1 Reply by Mohammedshameem.tv

(3 replies, posted in wolfSSL)

Hi Kareem,

Thank you for your support.

I am using an STM32 board to communicate with my HTTPS server, which is hosted on Google Firebase, for downloading files. As an initial step, I attempted to communicate with google.com by fetching the SSL certificate using openssl through CMD.

When I parse the certificate using wolfSSL_CTX_load_verify_buffer(), it returns SSL_SUCCESS. However, when I attempt to write data to google.com, I encounter the error -188. Interestingly, if I use:
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL) the communication works fine.

Currently, my STM32 board is successfully communicating with my Google Firebase server, but it uses WOLFSSL_VERIFY_NONE, which disables certificate verification. Since this is a commercial project, I want to enhance security by properly verifying the SSL certificate.

Let me know if you need any further details.

Thanks again,
Mohammed

Go to forum: wolfSSL

2 Topic by Mohammedshameem.tv

(3 replies, posted in wolfSSL)

Issue Summary:

- I am unable to communicate with google.com after changing the SSL verification mode from WOLFSSL_VERIFY_NONE to
WOLFSSL_VERIFY_PEER.
- After investigating, I found that the issue is related to Google's root certificate.
- I downloaded the latest Google root certificate from Google Trust Services in .PEM format.
- I then converted the certificate into a C string format and added it to my project.
  Despite this, the issue persists.

Additional Details:

- My application initially establishes communication with Google and my organization's website (which has an SSL certificate).
- My organization's website is hosted by GoDaddy.
- In the certification section of the hosting panel, I found a certificate in .PEM format.
- When I pass this GoDaddy certificate for SSL verification, I receive an error:
  "Invalid data (-140)".

What I Need Help With:

- Am I doing anything wrong in attaching or loading the certificates?
- Could you help analyze the log and code (attached below) to identify any potential issues?

#define SERVER_NAME "www.google.com"
#define SERVER_PORT 443
#define HTTP_REQUEST "GET / HTTP/1.1\r\nHost: google.com\r\nConnection: close\r\n\r\n"


const unsigned char google_root_certificate[] =
"-----BEGIN CERTIFICATE-----\n"
"MIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQsw\n"
"CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU\n"
"MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw\n"
"MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp\n"
"Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUA\n"
"A4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaMf/vo\n"
"27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7w\n"
"Cl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjw\n"
"TcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0Pfybl\n"
"qAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtcvfaH\n"
"szVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4Zor8\n"
"Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUspzBmk\n"
"MiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92\n"
"wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70p\n"
"aDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrN\n"
"VjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQID\n"
"AQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E\n"
"FgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBAJ+qQibb\n"
"C5u+/x6Wki4+omVKapi6Ist9wTrYggoGxval3sBOh2Z5ofmmWJyq+bXmYOfg6LEe\n"
"QkEzCzc9zolwFcq1JKjPa7XSQCGYzyI0zzvFIoTgxQ6KfF2I5DUkzps+GlQebtuy\n"
"h6f88/qBVRRiClmpIgUxPoLW7ttXNLwzldMXG+gnoot7TiYaelpkttGsN/H9oPM4\n"
"7HLwEXWdyzRSjeZ2axfG34arJ45JK3VmgRAhpuo+9K4l/3wV3s6MJT/KYnAK9y8J\n"
"ZgfIPxz88NtFMN9iiMG1D53Dn0reWVlHxYciNuaCp+0KueIHoI17eko8cdLiA6Ef\n"
"MgfdG+RCzgwARWGAtQsgWSl4vflVy2PFPEz0tv/bal8xa5meLMFrUKTX5hgUvYU/\n"
"Z6tGn6D/Qqc6f1zLXbBwHSs09dR2CQzreExZBfMzQsNhFRAbd03OIozUhfJFfbdT\n"
"6u9AWpQKXCBfTkBdYiJ23//OYb2MI3jSNwLgjt7RETeJ9r/tSQdirpLsQBqvFAnZ\n"
"0E6yove+7u7Y/9waLd64NnHi/Hm3lCXRSHNboTXns5lndcEZOitHTtNCjv0xyBZm\n"
"2tIMPNuzjsmhDYAPexZ3FL//2wmUspO8IFgV6dtxQ/PeEMMA3KgqlbbC1j+Qa3bb\n"
"bP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3gm3c\n"
"-----END CERTIFICATE-----\n";




int google_crt_len = sizeof(google_root_certificate)-1;

extern struct netif gnetif;
char buff[256];
#define MAXLINE 256

/* Your custom send function */
int MySocketSend(WOLFSSL *ssl, char *buf, int sz, void *ctx) {
    int sockfd = *(int *)ctx; // Retrieve socket
    int ret = send(sockfd, buf, sz, 0);
    if (ret < 0) {
        uart_print("TCP send failed");
             return WOLFSSL_CBIO_ERR_GENERAL;
    }
    return ret;
}

/* Your custom receive function */
int MySocketRecv(WOLFSSL *ssl, char *buf, int sz, void *ctx) {
    int sockfd = *(int *)ctx; // Retrieve socket
    int ret = recv(sockfd, buf, sz, 0);
    if (ret <= 0) {
       uart_print("TCP recv send failed");
            return WOLFSSL_CBIO_ERR_GENERAL;
    }
    return ret;
}





void wolfssl_print(const int logLevel, const char* logMessage) 
{
     sprintf(buff,"WolfSSL Log [%d]: %s\n", logLevel, logMessage);    
    uart_print(buff);
}



void
str_cli(FILE *fp, WOLFSSL* ssl)
{
    char  sendline[MAXLINE] = "GET / HTTP/1.1\r\nHost: google.com\r\nConnection: close\r\n\r\n", recvline[MAXLINE];
    int   n = 0,ret;

        if((ret = wolfSSL_write(ssl, sendline, strlen(sendline))) !=
                     strlen(sendline))
                {
                    sprintf(buff,"wolfSSL_write failed %d",ret);
           uart_print(buff);
        }
               else
                {
                    uart_print(sendline);
                    uart_print("wolfSSL_write success");
                }
                                         

        if ((n = wolfSSL_read(ssl, recvline, MAXLINE)) <= 0)
                {
                    sprintf(buff,"wolfSSL_read failed : %d",n);
                    recvline[n] = '\0';
                 uart_print(buff);
                    
           uart_print(recvline);
                }
                else
                {
                    recvline[n] = '\0';
                     uart_print(recvline);
                    
                }
}

void wolf_ssl_task(void *argument)
{
    ip_addr_t ip_address;
    int ret;
    WOLFSSL_CTX* ctx;
  WOLFSSL* ssl;
        int sockfd;
    struct sockaddr_in servaddr;
  printf("started code");
    uart_print("stated wolf_ssl task ");
    

    wolfSSL_Init();
    
        wolfSSL_Debugging_ON();
    
    wolfSSL_SetLoggingCb(wolfssl_print);
    
    if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL)
            {
                sprintf(buff,"wolfSSL_CTX_new error : %d\n",ret);
        uart_print(buff);
        vTaskDelete(NULL);
    }
        uart_print("success wolfSSL_CTX_n0 error\n");

        wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
        
    // Load CA certificate from memory
    if ((ret = wolfSSL_CTX_load_verify_buffer(ctx, google_root_certificate, google_crt_len, CTC_FILETYPE_PEM)) != SSL_SUCCESS) {
        sprintf(buff,"wolfSSL_CTX_new error : %d\n",ret);
        uart_print(buff);
        vTaskDelete(NULL);
    }
    
    
        uart_print("success to load CA certificate\n");
    
     while(1)
  {
    if(gnetif.ip_addr.addr == 0 || gnetif.netmask.addr == 0 || gnetif.gw.addr == 0) //system has no valid ip address
    {
      osDelay(1000);
      continue;
    } else
    {
             BSP_LED_On(LED1);
      uart_print("DHCP/Static IP O.K.\n");
      break;
    }
  }
    
    //collecting server ip through DNS
    ret = netconn_gethostbyname(SERVER_NAME, &ip_address);
    
    sprintf(buff,"IP addr of google.com is %s ret %d",ipaddr_ntoa(&ip_address),ret);
    uart_print(buff);

    // Create socket
    while(1)
    {
    if ((sockfd = lwip_socket(AF_INET, SOCK_STREAM, 0)) < 0) {
        uart_print("Socket creation failed\n");
        vTaskDelete(NULL);
    }
        
        sprintf(buff,"socket created with fd  %d ",sockfd);
    uart_print(buff);
        

    servaddr.sin_family = AF_INET;
    servaddr.sin_port = htons(SERVER_PORT);
    servaddr.sin_addr.s_addr = ip_address.addr;//inet_addr(ip_address.addr);

        
            /* Set the callbacks before connecting */
        wolfSSL_SetIORecv(ctx, MySocketRecv);
        wolfSSL_SetIOSend(ctx, MySocketSend);
        
    // Connect to the server
    if (ret = lwip_connect(sockfd, (struct sockaddr *)&servaddr, sizeof(servaddr)) < 0) 
        {
            sprintf(buff,"Connection failed %d\n",ret);
        uart_print(buff);
        lwip_close(sockfd);
        //vTaskDelete(NULL);
    }
        else
        {
            break;
        }
    }
            sprintf(buff,"ok  socket connected successsfully  %d ",sockfd);
        uart_print(buff);
        
        if( (ssl = wolfSSL_new(ctx)) == NULL) 
        {
    uart_print("wolfSSL_new error.\n");
    }
        
        uart_print("OK wolfSSL_new.\n");

    wolfSSL_set_fd(ssl, sockfd);
        
        
    
        
        str_cli(stdin, ssl);
        


wolfSSL_free(ssl);      /* Free WOLFSSL object */
wolfSSL_CTX_free(ctx);  /* Free WOLFSSL_CTX object */
wolfSSL_Cleanup();      /* Free wolfSSL */
    lwip_close(sockfd);
    while(1)
    {
     osDelay(10000);
    }
}

LOG (MODE WOLFSSL_VERIFY_NONE ) :-

stated wolf_ssl task
WolfSSL Log [2]: wolfSSL Entering TLSv1_2_client_method_ex

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CTX_new_ex

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CertManagerNew

WolfSSL Log [1]: heap param is null

WolfSSL Log [1]: DYNAMIC_TYPE_CERT_MANAGER Allocating = 112 bytes

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_CTX_new_ex, return 0

success wolfSSL_CTX_n0 error

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CTX_set_verify

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex

WolfSSL Log [1]: Processing CA PEM file

WolfSSL Log [2]: wolfSSL Entering ProcessBuffer

WolfSSL Log [2]: wolfSSL Entering PemToDer

WolfSSL Log [1]: Adding a CA

WolfSSL Log [1]: Getting Cert Name

WolfSSL Log [1]: Getting Cert Name

WolfSSL Log [2]: wolfSSL Entering GetAlgoId

WolfSSL Log [2]: wolfSSL Entering DecodeCertExtensions

WolfSSL Log [2]: wolfSSL Entering DecodeKeyUsage

WolfSSL Log [2]: wolfSSL Entering DecodeBasicCaConstraint

WolfSSL Log [2]: wolfSSL Entering DecodeSubjKeyId

WolfSSL Log [1]:     Parsed new CA

WolfSSL Log [1]:     Freeing Parsed CA

WolfSSL Log [1]:     Freeing der CA

WolfSSL Log [1]:         OK Freeing der CA

WolfSSL Log [3]: wolfSSL Leaving AddCA, return 0

WolfSSL Log [3]: wolfSSL Leaving ProcessBuffer, return 1

WolfSSL Log [1]:    Processed a CA

WolfSSL Log [1]: Processed at least one valid CA. Other stuff OK

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_CTX_load_verify_buffer_ex, return 1

success to load CA certificate

DHCP/Static IP O.K.

IP addr of google.com is 142.250.195.68 ret 0
socket created with fd  0
ok  socket connected successsfully  0
WolfSSL Log [2]: wolfSSL Entering wolfSSL_new

WolfSSL Log [2]: wolfSSL Entering ReinitSSL

WolfSSL Log [1]: RNG_HEALTH_TEST_CHECK_SIZE = 128

WolfSSL Log [1]: sizeof(seedB_data)         = 128

WolfSSL Log [2]: wolfSSL Entering SetSSL_CTX

WolfSSL Log [2]: wolfSSL Entering wolfSSL_NewSession

WolfSSL Log [1]: InitSSL done. return 0 (success)

WolfSSL Log [1]: wolfSSL_new InitSSL success

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_new InitSSL =, return 0

OK wolfSSL_new.

WolfSSL Log [2]: wolfSSL Entering wolfSSL_set_fd

WolfSSL Log [2]: wolfSSL Entering wolfSSL_set_read_fd

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_set_read_fd, return 1

WolfSSL Log [2]: wolfSSL Entering wolfSSL_set_write_fd

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_set_write_fd, return 1

WolfSSL Log [2]: wolfSSL Entering wolfSSL_write

WolfSSL Log [1]: handshake not complete, trying to finish

WolfSSL Log [2]: wolfSSL Entering wolfSSL_negotiate

WolfSSL Log [1]: TLS 1.2 or lower

WolfSSL Log [2]: wolfSSL Entering wolfSSL_connect

WolfSSL Log [2]: wolfSSL Entering ReinitSSL

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [2]: wolfSSL Entering SendClientHello

WolfSSL Log [1]: Adding signature algorithms extension

WolfSSL Log [1]: growing output buffer

WolfSSL Log [1]: Signature Algorithms extension to write

WolfSSL Log [1]: Point Formats extension to write

WolfSSL Log [1]: Supported Groups extension to write

WolfSSL Log [1]: EMS extension to write

WolfSSL Log [1]: Shrinking output buffer

WolfSSL Log [3]: wolfSSL Leaving SendClientHello, return 0

WolfSSL Log [1]: connect state: CLIENT_HELLO_SENT

WolfSSL Log [1]: Server state up to needed state.

WolfSSL Log [1]: Progressing server state...

WolfSSL Log [1]: ProcessReply...

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [1]: growing input buffer

WolfSSL Log [1]: received record layer msg

WolfSSL Log [1]: got HANDSHAKE

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsg

WolfSSL Log [2]: wolfSSL Entering EarlySanityCheckMsgReceived

WolfSSL Log [3]: wolfSSL Leaving EarlySanityCheckMsgReceived, return 0

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsgType

WolfSSL Log [1]: processing server hello

WolfSSL Log [2]: wolfSSL Entering DoServerHello

WolfSSL Log [1]: Extended Master Secret extension received

WolfSSL Log [1]: Point Formats extension received

WolfSSL Log [2]: wolfSSL Entering wolfSSL_get_options

WolfSSL Log [2]: wolfSSL Entering wolfSSL_get_options

WolfSSL Log [2]: wolfSSL Entering VerifyClientSuite

WolfSSL Log [3]: wolfSSL Leaving DoServerHello, return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsgType(), return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsg(), return 0

WolfSSL Log [1]: Shrinking input buffer

WolfSSL Log [1]: ProcessReply done.

WolfSSL Log [1]: Progressing server state...

WolfSSL Log [1]: ProcessReply...

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [1]: growing input buffer

WolfSSL Log [1]: received record layer msg

WolfSSL Log [1]: got HANDSHAKE

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsg

WolfSSL Log [2]: wolfSSL Entering EarlySanityCheckMsgReceived

WolfSSL Log [3]: wolfSSL Leaving EarlySanityCheckMsgReceived, return 0

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsgType

WolfSSL Log [1]: processing certificate

WolfSSL Log [2]: wolfSSL Entering DoCertificate

WolfSSL Log [2]: wolfSSL Entering ProcessPeerCerts

WolfSSL Log [1]: Loading peer's cert chain

WolfSSL Log [1]:     Put another cert into chain

WolfSSL Log [1]:     Put another cert into chain

WolfSSL Log [1]:     Put another cert into chain

WolfSSL Log [1]: Getting Cert Name

WolfSSL Log [1]: Getting Cert Name

WolfSSL Log [2]: wolfSSL Entering GetAlgoId

WolfSSL Log [2]: wolfSSL Entering DecodeCertExtensions

WolfSSL Log [2]: wolfSSL Entering DecodeKeyUsage

WolfSSL Log [2]: wolfSSL Entering DecodeBasicCaConstraint

WolfSSL Log [2]: wolfSSL Entering DecodeSubjKeyId

WolfSSL Log [2]: wolfSSL Entering DecodeAuthKeyId

WolfSSL Log [2]: wolfSSL Entering DecodeAuthInfo

WolfSSL Log [2]: wolfSSL Entering DecodeCrlDist

WolfSSL Log [1]: Certificate Policy extension not supported.

WolfSSL Log [1]: Chain cert not verified by option, not adding as CA

WolfSSL Log [1]: Getting Cert Name

WolfSSL Log [1]: Getting Cert Name

WolfSSL Log [2]: wolfSSL Entering GetAlgoId

WolfSSL Log [2]: wolfSSL Entering DecodeCertExtensions

WolfSSL Log [2]: wolfSSL Entering DecodeKeyUsage

WolfSSL Log [2]: wolfSSL Entering DecodeExtKeyUsage

WolfSSL Log [2]: wolfSSL Entering DecodeBasicCaConstraint

WolfSSL Log [2]: wolfSSL Entering DecodeSubjKeyId

WolfSSL Log [2]: wolfSSL Entering DecodeAuthKeyId

WolfSSL Log [2]: wolfSSL Entering DecodeAuthInfo

WolfSSL Log [2]: wolfSSL Entering DecodeCrlDist

WolfSSL Log [1]: Certificate Policy extension not supported.

WolfSSL Log [1]: CA found

WolfSSL Log [1]: Chain cert not verified by option, not adding as CA

WolfSSL Log [1]: Verifying Peer's cert

WolfSSL Log [1]: Getting Cert Name

WolfSSL Log [1]: Getting Cert Name

WolfSSL Log [2]: wolfSSL Entering GetAlgoId

WolfSSL Log [2]: wolfSSL Entering DecodeCertExtensions

WolfSSL Log [2]: wolfSSL Entering DecodeKeyUsage

WolfSSL Log [2]: wolfSSL Entering DecodeExtKeyUsage

WolfSSL Log [2]: wolfSSL Entering DecodeBasicCaConstraint

WolfSSL Log [2]: wolfSSL Entering DecodeSubjKeyId

WolfSSL Log [2]: wolfSSL Entering DecodeAuthKeyId

WolfSSL Log [2]: wolfSSL Entering DecodeAuthInfo

WolfSSL Log [2]: wolfSSL Entering DecodeAltNames

WolfSSL Log [1]: Certificate Policy extension not supported.

WolfSSL Log [2]: wolfSSL Entering DecodeCrlDist

WolfSSL Log [1]: Verified Peer's cert

WolfSSL Log [3]: wolfSSL Leaving ProcessPeerCerts, return 0

WolfSSL Log [3]: wolfSSL Leaving DoCertificate, return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsgType(), return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsg(), return 0

WolfSSL Log [1]: Shrinking input buffer

WolfSSL Log [1]: ProcessReply done.

WolfSSL Log [1]: Progressing server state...

WolfSSL Log [1]: ProcessReply...

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [1]: growing input buffer

WolfSSL Log [1]: received record layer msg

WolfSSL Log [1]: got HANDSHAKE

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsg

WolfSSL Log [2]: wolfSSL Entering EarlySanityCheckMsgReceived

WolfSSL Log [3]: wolfSSL Leaving EarlySanityCheckMsgReceived, return 0

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsgType

WolfSSL Log [1]: processing server key exchange

WolfSSL Log [2]: wolfSSL Entering DoServerKeyExchange

WolfSSL Log [2]: wolfSSL Entering RsaVerify

WolfSSL Log [1]: mp_to_unsigned_bin_len_ct...

WolfSSL Log [1]: wolfSSL Using RSA PSS un-padding

WolfSSL Log [3]: wolfSSL Leaving RsaVerify, return 64

WolfSSL Log [3]: wolfSSL Leaving DoServerKeyExchange, return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsgType(), return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsg(), return 0

WolfSSL Log [1]: Shrinking input buffer

WolfSSL Log [1]: ProcessReply done.

WolfSSL Log [1]: Progressing server state...

WolfSSL Log [1]: ProcessReply...

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [1]: received record layer msg

WolfSSL Log [1]: got HANDSHAKE

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsg

WolfSSL Log [2]: wolfSSL Entering EarlySanityCheckMsgReceived

WolfSSL Log [3]: wolfSSL Leaving EarlySanityCheckMsgReceived, return 0

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsgType

WolfSSL Log [1]: processing server hello done

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsgType(), return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsg(), return 0

WolfSSL Log [1]: ProcessReply done.

WolfSSL Log [1]: connect state: HELLO_AGAIN

WolfSSL Log [1]: connect state: HELLO_AGAIN_REPLY

WolfSSL Log [1]: connect state: FIRST_REPLY_DONE

WolfSSL Log [1]: connect state: FIRST_REPLY_FIRST

WolfSSL Log [2]: wolfSSL Entering SendClientKeyExchange

WolfSSL Log [2]: wolfSSL Entering EccMakeKey

WolfSSL Log [3]: wolfSSL Leaving EccMakeKey, return 0

WolfSSL Log [2]: wolfSSL Entering EccSharedSecret

WolfSSL Log [3]: wolfSSL Leaving EccSharedSecret, return 0

WolfSSL Log [1]: growing output buffer

WolfSSL Log [1]: Shrinking output buffer

WolfSSL Log [3]: wolfSSL Leaving SendClientKeyExchange, return 0

WolfSSL Log [1]: sent: client key exchange

WolfSSL Log [1]: connect state: FIRST_REPLY_SECOND

WolfSSL Log [1]: connect state: FIRST_REPLY_THIRD

WolfSSL Log [1]: growing output buffer

WolfSSL Log [1]: Shrinking output buffer

WolfSSL Log [1]: sent: change cipher spec

WolfSSL Log [1]: connect state: FIRST_REPLY_FOURTH

WolfSSL Log [2]: wolfSSL Entering SendFinished

WolfSSL Log [1]: growing output buffer

WolfSSL Log [2]: wolfSSL Entering BuildMessage

WolfSSL Log [3]: wolfSSL Leaving BuildMessage, return 0

WolfSSL Log [2]: wolfSSL Entering SetupSession

WolfSSL Log [1]: Shrinking output buffer

WolfSSL Log [3]: wolfSSL Leaving SendFinished, return 0

WolfSSL Log [1]: sent: finished

WolfSSL Log [1]: connect state: FINISHED_DONE

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [1]: received record layer msg

WolfSSL Log [1]: got CHANGE CIPHER SPEC

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [1]: growing input buffer

WolfSSL Log [1]: received record layer msg

WolfSSL Log [1]: got HANDSHAKE

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsg

WolfSSL Log [2]: wolfSSL Entering EarlySanityCheckMsgReceived

WolfSSL Log [3]: wolfSSL Leaving EarlySanityCheckMsgReceived, return 0

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsgType

WolfSSL Log [1]: processing finished

WolfSSL Log [2]: wolfSSL Entering DoFinished

WolfSSL Log [3]: wolfSSL Leaving DoFinished, return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsgType(), return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsg(), return 0

WolfSSL Log [1]: Shrinking input buffer

WolfSSL Log [1]: connect state: SECOND_REPLY_DONE

WolfSSL Log [2]: wolfSSL Entering FreeHandshakeResources

WolfSSL Log [1]: Signature Algorithms extension to free

WolfSSL Log [1]: Point Formats extension free

WolfSSL Log [1]: Supported Groups extension free

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_connect, return 1

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_negotiate, return 1

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [1]: growing output buffer

WolfSSL Log [2]: wolfSSL Entering BuildMessage

WolfSSL Log [3]: wolfSSL Leaving BuildMessage, return 0

WolfSSL Log [1]: Shrinking output buffer

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_write, return 55

GET / HTTP/1.1
Host: google.com
Connection: close


wolfSSL_write success
WolfSSL Log [2]: wolfSSL Entering wolfSSL_read

WolfSSL Log [2]: wolfSSL Entering wolfSSL_read_internal

WolfSSL Log [2]: wolfSSL Entering ReceiveData

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [1]: growing input buffer

WolfSSL Log [1]: received record layer msg

WolfSSL Log [1]: got app DATA

WolfSSL Log [3]: wolfSSL Leaving ReceiveData(), return 256

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_read_internal, return 256

HTTP/1.1 301 Moved Permanently
Location: https://www.google.com/
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-mMHJVskvyegJu_PBDURI1w' 'strict-dynamic' 'report-sample' 'un
WolfSSL Log [2]: wolfSSL Entering wolfSSL_free

WolfSSL Log [1]: Free SSL: 2000f3a8

WolfSSL Log [1]: Free'ing client ssl

WolfSSL Log [1]: Shrinking input buffer

WolfSSL Log [2]: wolfSSL Entering wolfSSL_FreeSession

WolfSSL Log [1]: wolfSSL_FreeSession full free

WolfSSL Log [1]: CTX ref count not 0 yet, no free

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_free, return 0

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CTX_free

WolfSSL Log [1]: CTX ref count down to 0, doing full free

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CertManagerFree

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_CTX_free, return 0

WolfSSL Log [2]: wolfSSL Entering wolfSSL_Cleanup

WolfSSL Log [2]: wolfSSL Entering wolfCrypt_Cleanup


LOG (MODE WOLFSSL_VERIFY_PEER ) :-

usart initdone
stated wolf_ssl task
WolfSSL Log [2]: wolfSSL Entering TLSv1_2_client_method_ex

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CTX_new_ex

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CertManagerNew

WolfSSL Log [1]: heap param is null

WolfSSL Log [1]: DYNAMIC_TYPE_CERT_MANAGER Allocating = 112 bytes

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_CTX_new_ex, return 0

success wolfSSL_CTX_n0 error

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CTX_set_verify

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex

WolfSSL Log [1]: Processing CA PEM file

WolfSSL Log [2]: wolfSSL Entering ProcessBuffer

WolfSSL Log [2]: wolfSSL Entering PemToDer

WolfSSL Log [1]: Adding a CA

WolfSSL Log [1]: Getting Cert Name

WolfSSL Log [1]: Getting Cert Name

WolfSSL Log [2]: wolfSSL Entering GetAlgoId

WolfSSL Log [2]: wolfSSL Entering DecodeCertExtensions

WolfSSL Log [2]: wolfSSL Entering DecodeKeyUsage

WolfSSL Log [2]: wolfSSL Entering DecodeBasicCaConstraint

WolfSSL Log [2]: wolfSSL Entering DecodeSubjKeyId

WolfSSL Log [1]:     Parsed new CA

WolfSSL Log [1]:     Freeing Parsed CA

WolfSSL Log [1]:     Freeing der CA

WolfSSL Log [1]:         OK Freeing der CA

WolfSSL Log [3]: wolfSSL Leaving AddCA, return 0

WolfSSL Log [3]: wolfSSL Leaving ProcessBuffer, return 1

WolfSSL Log [1]:    Processed a CA

WolfSSL Log [1]: Processed at least one valid CA. Other stuff OK

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_CTX_load_verify_buffer_ex, return 1

success to load CA certificate

DHCP/Static IP O.K.

IP addr of google.com is 142.250.195.68 ret 0
socket created with fd  0
ok  socket connected successsfully  0
WolfSSL Log [2]: wolfSSL Entering wolfSSL_new

WolfSSL Log [2]: wolfSSL Entering ReinitSSL

WolfSSL Log [1]: RNG_HEALTH_TEST_CHECK_SIZE = 128

WolfSSL Log [1]: sizeof(seedB_data)         = 128

WolfSSL Log [2]: wolfSSL Entering SetSSL_CTX

WolfSSL Log [2]: wolfSSL Entering wolfSSL_NewSession

WolfSSL Log [1]: InitSSL done. return 0 (success)

WolfSSL Log [1]: wolfSSL_new InitSSL success

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_new InitSSL =, return 0

OK wolfSSL_new.

WolfSSL Log [2]: wolfSSL Entering wolfSSL_set_fd

WolfSSL Log [2]: wolfSSL Entering wolfSSL_set_read_fd

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_set_read_fd, return 1

WolfSSL Log [2]: wolfSSL Entering wolfSSL_set_write_fd

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_set_write_fd, return 1

WolfSSL Log [2]: wolfSSL Entering wolfSSL_write

WolfSSL Log [1]: handshake not complete, trying to finish

WolfSSL Log [2]: wolfSSL Entering wolfSSL_negotiate

WolfSSL Log [1]: TLS 1.2 or lower

WolfSSL Log [2]: wolfSSL Entering wolfSSL_connect

WolfSSL Log [2]: wolfSSL Entering ReinitSSL

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [2]: wolfSSL Entering SendClientHello

WolfSSL Log [1]: Adding signature algorithms extension

WolfSSL Log [1]: growing output buffer

WolfSSL Log [1]: Signature Algorithms extension to write

WolfSSL Log [1]: Point Formats extension to write

WolfSSL Log [1]: Supported Groups extension to write

WolfSSL Log [1]: EMS extension to write

WolfSSL Log [1]: Shrinking output buffer

WolfSSL Log [3]: wolfSSL Leaving SendClientHello, return 0

WolfSSL Log [1]: connect state: CLIENT_HELLO_SENT

WolfSSL Log [1]: Server state up to needed state.

WolfSSL Log [1]: Progressing server state...

WolfSSL Log [1]: ProcessReply...

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [1]: growing input buffer

WolfSSL Log [1]: received record layer msg

WolfSSL Log [1]: got HANDSHAKE

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsg

WolfSSL Log [2]: wolfSSL Entering EarlySanityCheckMsgReceived

WolfSSL Log [3]: wolfSSL Leaving EarlySanityCheckMsgReceived, return 0

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsgType

WolfSSL Log [1]: processing server hello

WolfSSL Log [2]: wolfSSL Entering DoServerHello

WolfSSL Log [1]: Extended Master Secret extension received

WolfSSL Log [1]: Point Formats extension received

WolfSSL Log [2]: wolfSSL Entering wolfSSL_get_options

WolfSSL Log [2]: wolfSSL Entering wolfSSL_get_options

WolfSSL Log [2]: wolfSSL Entering VerifyClientSuite

WolfSSL Log [3]: wolfSSL Leaving DoServerHello, return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsgType(), return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsg(), return 0

WolfSSL Log [1]: Shrinking input buffer

WolfSSL Log [1]: ProcessReply done.

WolfSSL Log [1]: Progressing server state...

WolfSSL Log [1]: ProcessReply...

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [1]: growing input buffer

WolfSSL Log [1]: received record layer msg

WolfSSL Log [1]: got HANDSHAKE

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsg

WolfSSL Log [2]: wolfSSL Entering EarlySanityCheckMsgReceived

WolfSSL Log [3]: wolfSSL Leaving EarlySanityCheckMsgReceived, return 0

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsgType

WolfSSL Log [1]: processing certificate

WolfSSL Log [2]: wolfSSL Entering DoCertificate

WolfSSL Log [2]: wolfSSL Entering ProcessPeerCerts

WolfSSL Log [1]: Loading peer's cert chain

WolfSSL Log [1]:     Put another cert into chain

WolfSSL Log [1]:     Put another cert into chain

WolfSSL Log [1]:     Put another cert into chain

WolfSSL Log [1]: Getting Cert Name

WolfSSL Log [1]: Getting Cert Name

WolfSSL Log [2]: wolfSSL Entering GetAlgoId

WolfSSL Log [2]: wolfSSL Entering DecodeCertExtensions

WolfSSL Log [2]: wolfSSL Entering DecodeKeyUsage

WolfSSL Log [2]: wolfSSL Entering DecodeBasicCaConstraint

WolfSSL Log [2]: wolfSSL Entering DecodeSubjKeyId

WolfSSL Log [2]: wolfSSL Entering DecodeAuthKeyId

WolfSSL Log [2]: wolfSSL Entering DecodeAuthInfo

WolfSSL Log [2]: wolfSSL Entering DecodeCrlDist

WolfSSL Log [1]: Certificate Policy extension not supported.

WolfSSL Log [1]: No CA signer to verify with

WolfSSL Log [1]: Failed to verify CA from chain

WolfSSL Log [0]: wolfSSL error occurred, error = -188

WolfSSL Log [2]: wolfSSL Entering SendAlert

WolfSSL Log [2]: wolfSSL Entering SendAlert

WolfSSL Log [1]: SendAlert: 48 unknown_ca

WolfSSL Log [1]: growing output buffer

WolfSSL Log [1]: Shrinking output buffer

WolfSSL Log [3]: wolfSSL Leaving SendAlert, return 0

WolfSSL Log [3]: wolfSSL Leaving ProcessPeerCerts, return -188

WolfSSL Log [3]: wolfSSL Leaving DoCertificate, return -188

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsgType(), return -188

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsg(), return -188

WolfSSL Log [0]: wolfSSL error occurred, error = -188

WolfSSL Log [0]: wolfSSL error occurred, error = -188

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_negotiate, return -1

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_write, return -1

wolfSSL_write failed -1
WolfSSL Log [2]: wolfSSL Entering wolfSSL_read

WolfSSL Log [2]: wolfSSL Entering wolfSSL_read_internal

WolfSSL Log [2]: wolfSSL Entering ReceiveData

WolfSSL Log [1]: User calling wolfSSL_read in error state, not allowed

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_read_internal, return -188

wolfSSL_read failed : -1
h#
WolfSSL Log [2]: wolfSSL Entering wolfSSL_free

WolfSSL Log [1]: Free SSL: 2000f3a8

WolfSSL Log [1]: Free'ing client ssl

WolfSSL Log [1]: Shrinking input buffer

WolfSSL Log [1]: Signature Algorithms extension to free

WolfSSL Log [1]: Point Formats extension free

WolfSSL Log [1]: Supported Groups extension free

WolfSSL Log [2]: wolfSSL Entering wolfSSL_FreeSession

WolfSSL Log [1]: wolfSSL_FreeSession full free

WolfSSL Log [1]: CTX ref count not 0 yet, no free

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_free, return 0

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CTX_free

WolfSSL Log [1]: CTX ref count down to 0, doing full free

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CertManagerFree

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_CTX_free, return 0

WolfSSL Log [2]: wolfSSL Entering wolfSSL_Cleanup

WolfSSL Log [2]: wolfSSL Entering wolfCrypt_Cleanup

Go to forum: wolfSSL

3 Reply by Mohammedshameem.tv

(3 replies, posted in wolfSSL)

Thanks for the response after increasing stack size certificate verified.

Go to forum: wolfSSL

4 Topic by Mohammedshameem.tv

(3 replies, posted in wolfSSL)

Getting error -125 from wolfSSL_CTX_load_verify_buffer while parsing google.com certificate.

Configuration:

#define SINGLE_THREADED
#define FREERTOS
#define NO_FILESYSTEM
#define WOLFSSL_NO_SOCK
#define WOLFSSL_USER_IO
#define NO_DEV_RANDOM

#define WC_NO_HARDEN
#define NO_WRITEV
#define HAVE_DH
#define HAVE_ED25519
#define HAVE_SHA512
#define NO_SHA
#define NO_OLD_TLS
#define WOLFSSL_SHA512
#define WOLFSSL_STM32F4
#define NO_STM32_CRYPTO
#define NO_STM32_HASH
#define NO_INLINE
#define WOLFSSL_IGNORE_FILE_WARN
#define WOLFSSL_GMTIME

here is code snippet

const unsigned char google_root_certificate[] =
"-----BEGIN CERTIFICATE-----\r\n"
"MIINYTCCDQagAwIBAgIRALQPM3zi5SVWCcng/hZpShIwCgYIKoZIzj0EAwIwOzEL\r\n"
"MAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczEMMAoG\r\n"
"A1UEAxMDV0UyMB4XDTI1MDIyNjE1MzMwM1oXDTI1MDUyMTE1MzMwMlowFzEVMBMG\r\n"
"A1UEAwwMKi5nb29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgY2u\r\n"
"jvbPkuQiKZw9XHFP0GrdujA0tw6feXg2eVb3bWPQ7M0lJ/of3dlc9J/NQ8BjBrrn\r\n"
"bObLpB/4C3PjqziyQqOCDA0wggwJMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAK\r\n"
"BggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTKaaMWpKmNeZC6ky5y\r\n"
"0iHRZX20szAfBgNVHSMEGDAWgBR1vsR3ron2RDd9z7FoHx0a69w0WTBYBggrBgEF\r\n"
"BQcBAQRMMEowIQYIKwYBBQUHMAGGFWh0dHA6Ly9vLnBraS5nb29nL3dlMjAlBggr\r\n"
"BgEFBQcwAoYZaHR0cDovL2kucGtpLmdvb2cvd2UyLmNydDCCCeQGA1UdEQSCCdsw\r\n"
"ggnXggwqLmdvb2dsZS5jb22CFiouYXBwZW5naW5lLmdvb2dsZS5jb22CCSouYmRu\r\n"
"LmRldoIVKi5vcmlnaW4tdGVzdC5iZG4uZGV2ghIqLmNsb3VkLmdvb2dsZS5jb22C\r\n"
"GCouY3Jvd2Rzb3VyY2UuZ29vZ2xlLmNvbYIYKi5kYXRhY29tcHV0ZS5nb29nbGUu\r\n"
"Y29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiouZ29vZ2xlLmNvLmlugg4q\r\n"
"Lmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyouZ29vZ2xlLmNvbS5hcoIP\r\n"
"Ki5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKCDyouZ29vZ2xlLmNvbS5j\r\n"
"b4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20udHKCDyouZ29vZ2xlLmNv\r\n"
"bS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsqLmdvb2dsZS5mcoILKi5n\r\n"
"b29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5ubIILKi5nb29nbGUucGyC\r\n"
"CyouZ29vZ2xlLnB0gg8qLmdvb2dsZWFwaXMuY26CESouZ29vZ2xldmlkZW8uY29t\r\n"
"ggwqLmdzdGF0aWMuY26CECouZ3N0YXRpYy1jbi5jb22CD2dvb2dsZWNuYXBwcy5j\r\n"
"boIRKi5nb29nbGVjbmFwcHMuY26CEWdvb2dsZWFwcHMtY24uY29tghMqLmdvb2ds\r\n"
"ZWFwcHMtY24uY29tggxna2VjbmFwcHMuY26CDiouZ2tlY25hcHBzLmNughJnb29n\r\n"
"bGVkb3dubG9hZHMuY26CFCouZ29vZ2xlZG93bmxvYWRzLmNughByZWNhcHRjaGEu\r\n"
"bmV0LmNughIqLnJlY2FwdGNoYS5uZXQuY26CEHJlY2FwdGNoYS1jbi5uZXSCEiou\r\n"
"cmVjYXB0Y2hhLWNuLm5ldIILd2lkZXZpbmUuY26CDSoud2lkZXZpbmUuY26CEWFt\r\n"
"cHByb2plY3Qub3JnLmNughMqLmFtcHByb2plY3Qub3JnLmNughFhbXBwcm9qZWN0\r\n"
"Lm5ldC5jboITKi5hbXBwcm9qZWN0Lm5ldC5jboIXZ29vZ2xlLWFuYWx5dGljcy1j\r\n"
"bi5jb22CGSouZ29vZ2xlLWFuYWx5dGljcy1jbi5jb22CF2dvb2dsZWFkc2Vydmlj\r\n"
"ZXMtY24uY29tghkqLmdvb2dsZWFkc2VydmljZXMtY24uY29tghFnb29nbGV2YWRz\r\n"
"LWNuLmNvbYITKi5nb29nbGV2YWRzLWNuLmNvbYIRZ29vZ2xlYXBpcy1jbi5jb22C\r\n"
"EyouZ29vZ2xlYXBpcy1jbi5jb22CFWdvb2dsZW9wdGltaXplLWNuLmNvbYIXKi5n\r\n"
"b29nbGVvcHRpbWl6ZS1jbi5jb22CEmRvdWJsZWNsaWNrLWNuLm5ldIIUKi5kb3Vi\r\n"
"bGVjbGljay1jbi5uZXSCGCouZmxzLmRvdWJsZWNsaWNrLWNuLm5ldIIWKi5nLmRv\r\n"
"dWJsZWNsaWNrLWNuLm5ldIIOZG91YmxlY2xpY2suY26CECouZG91YmxlY2xpY2su\r\n"
"Y26CFCouZmxzLmRvdWJsZWNsaWNrLmNughIqLmcuZG91YmxlY2xpY2suY26CEWRh\r\n"
"cnRzZWFyY2gtY24ubmV0ghMqLmRhcnRzZWFyY2gtY24ubmV0gh1nb29nbGV0cmF2\r\n"
"ZWxhZHNlcnZpY2VzLWNuLmNvbYIfKi5nb29nbGV0cmF2ZWxhZHNlcnZpY2VzLWNu\r\n"
"LmNvbYIYZ29vZ2xldGFnc2VydmljZXMtY24uY29tghoqLmdvb2dsZXRhZ3NlcnZp\r\n"
"Y2VzLWNuLmNvbYIXZ29vZ2xldGFnbWFuYWdlci1jbi5jb22CGSouZ29vZ2xldGFn\r\n"
"bWFuYWdlci1jbi5jb22CGGdvb2dsZXN5bmRpY2F0aW9uLWNuLmNvbYIaKi5nb29n\r\n"
"bGVzeW5kaWNhdGlvbi1jbi5jb22CJCouc2FmZWZyYW1lLmdvb2dsZXN5bmRpY2F0\r\n"
"aW9uLWNuLmNvbYIWYXBwLW1lYXN1cmVtZW50LWNuLmNvbYIYKi5hcHAtbWVhc3Vy\r\n"
"ZW1lbnQtY24uY29tggtndnQxLWNuLmNvbYINKi5ndnQxLWNuLmNvbYILZ3Z0Mi1j\r\n"
"bi5jb22CDSouZ3Z0Mi1jbi5jb22CCzJtZG4tY24ubmV0gg0qLjJtZG4tY24ubmV0\r\n"
"ghRnb29nbGVmbGlnaHRzLWNuLm5ldIIWKi5nb29nbGVmbGlnaHRzLWNuLm5ldIIM\r\n"
"YWRtb2ItY24uY29tgg4qLmFkbW9iLWNuLmNvbYIUZ29vZ2xlc2FuZGJveC1jbi5j\r\n"
"b22CFiouZ29vZ2xlc2FuZGJveC1jbi5jb22CHiouc2FmZW51cC5nb29nbGVzYW5k\r\n"
"Ym94LWNuLmNvbYINKi5nc3RhdGljLmNvbYIUKi5tZXRyaWMuZ3N0YXRpYy5jb22C\r\n"
"CiouZ3Z0MS5jb22CESouZ2NwY2RuLmd2dDEuY29tggoqLmd2dDIuY29tgg4qLmdj\r\n"
"cC5ndnQyLmNvbYIQKi51cmwuZ29vZ2xlLmNvbYIWKi55b3V0dWJlLW5vY29va2ll\r\n"
"LmNvbYILKi55dGltZy5jb22CC2FuZHJvaWQuY29tgg0qLmFuZHJvaWQuY29tghMq\r\n"
"LmZsYXNoLmFuZHJvaWQuY29tggRnLmNuggYqLmcuY26CBGcuY2+CBiouZy5jb4IG\r\n"
"Z29vLmdsggp3d3cuZ29vLmdsghRnb29nbGUtYW5hbHl0aWNzLmNvbYIWKi5nb29n\r\n"
"bGUtYW5hbHl0aWNzLmNvbYIKZ29vZ2xlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29t\r\n"
"ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYIIZ2dwaHQuY26CCiouZ2dwaHQuY26CCnVy\r\n"
"Y2hpbi5jb22CDCoudXJjaGluLmNvbYIIeW91dHUuYmWCC3lvdXR1YmUuY29tgg0q\r\n"
"LnlvdXR1YmUuY29tghFtdXNpYy55b3V0dWJlLmNvbYITKi5tdXNpYy55b3V0dWJl\r\n"
"LmNvbYIUeW91dHViZWVkdWNhdGlvbi5jb22CFioueW91dHViZWVkdWNhdGlvbi5j\r\n"
"b22CD3lvdXR1YmVraWRzLmNvbYIRKi55b3V0dWJla2lkcy5jb22CBXl0LmJlggcq\r\n"
"Lnl0LmJlghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYITKi5hbmRyb2lkLmdv\r\n"
"b2dsZS5jboISKi5jaHJvbWUuZ29vZ2xlLmNughYqLmRldmVsb3BlcnMuZ29vZ2xl\r\n"
"LmNughUqLmFpc3R1ZGlvLmdvb2dsZS5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEw\r\n"
"NgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2MucGtpLmdvb2cvd2UyLzY0T1VJVnpw\r\n"
"WlY0LmNybDCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1AM8RVu7VLnyv84db2Wku\r\n"
"m+kacWdKsBfsrAHSW3fOzDsIAAABlUMa3KQAAAQDAEYwRAIgbFT96GaW9xdF/H3T\r\n"
"R9A8aKomiq6jRak+HuHJKeYZKbICIFj0lmIw2MOCmAFoPML8Do+XUopVVJGpvKum\r\n"
"UZ3/H1ZBAHYAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGVQxrc\r\n"
"mAAABAMARzBFAiA1pA/zxlqWAUktHGVu/3MlUzPsjEcaRHOEqw4qFdXIcgIhALwo\r\n"
"K02gj5Eep6saapUuV9BRJ8S5T4iydYXSoKuINbtcMAoGCCqGSM49BAMCA0kAMEYC\r\n"
"IQCe7kXY4zHS22OUlCThOBy44kLyCaMS20ylMx0JWcjHqQIhAIiNQSfvChn4LD5B\r\n"
"TtlK9da3ocqcq85/6pDQ4Cx7a2Ej\r\n"
"-----END CERTIFICATE-----\r\n";

int google_crt_len = sizeof(google_root_certificate)-1;

extern struct netif gnetif;
char buff[256];

void wolf_ssl_task(void *argument)
{
    ip_addr_t ip_address;
    int ret;
    WOLFSSL_CTX* ctx;
    WOLFSSL* ssl;

    uart_print("stated wolf_ssl task ");
   
    wolfSSL_Init();
   
    // Create wolfSSL context
    if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL)
            {
                sprintf(buff,"wolfSSL_CTX_new error : %d\n",ret);
        uart_print(buff);
        vTaskDelete(NULL);
    }
        uart_print("success wolfSSL_CTX_n0 error\n");

    // Load CA certificate from memory
    if ((ret = wolfSSL_CTX_load_verify_buffer(ctx, google_root_certificate, google_crt_len, CTC_FILETYPE_PEM)) != SSL_SUCCESS) {
        sprintf(buff,"wolfSSL_CTX_new error : %d\n",ret);
        uart_print(buff);
        vTaskDelete(NULL);
    }
   
   
        uart_print("success to load CA certificate\n");

Go to forum: wolfSSL