1 (edited by malik.musovic 2022-06-29 05:31:51)

Topic: Using wolfSSL to get a websocket connection

Hello I get this error when trying to connect to my host using the right certificates and so on:

E (6674) esp-tls-wolfssl: wolfSSL_connect returned -1, error code: -322
E (6674) esp-tls: Failed to open new connection
E (6684) TRANSPORT_BASE: Failed to open a new connection
E (6694) TRANSPORT_WS: Error connecting to host MYHOST
E (6694) WEBSOCKET_CLIENT: Error transport connect

what does error code: -322 mean exactly?


Re: Using wolfSSL to get a websocket connection

Hello Malik,

Thanks for joining the wolfSSL Forums.

The -322 code corresponds to the following error in wolfssl/error-ssl.h

    DOMAIN_NAME_MISMATCH         = -322,   /* peer subject name mismatch */

The error code DOMAIN_NAME_MISMATCH would make sense if you are using a certificate issued for one domain with a different domain.

Could you please provide some more details such as the domains in question, the cert(s) in question and how we might reproduce on our end?

Do you have a site accessible that we can test against and a copy of the certificate in question?

Kind regards,
Eric @ wolfSSL Support

Re: Using wolfSSL to get a websocket connection

Thanks for the hint!
We will investigate further. If we require further support we will come back.


4 (edited by malik.musovic 2022-07-12 00:47:59)

Re: Using wolfSSL to get a websocket connection

in our case the ESP WebSocket implementation instructed WolfSSL to not send the whole certificate chain for some reason so we had to change the code in esp_tls_wolfssl.c file

We changed: line 102
if (type == FILE_TYPE_SELF_CERT) {
            if ((*err_ret = wolfSSL_CTX_use_certificate_buffer( (WOLFSSL_CTX *)tls->priv_ctx, cert_buf, cert_len, wolf_fileformat)) == WOLFSSL_SUCCESS) {
                return ESP_OK;

and used wolfSSL_CTX_use_certificate_chain_buffer instead. Then it worked.