1

(1 replies, posted in wolfSSL)

The compiler stops with an error in src/io.
The error is in function EmbedReceiveFrom at line 403 with the error message storage size of ' peer' isn't known.
I also get the same error in function EmbedGenerateCookie and a warning "unused variable 'peer'.
How do I reconcile this error?

Hi Kaleb:

You're correct. I  #define NO_DEV_RANDOM.

To solve this  issue I used a wcGenerateSeed implementation from  a older CYASSL implementation for  a STM32F1 environment and it compiled.

Thanks for help. Much appreciated.


Will

When I compile wolfcrypt/src/random.c I get  an error:

#error "you need to write an os specific    wc_GenerateSeed() here"

I have no idea what this means. Please help!

Thanks

Hi Kaleb:

I am building on a Widows platform. I found the by including #define SINGLE_THREADED in  settings.h  the problem went away. I will include  user_settings in my builds. Thanks for your advice.

Kind regards,

Will

I have included wolfssl in my build according to the instruction manual. I mean I added #include  <wolfssl.ssl.h>.
The build log shows the error:

in file included from ./wolfssl/wolfcrypt/types.h:28:0
from ./wolfssl/internal.h:28
from wolfsslclient.c:30
./wolfssl/wolfcrypt/wc_port.h:105:9: error unknown type name 'pthread_mutex_t'

I can't find a definition for this type  in wolfssl-3.9.8
Can anybody shed some light on this problem so that I can build my program?

Thank you

6

(3 replies, posted in wolfSSL)

***** Correction****

Hi Kaleb;
I see now that the error code -213 is actually an  error codes of CYASSL (code that I may convert to WOLFSSL) and is not the WOLFSSL error code.

The CYASSL error code is -213 meaning "recvd alert fatal error.". This must be equivalent to the wolfssl code -313. This happened after "Client Hello Sent" message. Sorry about the confusion and bad post.
I notice some posts related to the error -313. I will see how they relate to my connection issue.

Thanks for taking the time to post .

7

(3 replies, posted in wolfSSL)

I connected to the Apple site but  I got error code -213 back. Manual says "MAC comparison failed"

I loaded a certificate into the buffer and the program was successful until  these messages:

Client Hello sent
***FATAL ERROR*** NO AUTH
SSL_connect failed
Error = -213

Can someone provide details on this error, please?

On page 129 of the WOLFSSL manual is the following:

Before the SSL_connect() can be issued, the user must supply wolfSSL with a valid socket file descriptor, sockfd in the example above. sockfd is typically the result of the TCP function socket() which is later established using TCP connect(). The following creates a valid client side socket descriptor for use with a local wolfSSL server on port 11111, error handling is omitted for simplicity.
int sockfd = socket(AF_INET, SOCK_STREAM, 0);
sockaddr_in servaddr;
memset(&servaddr, 0, sizeof(servaddr));
servaddr.sin_family = AF_INET;
servaddr.sin_port = htons(11111);
servaddr.sin_addr.s_addr = inet_addr("127.0.0.1");
connect(sockfd, (const sockaddr*)&servaddr, sizeof(servaddr));

How do you issue a connect  without the server IP address? The code above supplies an  IP address of “127.0.0.1”. Well, what if you only have the common name of the  server? Is there a routine to get the ip address so that it can be plugged into inet_addr(“ “)?

I have been getting a return of -1 from connect and I can’t figure out what is going wrong.

Thanks

Hi Kaleb:

I stripped out the private key and used it in a separate file.  I got a long way  with that. Seriously.

Wolfssl closed out with error -343 :peer sent close notify.

I guessed that I didn't send any more data so Apple closed me out and Wolfssl  gave me a Zero_return.

Can you confirm that is what happened?


Thank you so much.

Will

Hi Kaleb:

Thanks so much for analysing the file which I sent.

The keyfile (devkeyslockhome.pem) that I tried to load actually is the same as the certificate file. Strange but true. I did it this way  because the certificate file contained the private key. Nothing else was working so I gave it a try.

You asked whether there is a purpose for having the key file in the same file as the certificate. The short answer is  I don't know.  When Apple issued the certificate apparently it issued it with the private key attached to the certificate. I simply exported the certificate  ( which was in .p12  format) out of my Mac and  converted it to a .PEM file. The  private key came along as  part of that process. Perhaps Apple has a reason for including the key in the certificate file or perhaps the Mac export process added the private key to the certificate. I don't know.

I will strip out the private key, put it in a file, and  try again.

Thank you.

All the best,

Will

Hi Kaleb:
This is the file slockhomecerts.pem with the private key removed. I noticed it is not in hexidecimal. Is that the problem?

Bag Attributes
    friendlyName: Apple Development IOS Push Services: ca.innovax.slockhome
    localKeyID: B4 7A 23 DA DB 77 B7 FB FA 9E 48 1B 87 0B 53 B6 17 D3 F4 4E
subject=/UID=ca.innovax.slockhome/CN=Apple Development IOS Push Services: ca.innovax.slockhome/OU=AHJNDK3D2Q/C=US
issuer=/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgIIF4P9IRlXiuowDQYJKoZIhvcNAQEFBQAwgZYxCzAJBgNV
BAYTAlVTMRMwEQYDVQQKDApBcHBsZSBJbmMuMSwwKgYDVQQLDCNBcHBsZSBXb3Js
ZHdpZGUgRGV2ZWxvcGVyIFJlbGF0aW9uczFEMEIGA1UEAww7QXBwbGUgV29ybGR3
aWRlIERldmVsb3BlciBSZWxhdGlvbnMgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
HhcNMTYwNzI2MTQwMzI0WhcNMTcwNzI2MTQwMzI0WjCBjDEkMCIGCgmSJomT8ixk
AQEMFGNhLmlubm92YXguc2xvY2tob21lMUIwQAYDVQQDDDlBcHBsZSBEZXZlbG9w
bWVudCBJT1MgUHVzaCBTZXJ2aWNlczogY2EuaW5ub3ZheC5zbG9ja2hvbWUxEzAR
BgNVBAsMCkFISk5ESzNEMlExCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAvPIAgIQsorkc8obolg1t1g7ogAcy10Go+tlRlstNMNWR
6qzbilc/DBMPpuAoUAe0uutQPVu41cl23IdgxQwo/7gWe2BmnKTfXSuhQkwLoq6j
pc2aleUdraU5rZIFppmQAbfD2iRb2nmf8aR8xdlMLFG1n81Et274zUM5hLcceIE3
S/44OrKYQM7T7tB9l95vZtJxmz28j1ZBi7Te4AwLMPhO96w/oAPWTuj5ZYImd8CT
XSjvdu2UICA70JYoy+bixg3YObude0IBmcr7Vo8Rs5Z5giAfuqCye1vD9u/Vtxc8
jg9sxXm0AkFb2z8ONIdIDy6XTL4EAWejqqIx4x4+oQIDAQABo4IB5TCCAeEwHQYD
VR0OBBYEFLR6I9rbd7f7+p5IG4cLU7YX0/ROMAkGA1UdEwQCMAAwHwYDVR0jBBgw
FoAUiCcXCam2GGCL7Ou69kdZxVJUo7cwggEPBgNVHSAEggEGMIIBAjCB/wYJKoZI
hvdjZAUBMIHxMIHDBggrBgEFBQcCAjCBtgyBs1JlbGlhbmNlIG9uIHRoaXMgY2Vy
dGlmaWNhdGUgYnkgYW55IHBhcnR5IGFzc3VtZXMgYWNjZXB0YW5jZSBvZiB0aGUg
dGhlbiBhcHBsaWNhYmxlIHN0YW5kYXJkIHRlcm1zIGFuZCBjb25kaXRpb25zIG9m
IHVzZSwgY2VydGlmaWNhdGUgcG9saWN5IGFuZCBjZXJ0aWZpY2F0aW9uIHByYWN0
aWNlIHN0YXRlbWVudHMuMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3LmFwcGxlLmNv
bS9hcHBsZWNhLzBNBgNVHR8ERjBEMEKgQKA+hjxodHRwOi8vZGV2ZWxvcGVyLmFw
cGxlLmNvbS9jZXJ0aWZpY2F0aW9uYXV0aG9yaXR5L3d3ZHJjYS5jcmwwCwYDVR0P
BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMCMBAGCiqGSIb3Y2QGAwEEAgUAMA0G
CSqGSIb3DQEBBQUAA4IBAQA5FbqRSxA9ZX5DsqqnOsbFuOlR9lAyYOsK/QiUFPOK
L4AhMOymvRMb9FKdZkEFDJxBKX8+yJGLqboqDLHRBGxn3p5IKidzpIIuo6REqTpl
nn7R0PTwA6/IZb+O3VVzVmPiiyeQe81FWtzlTMjpL1QWItZT4QV68sz6eOr6bvZG
+2TEBtPiouDxk/irWknbcVWgL52K0NfGBmco05ZZecQWPGxkzu0fumMzp2aWDFDj
ukTRiA0AfyooD5NLeGuE0OlvqQ47ue1mp/zyNrKtaUi6LAU0BvVUM0K2AST6jjzO
GLyFqiUnB4rhd+UFkR0kNBcQAtqCmWNn/6/hQMxc4Rp1
-----END CERTIFICATE-----


Your comments and help are appreciated. thanks.

Will

I  am using an Apple developer certificate but when I try to use it in the test program like this:
client    -h gateway.sandbox.push.apple.com -p 2195 -v 0 –d –k devkeyslockhome.pem  –c slockhomecerts.pem

I get these messages:

getting dynamic buffer
Wolfssl entering PemToDer
Growing Tmp Chain Buffer
Processing Cert Chain
wolfSSl entering PemToDer
Couldn't Find PEM header
  Error in Cert in Chain
wolfSSl error: can't load client cert file, check file and run from wolfSSL home dir

The certificate file is:

Bag Attributes
    friendlyName: Apple Development IOS Push Services: ca.innovax.slockhome    localKeyID: B4 7A 23 DA DB 77 B7 FB FA 9E 48 1B 87 0B 53 B6 17 D3 F4 4E
subject=/UID=ca.innovax.slockhome/CN=Apple Development IOS Push Services: ca.innovax.slockhome/OU=AHJNDK3D2Q/C=US
issuer=/C=US/O=Apple Inc./OU=Apple Worldwide Developer Relations/CN=Apple Worldwide Developer Relations Certification Authority
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgIIF4P9IRlXiuowDQYJKoZIhvcNAQEFBQAwgZYxCzAJBgNV
………………………………..
………………………………..
GLyFqiUnB4rhd+UFkR0kNBcQAtqCmWNn/6/hQMxc4Rp1
-----END CERTIFICATE-----
Bag Attributes
    friendlyName: Will Hendrie Dev Key
    localKeyID: B4 7A 23 DA DB 77 B7 FB FA 9E 48 1B 87 0B 53 B6 17 D3 F4 4E
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAvPIAgIQsorkc8obolg1t1g7ogAcy10Go+tlRlstNMNWR6qzb
ilc/DBMPpuAoUAe0uutQPVu41cl23IdgxQwo/7gWe2BmnKTfXSuhQkwLoq6jpc2a
………………………..
………………………..
Klyv3OzTr7Wc/sDAWo40+9N8a6TwjliQU1goleBtaS5SIDCqVaU=
-----END RSA PRIVATE KEY-----

What exactly is the PEM header and where should it be located?

Hi :
i am getting the same -313 error described in the post below. I think the server site uses an RSA private key so i need to  enable the test suite  to handle this cipher suite.

How do i enable the  test suite build to  handle RSA keys in a Widows build? Do I add  #define  <    > into settings.h?

Thank you.

Will




chrisc wrote:

Hi,

The "40" error is simply reflecting the Fatal Alert message being received by the client.

It would be helpful to try and find out what cipher suites your server supports.  My guess is that the cipher suites you have enabled in wolfSSL don't include ones that are enabled on the server.  Do you have a way to find out what cipher suites are supported by your server?

If you can access your server IP:port, you could use nmap to scan the server for supported cipher suites:

$ nmap --script ssl-enum-ciphers -p 443 <host>

A few other options which you can try enabling in wolfSSL:

1. AES-GCM support (--enable-aesgcm)

2.  Static key RSA cipher suites (./configure <options> C_EXTRA_FLAGS="-DWOLFSSL_STATIC_RSA"

Best Regards,
Chris

Hi David,

Thanks. I got the perl app running and added the .der certificate to my executable file.

That was a big help.

All the best.
Will

Hi David:

Thanks for that.  I got it  to run and generated a new certs_test.h file. However, I have an Apple certificate  (for push notifications) that I need to add to the certs_test.h file.  I converted the certificate file to  .der format and now I need to  add that file  in hex format into certs_test.h.

Can you suggest what i am doing wrong here?

Thanks. Will Hendrie

Hi David:

I don't know how to run the gencertbuf.pl script to produce the certs_test.h file. i know it is a pearl program but i get;" error no such file or directory at gencertbuf.pl line 54". I guess  i should have given the command line an input file and an output file but what is the format of the command line (I'm a newbie with pearl).

Thanks.

Will

This seems like a simple question but  I am lost for a solution.

I want to add a certificate to certs_test.h so that i can run an embedded code with NO_FILESYSTEM.

I have the certificate in .pem format or in .p12 format.

How do i add it into the file certs_test.h?  Straight copy/paste doesn't seem to work. Do I have to code it all by hand?

Thank you.