Topic: Client authentication still passed even without client-key/cert.pem
I’m encountering a strange problem: Client authentication still passed even though client-cert.pem and client-key.pem are not loaded in wolfssl client. Client authentication check has been enabled at server side.
Client side (STM32F2+FreeRTOS):
1) Add wolfssl files into my project.
2)
#define FREERTOS
#define WOLFSSL_LWIP
#define WOLFSSL_STM32F2
#define WOLFSSL_IAR_ARM
#define WOLFSSL_STATIC_RSA
#define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
#define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
#define WOLFSSL_LOW_MEMORY
#define DEBUG_WOLFSSL
#define NO_INLINE
#define NO_WOLFSSL_SERVER
#define NO_DES3
#define NO_DH
#define NO_MD4
#define NO_RC4
#define NO_MD5
#define NO_SESSION_CACHE
#define NO_ERROR_STRINGS
#define NO_OLD_TLS
#define NO_PWDBASED
#define NO_HC128
#define NO_SHA512
#define NO_DSA
#define WC_NO_RSA_OAEP
#define NO_CERT
#define USER_TICKS
#define USER_TIME
#define USER_TIME_TJZ_DEF
3) Key code:
wolfSSL_SetLoggingCb(wolfSSL_Logging);
wolfSSL_Debugging_ON();
wolfSSL_library_init();
wolfSSL_load_error_strings();
ssl_ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
wolfSSL_CTX_set_cipher_list(ssl_ctx, "AES128-SHA");
//wolfSSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, 0);
wolfSSL_CTX_load_verify_buffer(ssl_ctx, ca_cert_der_1024, sizeof_ca_cert_der_1024, SSL_FILETYPE_ASN1);
sockfd = socket(xxxx);
connect(sockfd, xxxx,xxxx);
ssl = wolfSSL_new(ssl_ctx);
wolfSSL_set_fd(ssl , sockfd );
4) Use wolfSSL_read()/wolfSSL_write() to send and receive message from server.
Server side: Node.js
Key code:
var wsCa = fs.readFileSync(path.resolve(config.secure.wsCa), 'utf8');
var wsServerCert = fs.readFileSync(path.resolve(config.secure.wsServerCert), 'utf8');
var wsServerKey = fs.readFileSync(path.resolve(config.secure.wsServerKey), 'utf8');
var wsOptions = {
key: wsServerKey,
cert: wsServerCert,
ca: wsCa,
requestCert : true,
secureProtocol: 'TLSv1_2_method',
ciphers: [
'ECDHE-RSA-AES128-GCM-SHA256',
'ECDHE-ECDSA-AES128-GCM-SHA256',
'ECDHE-RSA-AES256-GCM-SHA384',
'ECDHE-ECDSA-AES256-GCM-SHA384',
'DHE-RSA-AES128-GCM-SHA256',
'ECDHE-RSA-AES128-SHA256',
'DHE-RSA-AES128-SHA256',
'ECDHE-RSA-AES256-SHA384',
'DHE-RSA-AES256-SHA384',
'ECDHE-RSA-AES256-SHA256',
'DHE-RSA-AES256-SHA256',
'HIGH',
'!aNULL',
'!eNULL',
'!EXPORT',
'!DES',
'!RC4',
'!MD5',
'!PSK',
'!SRP',
'!CAMELLIA'
].join(':'),
honorCipherOrder: true
};
ws_server = https.createServer(wsOptions, app);
wss = new WebSocketServer({
server: ws_server
});
Can you pls help to find the cause of the problem?
Thanks a lot!
Jack