• gary
  • Member
  • Offline
  • Registered: 2021-07-16
  • Posts: 2

Topic: Curl with Wolf connect problems

Trying wolf with curl:
curl-7.76.0
wolfssl-4.8.0
Building all with Visual Studio 2010, v100 toolset.

Using certs from:
https://curl.se/docs/caextract.html
renamed to:
cacert.pem

In the app using curl, the curl log reports:

 Trying 40.112.72.205:443...
 Connected to microsoft.com (40.112.72.205) port 443 (#0)
 successfully set certificate verify locations:
 CAfile: D:\Programming(D)\Workspaces\VS_2010 Workspaces\CurlLibTest\Curl_Local\bin\cacert.pem
 CApath: none
 subject alt name(s) or common name do not match "microsoft.com"
 Closing connection 0

Going back to the wolfssl project to see if it works, and trying the client.exe app with:

 client.exe -h google.com -p 443 -a cacert.pem
  wolfSSL_connect error -188, ASN no signer error to confirm failure
  wolfSSL error: wolfSSL_connect failed

Im using the default user_settings.h file from the IDE/WIN folder, and:
I do not see FIPS defined anywhere.
Current new options added:

 #define OPENSSL_EXTRA
 #define WOLFSSL_DES_ECB        // for wolfSSL_DES_ecb_encrypt() used by curl
 #define WOLFSSL_ALT_CERT_CHAINS    // test fix client app connect - no fix

And have tried most all options from user_settings_all.h with no luck.

I'm assuming if I can get client.exe to work with certs, I can get curl to work.
Note calling:

 client.exe -h google.com -p 443 -d  
and
 client.exe -h example.com -p 443 -d -g

works fine.

Also, the curl app with openssl works fine. I'm trying to get away from openssl.


Any suggestions?

Thanks,

Share

  • Registered: 2021-07-06
  • Posts: 187

Re: Curl with Wolf connect problems

Hello Gary,

Do you see this issue with curl for all sites, or just microsoft.com?
Can you try the WOLFSSL_ALLOW_NO_CN_IN_SAN flag?
If that doesn't help, please generate a debug log by rebuilding with WOLFSSL_DEBUG defined and attach it here.  Please also include your curl command line or code.

For wolfSSL's client, try using -A to pass in your CA cert, not -a.

Thanks,
Kareem

Share

  • gary
  • Member
  • Offline
  • Registered: 2021-07-16
  • Posts: 2

Re: Curl with Wolf connect problems

Thanks for the help Kareem.

Got everything to work.

For the wolfssl client.exe, the problem was not using the -A param
as you mentioned, and having the wolfSSL home dir messed up as
mentioned here:
  https://github.com/wolfSSL/wolfssl/issues/2343

For curl when building using the IDE Project file, it was not having
all the needed wolf #define options set up properly for both wolf
and curl.

Share