Comments (5)
Hope you found the solution to this, the short answer is assuming your server will send a cert chain consisting of a root ca (self-signed) and an entity cert (also referred to as a "leaf" cert) you would have the server load the leaf cert and it can actually leave-off the root ca since the client has to have a copy to verify the leaf cert the root CA is optional for the server to send.
Then on the client side load the root-ca that signed the leaf cert with wolfSSL_CTX_load_verify_locations(); (or the wolfSSL_CTX_load_verify_buffer(); equivalent) so the client can verify the leaf cert it receives during the connection.
If your server is truely sending two self-signed certs it is probably mis-configured. If your server sends a single self-signed cert AS the leaf cert then load the same self-signed cert in both the client and server.
Regards,
K
from wolfssl-examples.
I'm trying to connect to a iRobot Roomba e5, she returns a CA cert and another cert, it's only the information Wireshark gives to me.
I setup this line, to not verify peer certs:
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
My code doesn't work yet, cause I need send a packet over the TLS, so I'm trying to implement a buffer to do so. Not with to much success, I'm new into this :/
from wolfssl-examples.
I will give a little more context to you, I need to get a blid and a password from my roomba.
Well the blid I allready got into with sockets in C, I just sent a DGRAM with a buffer, which constains the follow string irobotmcs
, the robots reponds normally. if i'm not explaining what i did very well, please check my github code:
https://github.com/roombavacuum/libroomba
So, now I need to get the password, this is whats I know about the Roomba:
Ciphers: AES1238-SHA256
Packet to send to get the psw: f005efcc3b2900
The robot sends one root CA cert and another cert
# this is 0xf0 (mqtt reserved) 0x05(data length)
# 0xefcc3b2900 (data)
[0] 240 byte // mqtt 0xf0
[1] 5 byte // message length 0x05
[2] 239 byte // message 0xef
[3] 204 byte // message 0xcc
[4] 59 byte // message 0x3b
[5] 41 byte // message 0x29
[6] 0 byte // message 0x00 - Based on errors returned, this seems like its a response flag, where 0x00 is OK, and 0x03 is ERROR
char packet[] = { 0xf0, 0x05, 0xef, 0xcc, 0x3b, 0x29, 0x00 };
To do that I setup a client to connect, write the packet and waiting to response. But for some reason I'm not able to get a reply from the server. I put wireshark to listen to the network, but the conn is not reseted anywhere. I don't know whats to do, I am a little bit lost. I u wanna take a look at the code to get the password let me know.
from wolfssl-examples.
from wolfssl-examples.
I finished by find the solution by my self, I just did this:
int always_true_callback(int preverify, WOLFSSL_X509_STORE_CTX* store)
{
(void)preverify;
return 1;
}
/* No validate peer cert */
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, always_true_callback);
And it works just fine
Thanks for your help anyaway 👍
from wolfssl-examples.
Related Issues (20)
- Failed to connect to server when query data from etherscan with client example in SGX_Linux. HOT 1
- Windows SGX example build fails with LNK2019 HOT 4
- Thread leack detected in one of the examples HOT 1
- BTLE example error HOT 28
- ERROR: Failed to connect to wolfSSL HOT 1
- Camellia example HOT 2
- wc_ChaCha_Setkey return -173 despite following example HOT 1
- README.md typo HOT 3
- does wolfssl support tls connection establishment with client-secret-based and server-cert-based authentication? Thx HOT 5
- failed to build tls-sock-client HOT 3
- -lsgx_tstdcxx is deprecated
- wc_AesSetKey len parameter in aes-file-encrypt example HOT 4
- Build error after make command HOT 4
- Error: failed to load certificates HOT 5
- Generation of sphincs certificates HOT 2
- Espressif idf refuses to clean shared VisualGDB build directory
- Some TLS certificates expired HOT 2
- Update Espressif examples to use new "no setup" CMakeFiles.txt
- Unable to verify a certificate chain using certverify.c in certmangaer directory HOT 4
- Problem receiving messages on the dtls threaded server HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wolfssl-examples.