1 (edited by Nimesh 2017-08-21 04:48:55)

Topic: WOLFSSL CLIENT Error

Hi,

I am developing wolfssl Client in TI-RTOS. I am getting error "wolfSSL_connect()" Fail.

At server side It shows "Non-Blocking client trying to read data , Accept Fail".

Below is my code.

Void tcpClientTaskFxn(UArg arg0, UArg arg1)
{    
    int                sockfd;
    struct sockaddr_in servAddr;
    char               buff[256];
    size_t             len;

    char wolfssl_object_Created_successfully = false;
    char str[INET_ADDRSTRLEN];
    static struct timeval timeout;
    int                optval;
    int                optlen = sizeof(optval);
    int tmp1_sizeof_sockaddr, peer_name_response;
    int ret;

    /* declare wolfSSL objects */
    WOLFSSL_CTX* ctx;
    WOLFSSL*     ssl;

    
    while(1)
    {

        /* Initialize wolfSSL */
        wolfSSL_Init();
        Task_sleep(1000);

        //----------------------------------------------------------------------------------------//
        /* Create a socket that uses an internet IPv4 address,
         * Sets the socket to be stream based (TCP),
         * 0 means choose the default protocol. */
        //----------------------------------------------------------------------------------------//
        if ((sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1)
        {
            System_printf("########### tcpClient: socket Failed !!!!!!!!!!!!! \r\n");
            System_flush();
            goto Exit;
        }

        
        /* Create and initialize WOLFSSL_CTX */
        if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL)
        {
            System_printf("########### tcpClient: failed to create WOLFSSL_CTX    !!!!!!!!!!!!! \r\n");
            System_flush();
            goto Exit;
        }

        /* Load client certificates into WOLFSSL_CTX */
        if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048,sizeof(ca_cert_der_2048)/sizeof(char), SSL_FILETYPE_ASN1) != SSL_SUCCESS)
        {
            System_printf("########### tcpClient: failed to load %s, please check the file !!!!!!!!!!!!! \r\n",ca_cert_der_2048);
            System_flush();
            goto Exit;
        }

        /* Create a WOLFSSL object */
        if ((ssl = wolfSSL_new(ctx)) == NULL)
        {
            System_printf("########### tcpClient: ERROR: failed to create WOLFSSL object     !!!!!!!!!!!!! \r\n");
            System_flush();
            goto Exit;
        }

        /* Initialize the server address struct with zeros */
        memset(&servAddr, 0, sizeof(servAddr));

        servAddr.sin_family = AF_INET;             /* using IPv4      */
        servAddr.sin_port = htons(atoi(usr_s.socket_port));//htons(80);//htons(7);

        /* Get the server IPv4 address from the command line call */
        if(inet_pton(AF_INET, usr_s.socket_ip, &(servAddr.sin_addr)) != 1)
        {
            System_printf("########### tcpClient: ERROR invalid address    !!!!!!!!!!!!! \r\n");
            System_flush();
            goto Exit;
        }

        /* Connect to the server */
        if(connect(sockfd, (struct sockaddr*) &servAddr, sizeof(servAddr))== -1)
        {
            System_printf("########### tcpClient: ERROR: failed to connect    !!!!!!!!!!!!! \r\n");
            System_flush();
            Task_sleep(1000);
        }

        tmp1_sizeof_sockaddr = sizeof(servAddr);
        peer_name_response = getpeername(sockfd, (struct sockaddr *)&servAddr, &tmp1_sizeof_sockaddr);
        System_printf("connect success: getpeername() = %d. sock_addr = %u!!\n", peer_name_response, (unsigned int)servAddr.sin_addr.s_addr);
        System_flush();
        Task_sleep(1000);


        /* This function allows the application to determine if wolfSSL is using non-blocking I/O. If
            wolfSSL is using non-blocking I/O, this function will return 1, otherwise 0. */
        ret = wolfSSL_get_using_nonblock(ssl);
        if (ret == 0)
        {
            /*underlying I/O is blocking*/
            System_printf("+++++++++ SSL is in Blocking Mode ++++++++\r\n");
            System_flush();
            Task_sleep(1000);
        }

        /* Attach wolfSSL to the socket */
        wolfSSL_set_fd(ssl, sockfd);

        /* Connect to wolfSSL on the server side */
        if(wolfSSL_connect(ssl) != SSL_SUCCESS)
        {
            System_printf("########### tcpClient: failed to connect to wolfSSL    !!!!!!!!!!!!! \r\n");
            System_flush();
            Task_sleep(1000);
            goto Exit;
        }

        /* Get a message for the server from stdin */
        System_printf("Message for server: ");
        memset(buff, 0, sizeof(buff));
        sprintf(buff,"%s\r\n","Data_To Send Server");
        len = strlen(buff);

        /* Send the message to the server */
        if (wolfSSL_write(ssl, buff, len) != len)
        {
            System_printf("########### tcpClient: failed to write    !!!!!!!!!!!!! \r\n");
            System_flush();
            goto Exit;
        }

        /* Read the server data into our buff array */
        memset(buff, 0, sizeof(buff));
        if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1)
        {
            System_printf("########### tcpClient: failed to read    !!!!!!!!!!!!! \r\n");
            System_flush();
            goto Exit;
        }

        /* Print to stdout any data the server sends */
        System_printf("======>> Server: %s\n", buff);

        Exit:

            if(wolfssl_object_Created_successfully == true)
            {
                /* Cleanup and return */
                wolfSSL_free(ssl);          /* Free the wolfSSL object */
            }
            
            /* Close the connection to the server */
            close(sockfd);          
            exitApp(ctx);
            Task_sleep(5000);
            
    }
}    

please help me to find solution.

Share

Re: WOLFSSL CLIENT Error

Hi Nimesh,

If wolfSSL_connect() fails, you can then call wolfSSL_get_error() to get the exact error code.  Can you do this and let me know what error code you are receiving?

Thanks,
Chris

Re: WOLFSSL CLIENT Error

Hi chrisc,

Thanks For Your Reply.

From GITHUB I got code "tcpEcho_Client_TivaTM4C1294NCPDT" Example code. What i needed. so i made changes according to that example.

But still i got error while wolfSSL_connect(). so As per your suggestion Here i send my Debug log Please Check it.

====> tcpclient: wolfSSL_CTX_new Success
====> tcpclient: loading ca_cert_der_2048 Success
====> tcpclient: loading client_cert_der_2048 Success
====> tcpclient: loading client_key_der_2048 Success
====> tcpclient: tcpHandler: wolfSSL_new Success
====> tcpclient: looked for: {1}
====> tcpclient: return was: {-1}
====> tcpclient: wolfSSL error: {-326}
====> tcpclient: wolfSSL error string: {no support for error strings built in}

Below is my updated code.

Void tcpClientTaskFxn(UArg arg0, UArg arg1)
{
    int sockfd;
    int ret;
    struct sockaddr_in servAddr;
    Error_Block eb;
    bool flag = true;
    bool internal_flag = true;
    int nbytes;
    char *buffer;
    char msg[] = "Hello from TM4C1294XL Connected Launchpad";
    WOLFSSL* ssl = (WOLFSSL *) arg0;

    fdOpenSession(TaskSelf());
    Task_sleep(7000);

    wolfSSL_Init();
    WOLFSSL_CTX* ctx = NULL;

    ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
    if (ctx == 0)
    {
        System_printf("tcpHandler: wolfSSL_CTX_new error.\n");
        exitApp(ctx);
    }
    else
    {
        System_printf("====> tcpclient: wolfSSL_CTX_new Success \r\n");
    }

    if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048, sizeof(ca_cert_der_2048) / sizeof(char), SSL_FILETYPE_ASN1) != SSL_SUCCESS)
    {
        System_printf("tcpHandler: Error loading ca_cert_der_2048"
                " please check the wolfssl/certs_test.h file.\n");
        exitApp(ctx);
    }
    else
    {
        System_printf("====> tcpclient: loading ca_cert_der_2048 Success \r\n");
    }

    if (wolfSSL_CTX_use_certificate_buffer(ctx, client_cert_der_2048,sizeof(client_cert_der_2048) / sizeof(char), SSL_FILETYPE_ASN1) != SSL_SUCCESS)
    {
        System_printf("tcpHandler: Error loading client_cert_der_2048,"
                " please check the wolfssl/certs_test.h file.\n");
        exitApp(ctx);
    }
    else
    {
        System_printf("====> tcpclient: loading client_cert_der_2048 Success \r\n");
    }

    if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048,sizeof(client_key_der_2048) / sizeof(char), SSL_FILETYPE_ASN1)!= SSL_SUCCESS)
    {
        System_printf("tcpHandler: Error loading client_key_der_2048,"
                " please check the wolfssl/certs_test.h file.\n");
        exitApp(ctx);
    }
    else
    {
        System_printf("====> tcpclient: loading client_key_der_2048 Success \r\n");
    }

    /* Init the Error_Block */
    Error_init(&eb);

    do {
        sockfd = socket(AF_INET, SOCK_STREAM, 0);
        if (sockfd < 0)
        {
            System_printf("tcpHandler: socket failed\n");
            Task_sleep(2000);
            continue;
        }

        memset((char *) &servAddr, 0, sizeof(servAddr));
        servAddr.sin_family = AF_INET;
        servAddr.sin_port = htons(atoi(usr_s.socket_port));     //TCPPORT;

        inet_aton(usr_s.socket_ip, &servAddr.sin_addr);                 //IP_ADDR

        ret = connect(sockfd, (struct sockaddr *) &servAddr, sizeof(servAddr));

        if (ret < 0)
        {
            fdClose((SOCKET) sockfd);
            Task_sleep(2000);
            continue;
        }
    } while (ret != 0);

    if ((ssl = wolfSSL_new(ctx)) == NULL)
    {
        System_printf("====> tcpclient: tcpHandler: wolfSSL_new error.\r\n");
        exitApp(ctx);
    }
    else
    {
        System_printf("====> tcpclient: tcpHandler: wolfSSL_new Success \r\n");
    }

    wolfSSL_set_fd(ssl, sockfd);

    ret = wolfSSL_connect(ssl);

    /* Delete "TOP_LINE" and "END_LINE" for debugging. */

     System_printf("====> tcpclient: looked for: {%d} \r\n", SSL_SUCCESS);
     System_printf("====> tcpclient: return was: {%d} \r\n", ret);
     int err;
     char err_buffer[80];
     err = wolfSSL_get_error(ssl, 0);
     System_printf("====> tcpclient: wolfSSL error: {%d} \r\n", err);
     System_printf("====> tcpclient: wolfSSL error string: {%s} \r\n", wolfSSL_ERR_error_string(err, err_buffer));

    if (ret == SSL_SUCCESS)
    {
        sockfd = wolfSSL_get_fd(ssl);

        /* Get a buffer to receive incoming packets. Use the default heap. */
        // buffer = Memory_alloc(NULL, TCPPACKETSIZE, 0, &eb);
        buffer = (char *)mmBulkAlloc(TCPPACKETSIZE);

        if (buffer == NULL) {
            System_printf("tcpWorker: failed to alloc memory\n");
            exitApp(ctx);
        }

        /* Say hello to the server */
        while (flag) {
            if (wolfSSL_write(ssl, msg, strlen(msg)) != strlen(msg)) {
                ret = wolfSSL_get_error(ssl, 0);
                System_printf("Write error: %i.\n", ret);
            }
            while (internal_flag) {
                nbytes = wolfSSL_read(ssl, (char *) buffer, TCPPACKETSIZE);
                if (nbytes > 0) {
                    internal_flag = false;
                }
            }
            /* success */
            System_printf("Heard: \"%s\".\n", buffer);
            wolfSSL_free(ssl);
            fdClose((SOCKET) sockfd);
            flag = false;
        }

        /* Free the buffer back to the heap */
        // Memory_free(NULL, buffer, TCPPACKETSIZE);
        mmBulkFree(buffer);

        /*
         *  Since deleteTerminatedTasks is set in the cfg file,
         *  the Task will be deleted when the idle task runs.
         */
        exitApp(ctx);

    }
    else
    {
        wolfSSL_free(ssl);
        fdClose((SOCKET) sockfd);
        System_printf("wolfSSL_connect failed.\n");
        fdCloseSession(TaskSelf());
        exitApp(ctx);
    }

}

Share

Re: WOLFSSL CLIENT Error

Hi Nimesh,

The "-326" error is a record layer version error (VERSION_ERROR).  Are you sure that the server you are connecting to supports TLS 1.2?

Best Regards,
Chris

Re: WOLFSSL CLIENT Error

Hi chrisc,

MAINTENANCE NOTE: <requestb.in is no longer a valid link please see: https://github.com/Runscope/requestbin#readme> for setting up your own.

For Testing purpose i used this "https://requestb.in" and "https://www.google.co.in". i also tried with wolfssl server example running in visual studio. In all the test i got same error.

Regards,
Nimesh

Share

Re: WOLFSSL CLIENT Error

Hi Nimesh,

Are you able to capture a Wireshark trace of the failing connection?

Thanks,
Chris

7 (edited by Nimesh 2017-08-24 02:08:24)

Re: WOLFSSL CLIENT Error

Hi chrisc,

Please find Attachment of Wireshark trace screenshort.

one more thing By debugging client code using break point i am able to know at which point it gives error.

After client hello done success, In ProcessReply(ssl) function >  In GetInputData(ssl, readSz) Function >

    
do {
        in = Receive(ssl,
                     ssl->buffers.inputBuffer.buffer +
                     ssl->buffers.inputBuffer.length,
                     inSz);
        if (in == -1)
            return SOCKET_ERROR_E;

        if (in == WANT_READ)
            return WANT_READ;

        if (in > inSz)
            return RECV_OVERFLOW_E;
         
      ssl->buffers.inputBuffer.length += in;
        inSz -= in;

    } while (ssl->buffers.inputBuffer.length < size);

It return "RECV_OVERFLOW_E"  means "Receive callback returned more than requested".


Thanks,
Nimesh

Post's attachments

Wireshark2.png
Wireshark2.png 43.63 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

Share

Re: WOLFSSL CLIENT Error

Hi chrisc,

Is there any update? I dont know how to deal this Issue.


Thanks,
Nimesh

Share

Re: WOLFSSL CLIENT Error

Hi,

By enabling wolfssl Debug i am able to catch debug log.

+++++++++ Tcpclient with TLS Start ++++++++++

Custom Logging : wolfSSL Entering wolfSSL_Init
Custom Logging : wolfSSL Entering WOLFSSL_CTX_new_ex
Custom Logging : wolfSSL Entering wolfSSL_CertManagerNew
Custom Logging : wolfSSL Leaving WOLFSSL_CTX_new, return 0
====> tcpclient: wolfSSL_CTX_new Success

Custom Logging : wolfSSL Entering wolfSSL_CTX_load_verify_buffer
Custom Logging : Processing CA PEM file
Custom Logging : wolfSSL Entering PemToDer
Custom Logging : Adding a CA
Custom Logging : wolfSSL Entering GetExplicitVersion
Custom Logging : wolfSSL Entering GetMyVersion
Custom Logging : Got Cert Header
Custom Logging : wolfSSL Entering GetAlgoId
Custom Logging : wolfSSL Entering GetObjectId()
Custom Logging : Got Algo ID
Custom Logging : Getting Cert Name
Custom Logging : Getting Cert Name
Custom Logging : Got Subject Name
Custom Logging : wolfSSL Entering GetAlgoId
Custom Logging : wolfSSL Entering GetObjectId()
Custom Logging : Got Key
Custom Logging : Parsed Past Key
Custom Logging : wolfSSL Entering DecodeCertExtensions
Custom Logging : wolfSSL Entering GetObjectId()
Custom Logging : wolfSSL Entering DecodeCrlDist
Custom Logging : wolfSSL Entering GetObjectId()
Custom Logging : wolfSSL Entering GetObjectId()
Custom Logging : wolfSSL Entering DecodeKeyUsage
Custom Logging : wolfSSL Entering GetObjectId()
Custom Logging : wolfSSL Entering DecodeAuthKeyId
Custom Logging : wolfSSL Entering GetObjectId()
Custom Logging : wolfSSL Entering DecodeSubjKeyId
Custom Logging : wolfSSL Entering GetObjectId()
Custom Logging : wolfSSL Entering DecodeBasicCaConstraint
Custom Logging : wolfSSL Entering GetObjectId()
Custom Logging : wolfSSL Entering GetAlgoId
Custom Logging : wolfSSL Entering GetObjectId()
Custom Logging :     Parsed new CA
Custom Logging :     Freeing Parsed CA
Custom Logging :     Freeing der CA
Custom Logging :         OK Freeing der CA
Custom Logging : wolfSSL Leaving AddCA, return 0
Custom Logging :    Processed a CA
Custom Logging : wolfSSL Entering PemToDer
Custom Logging : Couldn't find PEM header
Custom Logging : CA Parse failed, no progress in file.
Custom Logging : Do not continue search for other certs in file
Custom Logging : Processed at least one valid CA. Other stuff OK
====> tcpclient: loading cert_buffer Success

Custom Logging : wolfSSL Entering wolfSSL_CTX_use_certificate_buffer
Custom Logging : Checking cert signature type
Custom Logging : wolfSSL Entering GetExplicitVersion
Custom Logging : wolfSSL Entering GetMyVersion
Custom Logging : Got Cert Header
Custom Logging : wolfSSL Entering GetAlgoId
Custom Logging : wolfSSL Entering GetObjectId()
Custom Logging : Got Algo ID
Custom Logging : Getting Cert Name
Custom Logging : Getting Cert Name
Custom Logging : Got Subject Name
Custom Logging : wolfSSL Entering GetAlgoId
Custom Logging : wolfSSL Entering GetObjectId()
Custom Logging : Got Key
Custom Logging : Not ECDSA cert signature
====> tcpclient: loading client_cert_der_2048 Success

Custom Logging : wolfSSL Entering wolfSSL_CTX_use_PrivateKey_buffer
Custom Logging : wolfSSL Entering GetMyVersion
====> tcpclient: loading client_key_der_2048 Success

00019.000 TcpTimeoutRexmt: Retransmit Timeout
Custom Logging : wolfSSL Entering SSL_new
Custom Logging : wolfSSL Leaving SSL_new, return 0
====> tcpclient: tcpHandler: wolfSSL_new Success

Custom Logging : wolfSSL Entering SSL_set_fd
Custom Logging : wolfSSL Leaving SSL_set_fd, return 1
====> tcpclient: tcpHandler: wolfSSL_set_fd Success

Custom Logging : wolfSSL Entering SSL_connect()
Custom Logging : growing output buffer

Custom Logging : Shrinking output buffer

Custom Logging : connect state: CLIENT_HELLO_SENT
Custom Logging : growing input buffer

Custom Logging : received record layer msg
Custom Logging : wolfSSL Entering DoHandShakeMsg()
Custom Logging : wolfSSL Entering DoHandShakeMsgType
Custom Logging : processing server hello
Custom Logging : wolfSSL Entering VerifyClientSuite
Custom Logging : wolfSSL Leaving DoHandShakeMsgType(), return 0
Custom Logging : wolfSSL Leaving DoHandShakeMsg(), return 0
Custom Logging : growing input buffer

Custom Logging : received record layer msg
Custom Logging : wolfSSL Entering DoHandShakeMsg()

-----------------------------------------------
Date: 8/29/2017 - 1:32:06 PM
End log file

Share