• Registered: 2025-03-07
  • Posts: 4

Topic: getting error -125 from wolfSSL_CTX_load_verify_buffer

Getting error -125 from wolfSSL_CTX_load_verify_buffer while parsing google.com certificate.

Configuration:

#define SINGLE_THREADED
#define FREERTOS
#define NO_FILESYSTEM
#define WOLFSSL_NO_SOCK
#define WOLFSSL_USER_IO
#define NO_DEV_RANDOM

#define WC_NO_HARDEN
#define NO_WRITEV
#define HAVE_DH
#define HAVE_ED25519
#define HAVE_SHA512
#define NO_SHA
#define NO_OLD_TLS
#define WOLFSSL_SHA512
#define WOLFSSL_STM32F4
#define NO_STM32_CRYPTO
#define NO_STM32_HASH
#define NO_INLINE
#define WOLFSSL_IGNORE_FILE_WARN
#define WOLFSSL_GMTIME

here is code snippet

const unsigned char google_root_certificate[] =
"-----BEGIN CERTIFICATE-----\r\n"
"MIINYTCCDQagAwIBAgIRALQPM3zi5SVWCcng/hZpShIwCgYIKoZIzj0EAwIwOzEL\r\n"
"MAkGA1UEBhMCVVMxHjAcBgNVBAoTFUdvb2dsZSBUcnVzdCBTZXJ2aWNlczEMMAoG\r\n"
"A1UEAxMDV0UyMB4XDTI1MDIyNjE1MzMwM1oXDTI1MDUyMTE1MzMwMlowFzEVMBMG\r\n"
"A1UEAwwMKi5nb29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgY2u\r\n"
"jvbPkuQiKZw9XHFP0GrdujA0tw6feXg2eVb3bWPQ7M0lJ/of3dlc9J/NQ8BjBrrn\r\n"
"bObLpB/4C3PjqziyQqOCDA0wggwJMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAK\r\n"
"BggrBgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTKaaMWpKmNeZC6ky5y\r\n"
"0iHRZX20szAfBgNVHSMEGDAWgBR1vsR3ron2RDd9z7FoHx0a69w0WTBYBggrBgEF\r\n"
"BQcBAQRMMEowIQYIKwYBBQUHMAGGFWh0dHA6Ly9vLnBraS5nb29nL3dlMjAlBggr\r\n"
"BgEFBQcwAoYZaHR0cDovL2kucGtpLmdvb2cvd2UyLmNydDCCCeQGA1UdEQSCCdsw\r\n"
"ggnXggwqLmdvb2dsZS5jb22CFiouYXBwZW5naW5lLmdvb2dsZS5jb22CCSouYmRu\r\n"
"LmRldoIVKi5vcmlnaW4tdGVzdC5iZG4uZGV2ghIqLmNsb3VkLmdvb2dsZS5jb22C\r\n"
"GCouY3Jvd2Rzb3VyY2UuZ29vZ2xlLmNvbYIYKi5kYXRhY29tcHV0ZS5nb29nbGUu\r\n"
"Y29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiouZ29vZ2xlLmNvLmlugg4q\r\n"
"Lmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyouZ29vZ2xlLmNvbS5hcoIP\r\n"
"Ki5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKCDyouZ29vZ2xlLmNvbS5j\r\n"
"b4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20udHKCDyouZ29vZ2xlLmNv\r\n"
"bS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsqLmdvb2dsZS5mcoILKi5n\r\n"
"b29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5ubIILKi5nb29nbGUucGyC\r\n"
"CyouZ29vZ2xlLnB0gg8qLmdvb2dsZWFwaXMuY26CESouZ29vZ2xldmlkZW8uY29t\r\n"
"ggwqLmdzdGF0aWMuY26CECouZ3N0YXRpYy1jbi5jb22CD2dvb2dsZWNuYXBwcy5j\r\n"
"boIRKi5nb29nbGVjbmFwcHMuY26CEWdvb2dsZWFwcHMtY24uY29tghMqLmdvb2ds\r\n"
"ZWFwcHMtY24uY29tggxna2VjbmFwcHMuY26CDiouZ2tlY25hcHBzLmNughJnb29n\r\n"
"bGVkb3dubG9hZHMuY26CFCouZ29vZ2xlZG93bmxvYWRzLmNughByZWNhcHRjaGEu\r\n"
"bmV0LmNughIqLnJlY2FwdGNoYS5uZXQuY26CEHJlY2FwdGNoYS1jbi5uZXSCEiou\r\n"
"cmVjYXB0Y2hhLWNuLm5ldIILd2lkZXZpbmUuY26CDSoud2lkZXZpbmUuY26CEWFt\r\n"
"cHByb2plY3Qub3JnLmNughMqLmFtcHByb2plY3Qub3JnLmNughFhbXBwcm9qZWN0\r\n"
"Lm5ldC5jboITKi5hbXBwcm9qZWN0Lm5ldC5jboIXZ29vZ2xlLWFuYWx5dGljcy1j\r\n"
"bi5jb22CGSouZ29vZ2xlLWFuYWx5dGljcy1jbi5jb22CF2dvb2dsZWFkc2Vydmlj\r\n"
"ZXMtY24uY29tghkqLmdvb2dsZWFkc2VydmljZXMtY24uY29tghFnb29nbGV2YWRz\r\n"
"LWNuLmNvbYITKi5nb29nbGV2YWRzLWNuLmNvbYIRZ29vZ2xlYXBpcy1jbi5jb22C\r\n"
"EyouZ29vZ2xlYXBpcy1jbi5jb22CFWdvb2dsZW9wdGltaXplLWNuLmNvbYIXKi5n\r\n"
"b29nbGVvcHRpbWl6ZS1jbi5jb22CEmRvdWJsZWNsaWNrLWNuLm5ldIIUKi5kb3Vi\r\n"
"bGVjbGljay1jbi5uZXSCGCouZmxzLmRvdWJsZWNsaWNrLWNuLm5ldIIWKi5nLmRv\r\n"
"dWJsZWNsaWNrLWNuLm5ldIIOZG91YmxlY2xpY2suY26CECouZG91YmxlY2xpY2su\r\n"
"Y26CFCouZmxzLmRvdWJsZWNsaWNrLmNughIqLmcuZG91YmxlY2xpY2suY26CEWRh\r\n"
"cnRzZWFyY2gtY24ubmV0ghMqLmRhcnRzZWFyY2gtY24ubmV0gh1nb29nbGV0cmF2\r\n"
"ZWxhZHNlcnZpY2VzLWNuLmNvbYIfKi5nb29nbGV0cmF2ZWxhZHNlcnZpY2VzLWNu\r\n"
"LmNvbYIYZ29vZ2xldGFnc2VydmljZXMtY24uY29tghoqLmdvb2dsZXRhZ3NlcnZp\r\n"
"Y2VzLWNuLmNvbYIXZ29vZ2xldGFnbWFuYWdlci1jbi5jb22CGSouZ29vZ2xldGFn\r\n"
"bWFuYWdlci1jbi5jb22CGGdvb2dsZXN5bmRpY2F0aW9uLWNuLmNvbYIaKi5nb29n\r\n"
"bGVzeW5kaWNhdGlvbi1jbi5jb22CJCouc2FmZWZyYW1lLmdvb2dsZXN5bmRpY2F0\r\n"
"aW9uLWNuLmNvbYIWYXBwLW1lYXN1cmVtZW50LWNuLmNvbYIYKi5hcHAtbWVhc3Vy\r\n"
"ZW1lbnQtY24uY29tggtndnQxLWNuLmNvbYINKi5ndnQxLWNuLmNvbYILZ3Z0Mi1j\r\n"
"bi5jb22CDSouZ3Z0Mi1jbi5jb22CCzJtZG4tY24ubmV0gg0qLjJtZG4tY24ubmV0\r\n"
"ghRnb29nbGVmbGlnaHRzLWNuLm5ldIIWKi5nb29nbGVmbGlnaHRzLWNuLm5ldIIM\r\n"
"YWRtb2ItY24uY29tgg4qLmFkbW9iLWNuLmNvbYIUZ29vZ2xlc2FuZGJveC1jbi5j\r\n"
"b22CFiouZ29vZ2xlc2FuZGJveC1jbi5jb22CHiouc2FmZW51cC5nb29nbGVzYW5k\r\n"
"Ym94LWNuLmNvbYINKi5nc3RhdGljLmNvbYIUKi5tZXRyaWMuZ3N0YXRpYy5jb22C\r\n"
"CiouZ3Z0MS5jb22CESouZ2NwY2RuLmd2dDEuY29tggoqLmd2dDIuY29tgg4qLmdj\r\n"
"cC5ndnQyLmNvbYIQKi51cmwuZ29vZ2xlLmNvbYIWKi55b3V0dWJlLW5vY29va2ll\r\n"
"LmNvbYILKi55dGltZy5jb22CC2FuZHJvaWQuY29tgg0qLmFuZHJvaWQuY29tghMq\r\n"
"LmZsYXNoLmFuZHJvaWQuY29tggRnLmNuggYqLmcuY26CBGcuY2+CBiouZy5jb4IG\r\n"
"Z29vLmdsggp3d3cuZ29vLmdsghRnb29nbGUtYW5hbHl0aWNzLmNvbYIWKi5nb29n\r\n"
"bGUtYW5hbHl0aWNzLmNvbYIKZ29vZ2xlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29t\r\n"
"ghQqLmdvb2dsZWNvbW1lcmNlLmNvbYIIZ2dwaHQuY26CCiouZ2dwaHQuY26CCnVy\r\n"
"Y2hpbi5jb22CDCoudXJjaGluLmNvbYIIeW91dHUuYmWCC3lvdXR1YmUuY29tgg0q\r\n"
"LnlvdXR1YmUuY29tghFtdXNpYy55b3V0dWJlLmNvbYITKi5tdXNpYy55b3V0dWJl\r\n"
"LmNvbYIUeW91dHViZWVkdWNhdGlvbi5jb22CFioueW91dHViZWVkdWNhdGlvbi5j\r\n"
"b22CD3lvdXR1YmVraWRzLmNvbYIRKi55b3V0dWJla2lkcy5jb22CBXl0LmJlggcq\r\n"
"Lnl0LmJlghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYITKi5hbmRyb2lkLmdv\r\n"
"b2dsZS5jboISKi5jaHJvbWUuZ29vZ2xlLmNughYqLmRldmVsb3BlcnMuZ29vZ2xl\r\n"
"LmNughUqLmFpc3R1ZGlvLmdvb2dsZS5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEw\r\n"
"NgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2MucGtpLmdvb2cvd2UyLzY0T1VJVnpw\r\n"
"WlY0LmNybDCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1AM8RVu7VLnyv84db2Wku\r\n"
"m+kacWdKsBfsrAHSW3fOzDsIAAABlUMa3KQAAAQDAEYwRAIgbFT96GaW9xdF/H3T\r\n"
"R9A8aKomiq6jRak+HuHJKeYZKbICIFj0lmIw2MOCmAFoPML8Do+XUopVVJGpvKum\r\n"
"UZ3/H1ZBAHYAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebgAAAGVQxrc\r\n"
"mAAABAMARzBFAiA1pA/zxlqWAUktHGVu/3MlUzPsjEcaRHOEqw4qFdXIcgIhALwo\r\n"
"K02gj5Eep6saapUuV9BRJ8S5T4iydYXSoKuINbtcMAoGCCqGSM49BAMCA0kAMEYC\r\n"
"IQCe7kXY4zHS22OUlCThOBy44kLyCaMS20ylMx0JWcjHqQIhAIiNQSfvChn4LD5B\r\n"
"TtlK9da3ocqcq85/6pDQ4Cx7a2Ej\r\n"
"-----END CERTIFICATE-----\r\n";

int google_crt_len = sizeof(google_root_certificate)-1;

extern struct netif gnetif;
char buff[256];

void wolf_ssl_task(void *argument)
{
    ip_addr_t ip_address;
    int ret;
    WOLFSSL_CTX* ctx;
    WOLFSSL* ssl;

    uart_print("stated wolf_ssl task ");
   
    wolfSSL_Init();
   
    // Create wolfSSL context
    if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL)
            {
                sprintf(buff,"wolfSSL_CTX_new error : %d\n",ret);
        uart_print(buff);
        vTaskDelete(NULL);
    }
        uart_print("success wolfSSL_CTX_n0 error\n");

    // Load CA certificate from memory
    if ((ret = wolfSSL_CTX_load_verify_buffer(ctx, google_root_certificate, google_crt_len, CTC_FILETYPE_PEM)) != SSL_SUCCESS) {
        sprintf(buff,"wolfSSL_CTX_new error : %d\n",ret);
        uart_print(buff);
        vTaskDelete(NULL);
    }
   
   
        uart_print("success to load CA certificate\n");

Share

  • Registered: 2021-08-12
  • Posts: 128

Re: getting error -125 from wolfSSL_CTX_load_verify_buffer

Hi, my name is Anthony.   Note that -125 is  MEMORY_E which indicates you are out of memory.  Can you free up some memory for this process?

Share

  • Registered: 2021-08-12
  • Posts: 128

Re: getting error -125 from wolfSSL_CTX_load_verify_buffer

The certificate has a lot of alternative name entries.  Does google make available more concise certificates with less alternative names?

Share

  • Registered: 2025-03-07
  • Posts: 4

Re: getting error -125 from wolfSSL_CTX_load_verify_buffer

Thanks for the response after increasing stack size certificate verified.

Share