Topic: Not able to connect with server/ getway, error -313

Dear Team,

I'm testing with wolfssl to integrate with my project and for that i've written small code to connect with server. but, not able to connect.

Whereas, while i'm using examples/client/client.c file then connection is getting success with my certificate.
Kindly suggest the answer.

My code :
int sockfd, err;
    char errorString[80];

    WOLFSSL_CTX* ctx;
    WOLFSSL* ssl;
    WOLFSSL_METHOD* method;
    struct  sockaddr_in servAddr;
    const char message[] = "Hello, World!";

    /* create and set up socket */
    sockfd = socket(AF_INET, SOCK_STREAM, 0);
    printf("Socket created ID:%d \n",sockfd);
    memset(&servAddr, 0, sizeof(servAddr));
    servAddr.sin_family = AF_INET;   
    servAddr.sin_addr.s_addr = inet_addr("66.83.75.170");
    servAddr.sin_port = htons(SERV_PORT);
            
    wolfSSL_Debugging_ON();   
    /* initialize wolfssl library */
    wolfSSL_Init();
    method = wolfTLSv1_2_client_method(); /* use TLS v1.2 */
   
    /* make new ssl context */
    if ( (ctx = wolfSSL_CTX_new(method)) == NULL) {
        err_sys("wolfSSL_CTX_new error\n");
    }
   
    if (wolfSSL_CTX_use_certificate_chain_file(ctx, "certtest/Demo_Cert.pem") != SSL_SUCCESS) {
            wolfSSL_CTX_free(ctx);
            err_sys("can't load client cert file, check file and run from"
                    " wolfSSL home dir");
        }
   
       if (wolfSSL_CTX_use_PrivateKey_file(ctx, "certs/ca-key.pem", SSL_FILETYPE_PEM) != SSL_SUCCESS) {
            wolfSSL_CTX_free(ctx);
            err_sys("can't load client private key file, check file and run "
                    "from wolfSSL home dir");
        }
   
    wolfSSL_CTX_set_cipher_list(ctx,"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
   
    /* Add cert to ctx  Symantec_C3_G3.pem*/
    if (wolfSSL_CTX_load_verify_locations(ctx, "certtest/Comodo_Root.pem", 0) != SSL_SUCCESS) {
    wolfSSL_CTX_free(ctx);
        err_sys("Error loading certtest/Comodo_Root.pem\n");
    }
   
   
   
    wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE,0);
   
    /* make new wolfSSL struct */
    if ( (ssl = wolfSSL_new(ctx)) == NULL) {
        err_sys("wolfSSL_new error\n");
    }
       
                                 
    /* connect to socket */
    int conn = connect(sockfd, (struct sockaddr *) &servAddr, sizeof(servAddr));
    if(conn < 0)
    {
    wolfSSL_CTX_free(ctx);
    printf("TCP Connect error:%d\n",conn);
    err_sys("TCP Connect error return\n");
    }
   /* Connect wolfssl to the socket, server, then send message */
    if (wolfSSL_set_fd(ssl, sockfd) != SSL_SUCCESS) {
        wolfSSL_free(ssl);
        wolfSSL_CTX_free(ctx);
        err_sys("error in setting fd");
    }
   
    int Ret = wolfSSL_connect(ssl);
    if(Ret != SSL_SUCCESS)
    {
    printf("WolfSSL Test steps 8 \n");
       
    err = wolfSSL_get_error(ssl, 0);
    wolfSSL_ERR_error_string(err, errorString);
    printf("WolfSSL connect error :%d, %s\n",Ret,errorString);
    }
   
    if(Ret == SSL_SUCCESS)
        wolfSSL_write(ssl, message, strlen(message));

    /* frees all data before client termination */
    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
    wolfSSL_Cleanup();

Getting error 40 & -313

but, if i used the examples/client/client.c like below then getting success.

./examples/client/client -h 65.124.118.187 -p 443 -c ./certtest/Demo_Cert.pem -A ./certtest/Comodo_Root.pem -d


Kindly suggest the mistake in my code. I'm attaching the test certificate.

Regards,
Sanjay

Post's attachments

certtest.rar 3.33 kb, 3 downloads since 2017-08-31 

You don't have the permssions to download the attachments of this post.

Share

Re: Not able to connect with server/ getway, error -313

Hi Sanjay,

The call to set cipher list is failing, but you are not checking the return code. The correct syntax for the cipher suite is: `ECDHE-RSA-AES128-GCM-SHA256`. You can use this command to see a list of supported cipher suites: `./examples/client/client -e`.

`./examples/client/client -h 66.83.75.170 -p 443 -c ./certtest/Demo_Cert.pem -A ./certtest/CA_Root.pem -d -l ECDHE-RSA-AES128-GCM-SHA256`

Also we have some simple TLS client examples here:
https://github.com/wolfSSL/wolfssl-exam … master/tls

Let me know if that resolves the issue.

Thanks,
David Garske, wolfSSL

Share

Re: Not able to connect with server/ getway, error -313

dgarske wrote:

Hi Sanjay,

The call to set cipher list is failing, but you are not checking the return code. The correct syntax for the cipher suite is: `ECDHE-RSA-AES128-GCM-SHA256`. You can use this command to see a list of supported cipher suites: `./examples/client/client -e`.

`./examples/client/client -h 66.83.75.170 -p 443 -c ./certtest/Demo_Cert.pem -A ./certtest/CA_Root.pem -d -l ECDHE-RSA-AES128-GCM-SHA256`

Also we have some simple TLS client examples here:
https://github.com/wolfSSL/wolfssl-exam … master/tls

Let me know if that resolves the issue.

Thanks,
David Garske, wolfSSL

Hi David,

I replaced the wolfSSL_CTX_set_cipher_list(ctx,"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); line with wolfSSL_CTX_set_cipher_list(ctx,"ECDHE-RSA-AES128-GCM-SHA256");

but, still getting same error. As i informed you that it's working well with examples/client/client.c like below then getting success.
./examples/client/client -h 65.124.118.187 -p 443 -c ./certtest/Demo_Cert.pem -A ./certtest/Comodo_Root.pem -d

but, my code is not working. sad

I'm stuck here and not able to use this library.

Waiting for your suggestion.

Regards,
Sanjay

Share

Re: Not able to connect with server/ getway, error -313

Hi Sanjay,

Could you send us your test code so we can see what the issue might be.

Also as a note the certs you sent required me to test this with

-A ./certtest/CA_Root.pem

. Comodo_Root.pem was not present as your command showed.


Warm Regards,

Kaleb

Re: Not able to connect with server/ getway, error -313

Hi sanjay,

Could you tell us a little about the project you are working on? Is this an old solution you are bringing up to date or is this a new project?


Warm Regards,

Kaleb

Re: Not able to connect with server/ getway, error -313

Kaleb J. Himes wrote:

Hi sanjay,

Could you tell us a little about the project you are working on? Is this an old solution you are bringing up to date or is this a new project?


Warm Regards,

Kaleb

Hi Kaleb,

This is new for Wolfssl. we are using openssl as of now but, due to transmission speed it taking 4 second for handshaking with gateway. we want to integrate the Wolfssl if can improve the speed.

Regards,
Sanjay

Share