This repository has been archived by the owner on Dec 20, 2022. It is now read-only.
ERROR: failed to connect to wolfSSL, return value = -188 #28
Comments
|
I'm not a maintainer of this repository (but participated in this), so I'll just quickly note that this repo is outdated and is not recommended for use with RA-TLS. The officially supported way to use RA-TLS is to use it in conjunction with Graphene-SGX: https://github.com/oscarlab/graphene. You can find more info on RA-TLS plus Graphene here: https://graphene.readthedocs.io/en/latest/attestation.html. The examples can be found here: https://github.com/oscarlab/graphene/tree/master/Examples/ra-tls-secret-prov and https://github.com/oscarlab/graphene/tree/master/Examples/ra-tls-mbedtls. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hello,
I am running sgx-ra-tls with wolfSSL but I got the following issue raising from the client side:
`[+] Client Test:
[+] Connection with server has been established
wolfSSL Entering wolfSSL_Init
wolfSSL Entering wolfCrypt_Init
wolfSSL Entering TLSv1_2_client_method_ex
wolfSSL Entering wolfSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_set_verify
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering SSL_set_fd
wolfSSL Entering SSL_set_read_fd
wolfSSL Leaving SSL_set_read_fd, return 1
wolfSSL Entering SSL_set_write_fd
wolfSSL Leaving SSL_set_write_fd, return 1
wolfSSL Entering SSL_connect()
wolfSSL Entering SendClientHello
Adding signature algorithms extension
growing output buffer
Signature Algorithms extension to write
Point Formats extension to write
Supported Groups extension to write
Encrypt-Then-Mac extension to write
EMS extension to write
Shrinking output buffer
wolfSSL Leaving SendClientHello, return 0
connect state: CLIENT_HELLO_SENT
growing input buffer
received record layer msg
got HANDSHAKE
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing server hello
wolfSSL Entering DoServerHello
wolfSSL Entering VerifyClientSuite
wolfSSL Leaving DoServerHello, return 0
Shrinking input buffer
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
growing input buffer
received record layer msg
got HANDSHAKE
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing certificate
wolfSSL Entering DoCertificate
wolfSSL Entering ProcessPeerCerts
Loading peer's cert chain
Put another cert into chain
Verifying Peer's cert
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
No CA signer to verify with
Failed to verify Peer's cert
Callback override available, will continue
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Parsed Past Key
wolfSSL Entering DecodeCertExtensions
wolfSSL Entering GetObjectId()
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
quote size is 4594; quote signature_data_len is 4158.
[load_qve ../sgx_dcap_quoteverify.cpp:199] Call sgx_create_enclave for QvE. /usr/lib/x86_64-linux-gnu/libsgx_qve.signed.so
[sgx_qv_get_quote_supplemental_data_size ../sgx_dcap_quoteverify.cpp:541] Info: sgx_qve_get_quote_supplemental_data_version successfully returned.
[sgx_qv_get_quote_supplemental_data_size ../sgx_dcap_quoteverify.cpp:551] Info: sgx_qve_get_quote_supplemental_data_size successfully returned.
[unload_qve ../sgx_dcap_quoteverify.cpp:267] unload qve enclave 0X3
sgx_qv_get_quote_supplemental_data_size successfully returned.
[load_qve ../sgx_dcap_quoteverify.cpp:199] Call sgx_create_enclave for QvE. /usr/lib/x86_64-linux-gnu/libsgx_qve.signed.so
[sgx_qv_get_quote_supplemental_data_size ../sgx_dcap_quoteverify.cpp:541] Info: sgx_qve_get_quote_supplemental_data_version successfully returned.
[sgx_qv_get_quote_supplemental_data_size ../sgx_dcap_quoteverify.cpp:551] Info: sgx_qve_get_quote_supplemental_data_size successfully returned.
[unload_qve ../sgx_dcap_quoteverify.cpp:267] unload qve enclave 0X4
[sgx_qv_verify_quote ../sgx_dcap_quoteverify.cpp:450] Info: get_fmspc_ca_from_quote successfully returned.
[sgx_qv_verify_quote ../sgx_dcap_quoteverify.cpp:465] Info: sgx_dcap_retrieve_verification_collateral successfully returned.
[sgx_qv_verify_quote ../sgx_dcap_quoteverify.cpp:484] Info: QVL: sgx_qve_verify_quote successfully returned.
App: sgx_qv_verify_quote successfully returned.
Warning: App: Verification completed with Non-terminal result: a007
Verifying SGX certificate extensions ... Success
wolfSSL Entering SendAlert
growing output buffer
Shrinking output buffer
wolfSSL Leaving SendAlert, return 0
wolfSSL Leaving ProcessPeerCerts, return -188
wolfSSL Leaving DoCertificate, return -188
wolfSSL Leaving DoHandShakeMsgType(), return -188
wolfSSL Leaving DoHandShakeMsg(), return -188
wolfSSL error occurred, error = -188
wolfSSL error occurred, error = -188
ERROR: failed to connect to wolfSSL
wolfSSL Entering SSL_free
CTX ref count not 0 yet, no free
Shrinking input buffer`
When I track this error, it mentions "ASN sig error, no CA signer to verify certificate". Does it mean after calling a verify_certificate_callback, it still needs a trusted CA to verify the server's certificate?
Here is a part of the code I implemented on the client side:
....
`wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, cert_verify_callback);
...
Thank you in advance,
Best Regards,
Sri Yulianti
The text was updated successfully, but these errors were encountered: