Welcome to the wolfSSL Forums!

Mohammedshameem.tv · 2025-03-10 05:10:29

Mohammedshameem.tv
Member
Offline

Registered: 2025-03-07
Posts: 4

Topic: Not able handshake with google.com after set WOLFSSL_VERIFY_PEER

Issue Summary:

- I am unable to communicate with google.com after changing the SSL verification mode from WOLFSSL_VERIFY_NONE to
WOLFSSL_VERIFY_PEER.
- After investigating, I found that the issue is related to Google's root certificate.
- I downloaded the latest Google root certificate from Google Trust Services in .PEM format.
- I then converted the certificate into a C string format and added it to my project.
Despite this, the issue persists.

Additional Details:

- My application initially establishes communication with Google and my organization's website (which has an SSL certificate).
- My organization's website is hosted by GoDaddy.
- In the certification section of the hosting panel, I found a certificate in .PEM format.
- When I pass this GoDaddy certificate for SSL verification, I receive an error:
"Invalid data (-140)".

What I Need Help With:

- Am I doing anything wrong in attaching or loading the certificates?
- Could you help analyze the log and code (attached below) to identify any potential issues?

#define SERVER_NAME "www.google.com"
#define SERVER_PORT 443
#define HTTP_REQUEST "GET / HTTP/1.1\r\nHost: google.com\r\nConnection: close\r\n\r\n"


const unsigned char google_root_certificate[] =
"-----BEGIN CERTIFICATE-----\n"
"MIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQsw\n"
"CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU\n"
"MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw\n"
"MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp\n"
"Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUA\n"
"A4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaMf/vo\n"
"27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7w\n"
"Cl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjw\n"
"TcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0Pfybl\n"
"qAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtcvfaH\n"
"szVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4Zor8\n"
"Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUspzBmk\n"
"MiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92\n"
"wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70p\n"
"aDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrN\n"
"VjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQID\n"
"AQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E\n"
"FgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBAJ+qQibb\n"
"C5u+/x6Wki4+omVKapi6Ist9wTrYggoGxval3sBOh2Z5ofmmWJyq+bXmYOfg6LEe\n"
"QkEzCzc9zolwFcq1JKjPa7XSQCGYzyI0zzvFIoTgxQ6KfF2I5DUkzps+GlQebtuy\n"
"h6f88/qBVRRiClmpIgUxPoLW7ttXNLwzldMXG+gnoot7TiYaelpkttGsN/H9oPM4\n"
"7HLwEXWdyzRSjeZ2axfG34arJ45JK3VmgRAhpuo+9K4l/3wV3s6MJT/KYnAK9y8J\n"
"ZgfIPxz88NtFMN9iiMG1D53Dn0reWVlHxYciNuaCp+0KueIHoI17eko8cdLiA6Ef\n"
"MgfdG+RCzgwARWGAtQsgWSl4vflVy2PFPEz0tv/bal8xa5meLMFrUKTX5hgUvYU/\n"
"Z6tGn6D/Qqc6f1zLXbBwHSs09dR2CQzreExZBfMzQsNhFRAbd03OIozUhfJFfbdT\n"
"6u9AWpQKXCBfTkBdYiJ23//OYb2MI3jSNwLgjt7RETeJ9r/tSQdirpLsQBqvFAnZ\n"
"0E6yove+7u7Y/9waLd64NnHi/Hm3lCXRSHNboTXns5lndcEZOitHTtNCjv0xyBZm\n"
"2tIMPNuzjsmhDYAPexZ3FL//2wmUspO8IFgV6dtxQ/PeEMMA3KgqlbbC1j+Qa3bb\n"
"bP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3gm3c\n"
"-----END CERTIFICATE-----\n";




int google_crt_len = sizeof(google_root_certificate)-1;

extern struct netif gnetif;
char buff[256];
#define MAXLINE 256

/* Your custom send function */
int MySocketSend(WOLFSSL *ssl, char *buf, int sz, void *ctx) {
    int sockfd = *(int *)ctx; // Retrieve socket
    int ret = send(sockfd, buf, sz, 0);
    if (ret < 0) {
        uart_print("TCP send failed");
             return WOLFSSL_CBIO_ERR_GENERAL;
    }
    return ret;
}

/* Your custom receive function */
int MySocketRecv(WOLFSSL *ssl, char *buf, int sz, void *ctx) {
    int sockfd = *(int *)ctx; // Retrieve socket
    int ret = recv(sockfd, buf, sz, 0);
    if (ret <= 0) {
       uart_print("TCP recv send failed");
            return WOLFSSL_CBIO_ERR_GENERAL;
    }
    return ret;
}





void wolfssl_print(const int logLevel, const char* logMessage) 
{
     sprintf(buff,"WolfSSL Log [%d]: %s\n", logLevel, logMessage);    
    uart_print(buff);
}



void
str_cli(FILE *fp, WOLFSSL* ssl)
{
    char  sendline[MAXLINE] = "GET / HTTP/1.1\r\nHost: google.com\r\nConnection: close\r\n\r\n", recvline[MAXLINE];
    int   n = 0,ret;

        if((ret = wolfSSL_write(ssl, sendline, strlen(sendline))) !=
                     strlen(sendline))
                {
                    sprintf(buff,"wolfSSL_write failed %d",ret);
           uart_print(buff);
        }
               else
                {
                    uart_print(sendline);
                    uart_print("wolfSSL_write success");
                }
                                         

        if ((n = wolfSSL_read(ssl, recvline, MAXLINE)) <= 0)
                {
                    sprintf(buff,"wolfSSL_read failed : %d",n);
                    recvline[n] = '\0';
                 uart_print(buff);
                    
           uart_print(recvline);
                }
                else
                {
                    recvline[n] = '\0';
                     uart_print(recvline);
                    
                }
}

void wolf_ssl_task(void *argument)
{
    ip_addr_t ip_address;
    int ret;
    WOLFSSL_CTX* ctx;
  WOLFSSL* ssl;
        int sockfd;
    struct sockaddr_in servaddr;
  printf("started code");
    uart_print("stated wolf_ssl task ");
    

    wolfSSL_Init();
    
        wolfSSL_Debugging_ON();
    
    wolfSSL_SetLoggingCb(wolfssl_print);
    
    if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL)
            {
                sprintf(buff,"wolfSSL_CTX_new error : %d\n",ret);
        uart_print(buff);
        vTaskDelete(NULL);
    }
        uart_print("success wolfSSL_CTX_n0 error\n");

        wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL);
        
    // Load CA certificate from memory
    if ((ret = wolfSSL_CTX_load_verify_buffer(ctx, google_root_certificate, google_crt_len, CTC_FILETYPE_PEM)) != SSL_SUCCESS) {
        sprintf(buff,"wolfSSL_CTX_new error : %d\n",ret);
        uart_print(buff);
        vTaskDelete(NULL);
    }
    
    
        uart_print("success to load CA certificate\n");
    
     while(1)
  {
    if(gnetif.ip_addr.addr == 0 || gnetif.netmask.addr == 0 || gnetif.gw.addr == 0) //system has no valid ip address
    {
      osDelay(1000);
      continue;
    } else
    {
             BSP_LED_On(LED1);
      uart_print("DHCP/Static IP O.K.\n");
      break;
    }
  }
    
    //collecting server ip through DNS
    ret = netconn_gethostbyname(SERVER_NAME, &ip_address);
    
    sprintf(buff,"IP addr of google.com is %s ret %d",ipaddr_ntoa(&ip_address),ret);
    uart_print(buff);

    // Create socket
    while(1)
    {
    if ((sockfd = lwip_socket(AF_INET, SOCK_STREAM, 0)) < 0) {
        uart_print("Socket creation failed\n");
        vTaskDelete(NULL);
    }
        
        sprintf(buff,"socket created with fd  %d ",sockfd);
    uart_print(buff);
        

    servaddr.sin_family = AF_INET;
    servaddr.sin_port = htons(SERVER_PORT);
    servaddr.sin_addr.s_addr = ip_address.addr;//inet_addr(ip_address.addr);

        
            /* Set the callbacks before connecting */
        wolfSSL_SetIORecv(ctx, MySocketRecv);
        wolfSSL_SetIOSend(ctx, MySocketSend);
        
    // Connect to the server
    if (ret = lwip_connect(sockfd, (struct sockaddr *)&servaddr, sizeof(servaddr)) < 0) 
        {
            sprintf(buff,"Connection failed %d\n",ret);
        uart_print(buff);
        lwip_close(sockfd);
        //vTaskDelete(NULL);
    }
        else
        {
            break;
        }
    }
            sprintf(buff,"ok  socket connected successsfully  %d ",sockfd);
        uart_print(buff);
        
        if( (ssl = wolfSSL_new(ctx)) == NULL) 
        {
    uart_print("wolfSSL_new error.\n");
    }
        
        uart_print("OK wolfSSL_new.\n");

    wolfSSL_set_fd(ssl, sockfd);
        
        
    
        
        str_cli(stdin, ssl);
        


wolfSSL_free(ssl);      /* Free WOLFSSL object */
wolfSSL_CTX_free(ctx);  /* Free WOLFSSL_CTX object */
wolfSSL_Cleanup();      /* Free wolfSSL */
    lwip_close(sockfd);
    while(1)
    {
     osDelay(10000);
    }
}

LOG (MODE WOLFSSL_VERIFY_NONE ) :-

stated wolf_ssl task
WolfSSL Log [2]: wolfSSL Entering TLSv1_2_client_method_ex

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CTX_new_ex

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CertManagerNew

WolfSSL Log [1]: heap param is null

WolfSSL Log [1]: DYNAMIC_TYPE_CERT_MANAGER Allocating = 112 bytes

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_CTX_new_ex, return 0

success wolfSSL_CTX_n0 error

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CTX_set_verify

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex

WolfSSL Log [1]: Processing CA PEM file

WolfSSL Log [2]: wolfSSL Entering ProcessBuffer

WolfSSL Log [2]: wolfSSL Entering PemToDer

WolfSSL Log [1]: Adding a CA

WolfSSL Log [1]: Getting Cert Name

WolfSSL Log [2]: wolfSSL Entering GetAlgoId

WolfSSL Log [2]: wolfSSL Entering DecodeCertExtensions

WolfSSL Log [2]: wolfSSL Entering DecodeKeyUsage

WolfSSL Log [2]: wolfSSL Entering DecodeBasicCaConstraint

WolfSSL Log [2]: wolfSSL Entering DecodeSubjKeyId

WolfSSL Log [1]: Parsed new CA

WolfSSL Log [1]: Freeing Parsed CA

WolfSSL Log [1]: Freeing der CA

WolfSSL Log [1]: OK Freeing der CA

WolfSSL Log [3]: wolfSSL Leaving AddCA, return 0

WolfSSL Log [3]: wolfSSL Leaving ProcessBuffer, return 1

WolfSSL Log [1]: Processed a CA

WolfSSL Log [1]: Processed at least one valid CA. Other stuff OK

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_CTX_load_verify_buffer_ex, return 1

success to load CA certificate

DHCP/Static IP O.K.

IP addr of google.com is 142.250.195.68 ret 0
socket created with fd 0
ok socket connected successsfully 0
WolfSSL Log [2]: wolfSSL Entering wolfSSL_new

WolfSSL Log [2]: wolfSSL Entering ReinitSSL

WolfSSL Log [1]: RNG_HEALTH_TEST_CHECK_SIZE = 128

WolfSSL Log [1]: sizeof(seedB_data) = 128

WolfSSL Log [2]: wolfSSL Entering SetSSL_CTX

WolfSSL Log [2]: wolfSSL Entering wolfSSL_NewSession

WolfSSL Log [1]: InitSSL done. return 0 (success)

WolfSSL Log [1]: wolfSSL_new InitSSL success

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_new InitSSL =, return 0

OK wolfSSL_new.

WolfSSL Log [2]: wolfSSL Entering wolfSSL_set_fd

WolfSSL Log [2]: wolfSSL Entering wolfSSL_set_read_fd

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_set_read_fd, return 1

WolfSSL Log [2]: wolfSSL Entering wolfSSL_set_write_fd

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_set_write_fd, return 1

WolfSSL Log [2]: wolfSSL Entering wolfSSL_write

WolfSSL Log [1]: handshake not complete, trying to finish

WolfSSL Log [2]: wolfSSL Entering wolfSSL_negotiate

WolfSSL Log [1]: TLS 1.2 or lower

WolfSSL Log [2]: wolfSSL Entering wolfSSL_connect

WolfSSL Log [2]: wolfSSL Entering ReinitSSL

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [2]: wolfSSL Entering SendClientHello

WolfSSL Log [1]: Adding signature algorithms extension

WolfSSL Log [1]: growing output buffer

WolfSSL Log [1]: Signature Algorithms extension to write

WolfSSL Log [1]: Point Formats extension to write

WolfSSL Log [1]: Supported Groups extension to write

WolfSSL Log [1]: EMS extension to write

WolfSSL Log [1]: Shrinking output buffer

WolfSSL Log [3]: wolfSSL Leaving SendClientHello, return 0

WolfSSL Log [1]: connect state: CLIENT_HELLO_SENT

WolfSSL Log [1]: Server state up to needed state.

WolfSSL Log [1]: Progressing server state...

WolfSSL Log [1]: ProcessReply...

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [1]: growing input buffer

WolfSSL Log [1]: received record layer msg

WolfSSL Log [1]: got HANDSHAKE

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsg

WolfSSL Log [2]: wolfSSL Entering EarlySanityCheckMsgReceived

WolfSSL Log [3]: wolfSSL Leaving EarlySanityCheckMsgReceived, return 0

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsgType

WolfSSL Log [1]: processing server hello

WolfSSL Log [2]: wolfSSL Entering DoServerHello

WolfSSL Log [1]: Extended Master Secret extension received

WolfSSL Log [1]: Point Formats extension received

WolfSSL Log [2]: wolfSSL Entering wolfSSL_get_options

WolfSSL Log [2]: wolfSSL Entering VerifyClientSuite

WolfSSL Log [3]: wolfSSL Leaving DoServerHello, return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsgType(), return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsg(), return 0

WolfSSL Log [1]: Shrinking input buffer

WolfSSL Log [1]: ProcessReply done.

WolfSSL Log [1]: Progressing server state...

WolfSSL Log [1]: ProcessReply...

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [1]: growing input buffer

WolfSSL Log [1]: received record layer msg

WolfSSL Log [1]: got HANDSHAKE

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsg

WolfSSL Log [2]: wolfSSL Entering EarlySanityCheckMsgReceived

WolfSSL Log [3]: wolfSSL Leaving EarlySanityCheckMsgReceived, return 0

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsgType

WolfSSL Log [1]: processing certificate

WolfSSL Log [2]: wolfSSL Entering DoCertificate

WolfSSL Log [2]: wolfSSL Entering ProcessPeerCerts

WolfSSL Log [1]: Loading peer's cert chain

WolfSSL Log [1]: Put another cert into chain

WolfSSL Log [1]: Getting Cert Name

WolfSSL Log [2]: wolfSSL Entering GetAlgoId

WolfSSL Log [2]: wolfSSL Entering DecodeCertExtensions

WolfSSL Log [2]: wolfSSL Entering DecodeKeyUsage

WolfSSL Log [2]: wolfSSL Entering DecodeBasicCaConstraint

WolfSSL Log [2]: wolfSSL Entering DecodeSubjKeyId

WolfSSL Log [2]: wolfSSL Entering DecodeAuthKeyId

WolfSSL Log [2]: wolfSSL Entering DecodeAuthInfo

WolfSSL Log [2]: wolfSSL Entering DecodeCrlDist

WolfSSL Log [1]: Certificate Policy extension not supported.

WolfSSL Log [1]: Chain cert not verified by option, not adding as CA

WolfSSL Log [1]: Getting Cert Name

WolfSSL Log [2]: wolfSSL Entering GetAlgoId

WolfSSL Log [2]: wolfSSL Entering DecodeCertExtensions

WolfSSL Log [2]: wolfSSL Entering DecodeKeyUsage

WolfSSL Log [2]: wolfSSL Entering DecodeExtKeyUsage

WolfSSL Log [2]: wolfSSL Entering DecodeBasicCaConstraint

WolfSSL Log [2]: wolfSSL Entering DecodeSubjKeyId

WolfSSL Log [2]: wolfSSL Entering DecodeAuthKeyId

WolfSSL Log [2]: wolfSSL Entering DecodeAuthInfo

WolfSSL Log [2]: wolfSSL Entering DecodeCrlDist

WolfSSL Log [1]: Certificate Policy extension not supported.

WolfSSL Log [1]: CA found

WolfSSL Log [1]: Chain cert not verified by option, not adding as CA

WolfSSL Log [1]: Verifying Peer's cert

WolfSSL Log [1]: Getting Cert Name

WolfSSL Log [2]: wolfSSL Entering GetAlgoId

WolfSSL Log [2]: wolfSSL Entering DecodeCertExtensions

WolfSSL Log [2]: wolfSSL Entering DecodeKeyUsage

WolfSSL Log [2]: wolfSSL Entering DecodeExtKeyUsage

WolfSSL Log [2]: wolfSSL Entering DecodeBasicCaConstraint

WolfSSL Log [2]: wolfSSL Entering DecodeSubjKeyId

WolfSSL Log [2]: wolfSSL Entering DecodeAuthKeyId

WolfSSL Log [2]: wolfSSL Entering DecodeAuthInfo

WolfSSL Log [2]: wolfSSL Entering DecodeAltNames

WolfSSL Log [1]: Certificate Policy extension not supported.

WolfSSL Log [2]: wolfSSL Entering DecodeCrlDist

WolfSSL Log [1]: Verified Peer's cert

WolfSSL Log [3]: wolfSSL Leaving ProcessPeerCerts, return 0

WolfSSL Log [3]: wolfSSL Leaving DoCertificate, return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsgType(), return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsg(), return 0

WolfSSL Log [1]: Shrinking input buffer

WolfSSL Log [1]: ProcessReply done.

WolfSSL Log [1]: Progressing server state...

WolfSSL Log [1]: ProcessReply...

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [1]: growing input buffer

WolfSSL Log [1]: received record layer msg

WolfSSL Log [1]: got HANDSHAKE

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsg

WolfSSL Log [2]: wolfSSL Entering EarlySanityCheckMsgReceived

WolfSSL Log [3]: wolfSSL Leaving EarlySanityCheckMsgReceived, return 0

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsgType

WolfSSL Log [1]: processing server key exchange

WolfSSL Log [2]: wolfSSL Entering DoServerKeyExchange

WolfSSL Log [2]: wolfSSL Entering RsaVerify

WolfSSL Log [1]: mp_to_unsigned_bin_len_ct...

WolfSSL Log [1]: wolfSSL Using RSA PSS un-padding

WolfSSL Log [3]: wolfSSL Leaving RsaVerify, return 64

WolfSSL Log [3]: wolfSSL Leaving DoServerKeyExchange, return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsgType(), return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsg(), return 0

WolfSSL Log [1]: Shrinking input buffer

WolfSSL Log [1]: ProcessReply done.

WolfSSL Log [1]: Progressing server state...

WolfSSL Log [1]: ProcessReply...

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [1]: received record layer msg

WolfSSL Log [1]: got HANDSHAKE

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsg

WolfSSL Log [2]: wolfSSL Entering EarlySanityCheckMsgReceived

WolfSSL Log [3]: wolfSSL Leaving EarlySanityCheckMsgReceived, return 0

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsgType

WolfSSL Log [1]: processing server hello done

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsgType(), return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsg(), return 0

WolfSSL Log [1]: ProcessReply done.

WolfSSL Log [1]: connect state: HELLO_AGAIN

WolfSSL Log [1]: connect state: HELLO_AGAIN_REPLY

WolfSSL Log [1]: connect state: FIRST_REPLY_DONE

WolfSSL Log [1]: connect state: FIRST_REPLY_FIRST

WolfSSL Log [2]: wolfSSL Entering SendClientKeyExchange

WolfSSL Log [2]: wolfSSL Entering EccMakeKey

WolfSSL Log [3]: wolfSSL Leaving EccMakeKey, return 0

WolfSSL Log [2]: wolfSSL Entering EccSharedSecret

WolfSSL Log [3]: wolfSSL Leaving EccSharedSecret, return 0

WolfSSL Log [1]: growing output buffer

WolfSSL Log [1]: Shrinking output buffer

WolfSSL Log [3]: wolfSSL Leaving SendClientKeyExchange, return 0

WolfSSL Log [1]: sent: client key exchange

WolfSSL Log [1]: connect state: FIRST_REPLY_SECOND

WolfSSL Log [1]: connect state: FIRST_REPLY_THIRD

WolfSSL Log [1]: growing output buffer

WolfSSL Log [1]: Shrinking output buffer

WolfSSL Log [1]: sent: change cipher spec

WolfSSL Log [1]: connect state: FIRST_REPLY_FOURTH

WolfSSL Log [2]: wolfSSL Entering SendFinished

WolfSSL Log [1]: growing output buffer

WolfSSL Log [2]: wolfSSL Entering BuildMessage

WolfSSL Log [3]: wolfSSL Leaving BuildMessage, return 0

WolfSSL Log [2]: wolfSSL Entering SetupSession

WolfSSL Log [1]: Shrinking output buffer

WolfSSL Log [3]: wolfSSL Leaving SendFinished, return 0

WolfSSL Log [1]: sent: finished

WolfSSL Log [1]: connect state: FINISHED_DONE

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [1]: received record layer msg

WolfSSL Log [1]: got CHANGE CIPHER SPEC

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [1]: growing input buffer

WolfSSL Log [1]: received record layer msg

WolfSSL Log [1]: got HANDSHAKE

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsg

WolfSSL Log [2]: wolfSSL Entering EarlySanityCheckMsgReceived

WolfSSL Log [3]: wolfSSL Leaving EarlySanityCheckMsgReceived, return 0

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsgType

WolfSSL Log [1]: processing finished

WolfSSL Log [2]: wolfSSL Entering DoFinished

WolfSSL Log [3]: wolfSSL Leaving DoFinished, return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsgType(), return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsg(), return 0

WolfSSL Log [1]: Shrinking input buffer

WolfSSL Log [1]: connect state: SECOND_REPLY_DONE

WolfSSL Log [2]: wolfSSL Entering FreeHandshakeResources

WolfSSL Log [1]: Signature Algorithms extension to free

WolfSSL Log [1]: Point Formats extension free

WolfSSL Log [1]: Supported Groups extension free

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_connect, return 1

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_negotiate, return 1

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [1]: growing output buffer

WolfSSL Log [2]: wolfSSL Entering BuildMessage

WolfSSL Log [3]: wolfSSL Leaving BuildMessage, return 0

WolfSSL Log [1]: Shrinking output buffer

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_write, return 55

GET / HTTP/1.1
Host: google.com
Connection: close

wolfSSL_write success
WolfSSL Log [2]: wolfSSL Entering wolfSSL_read

WolfSSL Log [2]: wolfSSL Entering wolfSSL_read_internal

WolfSSL Log [2]: wolfSSL Entering ReceiveData

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [1]: growing input buffer

WolfSSL Log [1]: received record layer msg

WolfSSL Log [1]: got app DATA

WolfSSL Log [3]: wolfSSL Leaving ReceiveData(), return 256

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_read_internal, return 256

HTTP/1.1 301 Moved Permanently
Location: https://www.google.com/
Content-Type: text/html; charset=UTF-8
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-mMHJVskvyegJu_PBDURI1w' 'strict-dynamic' 'report-sample' 'un
WolfSSL Log [2]: wolfSSL Entering wolfSSL_free

WolfSSL Log [1]: Free SSL: 2000f3a8

WolfSSL Log [1]: Free'ing client ssl

WolfSSL Log [1]: Shrinking input buffer

WolfSSL Log [2]: wolfSSL Entering wolfSSL_FreeSession

WolfSSL Log [1]: wolfSSL_FreeSession full free

WolfSSL Log [1]: CTX ref count not 0 yet, no free

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_free, return 0

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CTX_free

WolfSSL Log [1]: CTX ref count down to 0, doing full free

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CertManagerFree

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_CTX_free, return 0

WolfSSL Log [2]: wolfSSL Entering wolfSSL_Cleanup

WolfSSL Log [2]: wolfSSL Entering wolfCrypt_Cleanup

LOG (MODE WOLFSSL_VERIFY_PEER ) :-

usart initdone
stated wolf_ssl task
WolfSSL Log [2]: wolfSSL Entering TLSv1_2_client_method_ex

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CTX_new_ex

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CertManagerNew

WolfSSL Log [1]: heap param is null

WolfSSL Log [1]: DYNAMIC_TYPE_CERT_MANAGER Allocating = 112 bytes

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_CTX_new_ex, return 0

success wolfSSL_CTX_n0 error

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CTX_set_verify

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CTX_load_verify_buffer_ex

WolfSSL Log [1]: Processing CA PEM file

WolfSSL Log [2]: wolfSSL Entering ProcessBuffer

WolfSSL Log [2]: wolfSSL Entering PemToDer

WolfSSL Log [1]: Adding a CA

WolfSSL Log [1]: Getting Cert Name

WolfSSL Log [2]: wolfSSL Entering GetAlgoId

WolfSSL Log [2]: wolfSSL Entering DecodeCertExtensions

WolfSSL Log [2]: wolfSSL Entering DecodeKeyUsage

WolfSSL Log [2]: wolfSSL Entering DecodeBasicCaConstraint

WolfSSL Log [2]: wolfSSL Entering DecodeSubjKeyId

WolfSSL Log [1]: Parsed new CA

WolfSSL Log [1]: Freeing Parsed CA

WolfSSL Log [1]: Freeing der CA

WolfSSL Log [1]: OK Freeing der CA

WolfSSL Log [3]: wolfSSL Leaving AddCA, return 0

WolfSSL Log [3]: wolfSSL Leaving ProcessBuffer, return 1

WolfSSL Log [1]: Processed a CA

WolfSSL Log [1]: Processed at least one valid CA. Other stuff OK

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_CTX_load_verify_buffer_ex, return 1

success to load CA certificate

DHCP/Static IP O.K.

IP addr of google.com is 142.250.195.68 ret 0
socket created with fd 0
ok socket connected successsfully 0
WolfSSL Log [2]: wolfSSL Entering wolfSSL_new

WolfSSL Log [2]: wolfSSL Entering ReinitSSL

WolfSSL Log [1]: RNG_HEALTH_TEST_CHECK_SIZE = 128

WolfSSL Log [1]: sizeof(seedB_data) = 128

WolfSSL Log [2]: wolfSSL Entering SetSSL_CTX

WolfSSL Log [2]: wolfSSL Entering wolfSSL_NewSession

WolfSSL Log [1]: InitSSL done. return 0 (success)

WolfSSL Log [1]: wolfSSL_new InitSSL success

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_new InitSSL =, return 0

OK wolfSSL_new.

WolfSSL Log [2]: wolfSSL Entering wolfSSL_set_fd

WolfSSL Log [2]: wolfSSL Entering wolfSSL_set_read_fd

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_set_read_fd, return 1

WolfSSL Log [2]: wolfSSL Entering wolfSSL_set_write_fd

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_set_write_fd, return 1

WolfSSL Log [2]: wolfSSL Entering wolfSSL_write

WolfSSL Log [1]: handshake not complete, trying to finish

WolfSSL Log [2]: wolfSSL Entering wolfSSL_negotiate

WolfSSL Log [1]: TLS 1.2 or lower

WolfSSL Log [2]: wolfSSL Entering wolfSSL_connect

WolfSSL Log [2]: wolfSSL Entering ReinitSSL

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [2]: wolfSSL Entering SendClientHello

WolfSSL Log [1]: Adding signature algorithms extension

WolfSSL Log [1]: growing output buffer

WolfSSL Log [1]: Signature Algorithms extension to write

WolfSSL Log [1]: Point Formats extension to write

WolfSSL Log [1]: Supported Groups extension to write

WolfSSL Log [1]: EMS extension to write

WolfSSL Log [1]: Shrinking output buffer

WolfSSL Log [3]: wolfSSL Leaving SendClientHello, return 0

WolfSSL Log [1]: connect state: CLIENT_HELLO_SENT

WolfSSL Log [1]: Server state up to needed state.

WolfSSL Log [1]: Progressing server state...

WolfSSL Log [1]: ProcessReply...

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [1]: growing input buffer

WolfSSL Log [1]: received record layer msg

WolfSSL Log [1]: got HANDSHAKE

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsg

WolfSSL Log [2]: wolfSSL Entering EarlySanityCheckMsgReceived

WolfSSL Log [3]: wolfSSL Leaving EarlySanityCheckMsgReceived, return 0

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsgType

WolfSSL Log [1]: processing server hello

WolfSSL Log [2]: wolfSSL Entering DoServerHello

WolfSSL Log [1]: Extended Master Secret extension received

WolfSSL Log [1]: Point Formats extension received

WolfSSL Log [2]: wolfSSL Entering wolfSSL_get_options

WolfSSL Log [2]: wolfSSL Entering VerifyClientSuite

WolfSSL Log [3]: wolfSSL Leaving DoServerHello, return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsgType(), return 0

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsg(), return 0

WolfSSL Log [1]: Shrinking input buffer

WolfSSL Log [1]: ProcessReply done.

WolfSSL Log [1]: Progressing server state...

WolfSSL Log [1]: ProcessReply...

WolfSSL Log [2]: wolfSSL Entering RetrySendAlert

WolfSSL Log [1]: growing input buffer

WolfSSL Log [1]: received record layer msg

WolfSSL Log [1]: got HANDSHAKE

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsg

WolfSSL Log [2]: wolfSSL Entering EarlySanityCheckMsgReceived

WolfSSL Log [3]: wolfSSL Leaving EarlySanityCheckMsgReceived, return 0

WolfSSL Log [2]: wolfSSL Entering DoHandShakeMsgType

WolfSSL Log [1]: processing certificate

WolfSSL Log [2]: wolfSSL Entering DoCertificate

WolfSSL Log [2]: wolfSSL Entering ProcessPeerCerts

WolfSSL Log [1]: Loading peer's cert chain

WolfSSL Log [1]: Put another cert into chain

WolfSSL Log [1]: Getting Cert Name

WolfSSL Log [2]: wolfSSL Entering GetAlgoId

WolfSSL Log [2]: wolfSSL Entering DecodeCertExtensions

WolfSSL Log [2]: wolfSSL Entering DecodeKeyUsage

WolfSSL Log [2]: wolfSSL Entering DecodeBasicCaConstraint

WolfSSL Log [2]: wolfSSL Entering DecodeSubjKeyId

WolfSSL Log [2]: wolfSSL Entering DecodeAuthKeyId

WolfSSL Log [2]: wolfSSL Entering DecodeAuthInfo

WolfSSL Log [2]: wolfSSL Entering DecodeCrlDist

WolfSSL Log [1]: Certificate Policy extension not supported.

WolfSSL Log [1]: No CA signer to verify with

WolfSSL Log [1]: Failed to verify CA from chain

WolfSSL Log [0]: wolfSSL error occurred, error = -188

WolfSSL Log [2]: wolfSSL Entering SendAlert

WolfSSL Log [1]: SendAlert: 48 unknown_ca

WolfSSL Log [1]: growing output buffer

WolfSSL Log [1]: Shrinking output buffer

WolfSSL Log [3]: wolfSSL Leaving SendAlert, return 0

WolfSSL Log [3]: wolfSSL Leaving ProcessPeerCerts, return -188

WolfSSL Log [3]: wolfSSL Leaving DoCertificate, return -188

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsgType(), return -188

WolfSSL Log [3]: wolfSSL Leaving DoHandShakeMsg(), return -188

WolfSSL Log [0]: wolfSSL error occurred, error = -188

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_negotiate, return -1

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_write, return -1

wolfSSL_write failed -1
WolfSSL Log [2]: wolfSSL Entering wolfSSL_read

WolfSSL Log [2]: wolfSSL Entering wolfSSL_read_internal

WolfSSL Log [2]: wolfSSL Entering ReceiveData

WolfSSL Log [1]: User calling wolfSSL_read in error state, not allowed

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_read_internal, return -188

wolfSSL_read failed : -1
h#
WolfSSL Log [2]: wolfSSL Entering wolfSSL_free

WolfSSL Log [1]: Free SSL: 2000f3a8

WolfSSL Log [1]: Free'ing client ssl

WolfSSL Log [1]: Shrinking input buffer

WolfSSL Log [1]: Signature Algorithms extension to free

WolfSSL Log [1]: Point Formats extension free

WolfSSL Log [1]: Supported Groups extension free

WolfSSL Log [2]: wolfSSL Entering wolfSSL_FreeSession

WolfSSL Log [1]: wolfSSL_FreeSession full free

WolfSSL Log [1]: CTX ref count not 0 yet, no free

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_free, return 0

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CTX_free

WolfSSL Log [1]: CTX ref count down to 0, doing full free

WolfSSL Log [2]: wolfSSL Entering wolfSSL_CertManagerFree

WolfSSL Log [3]: wolfSSL Leaving wolfSSL_CTX_free, return 0

WolfSSL Log [2]: wolfSSL Entering wolfSSL_Cleanup

WolfSSL Log [2]: wolfSSL Entering wolfCrypt_Cleanup

kareem_wolfssl · 2025-03-11 16:22:28

kareem_wolfssl
Moderator
Offline

Registered: 2021-07-06
Posts: 165

Re: Not able handshake with google.com after set WOLFSSL_VERIFY_PEER

Hi Mohammed,

As the site you are connecting to is hosted by a CDN, you will most likely need to enable SNI to connect: https://www.wolfssl.com/documentation/m … ssl_usesni
If this doesn't help you can also try enabling alt cert chains via: --enable-altcertchains

Can you share a bit about your project with wolfSSL? Are you using wolfSSL in a personal or commercial project? If these details are sensitive, please contact us at support [AT] wolfssl [DOT] com.

Thanks,
Kareem

Mohammedshameem.tv · 2025-03-24 05:22:38

Mohammedshameem.tv
Member
Offline

Registered: 2025-03-07
Posts: 4

Re: Not able handshake with google.com after set WOLFSSL_VERIFY_PEER

Hi Kareem,

Thank you for your support.

I am using an STM32 board to communicate with my HTTPS server, which is hosted on Google Firebase, for downloading files. As an initial step, I attempted to communicate with google.com by fetching the SSL certificate using openssl through CMD.

When I parse the certificate using wolfSSL_CTX_load_verify_buffer(), it returns SSL_SUCCESS. However, when I attempt to write data to google.com, I encounter the error -188. Interestingly, if I use:
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL) the communication works fine.

Currently, my STM32 board is successfully communicating with my Google Firebase server, but it uses WOLFSSL_VERIFY_NONE, which disables certificate verification. Since this is a commercial project, I want to enhance security by properly verifying the SSL certificate.

Let me know if you need any further details.

Thanks again,
Mohammed

kareem_wolfssl · 2025-03-24 10:47:22

kareem_wolfssl
Moderator
Offline

Registered: 2021-07-06
Posts: 165

Re: Not able handshake with google.com after set WOLFSSL_VERIFY_PEER

Hi Mohammed,

Thank you for the followup. As you are working on a commercial project, please forward your issue to support [AT] wolfssl [DOT] com.

Thanks,
Kareem

Welcome to the wolfSSL Forums!

Not able handshake with google.com after set WOLFSSL_VERIFY_PEER

Posts: 4

1 Topic by Mohammedshameem.tv 2025-03-10 05:10:29 (edited by Mohammedshameem.tv 2025-03-10 05:15:12)

Topic: Not able handshake with google.com after set WOLFSSL_VERIFY_PEER

2 Reply by kareem_wolfssl 2025-03-11 16:22:28

Re: Not able handshake with google.com after set WOLFSSL_VERIFY_PEER

3 Reply by Mohammedshameem.tv 2025-03-24 05:22:38

Re: Not able handshake with google.com after set WOLFSSL_VERIFY_PEER

4 Reply by kareem_wolfssl 2025-03-24 10:47:22

Re: Not able handshake with google.com after set WOLFSSL_VERIFY_PEER

Posts: 4