You are not logged in. Please login or register.
Active topics Unanswered topics
Welcome to the wolfSSL Forums!
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
References
Stable Releases - download stable product releases.
Development Branch - latest development branch on GitHub.
wolfSSL Manual - wolfSSL (formerly CyaSSL) product manual and API reference.
Search options
Hi, Eric.
Ok, thank you so much.
Hi, Eric.
I'm having trouble sending you the capture, can I send you the project so you can test it? i'm running it on a pic32MZ_ef_sk board
Thanks for attention.
I have a problem with Wireshark, apparently the network I'm on is not promiscuous and I can't see the traffic on the PIC32MZ_EF_SK board, I'll check if I can solve it
/*** wolfMQTT configuration ***/
#define WOLFMQTT_NONBLOCK
#define WOLFMQTT_USER_SETTINGS
// #define WOLFMQTT_NO_TIMEOUT
// #define WOLFMQTT_NO_STDIN_CAP
#define WOLFMQTT_DISCONNECT_CB
#define WOLFMQTT_NO_ERROR_STRINGS
#define WOLFMQTT_NO_STDIO
#define ENABLE_MQTT_TLS
#define DEBUG_WOLFSSL
/*** wolMQTT Net Glue configuration ***/
#define WMQTT_NET_GLUE_FORCE_TLS true
#define WMQTT_NET_GLUE_IPV6 false
#define WMQTT_NET_GLUE_MAX_BROKER_NAME 70
#define WMQTT_NET_GLUE_DEBUG_ENABLE true
#define WMQTT_NET_GLUE_ERROR_STRINGS true
#define WMQTT_NET_GLUE_MALLOC malloc
#define WMQTT_NET_GLUE_FREE free
#define WMQTT_NET_SKT_TX_BUFF 2048
#define WMQTT_NET_SKT_RX_BUFF 2048
/******************************************************************************/
/*wolfSSL TLS Layer Configuration*/
/******************************************************************************/
#define WOLFSSL_ALT_NAMES
#define WOLFSSL_DER_LOAD
#define KEEP_OUR_CERT
#define KEEP_PEER_CERT
#define HAVE_CRL_IO
#define HAVE_IO_TIMEOUT
#define TFM_NO_ASM
#define WOLFSSL_NO_ASM
#define SIZEOF_LONG_LONG 8
#define WOLFSSL_USER_IO
#define NO_WRITEV
#define MICROCHIP_TCPIP
#define HAVE_FFDHE_2048
#define HAVE_FFDHE_3072
#define HAVE_FFDHE_4096
#define NO_PWDBASED
#define HAVE_TLS_EXTENSIONS
#define WOLFSSL_TLS13
#define HAVE_SUPPORTED_CURVES
#define NO_ERROR_STRINGS
#define NO_OLD_TLS
/*** wolfCrypt Library Configuration ***/
#define MICROCHIP_PIC32
#define MICROCHIP_MPLAB_HARMONY
#define MICROCHIP_MPLAB_HARMONY_3
#define HAVE_MCAPI
#define SIZEOF_LONG_LONG 8
#define WOLFSSL_USER_IO
#define NO_WRITEV
#define NO_FILESYSTEM
#define USE_FAST_MATH
#define NO_PWDBASED
#define HAVE_MCAPI
#define WOLF_CRYPTO_CB // provide call-back support
#if (__XC32_VERSION > 100000000)
#define WOLFSSL_HAVE_MIN
#define WOLFSSL_HAVE_MAX
#endif
// ---------- FUNCTIONAL CONFIGURATION START ----------
#define WOLFSSL_AES_SMALL_TABLES
#define NO_MD4
#define WOLFSSL_SHA224
#define WOLFSSL_SHA384
#define WOLFSSL_SHA512
#define HAVE_SHA512
#define HAVE_HKDF
#define WOLFSSL_AES_128
#define WOLFSSL_AES_192
#define WOLFSSL_AES_256
#define WOLFSSL_AES_DIRECT
#define HAVE_AES_DECRYPT
#define HAVE_AES_ECB
#define HAVE_AES_CBC
#define WOLFSSL_AES_COUNTER
#define WOLFSSL_AES_OFB
#define HAVE_AESGCM
#define HAVE_AESCCM
#define NO_RC4
#define NO_HC128
#define NO_RABBIT
#define HAVE_ECC
#define HAVE_DH
#define NO_DSA
#define FP_MAX_BITS 8192
#define USE_CERT_BUFFERS_2048
#define WC_RSA_PSS
#define NO_DEV_RANDOM
#define HAVE_HASHDRBG
#define WC_NO_HARDEN
#define SINGLE_THREADED
#define NO_ERROR_STRINGS
#define NO_WOLFSSL_MEMORY
// ---------- FUNCTIONAL CONFIGURATION END ----------
/* MPLAB Harmony Net Presentation Layer Definitions*/
#define NET_PRES_NUM_INSTANCE 1
#define NET_PRES_NUM_SOCKETS 10
Hi, Eric.
If I use the example certificates and the broker I get:
mqtt start
MQTT pub/sub demo has been started
>MQTT Task - Client Start: QoS 0, broker a2dujmi05ideo2.iot.us-west-2.amazonaws.com
MQTT Task - run message: WMQTT_NETGlue_Initialize, res: 0
MQTT Task - run message: MqttClient_Init, res: 0
MQTT Task - run message: MqttClient_SetDisconnectCallback, res: 0
WMQTT_NET_GLUE Info: Started Connect
WMQTT_NET_GLUE Info: Connected Successfully
WMQTT_NET_GLUE Info: Start TLS
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering SSLv23_client_method_ex
wolfSSL Entering wolfSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_set_verify
wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAltNames
Unsupported name type, skipping
wolfSSL Entering GetObjectId()
DecodeExtKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Parsed new CA
Freeing Parsed CA
Freeing der CA
OK FreeinwolfSSL wolfSSL growing output buffer
Key Share extension to write
Supported Versions extension to write
Signature Algorithms extension to write
Point Formats extension to write
Supported Groups extension to write
Shrinking output buffer
wolfSSL Leaving SendTls13ClientHello, return 0
connect state: CLIENT_HELLO_SENT
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSwolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL processing certificate
wolfSSL Entering DoCertiwolfSSL wolfSSL wolfSSL processiwolfSSL wolfSSL Leaving RsaVerify, return 51
wolfSSL Leaving DoServerKeyExchange, return 0
Shrinking input buffer
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakShrinkinwolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL wolfSSL receivedwolfSSL Leaving EccMakeKey, return 0
wolfSSL Entering EccSharedSecret
wolfSSL Entering wc_ecc_shared_secret_gen_sync
wolfSSL Leaving wc_ecc_shared_secret_gen_sync, return 0
wolfSSL Leaving wc_ecc_shared_secret_ex, return 0
wolfSSL Leaving EccSharedSecret, return 0
growing output buffer
Shrinking output buffer
wolfSSL Leaving SendClientKeyExchange, return 0
sent: client key exchange
connect state: FIRST_REPLY_SECOND
wolfSSL Entering SendCertificateVerify
sent: certificate verify
connect state: FIRST_REPLY_THIRD
growing output buffer
Shrinking output buffer
sent: change cipher spec
connect state: FIRST_REPLY_FOURTH
wolfSSL Entering SendFinished
growing output buffer
wolfSSL Entering BuildMessage
wolfSSL Leaving BuildMessage, return 0
Shrinking output buffer
wolfSSL Leaving SendFinished, return 0
sent: finished
connect state: FINISHED_DONE
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
wolfSSL Entering SSL_connect()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -323
WMQTT_NET_GLUE Error: Skt Reset, occurred in func: WMQTT_NETGlue_Connect, line: 319,
MQTT Task - run message: MqttClient_NetConnect, res: -8
wolfSSL EwolfSSL
Hi Eric.
I had to do other things and stopped the project, but I'm picking it up now. Using part of the example in awsiot.c I changed APP_MQTT_TLSHandler to mqtt_aws_tls_cb but it doesn't seem to call this function.
I use the certificates for my connection as in the example but it doesn't work.
mqtt start
MQTT pub/sub demo has been started
>MQTT Task - Client Start: QoS 0, broker a2dujmi05ideo2.iot.us-west-2.amazonaws.com
MQTT Task - run message: WMQTT_NETGlue_Initialize, res: 0
MQTT Task - run message: MqttClient_Init, res: 0
MQTT Task - run message: MqttClient_SetDisconnectCallback, res: 0
WMQTT_NET_GLUE Info: Started Connect
WMQTT_NET_GLUE Info: Connected Successfully
WMQTT_NET_GLUE Info: Start TLS
WMQTT_NET_GLUE Error: Skt Reset, occurred in func: WMQTT_NETGlue_Connect, line: 319,
MQTT Task - run message: MqttClient_NetConnect, res: -8
MQTT Task - MQTT cycle Failed in state: 6, error code: -8!
Thanks for your attention.
Hi, Eric. I got this:
TCP/IP Stack: Initialization Started
TCP/IP Stack: Initialization Ended - success
Interface PIC32INT on host MCHPBOARD_E - NBNS disabled
Created the mqtt Commands
PIC32INT IP Address: 0.0.0.0
PIC32INT IP Address: 172.16.1.124
mqtt start
MQTT pub/sub demo has been started
>MQTT Task - Client Start: QoS 0, broker a3oellqp4u1niz-ats.iot.us-east-2.amazonaws.com
MQTT Task - run message: WMQTT_NETGlue_Initialize, res: 0
MQTT Task - run message: MqttClient_Init, res: 0
MQTT Task - run message: MqttClient_SetDisconnectCallback, res: 0
WMQTT_NET_GLUE Info: Started Connect
WMQTT_NET_GLUE Info: Connected Successfully
WMQTT_NET_GLUE Info: Start TLS
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering SSLv23_client_method_ex
wolfSSL Entering wolfSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_set_verify
wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex
wolfSSL Leaving wolfSSL_CTX_load_verify_buffer_ex, return -140
wolfSSL Entering SSL_CTX_free
CTX ref count down to 0, doing full free
wolfSSL Entering wolfSSL_CertManagerFree
wolfSSL Leaving SSL_CTX_free, return 0
WMQTT_NET_GLUE Error: TLS Negotiation, occurred in func: WMQTT_NETGlue_Connect, line: 328,
MQTT Task - run message: MqttClient_NetConnect, res: -6
wolfSSL Entering SSL_free
wolfSSL Leaving SSL_free, return 0
MQTT Task - MQTT cycle Failed in state: 6, error code: -6!
Comparing results, the problem starts at wolfSSL Leaving wolfSSL_CTX_load_verify_buffer_ex, return -140. I have the CA file, the client's certificate and the client's private key.
With a MQTT client it connects to the Amazon broker. I add the values from the files to certs_test.h doing the conversion to DER format and got the above results.
I must be doing something wrong, could it be the conversion or misplacing the values in certs_test.h? Or do I need any additional information? I will keeping testing.
Thanks for your attention.
Thanks, Eric. I will test it.
embhorn wrote:Hello Juan,
Thanks for reaching out. Great to hear that you are back to using wolfMQTT.
Could you enable DEBUG_WOLFSSL in the configuration and add a line to the application to call to wolfSSL_Debugging_ON(). This will enable debug logging for wolfSSL.
Thanks,
Eric @ wolfSSL Support
Hi, Eric.
I already enabled DEBUG_WOLFSSL and added wolfSSL_Debugging_ON() (it is already added in the mqtt_socket() file when enabling DEBUG_WOLFSSL) but I don't see it showing me messages, where should they be seen?
Also, in the directory \wolfMQTT\examples\aws there is an example for the communication I need but I don't know how to include it in my project or how to do it in Harmony v3, is there a guide on how to build the project?
Thanks for response, tomorrow I will test
Two years ago I started testing WolfMQTT with PIC32 and you helped me solve the problem I was having connecting to a broker. The project was delayed and has now started up again.
I am using the wolfmqtt_demo example to communicate with different brokers using PIC32MZ. Without TLS it works fine but adding TLS 1.3 only works with the test.mosquitto.org broker.
The next step is to use it with an Amazon broker (AWS) that we use to communicate, I have the certificates and the private key in PEM format but it does not communicate successfully:
MQTT pub/sub demo has been started
>MQTT Task - Client Start: QoS 0, broker a3oellqp4u1niz-ats.iot.us-east-2.amazonaws.com
MQTT Task - run message: WMQTT_NETGlue_Initialize, res: 0
MQTT Task - run message: MqttClient_Init, res: 0
MQTT Task - run message: MqttClient_SetDisconnectCallback, res: 0
WMQTT_NET_GLUE Info: Started Connect
WMQTT_NET_GLUE Info: Connected Successfully
WMQTT_NET_GLUE Info: Start TLS
WMQTT_NET_GLUE Error: TLS Negotiation, occurred in func: WMQTT_NETGlue_Connect, line: 328,
MQTT Task - run message: MqttClient_NetConnect, res: -6
MQTT Task - MQTT cycle Failed in state: 6, error code: -6!
I don't know if I'm using correctly the certificates and the key in the project (I modify them in the erts_test.h file, I converted them to DER format). Would you know how to help me with this issue? Microchip support has not responded to me.
Posts found: 11
Generated in 0.025 seconds (95% PHP - 5% DB) with 5 queries