You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by abrous3d
Pages 1
Hello Kaleb,
Indeed that was the problem. Using the Equifax.cer I am able to verify successfully with accounts.google.
My question is, how can I get the CA root from a given server ? I used Mozilla to examine the certificate tree of accounts.google.
In the attachment, you can see that GeoTrust Global CA is on top, so I assumed that this is the root CA I have to verify with, but it was not. Am I missing something ?
Best regards,
abrous3d
Hello to everybody,
Following the instructions of a similar post (https://www.wolfssl.com/forums/topic218 … erver.html), I am trying to connect to accounts.google.com using a static address (216.58.205.205:443).
I 've downloaded their certificates using Mozilla :
On Lock sign -> Security -> View certificate.
I downloaded all three : GeoTrust Global CA -> Goggle internet Authority G2 -> *.google.com using the export function as X509 Certificate (PEM) with crt extension. All three certificates verify with no errors when loaded with :
lReturned = wolfSSL_CTX_load_verify_locations( xWolfSSL_ClientContext, "GeoTrustGlobalCA.crt", 0 );
But all three fail on connect state with -188 ASN_NO_SIGNER_E if I set :
wolfSSL_CTX_set_verify(xWolfSSL_ClientContext, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
If I set :
wolfSSL_CTX_set_verify(xWolfSSL_ClientContext, SSL_VERIFY_NONE, 0);
The connection is success.
I get the same response on Visual studio client as well as using my ported code on my STM32F446 platform so I suspect that I am missing something regarding the CA files.
Any suggestions ??
Here is my code
lReturned = wolfSSL_CTX_load_verify_locations( xWolfSSL_ClientContext, "GeoTrustGlobalCA.crt", 0 );
configASSERT( lReturned == SSL_SUCCESS );
wolfSSL_CTX_set_verify(xWolfSSL_ClientContext, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
/* Create the socket. */
xClientSocket = socket( AF_INET, SOCK_STREAM, 0 );
configASSERT( xClientSocket != INVALID_SOCKET );
/* Connect to the secure server. */
if( connect( xClientSocket, ( SOCKADDR * ) &xConnection, sizeof( xConnection ) ) == 0 )
{
/* The connect was successful. Create a wolfSSL object to associate with this connection. */
xWolfSSL_Object = wolfSSL_new( xWolfSSL_ClientContext );
if( xWolfSSL_Object != NULL )
{
/* Associate the created wolfSSL object with the connected
socket. */
lReturned = wolfSSL_set_fd( xWolfSSL_Object, xClientSocket );
configASSERT( lReturned == SSL_SUCCESS );
/* The count is used to differentiate between messages sent to
the server, and to break out of the do while loop below. */
ulCount = 0UL;
lReturned = wolfSSL_connect(xWolfSSL_Object);
/// ................ Do something usefull here
}
}
Pages 1
wolfSSL - Embedded SSL Library → Posts by abrous3d
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.016 seconds (96% PHP - 4% DB) with 4 queries