• Registered: 2016-10-12
  • Posts: 6

Topic: [SOLVED] ASN_BEFORE_DATE_E when calling CTX_load_verify_buffer

Hi, I try to use wolfssl with tirtos in my TM4C1294 Connected LaunchPad, and I follow the instructions in this web page :https://github.com/wolfSSL/wolfssl-examples/tree/master/tirtos_ccs_examples.

But I get an error with code -150 (ASN_BEFORE_DATE_E) when the program call the API wolfSSL_CTX_load_verify_buffer.
I don't modified anything in the project except uncommenting the "#define WOLFSSL_TIRTOS" in wolfssl\wolfssl\wolfcrypt\settings.h.


Can you tell me how to fix the problem?
Thanks a lot.

Share

2 Reply by Kaleb J. Himes (edited by Kaleb J. Himes 2016-10-13 10:01:07)

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: [SOLVED] ASN_BEFORE_DATE_E when calling CTX_load_verify_buffer

Hi stamp_age,

The last time we updated the certificates was on Aug 11 20:07:37 2016 GMT

Since there is no 

 gettimeofday();

on the TIVA-C the time has to be hard-coded.

In the TIVA-C example there should be a define at the top of the file 

#define CURRENTTIME

with some time in epoch seconds.

In the example I have from TI that value is
1410303972 which converted is Tue, 09 Sep 2014 23:06:12 GMT

So basically whats happening is your board thinks it's last year, or sometime before Aug 11 when we updated the certificates in our library.

Please change that value to: 1471035600 which will tell your board it's Aug 12 21:00:00 2016 GMT
                                 or to: 1476377542 which is right now Oct 13 2016 16:52:22 GMT

For other Epoch dates there's a nice tool online here: http://www.epochconverter.com/


Kind Regards,

Kaleb

Kaleb J. Himes's Website

Share

  • Registered: 2016-10-12
  • Posts: 6

Re: [SOLVED] ASN_BEFORE_DATE_E when calling CTX_load_verify_buffer

Hi Kaleb,

Thank you very much.
The problem has been fixed.

Best Regards,
Christopher

Share

  • Registered: 2016-10-12
  • Posts: 6

Re: [SOLVED] ASN_BEFORE_DATE_E when calling CTX_load_verify_buffer

Hi Kaleb,

I was encountered with another problem.
When I use the client demo complied with vs2010 to connect the tls server run in my board, the demo tcpEchoTLS will return an error with code -501(MATCH_SUITE_ERROR). From the network packets captured with wireshark, I saw that the client sent a "client hello" and then the server rejected the connection.

Can you tell me how to fix the problem?
Thanks a lot.

Best Regards,
Christopher

Share

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: [SOLVED] ASN_BEFORE_DATE_E when calling CTX_load_verify_buffer

Hi stamp_age,

Yes I can. I believe you need to define "HAVE_ECC" in the pre-processor macros for VS2010 project to get same ciphers as supported in the TIRTOS project. Try that first and if it does not work we'll go from there.

Edit the file <wolfssl-root>\IDE\WIN\user_settings.h and add the following line at the top of the file just above the line with "/* Configurations */" comment (So both the library and the client/server build with this define): 

#define HAVE_ECC

Now rebuild and try the connection again and let me know if that works.


Kind Regards,

Kaleb

Kaleb J. Himes's Website

Share

  • Registered: 2016-10-12
  • Posts: 6

Re: [SOLVED] ASN_BEFORE_DATE_E when calling CTX_load_verify_buffer

Hi Kaleb,

The problem has been fixed.
Thanks a lot.

Best Regards,
Christopher

Share

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: [SOLVED] ASN_BEFORE_DATE_E when calling CTX_load_verify_buffer

Hi stamp_age,

No problem, glad we could help!


- Kaleb

Kaleb J. Himes's Website

Share