• Registered: 2023-03-15
  • Posts: 5

Topic: Unable to connect to smtp.gmail.com 465

Hi, I need to learn how to use wolfssl so, I have write a client to connect to a local server with a self signed certificate and it works.
Now I want to connect to a real server so I'm trying to connect to smtp.gmail.com but my client does not work. I obtain the error

wolfSSL_connect() Error!!!
Error: -188, ASN no signer error to confirm failure

I have downloaded the certificate with this command line:

openssl s_client -showcerts -connect smtp.gmail.com:465 </dev/null | sed -n -e '/-.BEGIN/,/-.END/ p' > gmail.crt

and this is my client. To start it please type:
./Test02 smtp.gmail.com 465 gmail.crt
Can anyone help me?
Best regards.

#include <QCoreApplication>
#include "QDebug"
#include <wolfssl/options.h>
#include <wolfssl/ssl.h>

int main(int argc, char *argv[]) {
    QString RemoteServer;
    QString Certificate;
    int RemoteSocket= 0;
    if (argc> 2) {
        RemoteServer= argv[1];
        RemoteSocket= QString(argv[2]).toInt();
        Certificate= argv[3];
        qDebug() << RemoteServer << RemoteSocket << Certificate;
    }
    wolfSSL_Debugging_ON();
    int Result= wolfSSL_Init();
    if (Result!= WOLFSSL_SUCCESS) printf("wolfSSL_Init() Error!!!\n");
    else {
        WOLFSSL_CTX *Context= wolfSSL_CTX_new(wolfTLS_client_method());
        if (!Context) printf("wolfSSL_CTX_new() Error!!!\n");
        else {

            //Result = wolfSSL_CTX_UseSNI(Context, WOLFSSL_SNI_HOST_NAME, Certificate.toStdString().c_str(), Certificate.toStdString().size());


            Result= wolfSSL_CTX_use_certificate_file(Context, Certificate.toStdString().c_str(), SSL_FILETYPE_PEM);
            if (Result!= WOLFSSL_SUCCESS) printf("wolfSSL_CTX_use_certificate_file() Error!!!\n");
            else {
                if (Result!= WOLFSSL_SUCCESS) printf("wolfSSL_CTX_set_cipher_list() Error!!!\n");
                else {
                    Result= wolfSSL_CTX_load_verify_locations(Context, Certificate.toStdString().c_str(), nullptr);
                    if (Result!= WOLFSSL_SUCCESS) printf("wolfSSL_CTX_load_verify_locations() Error!!!\n");
                    else {
                        struct hostent *he= gethostbyname(RemoteServer.toStdString().c_str());
                        if (!he) printf("gethostbyname() Error!!!\n");
                        else {
                            struct in_addr **addr_list= (struct in_addr**)he->h_addr_list;
                            if (!addr_list[0]) printf("addr_list Error!!!\n");
                            else {
                                struct sockaddr_in AddrCloud;
                                AddrCloud.sin_addr.s_addr= *(long*)(he->h_addr);
                                AddrCloud.sin_family= AF_INET;
                                AddrCloud.sin_port= htons(RemoteSocket);
                                int Socket= socket(AF_INET, SOCK_STREAM, IPPROTO_IP);
                                if (Socket< 0) printf("SocketClient Error!!!\n");
                                else {


                                    //wolfSSL_CTX_set_verify(Context, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, nullptr);


                                    WOLFSSL *ssl= wolfSSL_new(Context);
                                    if (!ssl) printf("wolfSSL_new() Error!!!\n");
                                    else {
                                        Result= wolfSSL_set_fd(ssl, Socket);
                                        if (Result!= WOLFSSL_SUCCESS) printf("wolfSSL_set_fd() Error!!!\n");
                                        else {
                                            Result= connect(Socket, (struct sockaddr*)&AddrCloud, sizeof(AddrCloud));
                                            if (Result!= 0) printf("connect() Error!!!\n");
                                            else {
                                                printf("CLIENT_CONNECTION_OPEN, try to bring up ssl client layer...\n");
                                                Result= wolfSSL_connect(ssl);
                                                if (Result!= WOLFSSL_SUCCESS) {
                                                    printf("wolfSSL_connect() Error!!!\n");
                                                    Result= wolfSSL_get_error(ssl, Result);
                                                    char Buffer[128];
                                                    wolfSSL_ERR_error_string(Result, Buffer);
                                                    printf("Error: %d, %s\n", Result, Buffer);
                                                } else {
                                                    printf("CLIENT_CONNECTION_OPEN, ssl client layer ok\n");
                                                    printf("SSL_get_version() %s\n", wolfSSL_get_version(ssl));
                                                    printf("SSL_get_cipher() %s\n", wolfSSL_get_cipher(ssl));
                                                    if (wolfSSL_get_peer_certificate(ssl)) {
                                                        Result= wolfSSL_get_verify_result(ssl);
                                                        if (Result== X509_V_OK) printf("Certiticate Verification Succeeded\n");
                                                        else if (Result== X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) printf("Certiticate X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT Error!!!\n");
                                                        else if (Result== X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) printf("X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN Error!!!\n");
                                                        else {
                                                            printf("Certiticate Verification Failed %d\n", Result);
                                                        }
                                                    }
                                                    char Buffer[]= "Hello world!!!\n";
                                                    Result= wolfSSL_write(ssl, Buffer, sizeof(Buffer));
                                                    if (Result!= sizeof(Buffer)) printf("wolfSSL_write() Error!!!\n");
                                                    else {
                                                        Result= wolfSSL_pending(ssl);
                                                        if (Result> 0) {
                                                            memset(Buffer, '0', sizeof(Buffer));
                                                            Result= wolfSSL_read(ssl, Buffer, sizeof(Buffer));
                                                            printf("%d, %s\n", Result, Buffer);
                                                        }
                                                    }
                                                    printf("ee1\n");
                                                    wolfSSL_shutdown(ssl);
                                                    printf("ee2\n");
                                                }
                                            }
                                        }
                                        wolfSSL_free(ssl);
                                    }
                                    shutdown(Socket, 0);
                                    close(Socket);
                                }
                            }
                        }
                    }
                }
            }
            wolfSSL_CTX_free(Context);
        }
        wolfSSL_Cleanup();
    }
    return 0;
}

Share

2 Reply by mrdebug (edited by mrdebug 2023-03-15 04:46:44)

  • Registered: 2023-03-15
  • Posts: 5

Re: Unable to connect to smtp.gmail.com 465

I have the same problem with client example provided with wolfssl sources.
I have downloaded tge google certificate with thos command line:

openssl s_client -showcerts -connect www.google.com:443 </dev/null | sed -n -e '/-.BEGIN/,/-.END/ p' > google.crt

and if I execute the client with this command line

./examples/client/client -h www.google.com -p 443 -g -A google.crt -v 3

I obtain the error

wolfSSL_connect error -188, ASN no signer error to confirm failure
wolfSSL error: wolfSSL_connect failed

Share

  • From: Mobile, AL
  • Registered: 2013-12-11
  • Posts: 298

Re: Unable to connect to smtp.gmail.com 465

Hi mrdebug,

Thanks for joining the wolfSSL Forums. Try enabling alternate cert chains with 

--enable-altcertchains

./examples/client/client -h www.google.com -p 443 -g -v 3 -A google.crt 
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
SSL curve name is SECP256R1
Alternate cert chain used
SSL connect ok, sending GET...
HTTP/1.0 200 OK
Date: Wed, 15 Mar 2023 13:34:58 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Server: gws
X-XSS-Protection: 0
X-Fra

embhorn's Website

Share

  • Registered: 2023-03-15
  • Posts: 5

Re: Unable to connect to smtp.gmail.com 465

Perfect, and which is the way to enable
--enable-altcertchains
in wolfssl for esp32?

Share

  • From: Mobile, AL
  • Registered: 2013-12-11
  • Posts: 298

Re: Unable to connect to smtp.gmail.com 465

You can use the configuration define 

WOLFSSL_ALT_CERT_CHAINS

embhorn's Website

Share

  • Registered: 2023-03-15
  • Posts: 5

Re: Unable to connect to smtp.gmail.com 465

Many thanks so, where I have to put this switch? In which file?

Share

  • From: Mobile, AL
  • Registered: 2013-12-11
  • Posts: 298

Re: Unable to connect to smtp.gmail.com 465

I am answering your questions via the support ticket you opened in our ZenDesk portal

embhorn's Website

Share