Hi @Kaleb,

Made not difference.

I upload the code on bitbucket for you.
https://bitbucket.org/ulyssesfonseca/wo … eertos-tcp

Hi @Kaleb,

I included on my log, the buffer about callbacks cbk_send and cbk_recv.

@Kaleb,

Yes this defined was commented in my settings.

I'm sending my user_settings.

Hi @Kaleb,

I done like you said, but returned this error:

wolfSSL_Init
wolfSSL_CTX_new
WOLFSSL_CTX_new
wolfSSL_CertManagerNew
WOLFSSL_CTX_new 0
wolfSSL_new
SSL_new
SSL_new 0
wolfSSL_CTX_load_verify_buffer
wolfSSL_CTX_load_verify_buffer
Processing CA PEM file
PemToDer  -4
loading the ca chain failed
Error: (-4): no support for error strings built in
SSL_CTX_free
CTX ref count not 0 yet, no free
SSL_CTX_free 0

related to:

SSL_BAD_FILE        = -4

Hi @Kaleb,

Sorry, i don't know how do this. My cert is this, what i have do?
Another doubt, why this buffer don't have the same problem on linux?

const unsigned char tago_cert[] = {
    "-----BEGIN CERTIFICATE-----\n"
"MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzEl\n"
"MCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMp\n"
"U3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQw\n"
"NjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMGA1UE\n"
"ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZp\n"
"ZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3\n"
"DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf\n"
"8MOh2tTYbitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN\n"
"+lq2cwQlZut3f+dZxkqZJRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0\n"
"X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZGD3/cVE8MC5fvj13c7JdBmzDI1aa\n"
"K4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSNF4Azbl5KXZnJHoe0nRrA\n"
"1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HFMIHCMB0G\n"
"A1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fR\n"
"zt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0\n"
"YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBD\n"
"bGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8w\n"
"DQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3\n"
"L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56D\n"
"eruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl\n"
"xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynp\n"
"VSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEY\n"
"WQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5Q=\n"
"-----END CERTIFICATE-----\n"
};

Hi @Kaleb,

On my board is returning the

ASN_NO_SIGNER_E     = -188,  /* ASN no signer to confirm failure */

I'm using the same file user_settings.h, and i create my test on board like my test on linux. In this scenario i'm using the FreeRTOS+TCP.

This is my code:

    WOLFSSL* ssl = NULL;
    BaseType_t ret;
    struct freertos_sockaddr xConnection;
    char buf_rec[512];
    const char message[] =
        "POST /data HTTP/1.1\r\n"
        "Host: api.tago.io\r\n"
        "content-type: application/json\r\n"
        "content-length: 34\r\n"
        "device-token: c7f71928-9510-4cda-9c69-29a0e35d44b9\r\n\r\n"
        "{\"variable\":\"board\",\"value\":\"375\"}";

    /* Set family and port for client socket. */
    xConnection.sin_family = FREERTOS_AF_INET;
    xConnection.sin_addr = FreeRTOS_inet_addr("23.22.53.220");//FreeRTOS_gethostbyname("23.22.53.220");//"api.tago.io");
    xConnection.sin_port = FreeRTOS_htons( 443 );

    xClientSocket = FreeRTOS_socket(FREERTOS_AF_INET, FREERTOS_SOCK_STREAM, FREERTOS_IPPROTO_TCP);
    configASSERT( xClientSocket != FREERTOS_INVALID_SOCKET );
    ret = FreeRTOS_connect( xClientSocket, &xConnection, sizeof( xConnection ) );

    if(ret) return -1;

    DEBUGOUT("wolfssl_init \n");
    /* initialize wolfssl library */
    wolfSSL_Init();

    DEBUGOUT("wolfSSL_CTX_new \n");
    wolfctx = wolfSSL_CTX_new( wolfTLSv1_2_client_method() );
    if(wolfctx == NULL) return -2;


    DEBUGOUT("wolfSSL_new \n");
    ssl = wolfSSL_new( wolfctx );
    if(ssl == NULL) return -3;

    DEBUGOUT("wolfSSL_CTX_load_verify_buffer \n");
    ret = wolfSSL_CTX_load_verify_buffer(wolfctx, tago_cert, sizeof(tago_cert), SSL_FILETYPE_PEM);
    if(ret != SSL_SUCCESS) return -4;

    DEBUGOUT("wolfSSL_SetIOSend \n");
    wolfSSL_SetIOSend(wolfctx, cbk_send);
    wolfSSL_SetIORecv(wolfctx, cbk_recv);

    ret = wolfSSL_set_fd( ssl, xClientSocket);

    DEBUGOUT("return connect:%d\n",wolfSSL_connect(ssl));
    DEBUGOUT("-->write: %d \n",wolfSSL_write(ssl, message, strlen(message)));
    DEBUGOUT("-->read: %d \n", wolfSSL_read(ssl, buf_rec, sizeof(buf_rec)));
    DEBUGOUT("received:'%s'\n",buf_rec);

    DEBUGOUT("wolfssl_free \n");
    wolfSSL_free(ssl);
    wolfSSL_CTX_free(wolfctx);
    wolfSSL_Cleanup();

    DEBUGOUT("FreeRTOS_closesocket \n");
    FreeRTOS_closesocket( xClientSocket );

    DEBUGOUT("EXIT \n");

Follow the file of log.

Hi @Kaleb,

Now work, i don't know why it didn't work before, but now when i downloaded again worked.
Thanks.

Now i will test on my board. I'll be back later to inform if work in my board.

For now thanks.

Hi,

Anyone can help me?
Now i'm trying do an examplo working in a linux machine before try work on my board, but neither there i can't work.

Here it is my repo on github:
https://github.com/ulyssesfonseca/tcp-c … te-wolfssl

What am i doing wrong?

Hi,

Now apparently work, but return the following error:

PARSE_ERROR             = -306,        /* parse error on header    */

Now i use the CA intermediate in this link like you said.
https://good.sca0a.amazontrust.com/

Hi,

How can i get this type of certificate?
I got another certificate, accessing the web browser and exporting the certificate to a file .cer.

-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgIQBpMMhRTct5qxLIvM9lBD6TANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xOTA1MTYwMDAwMDBaFw0yMDA2MTYx
MjAwMDBaMBQxEjAQBgNVBAMMCSoudGFnby5pbzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALIuoSbd3qk1Ou/2EbyX3mbLjRwmHU1Lius6FLpovOoPjE6y
/BFuNN6TZSVJvcgSPrAguSbXsaRjdKdaDZY5pgz43IcJ6TCBsFFs8nNuMSSeokcx
4plmNW07B9uTpQJexlaHHt6oD3HDvISoU8D/Uy7BbeVoC+WPJYjJ+5YWhyamfgr0
pLCDHE+QzNasg/9XU15jFQ8PtBkMtwjmVHmvgaBDpgW03x+yRdSn0c1uzb64sYSj
5HZN4pfHKXPd09qx2PHk/blIKSXEFwDsY5YPqvkmzff723VO7iXe0mxHHrCKaoAI
q/1ZIfLo22Pf/OLgHcp6czUlkroEIzVxvJ0mVn8CAwEAAaOCAn8wggJ7MB8GA1Ud
IwQYMBaAFFmkZgZSoHuVkjyjlAcnlnRb+T3QMB0GA1UdDgQWBBTOgMFbzVuiJ4Wg
+o6Q71GkJw/k6jAdBgNVHREEFjAUggkqLnRhZ28uaW+CB3RhZ28uaW8wDgYDVR0P
AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8E
NDAyMDCgLqAshipodHRwOi8vY3JsLnNjYTFiLmFtYXpvbnRydXN0LmNvbS9zY2Ex
Yi5jcmwwIAYDVR0gBBkwFzALBglghkgBhv1sAQIwCAYGZ4EMAQIBMHUGCCsGAQUF
BwEBBGkwZzAtBggrBgEFBQcwAYYhaHR0cDovL29jc3Auc2NhMWIuYW1hem9udHJ1
c3QuY29tMDYGCCsGAQUFBzAChipodHRwOi8vY3J0LnNjYTFiLmFtYXpvbnRydXN0
LmNvbS9zY2ExYi5jcnQwDAYDVR0TAQH/BAIwADCCAQUGCisGAQQB1nkCBAIEgfYE
gfMA8QB3AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAABasDRztQA
AAQDAEgwRgIhANhAWrP/0e4e6wIl2615Dsd7V+9b/k0wHiwfxeKoxS3KAiEA98KJ
EG0mMyY1uNMPgg+970pBeqJq/r93BsjrJqCgCRgAdgCHdb/nWXz4jEOZX73zbv9W
jUdWNv9KtWDBtOr/XqCDDwAAAWrA0c/uAAAEAwBHMEUCIQDn/jawdzvQjlXNtV8Z
xaM21DQ5aP4oi1ZtPSUIh1JjkwIgSlQbKbn3CHw+c28KdzZqclnrJvZpwjwM7/qA
0YrWt5gwDQYJKoZIhvcNAQELBQADggEBAIAVBpFcBdPGHv+AICoRMTu1GBd1WaHR
pMOwRFErTkxP5jOqpVp8xVfxuefppradf9sisjGspdMGOi2eocjDustxvgXazSXl
S1EJKZPV3RlQ+I0noh16edpLTNZchUxg+0yMnYvzQwnJjZs8vMCrTOaNrKTQYEMY
tUwbu2wVqBeIjETQxQSgCWgA3zwsASs+YWWD+JQ4dEIIhNr0zgXD0G0OElld31T4
LG317CidTkAEJNDpdDc8QxFhD5ymthRzIT80rte3i8txvUB1fY6TaSXMZKAH3/4l
rq07fUHmlJ1JnMMz4q+OUJTc2VXkNKe0kk+/RXHyLYBZbRGGNqY+FRU=
-----END CERTIFICATE-----

This is the new certificate, but this return the code -188:

ASN_NO_SIGNER_E     = -188,  /* ASN no signer to confirm failure */

Hi @Kaleb J. Himes,

Thanks for your reply.
This works, but now the wolfssl is returning the error code -155 ASN_SIG_CONFIRM_E, returning -1 when try send anything.

Hi,

I'm trying work with Wolfssl using FreeRTOS+TCP. My lib FreeRTOS+TCP is working well.
What i done:

I startup the wolfssl using a constant with the certificate.

    wolfSSL_Init();
    /* Attempt to create a context that uses the TLS 1.2 server protocol. */
    xWolfSSL_ClientContext = wolfSSL_CTX_new( wolfTLSv1_2_client_method() );
    configASSERT( xWolfSSL_ClientContext );

    /* Load the CA certificate. */
    lReturned = wolfSSL_CTX_load_verify_buffer(xWolfSSL_ClientContext, my_cert, sizeof(ca_cert_perm), SSL_FILETYPE_PEM);
    configASSERT( lReturned == SSL_SUCCESS );

    wolfSSL_SetIOSend(xWolfSSL_ClientContext, cbk_send);
    wolfSSL_SetIORecv(xWolfSSL_ClientContext, cbk_recv);

The certificate:

const unsigned char my_cert[] = {
        "-----BEGIN CERTIFICATE-----\n"
        "MIIESTCCAzGgAwIBAgITBn+UV4WH6Kx33rJTMlu8mYtWDTANBgkqhkiG9w0BAQsF\n"
        "ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\n"
        "b24gUm9vdCBDQSAxMB4XDTE1MTAyMjAwMDAwMFoXDTI1MTAxOTAwMDAwMFowRjEL\n"
        "MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEVMBMGA1UECxMMU2VydmVyIENB\n"
        "IDFCMQ8wDQYDVQQDEwZBbWF6b24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\n"
        "AoIBAQDCThZn3c68asg3Wuw6MLAd5tES6BIoSMzoKcG5blPVo+sDORrMd4f2AbnZ\n"
        "cMzPa43j4wNxhplty6aUKk4T1qe9BOwKFjwK6zmxxLVYo7bHViXsPlJ6qOMpFge5\n"
        "blDP+18x+B26A0piiQOuPkfyDyeR4xQghfj66Yo19V+emU3nazfvpFA+ROz6WoVm\n"
        "B5x+F2pV8xeKNR7u6azDdU5YVX1TawprmxRC1+WsAYmz6qP+z8ArDITC2FMVy2fw\n"
        "0IjKOtEXc/VfmtTFch5+AfGYMGMqqvJ6LcXiAhqG5TI+Dr0RtM88k+8XUBCeQ8IG\n"
        "KuANaL7TiItKZYxK1MMuTJtV9IblAgMBAAGjggE7MIIBNzASBgNVHRMBAf8ECDAG\n"
        "AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUWaRmBlKge5WSPKOUByeW\n"
        "dFv5PdAwHwYDVR0jBBgwFoAUhBjMhTTsvAyUlC4IWZzHshBOCggwewYIKwYBBQUH\n"
        "AQEEbzBtMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5yb290Y2ExLmFtYXpvbnRy\n"
        "dXN0LmNvbTA6BggrBgEFBQcwAoYuaHR0cDovL2NydC5yb290Y2ExLmFtYXpvbnRy\n"
        "dXN0LmNvbS9yb290Y2ExLmNlcjA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3Js\n"
        "LnJvb3RjYTEuYW1hem9udHJ1c3QuY29tL3Jvb3RjYTEuY3JsMBMGA1UdIAQMMAow\n"
        "CAYGZ4EMAQIBMA0GCSqGSIb3DQEBCwUAA4IBAQCFkr41u3nPo4FCHOTjY3NTOVI1\n"
        "59Gt/a6ZiqyJEi+752+a1U5y6iAwYfmXss2lJwJFqMp2PphKg5625kXg8kP2CN5t\n"
        "6G7bMQcT8C8xDZNtYTd7WPD8UZiRKAJPBXa30/AbwuZe0GaFEQ8ugcYQgSn+IGBI\n"
        "8/LwhBNTZTUVEWuCUUBVV18YtbAiPq3yXqMB48Oz+ctBWuZSkbvkNodPLamkB2g1\n"
        "upRyzQ7qDn1X8nn8N8V7YJ6y68AtkHcNSRAnpTitxBKjtKPISLMVCx7i4hncxHZS\n"
        "yLyKQXhw2W2Xs0qLeC1etA+jTGDK4UfLeC0SF7FSi8o5LL21L8IzApar2pR/\n"
        "-----END CERTIFICATE-----\n"
};

And after this i try send a message to server:

    /* Set family and port for client socket. */
    xConnection.sin_family = FREERTOS_AF_INET;
    xConnection.sin_addr = FreeRTOS_gethostbyname("api.tago.io");
    xConnection.sin_port = FreeRTOS_htons( 80 );

    if(xConnection.sin_addr == 0){
        ret = 1;
        return ret;
    }
    xClientSocket = FreeRTOS_socket(FREERTOS_AF_INET, FREERTOS_SOCK_STREAM, FREERTOS_IPPROTO_TCP);
    configASSERT( xClientSocket != FREERTOS_INVALID_SOCKET );
    DEBUGOUT("FreeRTOS_connect \n");
    ret = FreeRTOS_connect( xClientSocket, &xConnection, sizeof( xConnection ) );

    if(ret == 0){
        DEBUGOUT("wolfSSL_new \n");
        /* The connect was successful.  Create a wolfSSL object to associate
                    with this connection. */
        xWolfSSL_Object = wolfSSL_new( xWolfSSL_ClientContext );

        if( xWolfSSL_Object != NULL ){
            DEBUGOUT("wolfSSL_set_fd \n");
            /* Associate the created wolfSSL object with the connected
                        socket. */
            ret = wolfSSL_set_fd( xWolfSSL_Object, xClientSocket );
            ret = wolfSSL_connect(xWolfSSL_Object);
            configASSERT( ret == SSL_SUCCESS );

            xTotalLengthToSend = strlen((char*)sendBuf);
            xAlreadyTransmitted = 0;

            DEBUGOUT("SENDING... \n");
            while( xAlreadyTransmitted < xTotalLengthToSend ){

                /* How many bytes are left to send? */
                xLenToSend = xTotalLengthToSend - xAlreadyTransmitted;

                /* The next line is the secure equivalent of the standard
                                            sockets call:
                                            lReturned = send( xClientSocket, cString, strlen( cString ) + 1, 0 ); */
                xBytesSent = wolfSSL_write( xWolfSSL_Object,
                        /* The data being sent. */
                        (char*) &(sendBuf[ xAlreadyTransmitted ]),
                        /* The remaining length of data to send. */
                        xLenToSend);

                DEBUGOUT("\nsend: %d\n",xBytesSent);
                if( xBytesSent >= 0 ){
                    /* Data was sent successfully. */
                    xAlreadyTransmitted += xBytesSent;
                }
                else{
                    /* Error – break out of the loop for graceful socket close. */
                    ret = 3;
                    break;
                }
            }

            DEBUGOUT("RECEIVING... \n");
            for( ;; ){
                /* Receive another block of data into the cRxedData buffer. */
                /*xReceLen = FreeRTOS_recv( xSocketSend, recBuf, sizeof(recBuf), 0 );*/
                xRecLen = wolfSSL_read(xWolfSSL_Object, recBuf, sizeof(recBuf));

                if( xRecLen > 0 )
                {
                    /* Data was received, process it here. */
                    for(i=0; i<xRecLen; i++){
                        receive[xSizeReceive+i] = recBuf[i];
                    }
                    DEBUGOUT("->: %d\n",xRecLen);
                    xSizeReceive += xRecLen;
                }
                else if( xRecLen == 0 )
                {
                    /* No data was received, but FreeRTOS_recv() did not return an error.
                                    Timeout? */
                    DEBUGOUT("Timeout\n");
                }
                else
                {
                    DEBUGOUT("Shutdown\n");
                    /* Error (maybe the connected socket already shut down the socket?).
                                    Attempt graceful shutdown. */
                    /*FreeRTOS_shutdown( xSocketSend, FREERTOS_SHUT_RDWR );*/
                    wolfSSL_shutdown(xWolfSSL_Object);
                    break;
                }
            }
            wolfSSL_free( xWolfSSL_Object );
        }
        DEBUGOUT("FreeRTOS_closesocket \n");
        FreeRTOS_closesocket( xClientSocket );
    }

I enabled the debug messages on WolfSSL and when i try send my message i receive a error of version SSL:

connect state: CLIENT_HELLO_SENT
SSL version error
84 84 3 3
->../WolfSSL/src/ssl.c-5214 - error:-326

where the values '84' are about ssl->curRL.pvMajor and rh->pvMinor, and the values '3' are about ssl->version.major and ssl->version.minor on GetRecordHeader function in internal.c file.

I'm sending my user_settings.h.
If anyone can help me.