1

(3 replies, posted in wolfSSL)

> Could you tell us a bit about your project and your location for our support records?

Working on a release update for existing product based on Marvell 88mw300 module.
problems talking to new cloud setup

> Are you able to generate a packet capture of the failing handshake?

running wifi, will have to create setup to capture. does the debug have a capture that can be enabled?

> Is this a new failure that was previously working? Do you know what changed?

problems talking to new aws cloud setup

2

(3 replies, posted in wolfSSL)

Working on a legacy embedded IoT device. enabled debug, do not see why the connection is not made.

running 3.8.0 library libctaocrypt_fp0_debug.a

====
[wolf] wolfSSL Entering WOLFSSL_CTX_new
[wolf] wolfSSL Entering wolfSSL_CertManagerNew
[wolf] wolfSSL Leaving WOLFSSL_CTX_new, return 0
[wolf] wolfSSL Entering wolfSSL_CTX_load_verify_buffer
[wolf] Processing CA PEM file
[wolf] wolfSSL Entering PemToDer
[wolf] Adding a CA
[wolf] wolfSSL Entering GetExplicitVersion
[wolf] wolfSSL Entering GetMyVersion
[wolf] Got Cert Header
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Algo ID
[wolf] Getting Cert Name
[wolf] Getting Cert Name
[wolf] Got Subject Name
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Key
[wolf] Parsed Past Key
[wolf] wolfSSL Entering DecodeCertExtensions
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeBasicCaConstraint
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeKeyUsage
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeSubjKeyId
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf]     Parsed new CA
[wolf]     Freeing Parsed CA
[wolf]     Freeing der CA
[wolf]         OK Freeing der CA
[wolf] wolfSSL Leaving AddCA, return 0
[wolf]    Processed a CA
[wolf] wolfSSL Entering PemToDer
[wolf] Couldn't find PEM header
[wolf] CA Parse failed, no progress in file.
[wolf] Do not continue search for other certs in file
[wolf] Processed at least one valid CA. Other stuff OK
[wolf] wolfSSL Entering wolfSSL_CTX_use_certificate_buffer
[wolf] wolfSSL Entering PemToDer
[wolf] Checking cert signature type
[wolf] wolfSSL Entering GetExplicitVersion
[wolf] wolfSSL Entering GetMyVersion
[wolf] Got Cert Header
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Algo ID
[wolf] Getting Cert Name
[wolf] Getting Cert Name
[wolf] Got Subject Name
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Key
[wolf] Not ECDSA cert signature
[wolf] wolfSSL Entering wolfSSL_CTX_use_PrivateKey_buffer
[wolf] wolfSSL Entering PemToDer
[wolf] wolfSSL Entering GetMyVersion
[wolf] wolfSSL Entering wolfSSL_CTX_set_verify
[wolf] wolfSSL Entering SSL_new
[wolf] wolfSSL Leaving SSL_new, return 0
[wolf] wolfSSL Entering SSL_set_fd
[wolf] wolfSSL Leaving SSL_set_fd, return 1
[wolf] wolfSSL Entering SSL_connect()
[wolf] growing output buffer

[wolf] Shrinking output buffer

[wolf] connect state: CLIENT_HELLO_SENT
[wolf] growing input buffer

[wolf] received record layer msg
[wolf] wolfSSL Entering DoHandShakeMsg()
[wolf] wolfSSL Entering DoHandShakeMsgType
[wolf] processing server hello
[wolf] wolfSSL Entering VerifyClientSuite
[wolf] wolfSSL Leaving DoHandShakeMsgType(), return 0
[wolf] wolfSSL Leaving DoHandShakeMsg(), return 0
[wolf] growing input buffer

[wolf] received record layer msg
[wolf] wolfSSL Entering DoHandShakeMsg()
[wolf] wolfSSL Entering DoHandShakeMsgType
[wolf] processing certificate
[wolf] Loading peer's cert chain
[wolf]     Put another cert into chain
[wolf]     Put another cert into chain
[wolf]     Put another cert into chain
[wolf]     Put another cert into chain
[wolf] wolfSSL Entering GetExplicitVersion
[wolf] wolfSSL Entering GetMyVersion
[wolf] Got Cert Header
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Algo ID
[wolf] Getting Cert Name
[wolf] Getting Cert Name
[wolf] Got Subject Name
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Key
[wolf] Parsed Past Key
[wolf] wolfSSL Entering DecodeCertExtensions
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeBasicCaConstraint
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeKeyUsage
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeSubjKeyId
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeAuthKeyId
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeAuthInfo
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeCrlDist
[wolf] wolfSSL Entering GetObjectId()
[wolf] Certificate Policy extension not supported yet.
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Chain cert not verified by option, not adding as CA

[wolf] wolfSSL Entering GetExplicitVersion
[wolf] wolfSSL Entering GetMyVersion
[wolf] Got Cert Header
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Algo ID
[wolf] Getting Cert Name
[wolf] Getting Cert Name
[wolf] Got Subject Name
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Key
[wolf] Parsed Past Key
[wolf] wolfSSL Entering DecodeCertExtensions
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeBasicCaConstraint
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeKeyUsage
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeSubjKeyId
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeAuthKeyId
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeAuthInfo
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeCrlDist
[wolf] wolfSSL Entering GetObjectId()
[wolf] Certificate Policy extension not supported yet.
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Chain cert not verified by option, not adding as CA
[wolf] wolfSSL Entering GetExplicitVersion
[wolf] wolfSSL Entering GetMyVersion
[wolf] Got Cert Header
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Algo ID
[wolf] Getting Cert Name
[wolf] Getting Cert Name
[wolf] Got Subject Name
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Key
[wolf] Parsed Past Key
[wolf] wolfSSL Entering DecodeCertExtensions
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeBasicCaConstraint
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeKeyUsage
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeExtKeyUsage
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeSubjKeyId
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeAuthKeyId
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeAuthInfo
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeCrlDist
[wolf] wolfSSL Entering GetObjectId()
[wolf] Certificate Policy extension not supported yet.
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Chain cert not verified by option, not adding as CA
[wolf] Verifying Peer's cert
[wolf] wolfSSL Entering GetExplicitVersion
[wolf] wolfSSL Entering GetMyVersion
[wolf] Got Cert Header
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Algo ID
[wolf] Getting Cert Name
[wolf] Getting Cert Name
[wolf] Got Subject Name
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Got Key
[wolf] Parsed Past Key
[wolf] wolfSSL Entering DecodeCertExtensions
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeAuthKeyId
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeSubjKeyId
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeAltNames
[wolf] wolfSSL Entering GetObjectId()
[wolf] Certificate Policy extension not supported yet.
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeKeyUsage
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeExtKeyUsage
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeCrlDist
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeAuthInfo
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering DecodeBasicCaConstraint
[wolf] wolfSSL Entering GetObjectId()
[wolf] wolfSSL Entering GetAlgoId
[wolf] wolfSSL Entering GetObjectId()
[wolf] Verified Peer's cert
[wolf] wolfSSL Leaving DoHandShakeMsgType(), return 0
[wolf] wolfSSL Leaving DoHandShakeMsg(), return 0
[wolf] received record layer msg
[wolf] wolfSSL Entering DoHandShakeMsg()
[wolf] wolfSSL Entering DoHandShakeMsgType
[wolf] processing server key exchange
[wolf] wolfSSL Leaving DoHandShakeMsgType(), return 0
[wolf] wolfSSL Leaving DoHandShakeMsg(), return 0
[wolf] received record layer msg
[wolf] wolfSSL Entering DoHandShakeMsg()
[wolf] wolfSSL Entering DoHandShakeMsgType
[wolf] processing certificate request
[wolf] wolfSSL Leaving DoHandShakeMsgType(), return 0
[wolf] wolfSSL Leaving DoHandShakeMsg(), return 0
[wolf] received record layer msg
[wolf] wolfSSL Entering DoHandShakeMsg()
[wolf] wolfSSL Entering DoHandShakeMsgType
[wolf] processing server hello done
[wolf] wolfSSL Leaving DoHandShakeMsgType(), return 0
[wolf] wolfSSL Leaving DoHandShakeMsg(), return 0
[wolf] connect state: HELLO_AGAIN
[wolf] connect state: HELLO_AGAIN_REPLY
[wolf] connect state: FIRST_REPLY_DONE
[wolf] growing output buffer

[wolf] Shrinking output buffer

[wolf] sent: certificate
[wolf] connect state: FIRST_REPLY_FIRST
[wolf] growing output buffer

[wolf] Shrinking output buffer

[wolf] sent: client key exchange
[wolf] connect state: FIRST_REPLY_SECOND
[wolf] growing output buffer

[wolf] wolfSSL Entering GetMyVersion
[wolf] wolfSSL Entering VerifyRsaSign
[wolf] Shrinking output buffer

[wolf] sent: certificate verify
[wolf] connect state: FIRST_REPLY_THIRD
[wolf] growing output buffer

[wolf] Shrinking output buffer

[wolf] sent: change cipher spec
[wolf] connect state: FIRST_REPLY_FOURTH
[wolf] growing output buffer

[wolf] Shrinking output buffer

[wolf] sent: finished
[wolf] connect state: FINISHED_DONE
[wolf] received record layer msg
[wolf] got CHANGE CIPHER SPEC
[wolf] received record layer msg
[wolf] wolfSSL Entering DoHandShakeMsg()
[wolf] wolfSSL Entering DoHandShakeMsgType
[wolf] processing finished
[wolf] wolfSSL Leaving DoHandShakeMsgType(), return 0
[wolf] wolfSSL Leaving DoHandShakeMsg(), return 0
[wolf] connect state: SECOND_REPLY_DONE
[wolf] Shrinking input buffer

[wolf] wolfSSL Leaving SSL_connect(), return 1
[wolf] wolfSSL Entering SSL_shutdown()
[wolf] growing output buffer

[wolf] Shrinking output buffer

[wolf] wolfSSL Leaving SSL_shutdown(), return 2
[wolf] wolfSSL Entering SSL_free
[wolf] CTX ref count not 0 yet, no free
[wolf] wolfSSL Leaving SSL_free, return 0
[wolf] wolfSSL Entering wolfSSL_CTX_UnloadCAs
[wolf] wolfSSL Entering wolfSSL_CertManagerUnloadCAs
[wolf] wolfSSL Entering SSL_CTX_free
[wolf] CTX ref count down to 0, doing full free
[wolf] wolfSSL Entering wolfSSL_CertManagerFree
[wolf] wolfSSL Leaving SSL_CTX_free, return 0

=====