1 (edited by vijaykumar.ppsg 2018-10-04 02:53:16)

Topic: Chain certificates are not listing.

Hello Team,

chain certificate present in .pem file not listing all the certificates from function wolfSSL_CTX_load_verify_locations
i see below logs
2018-10-04 09:40:20    ENTER    wolfSSL Entering wolfSSL_CTX_load_verify_locations
2018-10-04 09:40:20    INFO    Getting dynamic buffer
2018-10-04 09:40:20    INFO    Processing CA PEM file
2018-10-04 09:40:20    ENTER    wolfSSL Entering PemToDer
2018-10-04 09:40:20    INFO    Adding a CA
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetExplicitVersion
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetMyVersion
2018-10-04 09:40:20    INFO    Got Cert Header
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    INFO    Got Algo ID
2018-10-04 09:40:20    INFO    Getting Cert Name
2018-10-04 09:40:20    INFO    Getting Cert Name
2018-10-04 09:40:20    INFO    Got Subject Name
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    INFO    Got Key
2018-10-04 09:40:20    INFO    Parsed Past Key
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeCertExtensions
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeKeyUsage
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeBasicCaConstraint
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeSubjKeyId
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeAuthKeyId
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    INFO        Parsed new CA
2018-10-04 09:40:20    INFO        Freeing Parsed CA
2018-10-04 09:40:20    INFO        Freeing der CA
2018-10-04 09:40:20    INFO            OK Freeing der CA
2018-10-04 09:40:20    LEAVE    wolfSSL Leaving AddCA, return 0
2018-10-04 09:40:20    INFO       Processed a CA
2018-10-04 09:40:20    ENTER    wolfSSL Entering PemToDer
2018-10-04 09:40:20    INFO    Adding a CA
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetExplicitVersion
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetMyVersion
2018-10-04 09:40:20    INFO    Got Cert Header
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    INFO    Got Algo ID
2018-10-04 09:40:20    INFO    Getting Cert Name
2018-10-04 09:40:20    INFO    Getting Cert Name
2018-10-04 09:40:20    INFO    Got Subject Name
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    INFO    Got Key
2018-10-04 09:40:20    INFO    Parsed Past Key
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeCertExtensions
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeBasicCaConstraint
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeKeyUsage
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeExtKeyUsage
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeAuthInfo
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeCrlDist
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    INFO    Certificate Policy extension not supported yet.
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeSubjKeyId
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeAuthKeyId
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    INFO        Parsed new CA
2018-10-04 09:40:20    INFO        Freeing Parsed CA
2018-10-04 09:40:20    INFO        Freeing der CA
2018-10-04 09:40:20    INFO            OK Freeing der CA
2018-10-04 09:40:20    LEAVE    wolfSSL Leaving AddCA, return 0
2018-10-04 09:40:20    INFO       Processed a CA
2018-10-04 09:40:20    ENTER    wolfSSL Entering PemToDer
2018-10-04 09:40:20    INFO    Adding a CA
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetExplicitVersion
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetMyVersion
2018-10-04 09:40:20    INFO    Got Cert Header
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    INFO    Got Algo ID
2018-10-04 09:40:20    INFO    Getting Cert Name
2018-10-04 09:40:20    INFO    Getting Cert Name
2018-10-04 09:40:20    INFO    Got Subject Name
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    INFO    Got Key
2018-10-04 09:40:20    INFO    Parsed Past Key
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeCertExtensions
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeAuthKeyId
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeSubjKeyId
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeAltNames
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeKeyUsage
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeExtKeyUsage
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeCrlDist
2018-10-04 09:40:20    INFO        There are more CRL Distribution Point records, but we only use the first one.
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    INFO    Certificate Policy extension not supported yet.
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeAuthInfo
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering DecodeBasicCaConstraint
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:20    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:20    INFO        Parsed new CA
2018-10-04 09:40:20    INFO        Freeing Parsed CA
2018-10-04 09:40:20    INFO        Freeing der CA
2018-10-04 09:40:20    INFO            OK Freeing der CA
2018-10-04 09:40:20    LEAVE    wolfSSL Leaving AddCA, return 0
2018-10-04 09:40:20    INFO       Processed a CA
2018-10-04 09:40:20    INFO    Processed at least one valid CA. Other stuff OK
2018-10-04 09:40:20    ENTER    wolfSSL Entering SSL_new
2018-10-04 09:40:20    LEAVE    wolfSSL Leaving SSL_new, return 0
2018-10-04 09:40:20    ENTER    wolfSSL Entering SSL_set_fd
2018-10-04 09:40:20    LEAVE    wolfSSL Leaving SSL_set_fd, return 1
2018-10-04 09:40:20    ENTER    wolfSSL Entering wolfSSL_SetTmpDH
2018-10-04 09:40:20    LEAVE    wolfSSL Leaving wolfSSL_SetTmpDH, return 0
2018-10-04 09:40:20    ENTER    wolfSSL Entering SSL_accept()
2018-10-04 09:40:21    INFO    growing input buffer

2018-10-04 09:40:21    INFO    received record layer msg
2018-10-04 09:40:21    ENTER    wolfSSL Entering DoHandShakeMsg()
2018-10-04 09:40:21    ENTER    wolfSSL Entering DoHandShakeMsgType
2018-10-04 09:40:21    INFO    processing client hello
2018-10-04 09:40:21    ENTER    wolfSSL Entering MatchSuite
2018-10-04 09:40:21    ENTER    wolfSSL Entering VerifyServerSuite
2018-10-04 09:40:21    INFO    Requires RSA
2018-10-04 09:40:21    INFO    Verified suite validity
2018-10-04 09:40:21    LEAVE    wolfSSL Leaving DoHandShakeMsgType(), return 0
2018-10-04 09:40:21    LEAVE    wolfSSL Leaving DoHandShakeMsg(), return 0
2018-10-04 09:40:21    INFO    accept state ACCEPT_CLIENT_HELLO_DONE
2018-10-04 09:40:21    INFO    accept state ACCEPT_FIRST_REPLY_DONE
2018-10-04 09:40:21    INFO    growing output buffer

2018-10-04 09:40:21    INFO    Shrinking output buffer

2018-10-04 09:40:21    INFO    accept state SERVER_HELLO_SENT
2018-10-04 09:40:21    INFO    growing output buffer

2018-10-04 09:40:21    INFO    Shrinking output buffer

2018-10-04 09:40:21    INFO    accept state CERT_SENT
2018-10-04 09:40:21    ENTER    wolfSSL Entering SendCertificateStatus
2018-10-04 09:40:21    INFO    accept state CERT_STATUS_SENT
2018-10-04 09:40:21    INFO    Using ephemeral ECDH
2018-10-04 09:40:21    ENTER    wolfSSL Entering GetMyVersion
2018-10-04 09:40:21    INFO    growing output buffer

2018-10-04 09:40:21    ENTER    wolfSSL Entering VerifyRsaSign
2018-10-04 09:40:21    INFO    Shrinking output buffer

2018-10-04 09:40:21    INFO    accept state KEY_EXCHANGE_SENT
2018-10-04 09:40:21    INFO    accept state CERT_REQ_SENT
2018-10-04 09:40:21    INFO    growing output buffer

2018-10-04 09:40:21    INFO    Shrinking output buffer

2018-10-04 09:40:21    INFO    accept state SERVER_HELLO_DONE


============================================================================

Now, i see a security warning message from my java client and if i click continue/proceed with this warning then remaining log is as below


2018-10-04 09:40:39    INFO    received record layer msg
2018-10-04 09:40:39    ENTER    wolfSSL Entering DoHandShakeMsg()
2018-10-04 09:40:39    ENTER    wolfSSL Entering DoHandShakeMsgType
2018-10-04 09:40:39    INFO    processing client key exchange
2018-10-04 09:40:39    LEAVE    wolfSSL Leaving DoHandShakeMsgType(), return 0
2018-10-04 09:40:39    LEAVE    wolfSSL Leaving DoHandShakeMsg(), return 0
2018-10-04 09:40:39    INFO    received record layer msg
2018-10-04 09:40:39    INFO    got CHANGE CIPHER SPEC
2018-10-04 09:40:39    INFO    received record layer msg
2018-10-04 09:40:39    ENTER    wolfSSL Entering DoHandShakeMsg()
2018-10-04 09:40:39    ENTER    wolfSSL Entering DoHandShakeMsgType
2018-10-04 09:40:39    INFO    processing finished
2018-10-04 09:40:39    LEAVE    wolfSSL Leaving DoHandShakeMsgType(), return 0
2018-10-04 09:40:39    LEAVE    wolfSSL Leaving DoHandShakeMsg(), return 0
2018-10-04 09:40:39    INFO    accept state  ACCEPT_SECOND_REPLY_DONE
2018-10-04 09:40:39    INFO    accept state  TICKET_SENT
2018-10-04 09:40:39    INFO    growing output buffer

2018-10-04 09:40:39    INFO    Shrinking output buffer

2018-10-04 09:40:39    INFO    accept state  CHANGE_CIPHER_SENT
2018-10-04 09:40:39    INFO    growing output buffer

2018-10-04 09:40:39    INFO    Shrinking output buffer

2018-10-04 09:40:39    INFO    accept state ACCEPT_FINISHED_DONE
2018-10-04 09:40:39    INFO    accept state ACCEPT_THIRD_REPLY_DONE
2018-10-04 09:40:39    INFO    Shrinking input buffer

2018-10-04 09:40:39    LEAVE    wolfSSL Leaving SSL_accept(), return 1
2018-10-04 09:40:39    ENTER    wolfSSL Entering wolfSSL_get_cipher
2018-10-04 09:40:39    ENTER    wolfSSL Entering SSL_get_current_cipher
2018-10-04 09:40:39    ENTER    wolfSSL Entering SSL_CIPHER_get_name
2018-10-04 09:40:39    ENTER    wolfSSL Entering wolfSSL_peek()
2018-10-04 09:40:39    ENTER    wolfSSL Entering wolfSSL_read_internal()
2018-10-04 09:40:39    ENTER    wolfSSL Entering ReceiveData()
2018-10-04 09:40:39    INFO    Embed Receive error
2018-10-04 09:40:39    INFO        Would block
2018-10-04 09:40:39    ERROR    wolfSSL error occurred, error = -323
2018-10-04 09:40:39    LEAVE    wolfSSL Leaving wolfSSL_read_internal(), return -323
2018-10-04 09:40:39    ENTER    wolfSSL Entering SSL_get_error
2018-10-04 09:40:39    LEAVE    wolfSSL Leaving SSL_get_error, return -323
2018-10-04 09:40:39    ENTER    wolfSSL Entering wolfSSL_peek()
2018-10-04 09:40:39    ENTER    wolfSSL Entering wolfSSL_read_internal()
2018-10-04 09:40:39    ENTER    wolfSSL Entering ReceiveData()
2018-10-04 09:40:39    INFO    growing input buffer

2018-10-04 09:40:39    INFO    received record layer msg
2018-10-04 09:40:39    INFO    got app DATA
2018-10-04 09:40:39    LEAVE    wolfSSL Leaving ReceiveData(), return 57
2018-10-04 09:40:39    LEAVE    wolfSSL Leaving wolfSSL_read_internal(), return 57
2018-10-04 09:40:39    ENTER    wolfSSL Entering SSL_get_error
2018-10-04 09:40:39    ENTER    wolfSSL Entering SSL_pending
2018-10-04 09:40:39    ENTER    wolfSSL Entering wolfSSL_read()
2018-10-04 09:40:39    ENTER    wolfSSL Entering wolfSSL_read_internal()
2018-10-04 09:40:39    ENTER    wolfSSL Entering ReceiveData()
2018-10-04 09:40:39    INFO    Shrinking input buffer

2018-10-04 09:40:39    LEAVE    wolfSSL Leaving ReceiveData(), return 57
2018-10-04 09:40:39    LEAVE    wolfSSL Leaving wolfSSL_read_internal(), return 57
2018-10-04 09:40:39    ENTER    wolfSSL Entering SSL_get_error
2018-10-04 09:40:39    ENTER    wolfSSL Entering SSL_write()
2018-10-04 09:40:39    INFO    growing output buffer

2018-10-04 09:40:39    INFO    Shrinking output buffer

2018-10-04 09:40:39    INFO    growing output buffer

2018-10-04 09:40:39    INFO    Shrinking output buffer

2018-10-04 09:40:39    LEAVE    wolfSSL Leaving SSL_write(), return 25163
2018-10-04 09:40:39    ENTER    wolfSSL Entering SSL_get_error
2018-10-04 09:40:39    ENTER    wolfSSL Entering SSL_write()
2018-10-04 09:40:39    INFO    growing output buffer

2018-10-04 09:40:39    INFO    Shrinking output buffer

2018-10-04 09:40:39    LEAVE    wolfSSL Leaving SSL_write(), return 10192
2018-10-04 09:40:39    ENTER    wolfSSL Entering SSL_get_error
2018-10-04 09:40:39    ENTER    wolfSSL Entering wolfSSL_read()
2018-10-04 09:40:39    ENTER    wolfSSL Entering wolfSSL_read_internal()
2018-10-04 09:40:39    ENTER    wolfSSL Entering ReceiveData()
2018-10-04 09:40:39    INFO    growing input buffer

2018-10-04 09:40:39    INFO    received record layer msg
2018-10-04 09:40:39    INFO    got ALERT!
2018-10-04 09:40:39    INFO    Got alert
2018-10-04 09:40:39    INFO        close notify
2018-10-04 09:40:39    ERROR    wolfSSL error occurred, error = 0
2018-10-04 09:40:39    ERROR    wolfSSL error occurred, error = -343
2018-10-04 09:40:39    INFO    Zero return, no more data coming
2018-10-04 09:40:39    LEAVE    wolfSSL Leaving wolfSSL_read_internal(), return 0
2018-10-04 09:40:39    ENTER    wolfSSL Entering SSL_get_error
2018-10-04 09:40:39    LEAVE    wolfSSL Leaving SSL_get_error, return -343
2018-10-04 09:40:40    ENTER    wolfSSL Entering SSL_write()
2018-10-04 09:40:40    INFO    growing output buffer

2018-10-04 09:40:40    INFO    Shrinking output buffer

2018-10-04 09:40:40    INFO    growing output buffer

2018-10-04 09:40:40    INFO    Shrinking output buffer

2018-10-04 09:40:40    LEAVE    wolfSSL Leaving SSL_write(), return 17096
2018-10-04 09:40:40    ENTER    wolfSSL Entering SSL_get_error
2018-10-04 09:40:40    ENTER    wolfSSL Entering SSL_write()
2018-10-04 09:40:40    INFO    growing output buffer

2018-10-04 09:40:40    INFO    Shrinking output buffer

2018-10-04 09:40:40    LEAVE    wolfSSL Leaving SSL_write(), return 11786
2018-10-04 09:40:40    ENTER    wolfSSL Entering SSL_get_error
2018-10-04 09:40:40    ENTER    wolfSSL Entering SSL_write()
2018-10-04 09:40:40    INFO    growing output buffer

2018-10-04 09:40:40    INFO    Shrinking output buffer

2018-10-04 09:40:40    LEAVE    wolfSSL Leaving SSL_write(), return 3060
2018-10-04 09:40:40    ENTER    wolfSSL Entering SSL_get_error
2018-10-04 09:40:42    ENTER    wolfSSL Entering SSL_library_init
2018-10-04 09:40:42    ENTER    wolfSSL Entering wolfSSL_Init
2018-10-04 09:40:42    ENTER    wolfSSL Entering WOLFSSL_CTX_new_ex
2018-10-04 09:40:42    ENTER    wolfSSL Entering wolfSSL_CertManagerNew
2018-10-04 09:40:42    LEAVE    wolfSSL Leaving WOLFSSL_CTX_new, return 0
2018-10-04 09:40:42    ENTER    wolfSSL Entering wolfSSL_CTX_set_cipher_list
2018-10-04 09:40:42    ENTER    wolfSSL Entering wolfSSL_CTX_use_certificate_file
2018-10-04 09:40:42    INFO    Getting dynamic buffer
2018-10-04 09:40:42    ENTER    wolfSSL Entering PemToDer
2018-10-04 09:40:42    INFO    Checking cert signature type
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetExplicitVersion
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetMyVersion
2018-10-04 09:40:42    INFO    Got Cert Header
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    INFO    Got Algo ID
2018-10-04 09:40:42    INFO    Getting Cert Name
2018-10-04 09:40:42    INFO    Getting Cert Name
2018-10-04 09:40:42    INFO    Got Subject Name
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    INFO    Got Key
2018-10-04 09:40:42    INFO    Not ECDSA cert signature
2018-10-04 09:40:42    ENTER    wolfSSL Entering wolfSSL_CTX_use_PrivateKey_file
2018-10-04 09:40:42    INFO    Getting dynamic buffer
2018-10-04 09:40:42    ENTER    wolfSSL Entering PemToDer
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetMyVersion
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetMyVersion
2018-10-04 09:40:42    ENTER    wolfSSL Entering SSL_CTX_check_private_key
2018-10-04 09:40:42    ENTER    wolfSSL Entering wolfSSL_CTX_load_verify_locations
2018-10-04 09:40:42    INFO    Getting dynamic buffer
2018-10-04 09:40:42    INFO    Processing CA PEM file
2018-10-04 09:40:42    ENTER    wolfSSL Entering PemToDer
2018-10-04 09:40:42    INFO    Adding a CA
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetExplicitVersion
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetMyVersion
2018-10-04 09:40:42    INFO    Got Cert Header
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    INFO    Got Algo ID
2018-10-04 09:40:42    INFO    Getting Cert Name
2018-10-04 09:40:42    INFO    Getting Cert Name
2018-10-04 09:40:42    INFO    Got Subject Name
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    INFO    Got Key
2018-10-04 09:40:42    INFO    Parsed Past Key
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeCertExtensions
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeKeyUsage
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeBasicCaConstraint
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeSubjKeyId
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeAuthKeyId
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    INFO        Parsed new CA
2018-10-04 09:40:42    INFO        Freeing Parsed CA
2018-10-04 09:40:42    INFO        Freeing der CA
2018-10-04 09:40:42    INFO            OK Freeing der CA
2018-10-04 09:40:42    LEAVE    wolfSSL Leaving AddCA, return 0
2018-10-04 09:40:42    INFO       Processed a CA
2018-10-04 09:40:42    ENTER    wolfSSL Entering PemToDer
2018-10-04 09:40:42    INFO    Adding a CA
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetExplicitVersion
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetMyVersion
2018-10-04 09:40:42    INFO    Got Cert Header
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    INFO    Got Algo ID
2018-10-04 09:40:42    INFO    Getting Cert Name
2018-10-04 09:40:42    INFO    Getting Cert Name
2018-10-04 09:40:42    INFO    Got Subject Name
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    INFO    Got Key
2018-10-04 09:40:42    INFO    Parsed Past Key
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeCertExtensions
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeBasicCaConstraint
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeKeyUsage
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeExtKeyUsage
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeAuthInfo
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeCrlDist
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    INFO    Certificate Policy extension not supported yet.
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeSubjKeyId
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeAuthKeyId
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    INFO        Parsed new CA
2018-10-04 09:40:42    INFO        Freeing Parsed CA
2018-10-04 09:40:42    INFO        Freeing der CA
2018-10-04 09:40:42    INFO            OK Freeing der CA
2018-10-04 09:40:42    LEAVE    wolfSSL Leaving AddCA, return 0
2018-10-04 09:40:42    INFO       Processed a CA
2018-10-04 09:40:42    ENTER    wolfSSL Entering PemToDer
2018-10-04 09:40:42    INFO    Adding a CA
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetExplicitVersion
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetMyVersion
2018-10-04 09:40:42    INFO    Got Cert Header
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    INFO    Got Algo ID
2018-10-04 09:40:42    INFO    Getting Cert Name
2018-10-04 09:40:42    INFO    Getting Cert Name
2018-10-04 09:40:42    INFO    Got Subject Name
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    INFO    Got Key
2018-10-04 09:40:42    INFO    Parsed Past Key
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeCertExtensions
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeAuthKeyId
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeSubjKeyId
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeAltNames
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeKeyUsage
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeExtKeyUsage
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeCrlDist
2018-10-04 09:40:42    INFO        There are more CRL Distribution Point records, but we only use the first one.
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    INFO    Certificate Policy extension not supported yet.
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeAuthInfo
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering DecodeBasicCaConstraint
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetAlgoId
2018-10-04 09:40:42    ENTER    wolfSSL Entering GetObjectId()
2018-10-04 09:40:42    INFO        Parsed new CA
2018-10-04 09:40:42    INFO        Freeing Parsed CA
2018-10-04 09:40:42    INFO        Freeing der CA
2018-10-04 09:40:42    INFO            OK Freeing der CA
2018-10-04 09:40:42    LEAVE    wolfSSL Leaving AddCA, return 0
2018-10-04 09:40:42    INFO       Processed a CA
2018-10-04 09:40:42    INFO    Processed at least one valid CA. Other stuff OK
2018-10-04 09:40:42    ENTER    wolfSSL Entering SSL_new
2018-10-04 09:40:42    LEAVE    wolfSSL Leaving SSL_new, return 0
2018-10-04 09:40:42    ENTER    wolfSSL Entering SSL_set_fd
2018-10-04 09:40:42    LEAVE    wolfSSL Leaving SSL_set_fd, return 1
2018-10-04 09:40:42    ENTER    wolfSSL Entering wolfSSL_SetTmpDH
2018-10-04 09:40:42    LEAVE    wolfSSL Leaving wolfSSL_SetTmpDH, return 0
2018-10-04 09:40:42    ENTER    wolfSSL Entering SSL_accept()
2018-10-04 09:40:43    INFO    growing input buffer

2018-10-04 09:40:43    INFO    received record layer msg
2018-10-04 09:40:43    ENTER    wolfSSL Entering DoHandShakeMsg()
2018-10-04 09:40:43    ENTER    wolfSSL Entering DoHandShakeMsgType
2018-10-04 09:40:43    INFO    processing client hello
2018-10-04 09:40:43    ENTER    wolfSSL Entering MatchSuite
2018-10-04 09:40:43    ENTER    wolfSSL Entering VerifyServerSuite
2018-10-04 09:40:43    INFO    Requires RSA
2018-10-04 09:40:43    INFO    Verified suite validity
2018-10-04 09:40:43    LEAVE    wolfSSL Leaving DoHandShakeMsgType(), return 0
2018-10-04 09:40:43    LEAVE    wolfSSL Leaving DoHandShakeMsg(), return 0
2018-10-04 09:40:43    INFO    accept state ACCEPT_CLIENT_HELLO_DONE
2018-10-04 09:40:43    INFO    accept state ACCEPT_FIRST_REPLY_DONE
2018-10-04 09:40:43    INFO    growing output buffer

2018-10-04 09:40:43    INFO    Shrinking output buffer

2018-10-04 09:40:43    INFO    accept state SERVER_HELLO_SENT
2018-10-04 09:40:43    INFO    growing output buffer

2018-10-04 09:40:43    INFO    Shrinking output buffer

2018-10-04 09:40:43    INFO    accept state CERT_SENT
2018-10-04 09:40:43    ENTER    wolfSSL Entering SendCertificateStatus
2018-10-04 09:40:43    INFO    accept state CERT_STATUS_SENT
2018-10-04 09:40:43    INFO    Using ephemeral ECDH
2018-10-04 09:40:43    ENTER    wolfSSL Entering GetMyVersion
2018-10-04 09:40:43    INFO    growing output buffer

2018-10-04 09:40:43    ENTER    wolfSSL Entering VerifyRsaSign
2018-10-04 09:40:43    INFO    Shrinking output buffer

2018-10-04 09:40:43    INFO    accept state KEY_EXCHANGE_SENT
2018-10-04 09:40:43    INFO    accept state CERT_REQ_SENT
2018-10-04 09:40:43    INFO    growing output buffer

2018-10-04 09:40:43    INFO    Shrinking output buffer

2018-10-04 09:40:43    INFO    accept state SERVER_HELLO_DONE
2018-10-04 09:40:43    INFO    received record layer msg
2018-10-04 09:40:43    ENTER    wolfSSL Entering DoHandShakeMsg()
2018-10-04 09:40:43    ENTER    wolfSSL Entering DoHandShakeMsgType
2018-10-04 09:40:43    INFO    processing client key exchange
2018-10-04 09:40:43    LEAVE    wolfSSL Leaving DoHandShakeMsgType(), return 0
2018-10-04 09:40:43    LEAVE    wolfSSL Leaving DoHandShakeMsg(), return 0
2018-10-04 09:40:43    INFO    received record layer msg
2018-10-04 09:40:43    INFO    got CHANGE CIPHER SPEC
2018-10-04 09:40:43    INFO    received record layer msg
2018-10-04 09:40:43    ENTER    wolfSSL Entering DoHandShakeMsg()
2018-10-04 09:40:43    ENTER    wolfSSL Entering DoHandShakeMsgType
2018-10-04 09:40:43    INFO    processing finished
2018-10-04 09:40:43    LEAVE    wolfSSL Leaving DoHandShakeMsgType(), return 0
2018-10-04 09:40:43    LEAVE    wolfSSL Leaving DoHandShakeMsg(), return 0
2018-10-04 09:40:43    INFO    accept state  ACCEPT_SECOND_REPLY_DONE
2018-10-04 09:40:43    INFO    accept state  TICKET_SENT
2018-10-04 09:40:43    INFO    growing output buffer

2018-10-04 09:40:43    INFO    Shrinking output buffer

2018-10-04 09:40:43    INFO    accept state  CHANGE_CIPHER_SENT
2018-10-04 09:40:43    INFO    growing output buffer

2018-10-04 09:40:43    INFO    Shrinking output buffer

2018-10-04 09:40:43    INFO    accept state ACCEPT_FINISHED_DONE
2018-10-04 09:40:43    INFO    accept state ACCEPT_THIRD_REPLY_DONE
2018-10-04 09:40:43    INFO    Shrinking input buffer

2018-10-04 09:40:43    LEAVE    wolfSSL Leaving SSL_accept(), return 1
2018-10-04 09:40:43    ENTER    wolfSSL Entering wolfSSL_get_cipher
2018-10-04 09:40:43    ENTER    wolfSSL Entering SSL_get_current_cipher
2018-10-04 09:40:43    ENTER    wolfSSL Entering SSL_CIPHER_get_name
2018-10-04 09:40:43    ENTER    wolfSSL Entering wolfSSL_peek()
2018-10-04 09:40:43    ENTER    wolfSSL Entering wolfSSL_read_internal()
2018-10-04 09:40:43    ENTER    wolfSSL Entering ReceiveData()
2018-10-04 09:40:43    INFO    Embed Receive error
2018-10-04 09:40:43    INFO        Would block
2018-10-04 09:40:43    ERROR    wolfSSL error occurred, error = -323
2018-10-04 09:40:43    LEAVE    wolfSSL Leaving wolfSSL_read_internal(), return -323
2018-10-04 09:40:43    ENTER    wolfSSL Entering SSL_get_error
2018-10-04 09:40:43    LEAVE    wolfSSL Leaving SSL_get_error, return -323


I have 3 certficates. 1 server cert,1 intermidiate cert,1 root CA. root CA is in top of file supplied as argument to wolfSSL_CTX_load_verify_locations.

Please let me know why only server certificate is listed. not intermidiate and rootCA is not included?

i see while processing last 2 certificates we have a message as below
        """""""""""""Certificate Policy extension not supported yet.""""""""""""




Thanks,
Vijay

Share

Re: Chain certificates are not listing.

@vijaykumar.ppsg

Thanks again for contacting us via the forums! Solution is to load using wolfSSL_use_certificate_[ buffer | file ] for loading a chain for sending to clients. Load order is bottom to top with the root being optionally excluded as client must have the root loaded to verify so servers do not need to transmit it.

FILE CONTENTS:

SERVER CERT
Intermediate CA 1
Intermediate CA 2 ( If Applicable )
Intermediate CA ... X ( If Applicable )
Root CA ( Optional )

The API wolfSSL_CTX_load_verify_locations is for loading certs to use when VERIFYING peers. IE you would NOT use this API on the server side unless doing mutual authentication (99.9% of all servers do NOT do mutual authentication).

In the event you use this API load from the TOP down and the Root CA is required! Some peers do not transmit their entire cert chain even though the only exception is SUPPOSED to be the Root CA. If a peer only sends a partial chain you must load the rest of the chain from the top down IE file contents would be opposite of wolfSSL_CTX_use_certificate API:

FILE CONTENTS:

Root CA ( Required at a minimum )
Intermediate CA X ( If Applicable )
Intermediate CA X-1 ... ( If Applicable )
Intermediate CA 2 ( If Applicable )
Intermediate CA 1 ( If Applicable )

Warm Regards,

K