Hi Chris,
thanks for your help! I forgot the call of the function CyaSSL_CTX_set_verify (What exactly does it do, the manual does not actually say?!) and did not use the certificate in *.PEM format. Now it works!
You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by sven
Pages 1
Hi Chris,
thanks for your help! I forgot the call of the function CyaSSL_CTX_set_verify (What exactly does it do, the manual does not actually say?!) and did not use the certificate in *.PEM format. Now it works!
Hi Chris,
I tried to all of them, none of them worked. Using cURL I got a working connection using the following *.pem file: http://curl.haxx.se/ca/cacert.pem. Unfortunately I get a parsing error, when I try to open the file with wolfSSL [method: CyaSSL_CTX_load_verify_locations(ctx, "..\\cacert.pem", 0)]. After a lot of successful import actions the debug output says:
CyaSSL Leaving AddCA, return -148
That error occurs at the following cert: COMODO ECC Certification Authority.
Any further suggestions?!
Hello everybody,
first of all, I am a complete beginner in secure communication over the internet - just that you know. Right now I am trying to implement a communication with the Google Accounts' Server (https://accounts.google.com) to be able to authorize with the server using OAuth 2.0 as described here: https://developers.google.com/accounts/ … orDevices. My platform is a x86-64 running Win7, coding in C / C++ with Visual Studio.
The source of my problems seems to be the CA certificate. What I did: I went to https://accounts.google.com with my Browser (Chrome) and exported the Certificate to a DER-coded binary X.509 file (*.cer). In my program I called CyaSSL_CTX_use_certificate_file(ctx, "..\\google_ca.cer", SSL_FILETYPE_RAW). When I try to send something the CyaSSL_connect() fails with the code -155.
Here is the debug output:
CyaSSL Entering CyaSSL_Init
CyaSSL Entering CYASSL_CTX_new
CyaSSL Leaving CYASSL_CTX_new, return 0
CyaSSL Entering CyaSSL_CTX_use_certificate_file
CyaSSL Entering SSL_new
CyaSSL Leaving SSL_new, return 0
CyaSSL Entering SSL_set_fd
CyaSSL Leaving SSL_set_fd, return 1
CyaSSL Entering SSL_connect()
connect state: CLIENT_HELLO_SENT
received record layer msg
CyaSSL Entering DoHandShakeMsg()
processing server hello
CyaSSL Leaving DoHandShakeMsg(), return 0
growing input buffer
received record layer msg
CyaSSL Entering DoHandShakeMsg()
processing certificate
Loading peer's cert chain
Put another cert into chain
Put another cert into chain
Found Basic CA constraint
Found optional critical flag, moving past
About to verify certificate signature
No CA signer to verify with
Failed to verify CA from chain
Veriying Peer's cert
Found Basic CA constraint
Found optional critical flag, moving past
About to verify certificate signature
No CA signer to verify with
Failed to verify Peer's cert
No callback override availalbe, fatal
CyaSSL Leaving DoHandShakeMsg(), return -155
CyaSSL error occured, error = -155
Here is my code:
CyaSSL_Debugging_ON();
if(CyaSSL_Init() != 0)
exit("Error: CyaSSL_Init");
CYASSL_CTX* ctx;
if ( (ctx = CyaSSL_CTX_new(CyaTLSv1_client_method())) == NULL)
exit("CyaSSL_CTX_new error.");
if (CyaSSL_CTX_use_certificate_file(ctx, "..\\google_ca.cer", SSL_FILETYPE_RAW) != SSL_SUCCESS)
exit("Error loading CA cert, please check the file.");
// Socket- / TCP-Stuff
WSADATA wsaData;
if(WSAStartup(MAKEWORD(2, 2), &wsaData) != 0)
exit("Error: WSAStartup", WSAGetLastError());
sockaddr_in addr;
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = inet_addr("173.194.69.84");
addr.sin_port = htons(443);
SOCKET sock = socket(AF_INET, SOCK_STREAM, 0);
if(sock == INVALID_SOCKET)
exit("Error: Invalid socket", WSAGetLastError());
if(connect(sock, (SOCKADDR*) &addr, sizeof(addr)) != 0)
exit("Error: connect", WSAGetLastError());
// Socket- / TCP-Stuff
CYASSL* ssl;
if ((ssl = CyaSSL_new(ctx)) == NULL)
exit("CyaSSL_new error.");
CyaSSL_set_fd(ssl, sock);
if(CyaSSL_connect(ssl) != 0)
exit("Error: CyaSSL_connect");
// READ WRITE:
char recvbuf[4096];
int result;
if((result = CyaSSL_write(ssl, query, strlen(query))) == -1)
exit("Error: CyaSSL_write", CyaSSL_get_error(ssl, result));
if((result = CyaSSL_read(ssl, recvbuf, 4096)) == -1)
exit("Error: CyaSSL_read", CyaSSL_get_error(ssl, result));
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
CyaSSL_Cleanup();
// Socket- / TCP-Stuff
closesocket(sock);
WSACleanup();
// Socket- / TCP-Stuff
Can anybody help me?
Thanks. Sven
Pages 1
wolfSSL - Embedded SSL Library → Posts by sven
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.017 seconds (95% PHP - 5% DB) with 5 queries