• Registered: 2023-09-08
  • Posts: 5

Topic: wolfssl_connect error -188 when connecting to a websocket server

I am trying to connect a secure websocket sever with wolfssl client example, I run client example like:

./build/examples/client/client -h xx.x.xxx.com -p 443 -c certs/client_cert.pem -k certs/client_key.pem -A certs/server_cert.pem

After I run this I got error says 'wolfSSL_connect error -188, ASN no signer error to confirm failure', which I assume that there is problem about server certificate which I gave as paramater with -A.

But I am sure that these certificate setup works with a python code like:
```
load_verify_locations(server_cert_path)
load_cert_chain(client_cert_path, client_key_path)
```
What am I missing?

P.S. I unfortunately cannot share the host address and the certificates.

Share

  • Registered: 2021-08-12
  • Posts: 74

Re: wolfssl_connect error -188 when connecting to a websocket server

Hi,

` -A certs/server_cert.pem` suggests it is a server certificate; not a root CA certificate.

Can yo please let us know a bit about yourself and your project.  This helps us classify your inquiry.

Warm regards, Anthony

Share

  • Registered: 2023-09-08
  • Posts: 5

Re: wolfssl_connect error -188 when connecting to a websocket server

Hi Anthony,
Of course I can give some details about the project. I am trying to connect a secure websocket server with and esp32 board using IDF framework, websocket component and wolfssl. I got same error when I tried with esp32(-188). So,  just want to try simple client example which wolfssl have but I got the same error.

I am using a trust anchor certificate which signed with an CA root certificate when I am trying to connect that server. I believe that there is an issue here which cause the error.

Wolfssl should stop checking certificate chain and finish validating the connection when it meets with the trust anchor certificate, but it tries to find its issuer which is the CA root certificate I dont have. This issue is related another post of mine(https://www.wolfssl.com/forums/topic2035-equivalent-config-for-x509vflagpartialchain.html). On that post you can see that there is flag settings which solves this issue for python. I already tested with the python part and its worked.

I am not definitely sure but if I can set wolfssl to stop and finish verification successfully when it reaches trust anchor certificate may solve the problem.

Share

  • Registered: 2021-08-12
  • Posts: 74

Re: wolfssl_connect error -188 when connecting to a websocket server

Hi, I understand you cannot share the host address nor the certificate and that is fine. Can you make a certificate chain that reproduces this ?

Warm regards, Anthony

Share