1 Reply by joseph

(3 replies, posted in wolfSSL)

Hi Todd,

I needed this functionality urgently for an embedded ssl project, so I've implemented my own Alt Name parsing.  It decodes the X509 certificate Alt Names from the ASN.1 DER buffer provided by wolfSSL's SetAltNamesBuffer() function.

I've created a 

struct asn1Object

and a couple of simple functions 

asn1BufDecode()

and 

asn1SeqPop()

After that, the tricky part was following RFC 3280 and ITU-T Rec. X.680-0207 I ISO/IEC 8824-1 to figure how the Alt Names are encoded.

In the end, the code is pretty simple.

    /* X509 Alt Name parsing by Joseph Spadavecchia <joseph@redtrie.com> */

    asn1Object seq;
    asn1Object obj;

    if (!asn1BufDecode(test, sizeof(test), &seq)) {
        fprintf(stderr, "Alt Names error (failed to decode altNames buffer)\n");
        return 1;
    }

    if (seq.tag != ASN1_TAG_SEQUENCE) {
        fprintf(stderr, "Alt Names error (missing sequence)\n");
        return 1;
    }

    if (!asn1SeqPop(&seq, &obj)) {
        fprintf(stderr, "Alt Names error (failed to pop object identifier)\n");
        return 1;
    }

    if (!asn1ObjEquals(&obj, &X509_ALTNAMES_OBJID)) {
        fprintf(stderr, "Alt Names error (missing object identifier)\n");
        return 1;
    }

    if (!asn1SeqPop(&seq, &obj)) {
        fprintf(stderr, "Alt Names error (failed to pop octet string)\n");
        return 1;
    }

    if (obj.tag != ASN1_TAG_OCTETSTR) {
        fprintf(stderr, "Alt Names error (missing octet string)\n");
        return 1;
    }

    if (!asn1BufDecode(obj.value, obj.len, &seq)) {
        fprintf(stderr, "Alt Names error (unable to decode Alt Names sequence)\n");
        return 1;
    }

    while (asn1SeqPop(&seq, &obj)) {
        if (obj.tag == X509_ALTNAMES_TAG_DNS) {
            char *altName = strndup((char *)obj.value, obj.len);
            fprintf(stderr, "Got DNS Alt Name '%s'\n", altName);
            free(altName);
        }
    }

Please find the attached copy of the source code (asn1-altnames.tar.gz) for inclusion into wolfSSL, if it could be of use to you.

Kind regards,
*Joe

Go to forum: wolfSSL

2 Topic by joseph

(3 replies, posted in wolfSSL)

Hi,

I'm trying validate whether a certificate is valid for a requested domain.  I've introduced a MatchRfc2818() function and currently call it against the hostname only.

However, I also need to check the domain against the Certificate's Alt Names, but I cannot seem to find support in wolfssl for doing this.

Specifically, I need something along the lines of

names = (GENERAL_NAMES *)X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
int num = sk_GENERAL_NAME_num(names);

for (i = 0; i < num; i++) {
    const GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
    if (name->type == GEN_DNS) {
        ASN1_STRING_to_UTF8((unsigned char**)&buf, name->d.ia5);
        if (match(buf, pc->hostName)
            // VALID
        else
            // INVALID

I've found a way to get obtain the Alt Names, but I'm not sure if it's the recommended way

int derSz = 0;
const byte* derCert = CyaSSL_X509_get_der(peer, &derSz);

if (derCert == NULL || derSz <= 0) {
    XERR("Unable to get peer's DER cert");
    return;
}

Cert cert = { };
if (SetAltNamesBuffer(&cert, derCert, derSz) < 0) {
    XERR("Unable to get Alt Names");
    return;
}

The Alt Names are now stored in cert.altNames, but how can I iterate over them and decode them using wolfSSL?

In other words, what's the YaSSL equivalent of OpenSSL's sk_GENERAL_NAME_num, sk_GENERAL_NAME_value and ASN1_STRING_to_UTF8?

I've looked through the source code for examples, but have not found anything.

Cheers.
*Joe

Go to forum: wolfSSL

3 Reply by joseph

(3 replies, posted in wolfSSL)

Hi Todd,

Please find below a gdb trace of it happening with --enable-yassl-testing

This is with version 0.9-73 of our code and libcyassl-2.4.0.  We have tested with versions >= 0.9-73 and the same issue happens.  When we downgrade cyassl to version 2.2.0, then the problem goes away.

Many thanks,
*Joe


^C
Program received signal SIGINT, Interrupt.
0x00007ffff70b32d3 in epoll_wait () at ../sysdeps/unix/syscall-template.S:82
82    ../sysdeps/unix/syscall-template.S: No such file or directory.
    in ../sysdeps/unix/syscall-template.S
(gdb) break bloxx_sslbump
Breakpoint 1 at 0x40c160: file src/bloxx.c, line 786.
(gdb) c
Continuing.
Wed Jul  4 09:43:51 2012: intofiy read error, will continue
Wed Jul  4 09:44:09 2012: Accepted a connection, sent to thread 0
Wed Jul  4 09:44:09 2012: Peer is from 172.21.127.11 port 51238
Wed Jul  4 09:44:09 2012: In ReadCb
Wed Jul  4 09:44:09 2012: Checking DownStream Headers
Wed Jul  4 09:44:09 2012: End of headers at 175
Wed Jul  4 09:44:09 2012: CONNECT 173.194.67.104:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1
Proxy-Connection: keep-alive
Host: 173.194.67.104

Wed Jul  4 09:44:09 2012: Trying to caputre proxy auth header if there
Wed Jul  4 09:44:09 2012: Search of evbuffer failed
Wed Jul  4 09:44:09 2012: No proxy auth header, ok
Wed Jul  4 09:44:09 2012: In FirstBumpInRequest
Wed Jul  4 09:44:09 2012: In GetRequestInfo
Wed Jul  4 09:44:09 2012:
    request method  = CONNECT
    request uri     = 173.194.67.104:443
    request version = HTTP/1.1
    request host    = 173.194.67.104
    request port    = 443

Wed Jul  4 09:44:09 2012: In IsCertCached
Wed Jul  4 09:44:09 2012: Starting to get peer's cert
Wed Jul  4 09:44:09 2012: Check Headers continue
Wed Jul  4 09:44:09 2012: In EventCb
Wed Jul  4 09:44:09 2012: Connected to certStream nonblocking OK
Wed Jul  4 09:44:09 2012: Calling SSL_connect cert
Wed Jul  4 09:44:09 2012: Cyassl SendCb sent
Wed Jul  4 09:44:09 2012: CyaSSL Receive Cb requesting sz = 5
Wed Jul  4 09:44:09 2012: Cyassl ReceiveCb doesn't have any data ready yet
Wed Jul  4 09:44:09 2012: SSL_connect cert continue non/blocking
Wed Jul  4 09:44:09 2012: In ReadCb
Wed Jul  4 09:44:09 2012: Calling SSL_connect cert
Wed Jul  4 09:44:09 2012: CyaSSL Receive Cb requesting sz = 5
Wed Jul  4 09:44:09 2012: Cyassl ReceiveCb got data
Wed Jul  4 09:44:09 2012: CyaSSL Receive Cb requesting sz = 74
Wed Jul  4 09:44:09 2012: Cyassl ReceiveCb got data
Wed Jul  4 09:44:09 2012: CyaSSL Receive Cb requesting sz = 5
Wed Jul  4 09:44:09 2012: Cyassl ReceiveCb got data
Wed Jul  4 09:44:09 2012: CyaSSL Receive Cb requesting sz = 1625
Wed Jul  4 09:44:09 2012: Cyassl ReceiveCb got data
Wed Jul  4 09:44:09 2012: CyaSSL Receive Cb requesting sz = 5
Wed Jul  4 09:44:09 2012: Cyassl ReceiveCb got data
Wed Jul  4 09:44:09 2012: CyaSSL Receive Cb requesting sz = 4
Wed Jul  4 09:44:09 2012: Cyassl ReceiveCb got data
Wed Jul  4 09:44:09 2012: SSL_connect cert success
Wed Jul  4 09:44:09 2012: Peer's cert is 805 bytes

Wed Jul  4 09:44:09 2012: Spoofed cert, now saving it
Wed Jul  4 09:44:09 2012: Caching spoofed cert
Wed Jul  4 09:44:09 2012: Scheduling downstream request
Wed Jul  4 09:44:09 2012: In ReadCb
Wed Jul  4 09:44:09 2012: Checking DownStream Headers
Wed Jul  4 09:44:09 2012: End of headers at 175
Wed Jul  4 09:44:09 2012: CONNECT 173.194.67.104:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1
Proxy-Connection: keep-alive
Host: 173.194.67.104

Wed Jul  4 09:44:09 2012: Trying to caputre proxy auth header if there
Wed Jul  4 09:44:09 2012: Search of evbuffer failed
Wed Jul  4 09:44:09 2012: No proxy auth header, ok
Wed Jul  4 09:44:09 2012: In FirstBumpInRequest
Wed Jul  4 09:44:09 2012: In GetRequestInfo
Wed Jul  4 09:44:09 2012:
    request method  = CONNECT
    request uri     = 173.194.67.104:443
    request version = HTTP/1.1
    request host    = 173.194.67.104
    request port    = 443

Wed Jul  4 09:44:09 2012: In IsCertCached
Wed Jul  4 09:44:09 2012: We don't have bloxx answer yet, saving it
[Switching to Thread 0x7ffff6716700 (LWP 16392)]

Breakpoint 1, bloxx_sslbump (req=0x7ffff6705d00) at src/bloxx.c:786
786    {
(gdb) watch cert.subjectCN
Hardware watchpoint 2: cert.subjectCN
(gdb) n
Wed Jul  4 09:44:19 2012: intofiy read error, will continue
Wed Jul  4 09:44:19 2012: intofiy read error, will continue
Wed Jul  4 09:44:19 2012: intofiy read error, will continue
Wed Jul  4 09:44:19 2012: intofiy read error, will continue
787        assert(req);
(gdb)
Wed Jul  4 09:44:19 2012: intofiy read error, will continue
Wed Jul  4 09:44:19 2012: intofiy read error, will continue
788        assert(req->src);
(gdb)
Wed Jul  4 09:44:20 2012: intofiy read error, will continue
Wed Jul  4 09:44:20 2012: intofiy read error, will continue
789        assert(req->dst);
(gdb)
Wed Jul  4 09:44:20 2012: intofiy read error, will continue
Wed Jul  4 09:44:20 2012: intofiy read error, will continue
790        assert(req->cert.data);
(gdb)
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
791        assert(req->cert.len > 0);
(gdb)
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
798        DecodedCert cert = { };
(gdb)
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
Wed Jul  4 09:44:21 2012: intofiy read error, will continue
799        InitDecodedCert(&cert,
(gdb)
Wed Jul  4 09:44:23 2012: intofiy read error, will continue
Wed Jul  4 09:44:23 2012: intofiy read error, will continue
Wed Jul  4 09:44:23 2012: intofiy read error, will continue
Hardware watchpoint 2: cert.subjectCN

Old value = 0x7ffff6705c79 ""
New value = 0x0
0x00007ffff736d120 in InitDecodedCert () from /usr/lib/libcyassl.so.3
(gdb)
Single stepping until exit from function InitDecodedCert,
which has no line number information.
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
Wed Jul  4 09:44:24 2012: intofiy read error, will continue
bloxx_sslbump (req=<value optimized out>) at src/bloxx.c:803
803        if (ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0) != 0)
(gdb)
Wed Jul  4 09:44:25 2012: intofiy read error, will continue
Wed Jul  4 09:44:25 2012: intofiy read error, will continue
Wed Jul  4 09:44:25 2012: intofiy read error, will continue
Wed Jul  4 09:44:25 2012: intofiy read error, will continue
Wed Jul  4 09:44:25 2012: intofiy read error, will continue
Wed Jul  4 09:44:25 2012: intofiy read error, will continue
Hardware watchpoint 2: cert.subjectCN

Old value = 0x0
New value = 0x61cf68 "www.google.com0\201\237\060\r\006\t*\206H\206\367\r\001\001\001\005"
0x00007ffff73707d4 in ?? () from /usr/lib/libcyassl.so.3
(gdb)
Cannot find bounds of current function
(gdb)

Go to forum: wolfSSL

4 Reply by joseph

(3 replies, posted in wolfSSL)

The problem is that the stack smashing does not occur in version 2.2.0.

With the same version of our code (0.9-73), the stack smashing does not happen when we use cyassl-2.2.0 embedded SSL.  The problem only when we upgrade to 2.4.0, again with version 0.9-73 (or later) or our code.

Since SSL_connect() calls ParseCert(), this increases the priority for us to resolve this.

In order to eliminate any of our code as suspect could you please suggest a simple unit test?

Thanks.

Go to forum: wolfSSL

5 Topic by joseph

(3 replies, posted in wolfSSL)

Hi there,

As recommended, we're using the experimental API for decoding raw ASN1 certs, but have run into an issue in libcyassl-2.4.0 where the ParseCert function appears to be smashing the stack.

Please find the code snippet and gdb trace below.  Is there a ParseCert() replacement on the roadmap?

Many thanks.
Joe

Code snippet

            #define XDEBUG(...) fprintf(stderr, ##__VA_ARGS__)
            XDEBUG("Bloxx: Going to parse cert\n");
            if (ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0) != 0)
            {
                XDEBUG("Bloxx: Failed to parse cert\n");
                XERROR("Bloxx: [%s] Unable to decode certificate "
                       "(unable to parse ASN1 DER buffer)",
                       __FUNCTION__);
            }
            else
            {
                XDEBUG("Bloxx: Parsed cert\n");
                XDEBUG("Bloxx: Serial Sz = %d\n", cert.serialSz);
            }

            #undef XDEBUG


Trace from gdb

Tue Jul  3 09:39:25 2012: Loaded CA cert

...

Tue Jul  3 09:39:25 2012: Bloxx: init
Tue Jul  3 09:39:25 2012: Bloxx: [db] Connecting...
Tue Jul  3 09:39:25 2012: intofiy read error, will continue
Tue Jul  3 09:39:25 2012: intofiy read error, will continue
Tue Jul  3 09:39:25 2012: intofiy read error, will continue
Tue Jul  3 09:39:25 2012: intofiy read error, will continue
Tue Jul  3 09:39:25 2012: Bloxx: [db] Connected
^C
Program received signal SIGINT, Interrupt.
0x00007ffff6e872d3 in epoll_wait () at ../sysdeps/unix/syscall-template.S:82
82    ../sysdeps/unix/syscall-template.S: No such file or directory.
    in ../sysdeps/unix/syscall-template.S
(gdb) break bloxx_sslbump
Breakpoint 1 at 0x40cc30: file src/bloxx.c, line 89.
(gdb) c
Continuing.
Tue Jul  3 09:39:38 2012: intofiy read error, will continue
Tue Jul  3 09:39:51 2012: Accepted a connection, sent to thread 0
Tue Jul  3 09:39:51 2012: Peer is from 172.21.127.11 port 56971
Tue Jul  3 09:39:51 2012: In ReadCb
Tue Jul  3 09:39:51 2012: Checking DownStream Headers
Tue Jul  3 09:39:51 2012: End of headers at 173
Tue Jul  3 09:39:51 2012: CONNECT 74.125.132.94:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1
Proxy-Connection: keep-alive
Host: 74.125.132.94

Tue Jul  3 09:39:51 2012: Trying to caputre proxy auth header if there
Tue Jul  3 09:39:51 2012: Search of evbuffer failed
Tue Jul  3 09:39:51 2012: No proxy auth header, ok
Tue Jul  3 09:39:51 2012: In FirstBumpInRequest
Tue Jul  3 09:39:51 2012: In GetRequestInfo
Tue Jul  3 09:39:51 2012:
    request method  = CONNECT
    request uri     = 74.125.132.94:443
    request version = HTTP/1.1
    request host    = 74.125.132.94
    request port    = 443

Tue Jul  3 09:39:51 2012: In IsCertCached
Tue Jul  3 09:39:51 2012: Starting to get peer's cert
Tue Jul  3 09:39:51 2012: Check Headers continue
Tue Jul  3 09:39:51 2012: In EventCb
Tue Jul  3 09:39:51 2012: Connected to certStream nonblocking OK
Tue Jul  3 09:39:51 2012: Calling SSL_connect cert
Tue Jul  3 09:39:51 2012: Cyassl SendCb sent
Tue Jul  3 09:39:51 2012: CyaSSL Receive Cb requesting sz = 5
Tue Jul  3 09:39:51 2012: Cyassl ReceiveCb doesn't have any data ready yet
Tue Jul  3 09:39:51 2012: SSL_connect cert continue non/blocking
Tue Jul  3 09:39:51 2012: In ReadCb
Tue Jul  3 09:39:51 2012: Calling SSL_connect cert
Tue Jul  3 09:39:51 2012: CyaSSL Receive Cb requesting sz = 5
Tue Jul  3 09:39:51 2012: Cyassl ReceiveCb got data
Tue Jul  3 09:39:51 2012: CyaSSL Receive Cb requesting sz = 74
Tue Jul  3 09:39:51 2012: Cyassl ReceiveCb got data
Tue Jul  3 09:39:51 2012: CyaSSL Receive Cb requesting sz = 5
Tue Jul  3 09:39:51 2012: Cyassl ReceiveCb got data
Tue Jul  3 09:39:51 2012: CyaSSL Receive Cb requesting sz = 7482
Tue Jul  3 09:39:51 2012: Cyassl ReceiveCb got data
Tue Jul  3 09:39:51 2012: CyaSSL Receive Cb requesting sz = 4730
Tue Jul  3 09:39:51 2012: Cyassl ReceiveCb doesn't have any data ready yet
Tue Jul  3 09:39:51 2012: SSL_connect cert continue non/blocking
Tue Jul  3 09:39:51 2012: In ReadCb
Tue Jul  3 09:39:51 2012: Calling SSL_connect cert
Tue Jul  3 09:39:51 2012: CyaSSL Receive Cb requesting sz = 4730
Tue Jul  3 09:39:51 2012: Cyassl ReceiveCb got data
Tue Jul  3 09:39:51 2012: CyaSSL Receive Cb requesting sz = 3470
Tue Jul  3 09:39:51 2012: Cyassl ReceiveCb doesn't have any data ready yet
Tue Jul  3 09:39:51 2012: SSL_connect cert continue non/blocking
Tue Jul  3 09:39:51 2012: In ReadCb
Tue Jul  3 09:39:51 2012: Calling SSL_connect cert
Tue Jul  3 09:39:51 2012: CyaSSL Receive Cb requesting sz = 3470
Tue Jul  3 09:39:51 2012: Cyassl ReceiveCb got data
Tue Jul  3 09:39:51 2012: CyaSSL Receive Cb requesting sz = 2052
Tue Jul  3 09:39:51 2012: Cyassl ReceiveCb doesn't have any data ready yet
Tue Jul  3 09:39:51 2012: SSL_connect cert continue non/blocking
Tue Jul  3 09:39:51 2012: In ReadCb
Tue Jul  3 09:39:51 2012: Calling SSL_connect cert
Tue Jul  3 09:39:51 2012: CyaSSL Receive Cb requesting sz = 2052
Tue Jul  3 09:39:51 2012: Cyassl ReceiveCb got data
Tue Jul  3 09:39:51 2012: CyaSSL Receive Cb requesting sz = 5
Tue Jul  3 09:39:51 2012: Cyassl ReceiveCb got data
Tue Jul  3 09:39:51 2012: CyaSSL Receive Cb requesting sz = 4
Tue Jul  3 09:39:51 2012: Cyassl ReceiveCb got data
Tue Jul  3 09:39:51 2012: SSL_connect cert success
Tue Jul  3 09:39:51 2012: Peer's cert is 6777 bytes

Tue Jul  3 09:39:51 2012: Spoofed cert, now saving it
Tue Jul  3 09:39:51 2012: Caching spoofed cert
Tue Jul  3 09:39:51 2012: Scheduling downstream request
Tue Jul  3 09:39:51 2012: In ReadCb
Tue Jul  3 09:39:51 2012: Checking DownStream Headers
Tue Jul  3 09:39:51 2012: End of headers at 173
Tue Jul  3 09:39:51 2012: CONNECT 74.125.132.94:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1
Proxy-Connection: keep-alive
Host: 74.125.132.94

Tue Jul  3 09:39:51 2012: Trying to caputre proxy auth header if there
Tue Jul  3 09:39:51 2012: Search of evbuffer failed
Tue Jul  3 09:39:51 2012: No proxy auth header, ok
Tue Jul  3 09:39:51 2012: In FirstBumpInRequest
Tue Jul  3 09:39:51 2012: In GetRequestInfo
Tue Jul  3 09:39:51 2012:
    request method  = CONNECT
    request uri     = 74.125.132.94:443
    request version = HTTP/1.1
    request host    = 74.125.132.94
    request port    = 443

Tue Jul  3 09:39:51 2012: In IsCertCached
Tue Jul  3 09:39:51 2012: We don't have bloxx answer yet, saving it
[Switching to Thread 0x7ffff3c04700 (LWP 22326)]

Breakpoint 1, bloxx_sslbump (req=0x7ffff3bf3ce0) at src/bloxx.c:89
89    {
(gdb) n
Tue Jul  3 09:39:53 2012: intofiy read error, will continue
Tue Jul  3 09:39:53 2012: intofiy read error, will continue
Tue Jul  3 09:39:53 2012: intofiy read error, will continue
Tue Jul  3 09:39:53 2012: intofiy read error, will continue
Tue Jul  3 09:39:53 2012: intofiy read error, will continue
90        assert(req);
(gdb)
Tue Jul  3 09:39:54 2012: intofiy read error, will continue
89    {
(gdb)
Tue Jul  3 09:39:54 2012: intofiy read error, will continue
90        assert(req);
(gdb)
Tue Jul  3 09:39:54 2012: intofiy read error, will continue
91        assert(req->src);
(gdb)
Tue Jul  3 09:39:54 2012: intofiy read error, will continue
Tue Jul  3 09:39:54 2012: intofiy read error, will continue
Tue Jul  3 09:39:54 2012: intofiy read error, will continue
92        assert(req->dst);
(gdb)
Tue Jul  3 09:39:55 2012: intofiy read error, will continue
Tue Jul  3 09:39:55 2012: intofiy read error, will continue
93        assert(req->cert.data);
(gdb)
Tue Jul  3 09:39:56 2012: intofiy read error, will continue
Tue Jul  3 09:39:56 2012: intofiy read error, will continue
94        assert(req->cert.len > 0);
(gdb)
Tue Jul  3 09:39:57 2012: intofiy read error, will continue
Tue Jul  3 09:39:57 2012: intofiy read error, will continue
102        XDEBUG("Bloxx: [%s] Got req->src = '%s'",
(gdb)
Tue Jul  3 09:39:58 2012: intofiy read error, will continue
Tue Jul  3 09:39:58 2012: intofiy read error, will continue
Tue Jul  3 09:39:58 2012: intofiy read error, will continue
Tue Jul  3 09:39:58 2012: intofiy read error, will continue
Tue Jul  3 09:39:58 2012: intofiy read error, will continue
Tue Jul  3 09:39:58 2012: Bloxx: [bloxx_sslbump] Got req->src = '172.21.127.11'
104        XDEBUG("Bloxx: [%s] Got req->dst = '%s'",
(gdb)
Tue Jul  3 09:39:59 2012: intofiy read error, will continue
Tue Jul  3 09:39:59 2012: intofiy read error, will continue
Tue Jul  3 09:39:59 2012: intofiy read error, will continue
Tue Jul  3 09:39:59 2012: intofiy read error, will continue
111        if (inet_pton(AF_INET, req->dst, &addr))
(gdb)
Tue Jul  3 09:40:00 2012: intofiy read error, will continue
104        XDEBUG("Bloxx: [%s] Got req->dst = '%s'",
(gdb)
Tue Jul  3 09:40:01 2012: intofiy read error, will continue
Tue Jul  3 09:40:01 2012: Bloxx: [bloxx_sslbump] Got req->dst = '74.125.132.94'
Tue Jul  3 09:40:01 2012: intofiy read error, will continue
111        if (inet_pton(AF_INET, req->dst, &addr))
(gdb)
Tue Jul  3 09:40:02 2012: intofiy read error, will continue
Tue Jul  3 09:40:02 2012: intofiy read error, will continue
Tue Jul  3 09:40:02 2012: intofiy read error, will continue
109        struct in_addr addr = { };
(gdb)
Tue Jul  3 09:40:02 2012: intofiy read error, will continue
111        if (inet_pton(AF_INET, req->dst, &addr))
(gdb)
Tue Jul  3 09:40:03 2012: intofiy read error, will continue
Tue Jul  3 09:40:03 2012: intofiy read error, will continue
Tue Jul  3 09:40:03 2012: intofiy read error, will continue
Tue Jul  3 09:40:03 2012: intofiy read error, will continue
113            XDEBUG("Bloxx: [%s] Detected IPv4 address (%s)",
(gdb)
Tue Jul  3 09:40:04 2012: intofiy read error, will continue
Tue Jul  3 09:40:04 2012: intofiy read error, will continue
Tue Jul  3 09:40:04 2012: intofiy read error, will continue
Tue Jul  3 09:40:04 2012: intofiy read error, will continue
Tue Jul  3 09:40:04 2012: intofiy read error, will continue
Tue Jul  3 09:40:04 2012: intofiy read error, will continue
Tue Jul  3 09:40:04 2012: Bloxx: [bloxx_sslbump] Detected IPv4 address (74.125.132.94)
115            XDEBUG("Bloxx: [%s] Checking for IPv4 tunnel rule",
(gdb)
Tue Jul  3 09:40:05 2012: intofiy read error, will continue
Tue Jul  3 09:40:05 2012: intofiy read error, will continue
Tue Jul  3 09:40:05 2012: intofiy read error, will continue
Tue Jul  3 09:40:05 2012: intofiy read error, will continue
Tue Jul  3 09:40:05 2012: intofiy read error, will continue
Tue Jul  3 09:40:05 2012: Bloxx: [bloxx_sslbump] Checking for IPv4 tunnel rule
118            pthread_rwlock_rdlock(&ip4Lock);
(gdb)
Tue Jul  3 09:40:05 2012: intofiy read error, will continue
Tue Jul  3 09:40:05 2012: intofiy read error, will continue
Tue Jul  3 09:40:05 2012: intofiy read error, will continue
120            if (LookupHashTable(&ip4Rules, (void *)&addr, NULL))
(gdb)
Tue Jul  3 09:40:06 2012: intofiy read error, will continue
Tue Jul  3 09:40:06 2012: intofiy read error, will continue
Tue Jul  3 09:40:06 2012: intofiy read error, will continue
Tue Jul  3 09:40:06 2012: intofiy read error, will continue
Tue Jul  3 09:40:06 2012: intofiy read error, will continue
128            pthread_rwlock_unlock(&ip4Lock);
(gdb)
Tue Jul  3 09:40:07 2012: intofiy read error, will continue
Tue Jul  3 09:40:07 2012: intofiy read error, will continue
Tue Jul  3 09:40:07 2012: intofiy read error, will continue
Tue Jul  3 09:40:07 2012: intofiy read error, will continue
148        if (bump)
(gdb)
Tue Jul  3 09:40:07 2012: intofiy read error, will continue
Tue Jul  3 09:40:07 2012: intofiy read error, will continue
151            if (IsDebugLevel())
(gdb)
Tue Jul  3 09:40:08 2012: intofiy read error, will continue
Tue Jul  3 09:40:08 2012: intofiy read error, will continue
Tue Jul  3 09:40:08 2012: intofiy read error, will continue
153                XDEBUG("Bloxx: [%s] Checking for certificate tunnel rule",
(gdb)
Tue Jul  3 09:40:08 2012: intofiy read error, will continue
Tue Jul  3 09:40:08 2012: intofiy read error, will continue
Tue Jul  3 09:40:08 2012: intofiy read error, will continue
Tue Jul  3 09:40:08 2012: intofiy read error, will continue
Tue Jul  3 09:40:08 2012: intofiy read error, will continue
Tue Jul  3 09:40:08 2012: Bloxx: [bloxx_sslbump] Checking for certificate tunnel rule
156                XDEBUG("Bloxx: [%s] Decoding certificate",
(gdb)
Tue Jul  3 09:40:08 2012: intofiy read error, will continue
Tue Jul  3 09:40:08 2012: intofiy read error, will continue
Tue Jul  3 09:40:08 2012: intofiy read error, will continue
Tue Jul  3 09:40:08 2012: intofiy read error, will continue
Tue Jul  3 09:40:08 2012: Bloxx: [bloxx_sslbump] Decoding certificate
160                DecodedCert cert = { };
(gdb)
Tue Jul  3 09:40:09 2012: intofiy read error, will continue
Tue Jul  3 09:40:09 2012: intofiy read error, will continue
Tue Jul  3 09:40:09 2012: intofiy read error, will continue
161                InitDecodedCert(&cert,
(gdb) watch cert.subjectCN
Hardware watchpoint 2: cert.subjectCN
(gdb) n
Tue Jul  3 09:40:21 2012: intofiy read error, will continue
160                DecodedCert cert = { };
(gdb)
Tue Jul  3 09:40:23 2012: intofiy read error, will continue
Tue Jul  3 09:40:23 2012: intofiy read error, will continue
Tue Jul  3 09:40:23 2012: intofiy read error, will continue
161                InitDecodedCert(&cert,
(gdb)
Tue Jul  3 09:40:23 2012: intofiy read error, will continue
Tue Jul  3 09:40:23 2012: intofiy read error, will continue
Tue Jul  3 09:40:23 2012: intofiy read error, will continue
Tue Jul  3 09:40:23 2012: intofiy read error, will continue
Tue Jul  3 09:40:23 2012: intofiy read error, will continue
Hardware watchpoint 2: cert.subjectCN

Old value = 0x7ffff3bf3c40 ""
New value = 0x0
0x00007ffff7141120 in InitDecodedCert () from /usr/lib/libcyassl.so.3
(gdb)
Single stepping until exit from function InitDecodedCert,
which has no line number information.
Tue Jul  3 09:40:24 2012: intofiy read error, will continue
Tue Jul  3 09:40:24 2012: intofiy read error, will continue
Tue Jul  3 09:40:24 2012: intofiy read error, will continue
Tue Jul  3 09:40:24 2012: intofiy read error, will continue
Tue Jul  3 09:40:24 2012: intofiy read error, will continue
bloxx_sslbump (req=0x7ffff3bf3ce0) at src/bloxx.c:166
166                XDEBUG("Bloxx: Going to parse cert\n");
(gdb)
Tue Jul  3 09:40:25 2012: intofiy read error, will continue
Tue Jul  3 09:40:25 2012: intofiy read error, will continue
Tue Jul  3 09:40:25 2012: intofiy read error, will continue
Bloxx: Going to parse cert
167                if (ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0) != 0)
(gdb)
Tue Jul  3 09:40:26 2012: intofiy read error, will continue
Tue Jul  3 09:40:26 2012: intofiy read error, will continue
Hardware watchpoint 2: cert.subjectCN

Old value = 0x0
New value = 0x6603b0 "google.com0\201\237\060\r\006\t*\206H\206\367\r\001\001\001\005"
0x00007ffff71447d4 in ?? () from /usr/lib/libcyassl.so.3
(gdb)
Cannot find bounds of current function
(gdb)

Go to forum: wolfSSL