Topic: status request v2

Hi

I'm using wolfssl 3.11.0, and I'm trying to get the server sample to send back a response to a client sending status_request_v2.

I know for the client to send the request you need to specify -W 2, but what do you do on the server side to get it to send a response to the request?

I see -o and -O switches, but they are not doing what I would expect.

Thank you

mt

Share

Re: status request v2

I think I figured it out.

When building on windows you have to include:
#define HAVE_OCSP
#define HAVE_CERTIFICATE_STATUS_REQUEST
#define HAVE_CERTIFICATE_STATUS_REQUEST_V2

in the WOLFSSL_LIB and client and server section, seems to be working now.

mt

Share

Re: status request v2

Hi

I'm still having some trouble getting status_request_v2 working.

I run the server like this:

./server.exe -b -p 4433 -i -d

and the client like this:

./client -h 10.135.52.121 -p 4433 -W 2

server is on a windows machine, client on linux.
The server segfaults, here is a trace of what happens:

$ ./server.exe -b -p 4433 -i -d
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering EVP_get_cipherbyname
wolfSSL Entering WOLFSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering SSL_CTX_set_default_passwd_cb
wolfSSL Entering wolfSSL_CTX_use_certificate_chain_file
Getting dynamic buffer
wolfSSL Entering PemToDer
Growing Tmp Chain Buffer
Processing Cert Chain
wolfSSL Entering PemToDer
   Consumed another Cert in Chain
Finished Processing Cert Chain
Checking cert signature type
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Not ECDSA cert signature
wolfSSL Entering wolfSSL_CTX_use_PrivateKey_file
Getting dynamic buffer
wolfSSL Entering PemToDer
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering wolfSSL_SetHsDoneCb
wolfSSL Entering wolfSSL_CTX_EnableOCSPStapling
wolfSSL Entering wolfSSL_CertManagerEnableOCSPStapling
wolfSSL Entering InitOCSP
wolfSSL Entering wolfSSL_CTX_load_verify_locations
Getting dynamic buffer
Processing CA PEM file
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
        Parsed new CA
        Freeing Parsed CA
        Freeing der CA
                OK Freeing der CA
wolfSSL Leaving AddCA, return 0
   Processed a CA
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
        Parsed new CA
        Freeing Parsed CA
        Freeing der CA
                OK Freeing der CA
wolfSSL Leaving AddCA, return 0
   Processed a CA
Processed at least one valid CA. Other stuff OK
wolfSSL Entering wolfSSL_CTX_load_verify_locations
Getting dynamic buffer
Processing CA PEM file
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
        Parsed new CA
        Freeing Parsed CA
        Freeing der CA
                OK Freeing der CA
wolfSSL Leaving AddCA, return 0
   Processed a CA
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
        Parsed new CA
        Already have this CA, not adding again
        Freeing Parsed CA
        Freeing der CA
                OK Freeing der CA
wolfSSL Leaving AddCA, return 0
   Processed a CA
Processed at least one valid CA. Other stuff OK
wolfSSL Entering wolfSSL_CTX_load_verify_locations
Getting dynamic buffer
Processing CA PEM file
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
        Parsed new CA
        Freeing Parsed CA
        Freeing der CA
                OK Freeing der CA
wolfSSL Leaving AddCA, return 0
   Processed a CA
wolfSSL Entering PemToDer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
        Parsed new CA
        Already have this CA, not adding again
        Freeing Parsed CA
        Freeing der CA
                OK Freeing der CA
wolfSSL Leaving AddCA, return 0
   Processed a CA
Processed at least one valid CA. Other stuff OK
wolfSSL Entering SSL_set_fd
wolfSSL Entering SSL_set_read_fd
wolfSSL Leaving SSL_set_read_fd, return 1
wolfSSL Entering SSL_set_write_fd
wolfSSL Leaving SSL_set_write_fd, return 1
Getting dynamic buffer
wolfSSL Entering PemToDer
wolfSSL Entering wolfSSL_SetTmpDH
wolfSSL Leaving wolfSSL_SetTmpDH, return 0
wolfSSL Entering SSL_accept()
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing client hello
Matched No Compression
Elliptic Curves extension received
Certificate Status Request v2 extension received
wolfSSL Entering MatchSuite
wolfSSL Entering VerifyServerSuite
RequiresSegmentation fault

It looks like the error is triggered in SendCertificateStatus (ssl.c:8483)
but it is the WOLFSSL_ERROR macro which causes the segfault

using -W 1 or -W 2 has the same results here.
I'd appreciate some advice here.

mt

Share

Re: status request v2

Hi mt,

It is very common to see odd behavior / segmentation faults if the application and library are configured differently in any way.

On linux this is easily solved by including the header "wolfssl/options.h" which is auto-generated by the configure script.

On Windows you will need to include the same settings in the app as were used in building the library. On windows by default we use the header <wolf-root>/IDE/WIN/user_settings.h

Could you try including that header or a copy of it in your application and let us know if that resolves the unexplained seg fault?


Warm Regards,

Kaleb

Re: status request v2

Hi mtucholski,

Did the above recommendation resolve this issue?


Best,

Kaleb