CFHlvdXR1YmVlZHVjYXRpb24uY29tgg95b3V0dWJla2lkcy5j\n"
"b22CBXl0LmJlMGgGCCsGAQUFBwEBBFwwWjAtBggrBgEFBQcwAoYhaHR0cDovL3Br\n"
"aS5nb29nL2dzcjIvR1RTR0lBRzMuY3J0MCkGCCsGAQUFBzABhh1odHRwOi8vb2Nz\n"
"cC5wa2kuZ29vZy9HVFNHSUFHMzAdBgNVHQ4EFgQU4d6jiJq9XEX/VakZBbvn3GVy\n"
"338wDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR3wrhQmmd2drEtwobQg6B+pn66\n"
"SzAhBgNVHSAEGjAYMAwGCisGAQQB1nkCBQMwCAYGZ4EMAQICMDEGA1UdHwQqMCgw\n"
"JqAkoCKGIGh0dHA6Ly9jcmwucGtpLmdvb2cvR1RTR0lBRzMuY3JsMA0GCSqGSIb3\n"
"DQEBCwUAA4IBAQC7GErM5Cnc5PYfZ+c7S4py1RDd/Irf4TVNOL9VxlYcJkkJo7dG\n"
"VSPiZdEEUV9neMMmSY0mktTkzKYBdYK/y9ZWYCAcpqOZoiYtsbdJ1b5rH+mOI5NG\n"
"+PCGL532Ie6dG/aK+2hDFhMTItimIt1BO7Pxvsj8/zVTlFwjJGT4sTUj3h74rOLM\n"
"UAlPt4ag00tiPxWl4hPmE89StBlX+wGmzHHGjvgCpevS04JluOFFXD30gXxOHGZA\n"
"mZt3a6Y3w1wBae/xZtCl6p0C3+oFX0zzLlmMipq0wtw1pIjrhLnQcaZ5p+3TyR86\n"
"ByLwfJsIKcpYMY05KzEftqBQLaZ5qKFZS3/M\n"
"-----END CERTIFICATE-----\n";

 #include <Ethernet2.h>

#include <freeRam.h>
 /*
 struct timeval {
   long      tv_sec;
   long tv_usec;
 };
 */
 
 /*
 int _gettimeofday( struct timeval *tv, void *tzvp )
 {
     //uint64_t t = __your_system_time_function_here__();  // get uptime in nanoseconds
     //tv->tv_sec = t / 1000000000;  // convert to seconds
     //tv->tv_usec = ( t % 1000000000 ) / 1000;  // get remaining microseconds
     long mt = millis();
     tv->tv_sec = mt/1000;
     tv->tv_usec = mt*1000;
     return 0;  // return non-zero for error
 } // end _gettimeofday()
 */
 
 
 
 
 //const char host[] = "192.168.1.148"; // server to connect to
 //const int port = 11111; // port on server to connect to
 const char host[] = "google.com";
 const int port = 443;
 
 int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
 int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
 int reconnect = 10;
 
 EthernetClient client;
 
 WOLFSSL_CTX* ctx = NULL;
 WOLFSSL* ssl = NULL;
 
 byte MAC_ADDR[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xEC };


// void wolfSSL_Logging_cb(const int logLevel, const char *const logMessage);

void wolfssl_custom_logging_cb(const int logLevel, const char *const logMessage) {
    Serial.print("log "); Serial.print(logLevel); Serial.print(": "); Serial.println(logMessage);
}


void setup() {


    Serial.begin(9600);


    if (Ethernet.begin(MAC_ADDR) == 0) {
        Serial.println("Failed to configure Ethernet using DHCP");
        return;
    }
    Serial.println(Ethernet.localIP());


    WOLFSSL_METHOD* method;

    freeRam();

    // Enable logging

    wolfSSL_Debugging_ON();


    wolfSSL_SetLoggingCb(&wolfssl_custom_logging_cb);


    wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP160K1);
    method = wolfTLSv1_2_client_method();
    //method = wolfTLSv1_3_client_method();
    if (method == NULL) {
        Serial.println("unable to get method");
        return;
    }

    //wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
    ctx = wolfSSL_CTX_new(method);
    if (ctx == NULL) {
    Serial.println("unable to get ctx");
    return;
    }

    /* Add cert to ctx */
    int x =     wolfSSL_CTX_load_verify_buffer(ctx, ROOT_CERTS_PEM,sizeof ROOT_CERTS_PEM, WOLFSSL_FILETYPE_PEM);
    int err            = 0;
    char errBuf[81];

    if (x != WOLFSSL_SUCCESS)
    {
        err = wolfSSL_get_error(ssl, 0);
        wolfSSL_ERR_error_string_n(err, errBuf, 80);
        Serial.print(F("ERR wolfSSL_CTX_Load_verify_buffer: "));
        Serial.println(errBuf);
        return;
    }
    
    // initialize wolfSSL using callback functions
    //wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
    wolfSSL_SetIOSend(ctx, EthernetSend);
    wolfSSL_SetIORecv(ctx, EthernetReceive);



    Serial.println("Setup success!");
    freeRam();
    return;
}
 
int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
    Serial.println("EthernetSend");
    int sent = 0;
    Serial.println(msg);
    Serial.println(sz);
    sent = client.write((byte*)msg, sz);

    return sent;
}
 
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
    int ret = 0;

    while (client.available() > 0 && ret < sz) {
        reply[ret++] = client.read();
    }

    return ret;
}
 
 void loop() {
    int err            = 0;
    int input          = 0;
    int total_input    = 0;
    char msg[]= "GET / HTTP/1.0\r\n\r\n"; // Get the root page
    int msgSz = (int)strlen(msg);
   //char msg[32]       = "hello wolfssl!";
   //int msgSz          = (int)strlen(msg);
    char errBuf[81];
    char reply[81];
    const char* cipherName;

    if (reconnect) {
        reconnect--;

        if (client.connect(host, port)) {

        Serial.print("Connected to ");
        Serial.println(host);
        // freeRam();

        if (ctx == NULL) {
            Serial.println("null ctx");
        }

        ssl = wolfSSL_new(ctx);
        freeRam();
        if (ssl == NULL) {
            Serial.println("Unable to allocate SSL object");
            //freeRam();

            err = wolfSSL_get_error(ssl, 0);
            wolfSSL_ERR_error_string_n(err, errBuf, 80);
            Serial.print("wolfSSL_new: ");
            Serial.println(errBuf);
            return;
        }

        err = wolfSSL_connect(ssl);
        freeRam();

        Serial.print(F("aft wolfSSL_conenct err: ")); Serial.println(err);
        if (err != WOLFSSL_SUCCESS) {
            err = wolfSSL_get_error(ssl, 0);
            wolfSSL_ERR_error_string(err, errBuf);
            Serial.print("TLS Connect Error: ");
            Serial.println(errBuf);
        }

        Serial.print("SSL version is ");
        Serial.println(wolfSSL_get_version(ssl));
        
        cipherName = wolfSSL_get_cipher(ssl);
        Serial.print("SSL cipher suite is ");
        Serial.println(cipherName);
        if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
        //if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
            
            Serial.print("Server response: ");
            while (client.available() || wolfSSL_pending(ssl)) {
            input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
            total_input += input;
            if (input < 0) {
                err = wolfSSL_get_error(ssl, 0);
                wolfSSL_ERR_error_string(err, errBuf);
                Serial.print("TLS Read Error: ");
                Serial.println(errBuf);
                break;
            } else if (input > 0) {
                reply[input] = '\0';
                Serial.print(reply);
            } else {
                Serial.println();
            }
            } 
        } else {
            err = wolfSSL_get_error(ssl, 0);
            wolfSSL_ERR_error_string(err, errBuf);
            Serial.print("TLS Write Error: ");
            Serial.println(errBuf);
        }
        
        wolfSSL_shutdown(ssl);
        wolfSSL_free(ssl);

        client.stop();
        Serial.println("Connection complete.");
        reconnect = 0;
        } else {
        Serial.println("Trying to reconnect...");
        }
    }
    delay(1000);
}
 

So now I have a CA error.

log 1: About to verify certificate signature
log 1: No CA signer to verify with
log 1: Failed to verify CA from chain
log 1: growing output buffer

I have enabled the ff. at user_settings.h

#define WOLFSSL_STATIC_RSA 
#define HAVE_SUPPORTED_CURVES
#define HAVE_TLS_EXTENSIONS

#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA

And this is how my code looks like now, with updates to setting a hardcoded pem file and setting a supported curve (i'm not sure how to know which is correct, so I randomly picked one)

/* wolfssl_client.ino
 *
 * Copyright (C) 2006-2018 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */
 #include <Arduino.h>
 //#include <sys/time.h>
 
 #include <wolfssl.h>
 #include <wolfssl/ssl.h>
 //#include <wolfssl/wolflogging.h>
 
 struct timeval {
   long tv_sec;
   long tv_usec;
 };
 
 int _gettimeofday( struct timeval *tv, void *tzvp)
 {
   //uint64_t t = __your_system_time_function_here__();  // get uptime in nanoseconds
   //tv->tv_sec = t / 1000000000;  // convert to seconds
   //tv->tv_usec = ( t % 1000000000 ) / 1000;  // get remaining microseconds
   /*
   long mt = millis();
   tv->tv_sec = mt/1000;
   tv->tv_usec = mt*1000;
   */
   long int mt = 1550041049;
   tv->tv_sec = mt;
   tv->tv_usec = 0;
   return 0;  // return non-zero for error
 } // end _gettimeofday()
 
 byte ROOT_CERTS_PEM[] = 
 "-----BEGIN CERTIFICATE-----\n"
"MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG\n"
"A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz\n"
"cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2\n"
"MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV\n"
"BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt\n"
"YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN\n"
"ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE\n"
"BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is\n"
"I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G\n"
"CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do\n"
"lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc\n"
"AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k\n"
"-----END CERTIFICATE-----\n";
 
 #include <Ethernet2.h>

#include <freeRam.h>
 /*
 struct timeval {
   long      tv_sec;
   long tv_usec;
 };
 */
 
 /*
 int _gettimeofday( struct timeval *tv, void *tzvp )
 {
     //uint64_t t = __your_system_time_function_here__();  // get uptime in nanoseconds
     //tv->tv_sec = t / 1000000000;  // convert to seconds
     //tv->tv_usec = ( t % 1000000000 ) / 1000;  // get remaining microseconds
     long mt = millis();
     tv->tv_sec = mt/1000;
     tv->tv_usec = mt*1000;
     return 0;  // return non-zero for error
 } // end _gettimeofday()
 */
 
 
 
 
 //const char host[] = "192.168.1.148"; // server to connect to
 //const int port = 11111; // port on server to connect to
 const char host[] = "google.com";
 const int port = 443;
 
 int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
 int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
 int reconnect = 10;
 
 EthernetClient client;
 
 WOLFSSL_CTX* ctx = NULL;
 WOLFSSL* ssl = NULL;
 
 byte MAC_ADDR[] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xFE, 0xEC };


// void wolfSSL_Logging_cb(const int logLevel, const char *const logMessage);

void wolfssl_custom_logging_cb(const int logLevel, const char *const logMessage) {
    Serial.print("log "); Serial.print(logLevel); Serial.print(": "); Serial.println(logMessage);
}


void setup() {


    Serial.begin(9600);


    if (Ethernet.begin(MAC_ADDR) == 0) {
        Serial.println("Failed to configure Ethernet using DHCP");
        return;
    }
    Serial.println(Ethernet.localIP());


    WOLFSSL_METHOD* method;

    freeRam();

    // Enable logging

    wolfSSL_Debugging_ON();


    wolfSSL_SetLoggingCb(&wolfssl_custom_logging_cb);


    wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP160K1);
    method = wolfTLSv1_2_client_method();
    //method = wolfTLSv1_3_client_method();
    if (method == NULL) {
        Serial.println("unable to get method");
        return;
    }

    //wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
    ctx = wolfSSL_CTX_new(method);
    if (ctx == NULL) {
    Serial.println("unable to get ctx");
    return;
    }

    /* Add cert to ctx */
    int x =     wolfSSL_CTX_load_verify_buffer(ctx, ROOT_CERTS_PEM,sizeof ROOT_CERTS_PEM, WOLFSSL_FILETYPE_PEM);
    int err            = 0;
    char errBuf[81];

    if (x != WOLFSSL_SUCCESS)
    {
        err = wolfSSL_get_error(ssl, 0);
        wolfSSL_ERR_error_string_n(err, errBuf, 80);
        Serial.print(F("wolfSSL_CTX_Load_verify_buffer: "));
        Serial.println(errBuf);
        return;
    }
    
    // initialize wolfSSL using callback functions
    //wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
    wolfSSL_SetIOSend(ctx, EthernetSend);
    wolfSSL_SetIORecv(ctx, EthernetReceive);



    Serial.println("Setup success!");
    freeRam();
    return;
}
 
int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
    Serial.println("EthernetSend");
    int sent = 0;
    Serial.println(msg);
    Serial.println(sz);
    sent = client.write((byte*)msg, sz);

    return sent;
}
 
int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
    int ret = 0;

    while (client.available() > 0 && ret < sz) {
        reply[ret++] = client.read();
    }

    return ret;
}
 
 void loop() {
    int err            = 0;
    int input          = 0;
    int total_input    = 0;
    char msg[]= "GET / HTTP/1.0\r\n\r\n"; // Get the root page
    int msgSz = (int)strlen(msg);
   //char msg[32]       = "hello wolfssl!";
   //int msgSz          = (int)strlen(msg);
    char errBuf[81];
    char reply[81];
    const char* cipherName;

    if (reconnect) {
        reconnect--;

        if (client.connect(host, port)) {

        Serial.print("Connected to ");
        Serial.println(host);
        // freeRam();

        if (ctx == NULL) {
            Serial.println("null ctx");
        }

        ssl = wolfSSL_new(ctx);
        freeRam();
        if (ssl == NULL) {
            Serial.println("Unable to allocate SSL object");
            //freeRam();

            err = wolfSSL_get_error(ssl, 0);
            wolfSSL_ERR_error_string_n(err, errBuf, 80);
            Serial.print("wolfSSL_new: ");
            Serial.println(errBuf);
            return;
        }

        err = wolfSSL_connect(ssl);
        freeRam();

        Serial.print(F("aft wolfSSL_conenct err: ")); Serial.println(err);
        if (err != WOLFSSL_SUCCESS) {
            err = wolfSSL_get_error(ssl, 0);
            wolfSSL_ERR_error_string(err, errBuf);
            Serial.print("TLS Connect Error: ");
            Serial.println(errBuf);
        }

        Serial.print("SSL version is ");
        Serial.println(wolfSSL_get_version(ssl));
        
        cipherName = wolfSSL_get_cipher(ssl);
        Serial.print("SSL cipher suite is ");
        Serial.println(cipherName);
        if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
        //if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
            
            Serial.print("Server response: ");
            while (client.available() || wolfSSL_pending(ssl)) {
            input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
            total_input += input;
            if (input < 0) {
                err = wolfSSL_get_error(ssl, 0);
                wolfSSL_ERR_error_string(err, errBuf);
                Serial.print("TLS Read Error: ");
                Serial.println(errBuf);
                break;
            } else if (input > 0) {
                reply[input] = '\0';
                Serial.print(reply);
            } else {
                Serial.println();
            }
            } 
        } else {
            err = wolfSSL_get_error(ssl, 0);
            wolfSSL_ERR_error_string(err, errBuf);
            Serial.print("TLS Write Error: ");
            Serial.println(errBuf);
        }
        
        wolfSSL_shutdown(ssl);
        wolfSSL_free(ssl);

        client.stop();
        Serial.println("Connection complete.");
        reconnect = 0;
        } else {
        Serial.println("Trying to reconnect...");
        }
    }
    delay(1000);
}
 

Ok I got past the above problem, turns out the sample code for Arduino with wolfssl_client.ino doesn't have an "Ethernet.begin()" anywhere and I didn't notice that. Once putting it in, the CBIO error got solved since it can now send and receive data.

However these are the new error messages:
*I'm trying to connect to google.com here with port set to 443

log 1: SB end
log 1: SCH21
log 3: wolfSSL Leaving SendClientHello, return 0
log 1: SC end
log 1: aft SendClientHello
log 1: connect state: CLIENT_HELLO_SENT
log 1: received record layer msg
log 1: got ALERT!
log 1: Got alert
log 0: wolfSSL error occurred, error = 40
log 0: wolfSSL error occurred, error = -313
aft wolfSSL_conenct err: -1
log 2: wolfSSL Entering SSL_get_error
log 3: wolfSSL Leaving SSL_get_error, return -313
log 2: wolfSSL Entering ERR_error_string
TLS Connect Error: revcd alert fatal error
SSL version is log 2: wolfSSL Entering SSL_get_version
TLSv1.2
log 2: wolfSSL Entering wolfSSL_get_cipher
log 2: wolfSSL Entering SSL_get_current_cipher
log 2: wolfSSL Entering SSL_CIPHER_get_name
SSL cipher suite is NONE
log 2: wolfSSL Entering SSL_write()
log 1: handshake not complete, trying to finish
log 2: wolfSSL Entering wolfSSL_negotiate
log 2: wolfSSL Entering SSL_connect()
log 1: ProcessReply retry in error state, not allowed
log 0: wolfSSL error occurred, error = -313
log 3: wolfSSL Leaving wolfSSL_negotiate, return -1
log 3: wolfSSL Leaving SSL_write(), return -1
log 2: wolfSSL Entering SSL_get_error
log 3: wolfSSL Leaving SSL_get_error, return -313
log 2: wolfSSL Entering ERR_error_string
TLS Write Error: revcd alert fatal error
log 2: wolfSSL Entering SSL_shutdown()
log 3: wolfSSL Leaving SSL_shutdown(), return -1
log 2: wolfSSL Entering SSL_free
log 1: CTX ref count not 0 yet, no free
log 3: wolfSSL Leaving SSL_free, return 0
Connection complete.

Ok got past the above error by adding WOLFSSL_ARDUINO to this list:

#elif defined(WOLFSSL_SAFERTOS) || defined(WOLFSSL_LEANPSK) || \
      defined(WOLFSSL_IAR_ARM)  || defined(WOLFSSL_MDK_ARM) || \
      defined(WOLFSSL_uITRON4)  || defined(WOLFSSL_uTKERNEL2) || \
      defined(WOLFSSL_LPC43xx)  || defined(WOLFSSL_STM32F2xx) || \
      defined(MBED)             || defined(WOLFSSL_EMBOS) || \
      defined(WOLFSSL_GENSEED_FORTEST) || defined(WOLFSSL_CHIBIOS) || \
      defined(WOLFSSL_CONTIKI) || defined(WOLFSSL_ARDUINO)
        // @custom added WOLFSSL_ARDUINO
    /* these platforms do not have a default random seed and
       you'll need to implement your own wc_GenerateSeed or define via
       CUSTOM_RAND_GENERATE_BLOCK */

    #define USE_TEST_GENSEED

#elif defined(NO_DEV_RANDOM)

Haven't looked into it yet, but how does one generate a custom random seed for that? Would filling the array with random values based on voltage values from an analog pin suffice?

Anyway, another error I encountered right after that is getting stuck in the ff.:

// from wolfssl_client.ino
 err = wolfSSL_connect(ssl);
// from internal.c

    tmp = (byte*)XMALLOC(size + ssl->buffers.outputBuffer.length + align,
                             ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
    WOLFSSL_MSG("growing output buffer\n");
    // @custom
        /*
    if (tmp == NULL)
        return MEMORY_E;
        */

    if (tmp == NULL) {
        WOLFSSL_MSG("GrowOutputBuffer: tmp=null err");
        return MEMORY_E;
    } else {
        WOLFSSL_MSG("alloc mem success");
    }

log 2: wolfSSL Entering SSL_connect()
log 2: wolfSSL Entering SendClientHello
log 1: growing output buffer

log 1: alloc mem success

Update: Seems like it blocks inside the while loop of int SendBuffered(WOLFSSL* ssl). I ended up printing debug msgs throughout the code to trace the problem.

Upon enabling logging, I got the ff.:

(Sorry for the error spam! Would be posting my debug problems here and what I'm doing about it, as I don't really know where else to get help from smile) Trying to get this working is really out of my comfort zone right now. Although, it does make for a nice learning experience.)

Am currently trying to trace the point of error. It seems to me that it's somewhere with _InitRng but still looking into it.

Ram used (bytes):
dynamic: 0
static: 5256
stack: 80
Est. free ram: 92968

log 2: wolfSSL Entering TLSv1_2_client_method_ex
log 2: wolfSSL Entering wolfSSL_CTX_new_ex
log 2: wolfSSL Entering wolfSSL_Init
log 2: wolfSSL Entering wolfCrypt_Init
log 2: wolfSSL Entering wolfSSL_CertManagerNew
log 3: wolfSSL Leaving WOLFSSL_CTX_new, return 0
log 2: wolfSSL Entering wolfSSL_CTX_set_verify

Setup success!

Ram used (bytes):
dynamic: 368
static: 5256
stack: 72
Est. free ram: 92608

Connected to google.com

log 2: wolfSSL Entering SSL_new
log 1: RNG Init error
log 1: CTX ref count not 0 yet, no free
log 3: wolfSSL Leaving SSL_new, return -209

Ram used (bytes):
dynamic: 368
static: 5256
stack: 304
Est. free ram: 92376

Unable to allocate SSL object

log 2: wolfSSL Entering SSL_get_error
log 2: wolfSSL Entering wolfSSL_ERR_error_string_n
log 2: wolfSSL Entering ERR_error_string
wolfSSL_new: Bad function argument

Update to this, I inserted the following to get the error message:

       ssl = wolfSSL_new(ctx);
       freeRam();
       if (ssl == NULL) {
         Serial.println("Unable to allocate SSL object");
         freeRam();

         err = wolfSSL_get_error(ssl, 0);
         wolfSSL_ERR_error_string_n(err, errBuf, 80);
         Serial.print("wolfSSL_new: ");
         Serial.println(errBuf);
         return;
       }

And am getting this:

wolfSSL_new: Bad function argument

So now I'm looking for where in the world that went wrong haha.

Edit: Ok that was done in a moment of frustration lol, it's bad function argument since ssl is null in the first place and hasn't been allocated for. Damn haha.

Hi! I really appreciate your help. I'm really lost about what to do about this really haha. I've been reading through the WolfSSL docs for the past hours.

I'm not sure what to make of this actually as I don't think it's a memory error(?). I got the following results from inserting these lines of code "freeRam()" as seen below in the "wolfssl_client.ino" code:

// inside void setup()
   // initialize wolfSSL using callback functions
   wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
   wolfSSL_SetIOSend(ctx, EthernetSend);
   wolfSSL_SetIORecv(ctx, EthernetReceive);
   

   Serial.println("Setup success!");
   freeRam();
   return;
 } 


// inside the void loop()
   if (reconnect) {
     reconnect--;
    
     if (client.connect(host, port)) {
 
       Serial.print("Connected to ");
       Serial.println(host);
        freeRam();

       ssl = wolfSSL_new(ctx);
       freeRam();
       if (ssl == NULL) {
         Serial.println("Unable to allocate SSL object");
         freeRam();
         return;
       }

And here are the results from each of those freeRam():

Sketch uses 141148 bytes (26%) of program storage space. Maximum is 524288 bytes.


Setup success!
Ram used (bytes): 
dynamic: 368
static: 5192
stack: 72
Est. free ram: 92672

Connected to google.com

Ram used (bytes): 
dynamic: 368
static: 5192
stack: 288
Est. free ram: 92456

Unable to allocate SSL object
Ram used (bytes): 
dynamic: 368
static: 5192
stack: 288
Est. free ram: 92456

Here's the code of freeRam() from the freeRam.h I'm importing:

#include <Arduino.h>
#include <malloc.h>

extern char _end;
extern "C" char *sbrk(int i);

void freeRam()
{
    char *ramstart = (char *) 0x20070000;
    char *ramend = (char *) 0x20088000;
    char *heapend = sbrk(0);
    register char * stack_ptr asm( "sp" );
    struct mallinfo mi = mallinfo();

    Serial.println(F("Ram used (bytes): "));
    Serial.print(F("dynamic: ")); Serial.println(mi.uordblks);
    Serial.print(F("static: ")); Serial.println(&_end - ramstart);
    Serial.print(F("stack: ")); Serial.println(ramend - stack_ptr);
    Serial.print(F("Est. free ram: ")); Serial.println(stack_ptr - heapend + mi.fordblks);
}

And here's the complete sample code btw with the modifications I made while trying to make it work:

/* wolfssl_client.ino
 *
 * Copyright (C) 2006-2018 wolfSSL Inc.
 *
 * This file is part of wolfSSL.
 *
 * wolfSSL is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * wolfSSL is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 */
 #include <Arduino.h>
 //#include <sys/time.h>
 
 #include <wolfssl.h>
 #include <wolfssl/ssl.h>
 
 struct timeval {
   long tv_sec;
   long tv_usec;
 };
 
 int _gettimeofday( struct timeval *tv, void *tzvp)
 {
   //uint64_t t = __your_system_time_function_here__();  // get uptime in nanoseconds
   //tv->tv_sec = t / 1000000000;  // convert to seconds
   //tv->tv_usec = ( t % 1000000000 ) / 1000;  // get remaining microseconds
   long mt = millis();
   tv->tv_sec = mt/1000;
   tv->tv_usec = mt*1000;
   return 0;  // return non-zero for error
 } // end _gettimeofday()
 
 
 
 #include <Ethernet2.h>

#include <freeRam.h>
 /*
 struct timeval {
   long      tv_sec;
   long tv_usec;
 };
 */
 
 /*
 int _gettimeofday( struct timeval *tv, void *tzvp )
 {
     //uint64_t t = __your_system_time_function_here__();  // get uptime in nanoseconds
     //tv->tv_sec = t / 1000000000;  // convert to seconds
     //tv->tv_usec = ( t % 1000000000 ) / 1000;  // get remaining microseconds
     long mt = millis();
     tv->tv_sec = mt/1000;
     tv->tv_usec = mt*1000;
     return 0;  // return non-zero for error
 } // end _gettimeofday()
 */
 
 
 
 
 //const char host[] = "192.168.1.148"; // server to connect to
 //const int port = 11111; // port on server to connect to
 const char host[] = "google.com";
 const char req[]= "GET / HTTP/1.0\r\n\r\n"; // Get the root page
 const int port = 443;
 
 int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx);
 int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx);
 int reconnect = 10;
 
 EthernetClient client;
 
 WOLFSSL_CTX* ctx = NULL;
 WOLFSSL* ssl = NULL;
 
 void setup() {

   WOLFSSL_METHOD* method;
 
   Serial.begin(9600);
   freeRam();

   method = wolfTLSv1_2_client_method();
   if (method == NULL) {
     Serial.println("unable to get method");
     return;
   }
   ctx = wolfSSL_CTX_new(method);
   if (ctx == NULL) {
     Serial.println("unable to get ctx");
     return;
   }
   // initialize wolfSSL using callback functions
   wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
   wolfSSL_SetIOSend(ctx, EthernetSend);
   wolfSSL_SetIORecv(ctx, EthernetReceive);
   

   Serial.println("Setup success!");
   freeRam();
   return;
 }
 
 int EthernetSend(WOLFSSL* ssl, char* msg, int sz, void* ctx) {
   int sent = 0;
 
   sent = client.write((byte*)msg, sz);
 
   return sent;
 }
 
 int EthernetReceive(WOLFSSL* ssl, char* reply, int sz, void* ctx) {
   int ret = 0;
 
   while (client.available() > 0 && ret < sz) {
     reply[ret++] = client.read();
   }
 
   return ret;
 }
 
 void loop() {
   int err            = 0;
   int input          = 0;
   int total_input    = 0;
   char msg[32]       = "hello wolfssl!";
   int msgSz          = (int)strlen(msg);
   char errBuf[80];
   char reply[80];
   const char* cipherName;
     
   if (reconnect) {
     reconnect--;
    
     if (client.connect(host, port)) {
 
       Serial.print("Connected to ");
       Serial.println(host);
        freeRam();

       ssl = wolfSSL_new(ctx);
       freeRam();
       if (ssl == NULL) {
         Serial.println("Unable to allocate SSL object");
         freeRam();
         return;
       }
 
       err = wolfSSL_connect(ssl);
       if (err != WOLFSSL_SUCCESS) {
         err = wolfSSL_get_error(ssl, 0);
         wolfSSL_ERR_error_string(err, errBuf);
         Serial.print("TLS Connect Error: ");
         Serial.println(errBuf);
       }
 
       Serial.print("SSL version is ");
       Serial.println(wolfSSL_get_version(ssl));
       
       cipherName = wolfSSL_get_cipher(ssl);
       Serial.print("SSL cipher suite is ");
       Serial.println(cipherName);
 
       if ((wolfSSL_write(ssl, msg, msgSz)) == msgSz) {
         
         Serial.print("Server response: ");
         while (client.available() || wolfSSL_pending(ssl)) {
           input = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
           total_input += input;
           if (input < 0) {
             err = wolfSSL_get_error(ssl, 0);
             wolfSSL_ERR_error_string(err, errBuf);
             Serial.print("TLS Read Error: ");
             Serial.println(errBuf);
             break;
           } else if (input > 0) {
             reply[input] = '\0';
             Serial.print(reply);
           } else {
             Serial.println();
           }
         } 
       } else {
         err = wolfSSL_get_error(ssl, 0);
         wolfSSL_ERR_error_string(err, errBuf);
         Serial.print("TLS Write Error: ");
         Serial.println(errBuf);
       }
       
       wolfSSL_shutdown(ssl);
       wolfSSL_free(ssl);
 
       client.stop();
       Serial.println("Connection complete.");
       reconnect = 0;
     } else {
       Serial.println("Trying to reconnect...");
     }
   }
   delay(1000);
 }
 

I'm currently still trying out wolfssl_client.ino, and I've been trying to make an HTTP GET request with google.com.
Where I set the host to "google.com", and the port number to 443.

I get the error of "Unable to allocate to SSL object.", but do get a connection to google.com.

    
    if (client.connect(host, port)) {

      Serial.print("Connected to ");
      Serial.println(host);

      ssl = wolfSSL_new(ctx);
      if (ssl == NULL) {
        Serial.println("Unable to allocate SSL object");
        return;
      }

@Kaleb Ok I got it compiling! What I did was move the wolfssl headers to the top of my ino file, and also changing the gettimeofday to _gettimeofday in both user_settings.h and the ino file.

Was wondering though, would WolfSSL with the Arduino allow me to communicate via HTTPS with other websites configured with SSL/TLS certificates? I'm using Let's Encrypt as the Certificate Authority, and I'm not sure if I should be configuring my server to use WolfSSL as well? The server is an AWS EC2 instance running Ubuntu.

Kaleb J. Himes wrote:

Hi @valcroft,

How was wolfSSL configured? Did you forcefully define WOLFSSL_USER_SETTINGS at the top of wolfssl/wolfcrypt/settings.h and declare the extern gettimeofday prototype in user_settings.h?

Warm Regards,

K

Hi! Thanks for replying! I tried doing that hours ago (I didn't do it before), and I played around with it to get it working, but I haven't any luck with it yet. This was what I did:

//user_settings.h
// From what I understand, this is already wrapped with extern "C" with the include from settings.h
struct timeval;
int gettimeofday (struct timeval *, void *); 
// wolfssl_client.ino - the example code included with the library
// I'm compiling this for Arduino Due on Arduino 1.8.5 IDE

#include <Arduino.h>

struct timeval {
  long tv_sec;
  long tv_usec;
};

int gettimeofday( struct timeval *tv, void *tzvp)
{
  long mt = millis();
  tv->tv_sec = mt/1000;
  tv->tv_usec = mt*1000;
  return 0;  // return non-zero for error
} // end _gettimeofday()


#include <wolfssl.h>
#include <wolfssl/ssl.h>
#include <Ethernet2.h>

// Insert the rest of sample code for wolfssl_client.ino

Error I'm receiving:

wolfssl_client:30: error: previous declaration of 'int gettimeofday(timeval*, void*)' with 'C++' linkage
int gettimeofday( struct timeval *tv, void *tzvp)
     ^
In file included from /Users/val/Documents/Arduino/libraries/wolfSSL/wolfssl/wolfcrypt/settings.h:190:0,
                 from /Users/val/Documents/Arduino/libraries/wolfSSL/wolfssl.h:2,
                 from /Users/val/Documents/SCAN-NDSG/basic-probe/V3DUE/others/ssl/wolfssl_client/wolfssl_client.ino:42:
/Users/val/Documents/Arduino/libraries/wolfSSL/wolfssl/wolfcrypt/user_settings.h:8:43: error: conflicts with new declaration with 'C' linkage
int gettimeofday (struct timeval *, void *);
                                           ^
Using library wolfSSL in folder: /Users/val/Documents/Arduino/libraries/wolfSSL (legacy)
Using library Ethernet2 at version 1.0.4 in folder: /Users/val/Documents/Arduino/libraries/Ethernet2
Using library SPI at version 1.0 in folder: /Users/val/Library/Arduino15/packages/arduino/hardware/sam/1.6.11/libraries/SPI
exit status 1
previous declaration of 'int gettimeofday(timeval*, void*)' with 'C++' linkage

17

(3 replies, posted in wolfSSL)

Hi! Did you encounter the gettimeofday undefined error? How did you get past this?

Hello, I followed the instructions for compiling for the Arduino Due before posting this.

I have also commented out the line that disables the override for struct timeval tm at wolfcrypt/settings.h

However, I can't get past this error.

I have read that one needs to define a gettimeofday function for the system, I have checked the function arguments of the function prototype, the one with the extern, and I have used the same. For now I just used millis() to define the sec and usec with appropriate multiplication and division.

I have also tried putting this self-defined gettimeofday in different locations in the library itself as well as in my code.

Sorry for the brevity of the post and the lack of code snippet, I shall update this later as I'm posting from my phone. Advanced thanks to anyone who'll reply!