I have the same problem , and the problem exists after calling "wolfSSL_connect" function.The client program I built in the Linux environment cannot successfully connect to the server after loading the CA certificate of the Linux system. But when I use the OpenSSL interface to do the same, I can connect to the server.
The code functions I use are the following:
if ((ret = wolfSSL_Init()) != WOLFSSL_SUCCESS) {
fprintf(stderr, "ERROR: Failed to initialize the library\n");
goto socket_cleanup;
}
/* Create and initialize WOLFSSL_CTX */
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) {
fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n");
ret = -1;
goto socket_cleanup;
}
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
/* Load client certificates into WOLFSSL_CTX */
if ((ret = wolfSSL_CTX_load_verify_locations(ctx,"/etc/ssl/certs/ca-certificates.crt", NULL))
!= SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to load %s, please check the file.\n",
CERT_FILE);
goto ctx_cleanup;
}
/* Create a WOLFSSL object */
if ((ssl = wolfSSL_new(ctx)) == NULL) {
fprintf(stderr, "ERROR: failed to create WOLFSSL object\n");
ret = -1;
goto ctx_cleanup;
}
/* Attach wolfSSL to the socket */
if ((ret = wolfSSL_set_fd(ssl, sockfd)) != WOLFSSL_SUCCESS) {
fprintf(stderr, "ERROR: Failed to set the file descriptor\n");
goto cleanup;
}
/* Connect to wolfSSL on the server side */
if ((ret = wolfSSL_connect(ssl)) != SSL_SUCCESS) {
fprintf(stderr, "ERROR: failed to connect to wolfSSL\n");
ret = wolfSSL_get_error((const WOLFSSL *)(ssl), ret);
fprintf(stderr, "wolfSSL_get_error:%d\n",ret);
goto cleanup;
}
The Error Code i get is -188.
The purpose of my test here is to try to replace the OpenSSL library with wolfssl. In the same connection operation, OpenSSL can connect successfully, but wolfssl connection fails.
ca-certificates.crt file is the certificate file that comes with Linux system installation(Certificate directory:/etc/ssl/certs/ca-certificates.crt).