Topic: error -144 ASN_OBJECT_ID_E /* invalid id */

during the SSL handshake I am receiving this error.

error -144 ASN_OBJECT_ID_E  /* invalid id */

it appears to throw the error in asn.c GetName(). 

Seen this before? any suggestions to troubleshoot?

Share

Re: error -144 ASN_OBJECT_ID_E /* invalid id */

Hi j3g,

Have you checked the value you are getting for "b" in GetName()?  CyaSSL is expecting the tag 0x06 (ASN_OBJECT_ID).

Is the server you are testing against public?  If not, could you send the server certificate and server key you are using to support@yassl.com?

Thanks,
Chris

Re: error -144 ASN_OBJECT_ID_E /* invalid id */

are there tools that can verify a certificate is valid and void of any errors?

Share

Re: error -144 ASN_OBJECT_ID_E /* invalid id */

update. I created a new certificate and key (the previous cert had been generated by a co-worker). I got past the previous problem.

I now get an error of ASN_SIG_CONFIRM_E (-155).

Share

Re: error -144 ASN_OBJECT_ID_E /* invalid id */

Are you using the most current version of CyaSSL (2.0)?  We changed several things in 2.0 as far as certificate handling.  Let me know if you still get the error with 2.0.

- Chris

6 (edited by j3g 2011-05-13 16:11:04)

Re: error -144 ASN_OBJECT_ID_E /* invalid id */

sadly i'm running 1.8 because I've made serious modifications to get cyassl embedded SSL running in a non-standard environment. I want to get 1.8 ported and running, then update to 2.0. Mainly because of those pesky deadlines  cool

Can you describe what the error is intended to mean? Looking at 2.0 source it gives a little more clarrification from this line of code

CYASSL_MSG("No CA signer to verify with");

I am running cyassl as a client. Maybe I missed a step of loading a CA. My code is loading one cert as the CA cert during the CyaSSL_CTX_load_verify_buffer(). Is it possible my CA PEM is incomplete?

My CA loading code:

CyaSSL_CTX_load_verify_buffer(ctx, caCertBuffer, caCertBufferSize, SSL_FILETYPE_PEM)

Maybe I am fundamentally doing something wrong. Any insight?

Share

Re: error -144 ASN_OBJECT_ID_E /* invalid id */

Could you tell me a little more about the chain you are trying to verify, and the CA certs you are loading?  Such as:

- Structure of your server certificate
- Does your CA certificate file which you are loading contain only a single CA cert?
- If so, is it signed by anyone else (another CA)?

Thanks,
Chris