Welcome to the wolfSSL Forums!

2012-02-06 13:02:16

Yeah, Hotmail likes to bounce around. This isn't exactly detrimental to my needs, as long as I can skip CA check altogether, but usually I like doing things properly.

2012-02-06 10:35:38

They all were exported but they gave errors when trying to connect. Exactly the same scenario as above.

2012-02-05 07:25:47

OK, finally got around to it. It's working normally when PEM format is used, thanks.

I used the openssl program to convert from DER, some online converter and a directly exported file in PEM format, they all worked. Well, they all gave exactly the same PEM file.

However, I'd like to ask for some guidance to the process of choosing the correct CA file. For instance:

(this is from Firefox certificate manager, servers tab)

None of these CAs will work, exported them in PEM format directly.

(authorities tab)

Here, only the "Exuifax Secure CA" will work, the google one will not.

(from the address bar icon)

I tried exporting all of these, none work, again PEM format.

What would be the process for obtaining (just an example) Yahoo Mail or Hotmail CA files which could be used for CyaSSL?

2012-01-19 23:34:11

Hi chrisc, even without verification I can confirm I haven't converted anything

That must be the problem, I'll do it this afternoon and let you know about the results.

Alternately, I can just use the certificate exported from Firefox?

2012-01-17 12:55:39

OK, here's the log

logLevel = 2
pMsg = CyaSSL Entering CyaSSL_Init
logLevel = 2
pMsg = CyaSSL Entering SSLv3_client_method
logLevel = 2
pMsg = CyaSSL Entering CYASSL_CTX_new
logLevel = 3
pMsg = CyaSSL Leaving CYASSL_CTX_new, return 0
logLevel = 2
pMsg = CyaSSL Entering CyaSSL_CTX_set_verify
logLevel = 2
pMsg = CyaSSL Entering SSL_CTX_load_verify_locations
logLevel = 1
pMsg = Processing CA PEM file
logLevel = 2
pMsg = CyaSSL Entering SSL_new
logLevel = 3
pMsg = CyaSSL Leaving SSL_new, return 0
eax = 02025158, ssl
logLevel = 2
pMsg = CyaSSL Entering SSL_set_fd
logLevel = 3
pMsg = CyaSSL Leaving SSL_set_fd, return 1
logLevel = 2
pMsg = CyaSSL Entering SSL_read()
logLevel = 2
pMsg = CyaSSL Entering ReceiveData()
logLevel = 1
pMsg = Handshake not complete, trying to finish
logLevel = 2
pMsg = CyaSSL Entering CyaSSL_negotiate
logLevel = 2
pMsg = CyaSSL Entering SSL_connect()
logLevel = 1
pMsg = connect state: CLIENT_HELLO_SENT
logLevel = 1
pMsg = growing input buffer
logLevel = 1
pMsg = received record layer msg
logLevel = 2
pMsg = CyaSSL Entering DoHandShakeMsg()
logLevel = 1
pMsg = processing server hello
logLevel = 3
pMsg = CyaSSL Leaving DoHandShakeMsg(), return 0
logLevel = 1
pMsg = More messages in record
logLevel = 1
pMsg = received record layer msg
logLevel = 2
pMsg = CyaSSL Entering DoHandShakeMsg()
logLevel = 1
;<------------------------------------------ interesting bit starts here
pMsg = processing certificate
logLevel = 1
pMsg = Loading peer's cert chain
logLevel = 1
pMsg =     Put another cert into chain
logLevel = 1
pMsg =     Put another cert into chain
logLevel = 1
pMsg =     Put another cert into chain
logLevel = 1
pMsg = Found Basic CA constraint
logLevel = 1
pMsg = Found optional critical flag, moving past
logLevel = 1
pMsg = About to verify certificate signature
logLevel = 1
pMsg = No CA signer to verify with
logLevel = 1
pMsg = Failed to verify CA from chain
logLevel = 1
pMsg = Found Basic CA constraint
logLevel = 1
pMsg = Found optional critical flag, moving past
logLevel = 1
pMsg = About to verify certificate signature
logLevel = 1
pMsg = No CA signer to verify with
logLevel = 1
pMsg = Failed to verify CA from chain
logLevel = 1
pMsg = Veriying Peer's cert
logLevel = 1
pMsg = About to verify certificate signature
logLevel = 1
pMsg = No CA signer to verify with
logLevel = 1
pMsg = Failed to verify Peer's cert
logLevel = 3
pMsg = CyaSSL Leaving DoHandShakeMsg(), return -155
logLevel = 0
pMsg = CyaSSL error occured, error = -155
;<------------------------------------------ interesting bit ends here
logLevel = 3
pMsg = CyaSSL Leaving CyaSSL_negotiate, return -1
logLevel = 3
pMsg = CyaSSL Leaving SSL_read(), return -1
eax = FFFFFFFF, read
logLevel = 2
pMsg = CyaSSL Entering SSL_get_error
logLevel = 3
pMsg = CyaSSL Leaving SSL_get_error, return -155
logLevel = 2
pMsg = CyaSSL Entering ERR_error_string
offset err_buf = ASN sig error, confirm failure
ssl error
logLevel = 2
pMsg = CyaSSL Entering SSL_shutdown()
logLevel = 3
pMsg = CyaSSL Leaving SSL_shutdown(), return -155
logLevel = 2
pMsg = CyaSSL Entering SSL_free
logLevel = 1
pMsg = CTX ref count not 0 yet, no free
logLevel = 1
pMsg = Shrinking input buffer
logLevel = 2
pMsg = CyaSSL Entering BIO_free
logLevel = 3
pMsg = CyaSSL Leaving SSL_free, return 0
logLevel = 2
pMsg = CyaSSL Entering SSL_CTX_free
logLevel = 1
pMsg = CTX ref count down to 0, doing full free
logLevel = 3
pMsg = CyaSSL Leaving SSL_CTX_free, return 0

2012-01-16 13:26:56

Hi Chris and sorry, I wanted to add to my previous reply but I got swamped at work.

invoke CyaSSL_CTX_set_verify,ctx,1,0

invoke CyaSSL_CTX_load_verify_locations,ctx,offset _cert1,0

invoke CyaSSL_new,ctx
mov ssl,eax
invoke CyaSSL_set_fd,ssl,hSocket
    
invoke CyaSSL_connect,ssl

This is what I used but still a nogo, I get the same error. I'll dig in a bit into the subject tomorrow and recompile with logging turned on.

I tried with both relative and absolute paths to the cert file, don't know if that's supposed to make any difference. Also, I downloaded this cert file.

2012-01-16 04:11:59

Hmh, I got the code from the hub but it seems some include files were missing so I combined the new source with the previous source version while keeping the newer files. Now I get some linking errors

io.obj : error LNK2001: unresolved external symbol _recv@16
io.obj : error LNK2001: unresolved external symbol _WSAGetLastError@0
io.obj : error LNK2001: unresolved external symbol _send@16
random.obj : error LNK2001: unresolved external symbol __imp__CryptReleaseContext@8
random.obj : error LNK2001: unresolved external symbol __imp__CryptGenRandom@12
random.obj : error LNK2001: unresolved external symbol __imp__CryptAcquireContextA@20
ssl.obj : error LNK2001: unresolved external symbol _closesocket@4

winsock32.h at least seems to be included.

Is this the correct set of precompile definitions?

OPENSSL_EXTRA,CYASSL_RIPEMD,CYASSL_SHA512,NO_PSK,SINGLE_THREADED,NO_CYASSL_SERVER,_WINDLL,_AFXDLL,_WIN32

EDIT:

Ignore this lol I just need to add the winsock lib in project properties, dozens of those project properties tabs are a bit hard to navigate for me.

These definitions worked as I would like them to

OPENSSL_EXTRA,CYASSL_RIPEMD,CYASSL_SHA512,NO_PSK,SINGLE_THREADED,NO_CYASSL_SERVER,_WIN32,CYASSL_DLL,BUILDING_CYASSL

2012-01-09 14:14:08

Thanks a lot for your response, I'll check this out in the coming days, currently I'm working on other parts of my project.

2012-01-06 13:57:35

OK, I "bypassed" these issues by compiling the library as a dll and linking to it dynamically. I would still like to get the statical library, though.

This second issue I have doesn't really relate to this problem, it's more of a continuation of my SSL pain and suffering.

Whatever I do, I can't connect to pop.gmail.com in a secure fashion. I'm able to bypass the cert check with

invoke CyaSSL_CTX_set_verify,ctx,SSL_VERIFY_NONE,0

which will be good enough for now I guess, but I would like to have things working properly. These are the steps I have taken

1. used mozilla firefox to export the two certificates which I assumed should be relevant for Google mail servers.

I suppose the top one is the top of the chain, is the correct? Exported both certificates, they had a crt extension which I just renamed to pem and placed in my program directory. I tried using all of these functions

invoke CyaSSL_CTX_load_verify_locations,ctx,offset _cert,0
invoke CyaSSL_CTX_use_certificate_file,ctx,offset _cert,SSL_FILETYPE_PEM
invoke CyaSSL_CTX_use_certificate_chain_file,ctx,offset _cert

on both certificate files, but calls to connect and read functions result in "asn sig error, confirm failure" error.

Any insight into this problem would be welcome.

2012-01-06 08:40:49

Hi people.

I have a problem with a custom compiled CyaSSL embedded SSL library. I'm using:
- CyaSSL embedded SSL package (v 2.0.2)
- Windows 7 64 bit platform
- Pelles C compiler RC4, the 32 bit version
- MASM32 project

I have been trying to compile the library so it would be linkable in my MASM project and where VC++ 6.0 and 8.0 Express have failed, Pelles C managed to give me a library with unmangled function names. Some of the project options I used to compile the library are:
- stcall function calls
- single threaded library
- undecorate exported functions option checked
- preprocessor directives: OPENSSL_EXTRA CYASSL_RIPEMD CYASSL_SHA512 NO_PSK WIN32 SINGLE_THREADED

The custom project was built following your guidelines from the manual, that is copy all the .c files in one folder and .h files into the other. I have changed a bit the directory structure, but the whole thing compiles without problems, I just get a few warnings

\Pelles C Projects\cyassl-barebone\cyassl\internal.h(1154): warning #2135: Static 'tls_client' is not referenced.
\Pelles C Projects\cyassl-barebone\cyassl\internal.h(1152): warning #2135: Static 'server' is not referenced.

The output is a 292kb cyassl.lib. Once I insert the library into my MASM project the only thing needed for a successful build is the crt.lib library.

This would be a part of the function flow I'm trying to create

    invoke CyaSSL_library_init
    cmp eax,SSL_SUCCESS
    jne @quit
    
    invoke CyaSSLv3_client_method
    mov meth,eax
    invoke CyaSSL_CTX_new,meth
    mov ctx,eax
    invoke CyaSSL_CTX_load_verify_locations,ctx,offset _cert,0
    
    invoke CyaSSL_new,ctx
    mov ssl,eax

Note: the function CyaSSL_Init according to the manual returns a "1" if successful, while in fact it returns a 0 if everything went OK.

int CyaSSL_library_init(void)
{
    CYASSL_ENTER("SSL_library_init");
    if (CyaSSL_Init() == 0)
        return SSL_SUCCESS;
    else
        return SSL_FATAL_ERROR;
}

The function CyaSSLv3_client_method never returns and throws an exception in nt.dll. I have traced a bit the flow of the function.

Firstly the VirtualAlloc function is called with following parameters
Address=0
Size=0
AllocType=MEM_RESERVE
Protect=PAGE_NOACCESS

The return value iz NULL and the last error call gives "00000057 ERROR_INVALID_PARAMETER".

The execution crashes on an RtlHeapAlloc call, with "Access violation when reading [00000044]".

The RtlHeapAlloc function is invoked with following parameters
Heap= NULL
Flages= HEAP_NO_SERIALIZE
Size=7

Any light you may shed on this issue will be more then welcomed. If you need any of the sources I'll gladly attach them.

Welcome to the wolfSSL Forums!

Search options

Posts found: 10

1 Reply by mkey 2012-02-06 13:02:16

Re: Custom Compile (14 replies, posted in wolfSSL)

2 Reply by mkey 2012-02-06 10:35:38

Re: Custom Compile (14 replies, posted in wolfSSL)

3 Reply by mkey 2012-02-05 07:25:47

Re: Custom Compile (14 replies, posted in wolfSSL)

4 Reply by mkey 2012-01-19 23:34:11

Re: Custom Compile (14 replies, posted in wolfSSL)

5 Reply by mkey 2012-01-17 12:55:39

Re: Custom Compile (14 replies, posted in wolfSSL)

6 Reply by mkey 2012-01-16 13:26:56

Re: Custom Compile (14 replies, posted in wolfSSL)

7 Reply by mkey 2012-01-16 04:11:59

Re: Custom Compile (14 replies, posted in wolfSSL)

8 Reply by mkey 2012-01-09 14:14:08

Re: Custom Compile (14 replies, posted in wolfSSL)

9 Reply by mkey 2012-01-06 13:57:35

Re: Custom Compile (14 replies, posted in wolfSSL)

10 Topic by mkey 2012-01-06 08:40:49

Topic: Custom Compile (14 replies, posted in wolfSSL)

Posts found: 10