Topic: ParseCert returns -144. on RIOT Os

I am trying to parse a csr using wolfssl in RIOT operating system.

file = fopen(file_name, "rb");
    if (!file) {
        printf("can't open certificate\n");
        return 1;

    pem_cert_size = fread(pem_cert_buf, 1,LARGE_TEMP_SZ, file);
    printf("Successfully read %d bytes from %s\n\n", pem_cert_size, file_name);

    if (pem_cert_size <= 0) {
        printf("pem cert read error:%d\n", (int)pem_cert_size);
        return 1;
    DEBUG("\n\npem cert size:%d\n\n", pem_cert_size);

    der_cert_size = wc_CertPemToDer(pem_cert_buf, pem_cert_size, der_cert_buf, LARGE_TEMP_SZ,

    if (der_cert_size <= 0) {
        printf("cant convert pem to der:%d\n", (int)der_cert_size);
        return 1;
     printf("Converted CSR Cert PEM to DER %d bytes\n", der_cert_size);

    InitDecodedCert(&decoded_cert, der_cert_buf,der_cert_size, NULL);
    int ret = ParseCert(&decoded_cert, CERTREQ_TYPE, NO_VERIFY, NULL);

    printf("ParseCert ret:%d\n",ret);


I am following the … csr_sign.c sample.I have enabled WOLFSSL_TEST_CERT. I was able to parse a x509 certificate and get the contents in "DecodedCert".Now I want to do the same with Certfificate signing requests.But ParseCert function throws error. Could anyone help with the problem ?  WolfSSL debugging is given below

Successfully read 428 bytes from testcsr1.pem

wolfSSL Entering wc_CertPemToDer
wolfSSL Entering PemToDer
Converted CSR Cert PEM to DER 264 bytes
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
ParseCert ret:-144


Re: ParseCert returns -144. on RIOT Os

Hi adarshr.r6

Thanks for contacting wolfSSL. Typically we would like to review the problematic CSR. If you'd rather not share on this public forum, you are welcome to submit a support request by emailing

3 (edited by adarshr.r6 2022-01-21 14:29:23)

Re: ParseCert returns -144. on RIOT Os

It is a  csr I made using openssl for testing following ths blog … g-openssl/

Post's attachments

testcsr2.pem 550 b, 2 downloads since 2022-01-21 

You don't have the permssions to download the attachments of this post.


Re: ParseCert returns -144. on RIOT Os

The parser is failing on the attribute

unstructuredName         :ovgu
openssl req -in testcsr2.pem -noout -text
Certificate Request:
        Version: 1 (0x0)
        Subject: C = DE, ST = BW, L = KER, O = OVGU, OU = COMSYS, CN = testName, emailAddress =
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                ASN1 OID: prime256v1
                NIST CURVE: P-256
            unstructuredName         :ovgu
            challengePassword        :1234
    Signature Algorithm: ecdsa-with-SHA256

Here is some relevant information: … cturedname

Try rebuilding the CSR without entering the unstructuredName field.

5 (edited by adarshr.r6 2022-01-23 03:08:39)

Re: ParseCert returns -144. on RIOT Os

I have created the csr without unstructuredName..still I get the same error. Is there any modules that needs to be enabled ?but everything works fine when i try to  parse a x509 this error is just happening for csr. I have also tried to parse the csr from wolfssl examples … 0c/certgenon github.still the same error.

I could see from wolfssl manual  that -144 means ASN_OBJECT_ID_E ,ASN object id error, invalid id. How can I solve this error ?

Post's attachments

testcsr4.pem 404 b, 1 downloads since 2022-01-22 

You don't have the permssions to download the attachments of this post.


Re: ParseCert returns -144. on RIOT Os

Thanks for clarifying. I was able to reproduce a similar error

Creating certificate...
Failure code was -134


./configure --enable-certgen --enable-certext --enable-certreq --enable-keygen --enable-debug

But with

./configure --enable-all --enable-debug

  the example works correctly. I will work on updating the example instructions.

Re: ParseCert returns -144. on RIOT Os

Thanks for the reply and testing the certificates. I am trying to implement the program in riot os and I am using Makefile to enable modules. Could you also tell me what all modules are  enabled when "/configure --enable-all --enable-debug" using this command ?

I am adding relevant part of my makefile for your reference

USEPKG += wolfssl
USEMODULE += wolfssl
USEMODULE += wolfssl_socket
USEMODULE += wolfcrypt 
USEMODULE += wolfcrypt_ecc
USEMODULE += wolfcrypt_asn
USEMODULE += wolfcrypt-test