Topic: EK-TM4C129EXL with Example project httpsGet

Hello,
I have imported and compiled the example project httpsGet in my workspace, so far so good.
When I start the project I get the following output in console:

Starting the HTTPS GET example
System provider is set to SysMin. Halt the target to view any SysMin contents in ROV.
Service Status: DHCPC    : Enabled  :          : 000
Service Status: DHCPC    : Enabled  : Running  : 000
Network Added: If-1:192.168.1.220
Service Status: DHCPC    : Enabled  : Running  : 017
Current time: Thu Nov  8 13:35:16 2018

Sending a HTTPS GET request to 'www.example.com:443'
Error! code = -1, desc = httpsTask: TLS create failed



What does this error code -1 mean and why can TLS_create not be executed successfully?

Share

Re: EK-TM4C129EXL with Example project httpsGet

I forgot,

In Readme.txt I have a certificate of:
ev-root.digicert.com/.../index.html
should download, but this url does not exist anymore.
So where do I get this certificate for www.example.com?

Share

Re: EK-TM4C129EXL with Example project httpsGet

Hi Mark,

Thanks for reaching out to wolfSSL. Can you tell me where the example came from? Is it an example we maintain and distribute or is it from a third party?

Two things that can assist us in debugging the issue. If you add the setting "#define DEBUG_WOLFSSL" to your project and then invoke

wolfSSL_Debugging_ON();

in your application and send us the log that can be most helpful.

Also if you are able to sniff the connection with wireshark and send us a .pcap of the failed connection that can also provide very useful insight into issues.

As for the -1 error code, if it came from the TLS level it would indicate a failure at the TLS level but is not overly useful as TLS errors can be for many reasons. If you can get the internal error code that is more useful for determining what occurred. This can be fetched with:

int err;
char buffer[WOLFSSL_MAX_ERROR_SZ];

...

err = wolfSSL_get_error(ssl, 0);
printf("error code at time of failure was: %d, %s\n", err,                   
                                         wolfSSL_ERR_error_string(err, buffer));

Warm Regards,

K

Re: EK-TM4C129EXL with Example project httpsGet

Hi,

I work with the hardware EK-TM4C129EXL. I have Code Composer Studio 6.1.2 and the operating system is TI-RTOS v2.16.1.14 installed. I have successfully completed the sample project:
httpsget_EK_TM4C129EXL_TI_TivaTM4C129ENCPDT
imported and compiled. I did not change the source code except updating the certificate.

I have included the certificate of "www. tbs-certificates.co.uk/.../DigiCert_High_Assurance_EV_Root_CA.html" and TLS_create will run successfully. But now comes the following output:

//*** Console **\\
Starting the HTTPS GET example
System provider is set to SysMin. Halt the target to view any SysMin contents in ROV.
Service Status: DHCPC : Enabled : : 000
Service Status: DHCPC : Enabled : Running : 000
Network Added: If-1:192.168.178.54
Service Status: DHCPC : Enabled : Running : 017
Current time: Fri Nov 9 08:47:41 2018

Sending a HTTPS GET request to "www. example .com"
Error! code = -103, desc = httpsTask: send failed
//*** ***\\

Before HTTPCli_sendRequest is called, the HTTPCli_connect function succeeds.
Can it be that the server does not accept this certificate?

Anything else,

I inserted the function printError ("httpsTask: socket error code", HTTPCli_getSocketError (& cli))

after HTTPCli_sendRequest and the following socket error code appears: -313

Share

Re: EK-TM4C129EXL with Example project httpsGet

So it is done. In the example project, I have activated the wolfSSL debug mode.
Console:


Starting the HTTPS GET example
System provider is set to SysMin. Halt the target to view any SysMin contents in ROV.
Service Status: DHCPC    : Enabled  :          : 000
Service Status: DHCPC    : Enabled  : Running  : 000
Network Added: If-1:192.168.178.54
Service Status: DHCPC    : Enabled  : Running  : 017
Current time: Fri Nov  9 21:56:32 2018

Sending a HTTPS GET request to 'www.example.com:443'
wolfSSL Entering WOLFSSL_CTX_new
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_load_verify_buffer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_set_fd
wolfSSL Leaving SSL_set_fd, return 1
wolfSSL Entering wolfSSL_send()
wolfSSL Entering SSL_write()
handshake not complete, trying to finish
wolfSSL Entering wolfSSL_negotiate
wolfSSL Entering SSL_connect()
growing output buffer

Shrinking output buffer

connect state: CLIENT_HELLO_SENT
received record layer msg
got ALERT!
Got alert
wolfSSL error occured, error = 40
wolfSSL error occured, error = -313
wolfSSL Leaving wolfSSL_negotiate, return -1
wolfSSL Leaving SSL_write(), return -1
wolfSSL Leaving wolfSSL_send(), return -1
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -313
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return 0
wolfSSL Entering ERR_error_string
error code at time of failure was: 0, no support for error strings built in
Error! code = -103, desc = httpsTask: send failed


I downloaded the certificate from https://www.tbs-certificates.co.uk/FAQ/ … ot_CA.html in .pem format:

uint8_t ca[] =
"MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs\
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\
ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL\
MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\
LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug\
RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm\
+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW\
PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM\
xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB\
Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3\
hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg\
EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF\
MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA\
FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec\
nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z\
eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF\
hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2\
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe\
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\
+OkuE6N36B9K";


I hope that it helps you

Share

Re: EK-TM4C129EXL with Example project httpsGet

Here is the debug output when I try to call www.beispiel.de:443 with the same client certificate:

Starting the HTTPS GET example
System provider is set to SysMin. Halt the target to view any SysMin contents in ROV.
Service Status: DHCPC    : Enabled  :          : 000
Service Status: DHCPC    : Enabled  : Running  : 000
Network Added: If-1:192.168.178.54
Service Status: DHCPC    : Enabled  : Running  : 017
Current time: Sat Nov 10 09:43:07 2018

Sending a HTTPS GET request to w w w.beispiel.de:443'
wolfSSL Entering WOLFSSL_CTX_new
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_load_verify_buffer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_set_fd
wolfSSL Leaving SSL_set_fd, return 1
wolfSSL Entering wolfSSL_send()
wolfSSL Entering SSL_write()
handshake not complete, trying to finish
wolfSSL Entering wolfSSL_negotiate
wolfSSL Entering SSL_connect()
growing output buffer

Shrinking output buffer

connect state: CLIENT_HELLO_SENT
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing server hello
wolfSSL Entering VerifyClientSuite
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing certificate
Loading peer's cert chain
    Put another cert into chain
    Put another cert into chain
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeCrlDist
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
No CA signer to verify with
Failed to verify CA from chain
Verifying Peer's cert
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeExtKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthInfo
wolfSSL Entering GetObjectId()
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAltNames
wolfSSL Entering GetObjectId()
Certificate Policy extension not supported yet.
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
About to verify certificate signature
No CA signer to verify with
Failed to verify Peer's cert
    No callback override available, fatal
wolfSSL Leaving DoHandShakeMsgType(), return -188
wolfSSL Leaving DoHandShakeMsg(), return -188
wolfSSL error occured, error = -188
wolfSSL Leaving wolfSSL_negotiate, return -1
wolfSSL Leaving SSL_write(), return -1
wolfSSL Leaving wolfSSL_send(), return -1
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -188
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return 0
wolfSSL Entering ERR_error_string
error code at time of failure was: 0, no support for error strings built in
Error! code = -103, desc = httpsTask: send failed

Share

Re: EK-TM4C129EXL with Example project httpsGet

Hi Mark,

Thanks for the logs, that is helpful because I can see the connection is aborted by the server sending alert 40 immediately after the client hello message is received. This indicates the server is looking for something and the client isn't sending it so the server isn't going to waste anymore time on that particular handshake.

The most common occurrence of this is from extensions, mis-matched cipher suites, and/or wrong protocol version. Could you check if the below defines are present in the WOLFSSL_TIRTOS section of wolfssl-3.15.5/wolfssl/wolfcrypt/settings.h

#define HAVE_SUPPORTED_CURVES
#define HAVE_TLS_EXTENSIONS

If you are using an older version of wolfSSL (IE not v3.15.5) then let me know which version you are on and if those settings are present.

Are you able to capture a wireshark trace? If not is the server you're connecting to public? Could we test it ourselves to see which cipher suites and protocol versions it supports?

- K

8 (edited by mark 2018-11-13 08:48:32)

Re: EK-TM4C129EXL with Example project httpsGet

Hello,
I use wolfSSL-3.8.0. The server url is https://www.example.com
This address is from the Texas Instrument TI-RTOS example and it is a public server.
Unfortunately, the two defines do not exist in the settings.h.
I use:
Hardware: EK-TM4C129EXL
Operating System: TI-RTOS for Tiva v 2.16.1.14
XDCtools version: 3.32.0.06_core
Project: httpsget_EK_TM4C129EXL_TI_TivaTM4C129ENCPDT

What should I do?

Share

Re: EK-TM4C129EXL with Example project httpsGet

Hi Mark,

I ran a quick test to see if that server does reject connections that do not present he supported curves extension and sure enough it does reject such connections!

RESULTS:

Test without supported curves extension:

./configure --disable-supportedcurves
make
./examples/client/client -d -g -h example.com -p 443
wolfSSL_connect error -313, revcd alert fatal error
wolfSSL error: wolfSSL_connect failed

Test WITH supported curves extension:

./configure --enable-supportedcurves
make
./examples/client/client -d -g -h example.com -p 443
ECDHE-RSA-AES128-GCM-SHA256
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
SSL curve name is SECP256R1
SSL connect ok, sending GET...
HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/html
Date: Tue, 13 N
ov 2018 17:24:28 GMT
Last-Modified: Tue, 13 Nov 2018 16:54:12 GMT
Server: ECS

Could you add the settings

#define HAVE_SUPPORTED_CURVES
#define HAVE_TLS_EXTENSIONS

To the WOLFSSL_TIRTOS section in your version of wolfSSL, rebuild the application, and run the test again? Let me know your results!

- K

Re: EK-TM4C129EXL with Example project httpsGet

hi,
I added the two defines to the settings.h file and then rebuilt it with gmake.exe. Then I compiled and started my ccs project. The following message comes:

Starting the HTTPS GET example
System provider is set to SysMin. Halt the target to view any SysMin contents in ROV.
Service Status: DHCPC    : Enabled  :          : 000
Service Status: DHCPC    : Enabled  : Running  : 000
Network Added: If-1:192.168.178.54
Service Status: DHCPC    : Enabled  : Running  : 017
Current time: Fri Nov 16 07:02:33 2018

Sending a HTTPS GET request to 'www.example.de:443'
wolfSSL Entering WOLFSSL_CTX_new
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_load_verify_buffer
Adding a CA
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeKeyUsage
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeBasicCaConstraint
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeSubjKeyId
wolfSSL Entering GetObjectId()
wolfSSL Entering DecodeAuthKeyId
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
wolfSSL Leaving AddCA, return 0
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_set_fd
wolfSSL Leaving SSL_set_fd, return 1
wolfSSL Entering wolfSSL_send()
wolfSSL Entering SSL_write()
handshake not complete, trying to finish
wolfSSL Entering wolfSSL_negotiate
wolfSSL Entering SSL_connect()
growing output buffer

Shrinking output buffer

connect state: CLIENT_HELLO_SENT
Embed Receive error
    Connection reset
wolfSSL error occured, error = -308
wolfSSL Leaving wolfSSL_negotiate, return -1
wolfSSL Leaving SSL_write(), return -1
wolfSSL Leaving wolfSSL_send(), return -1
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -308
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return 0
wolfSSL Entering ERR_error_string
error code at time of failure was: 0, no support for error strings built in
Error! code = -103, desc = httpsTask: send failed

Share

Re: EK-TM4C129EXL with Example project httpsGet

Hello,
Unfortunately, I still could not build a successful communication. The report is in the above post. How should I proceed? Maybe another WolfSSL version? I just want to try out the TI-RTOS https test project.

Share

Re: EK-TM4C129EXL with Example project httpsGet

Hi Mark,

Do you have the setting

#define HAVE_ECC

set in the TIRTOS section of wolfssl-3.15.5/wolfssl/wolfcrypt/settings.h?

Re: EK-TM4C129EXL with Example project httpsGet

Hi Mark,

Rod Weaver just informed me you have a short timeline (2 - 3 days). I am going to open a support incident in wolfSSL Zendesk on your behalf for best response times and tracking!

- K