1 (edited by cookie 2019-10-29 01:04:39)

Topic: [SOLVED] Setting up a barebones client

Hello,

I am trying to run a barebones version of the client example with the code bellow. I have tried this code with both server and echoserver examples. In both cases the connection is made (I am running both scripts on the same machine) but sending the message produces an "345, peer didn't send cert" error with server example and "308, error state on socket" with the echoserver example. I guess I am missing something obvious but I cannot figure it out.

Any feedback is appreciated, thank you!

#include        <sys/socket.h>  /* basic socket definitions */
#include        <netinet/in.h>  /* sockaddr_in{} and other Internet defns */
#include        <stdio.h>
#include        <stdlib.h>
#include        <string.h>
#include        <unistd.h>
#include        <errno.h>
#include        <arpa/inet.h>
#include        <signal.h>
#include        <wolfssl/ssl.h>


#define SERV_IP "127.0.0.1"
#define SERV_PORT 11111
#define SA      struct sockaddr

int main() {
        int                     sockfd;
        struct sockaddr_in      servaddr;
        size_t                  len;
        char                    buff[256];


        printf("Connecting to IP: %d, on PORT: %d\n\n", SERV_IP, SERV_PORT);
        WOLFSSL_CTX* ctx;

        wolfSSL_Init();/* Initialize wolfSSL */

        /* Create the WOLFSSL_CTX */

        if ( (ctx = wolfSSL_CTX_new(wolfTLSv1_1_client_method())) == NULL){
                fprintf(stderr, "wolfSSL_CTX_new error.\n");
                exit(EXIT_FAILURE);
        }

        /* Load CA certificates into WOLFSSL_CTX */

        if (wolfSSL_CTX_load_verify_locations(ctx,"ca-cert.pem",0) != SSL_SUCCESS) {
                fprintf(stderr, "Error loading ca-cert.pem, please check the file.\n");
                exit(EXIT_FAILURE);
        }

        sockfd = socket(AF_INET, SOCK_STREAM, 0);

        printf("sockfd state: %d\n", sockfd);

        bzero(&servaddr, sizeof(servaddr));
        servaddr.sin_family = AF_INET;
        servaddr.sin_port = htons(SERV_PORT);
        inet_pton(AF_INET, SERV_IP, &servaddr.sin_addr);

        printf("connection: %d\n",connect(sockfd, (SA *) &servaddr, sizeof(servaddr)));

        // WOLFSSL object
        WOLFSSL* ssl;
        if ((ssl = wolfSSL_new(ctx)) == NULL) {
                printf("wolfSSL error\n");
                exit(EXIT_FAILURE);
        }


        if (wolfSSL_set_fd(ssl, sockfd) != SSL_SUCCESS) {
                printf("set_fd failed!\n");
                exit(EXIT_FAILURE);
        }

        printf("Message for server: ");
        memset(buff, 0, sizeof(buff));
        fgets(buff, sizeof(buff), stdin);
        len = strnlen(buff, sizeof(buff));

        /* Send the message to the server */
        if (wolfSSL_write(ssl, buff, len) != len) {
                printf("ERROR: failed to write\n");
                exit(EXIT_FAILURE);
        }

        wolfSSL_free(ssl);
        wolfSSL_CTX_free(ctx);
        wolfSSL_Cleanup();
        return 0;
}

Share

Re: [SOLVED] Setting up a barebones client

Hi Cookie,

Have you seen our simple TLS examples in our wolfssl-examples repo?
https://github.com/wolfSSL/wolfssl-exam … master/tls

The -345 NO_PEER_CERT error indicates the peer did not present a certificate. See the wolfSSL_CTX_set_verify API for setting the verify options for the peer certificate.

Thanks,
David Garske, wolfSSL

Thanks,
David Garske, wolfSSL

Share

3 (edited by Kaleb J. Himes 2019-10-28 12:32:21)

Re: [SOLVED] Setting up a barebones client

@Cookie,

You can use the -d option when running the normal server example to disable client authentication.

For -308 when testing with the echo server try having your client use wolfTLSv1_2_client_method() (TLS v1.2) instead of wolfTLSv1_1_client_method() (TLS v1.1).

Cheers,

- KH

Re: [SOLVED] Setting up a barebones client

Hello,

@dgarske,

Somehow I have missed those examples, I got them running now just fine, this is what I was looking for. Thank you!


@Kaleb J. Himes,

Running the server with the -d option worked out, changing the TLS version unfortunately did not change the situation.

Thank you both for quick answers, I will look into the API more in depth.

Share