1 Topic by bilal.anwar (edited by bilal.anwar 2024-01-04 10:31:29)

  • Registered: 2024-01-04
  • Posts: 1

Topic: Wolfssl error -188 while connectivity with ipv6

We are working on adding support of IPv6 to our embedded device the connection is established to ipv6 server with 80 port successfully. Now, while connecting with wolfssl with 443 port we are facing the error issue -188 "ASN no signer to confirm failure"

We have also implemented the following step from readme file
"Note 2)
wolfSSL takes a different approach to certificate verification than OpenSSL does. The default policy for the client is to verify the server, this means that if you don't load CAs to verify the server you'll get a connect error, no signer error to confirm failure (-188).

If you want to mimic OpenSSL behavior of having SSL_connect succeed even if verifying the server fails and reducing security you can do this by calling:

wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);"

After adding this command we are getting the error -112 "mp_exptmod error state"

The communication logs are:
00000.000 fdOpenSession: OOM
Service Status: DHCPC    : Enabled  :          : 000
wolfSSL_Init
wolfSSL_CTX_new_ex
wolfSSL_CertManagerNew
wolfSSL_CTX_load_verify_buffer_ex
Adding a CA
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
Service Status: HTTP     : Enabled  :          : 000
wolfSSL_CTX_use_certificate_buffer
wolfSSL_CTX_use_PrivateKey_buffer
wolfSSL_CTX_use_certificate_buffer
Checking cert signature type
Not ECDSA cert signature
wolfSSL_CTX_use_PrivateKey_buffer
Service Status: DHCPC    : Enabled  : Running  : 000
Validity Passed
Address: fe80::20e:fff:fe0b:0 on device 1 is UNIQUE
Address: 2404:3100:189d:67:20e:fff:fe0b: on device 1 is UNIQUE
Network Added: If-1:192.168.1.102
Service Status: DHCPC    : Enabled  : Running  : 017

wolfSSL_CTX_new_ex
wolfSSL_CertManagerNew
wolfSSL_CTX_load_verify_buffer_ex
Adding a CA
    Parsed new CA
    Freeing Parsed CA
    Freeing der CA
        OK Freeing der CA
SSL_new
SSL_set_fd
SSL_set_read_fd
SSL_set_write_fd
SSL_free

Connection established Successfully
SSL_new
SSL_set_fd
SSL_set_read_fd
SSL_set_write_fd
wolfSSL_send()
SSL_write()
wolfSSL_negotiate
SSL_connect()
connect state: CLIENT_HELLO_SENT

-188
SSL_get_error
SSL_free
SSL_new
SSL_set_fd
SSL_set_read_fd
SSL_set_write_fd
wolfSSL_send()
SSL_write()
wolfSSL_negotiate
SSL_connect()
connect state: CLIENT_HELLO_SENT


Please guide us if there is anything we are missing? I have also added the logs..

Share

  • From: Mobile, AL
  • Registered: 2013-12-11
  • Posts: 298

Re: Wolfssl error -188 while connectivity with ipv6

Hello Bilal,

Thanks for joining the wolfSSL Forums. The -188 error indicates that the client should load a CA cert that can be used to verify the server's cert during the handshake. As you found, you can skip this check, or use a verify callback.

The -112 error is commonly encountered when a memory alloc fails.

Could you please tell us a bit about your project? Please feel free to send an email to support@wolfssl.com if you'd prefer a more private discussion.

Thanks,
Eric - wolfSSL Support

embhorn's Website

Share