当前位置: 首页 > 工具软件 > wolfSSL > 使用案例 >

wolfSSL错误码-188

呼延鹏云
2023-12-01

wolfssl错误码-188

官方解析错误是 ASN sig error, no CA signer to verify certificate
即没有 CA 签名者来验证证书
WolfSSL客户端的默认策略是验证服务器,也就是如果不加载 CA 来验证服务器,将回返回连接错误,错误码为-188。

解决方法有两种:

1 强制不验证证书

在wolfSSL_new(ctx) 前加上下面这句
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);

2 提供CA证书

百度根证书

wolfSSL_CTX_load_verify_locations(ctx,"GlobalSign_root.cer", NULL)

测试代码:

/**
  * ******************************************************
  * Copyright (c) 2021—2021  lestly  All rights reserved.  
  * File Name          ssl.c
  * Author             lestly
  * Version            V1.0
  * date               2021/8/10
  *                    2021/8/11
  * Description        测试wolfssl https功能
  * *******************************************************
  */

#include <stdio.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <sys/socket.h> 
#include <unistd.h> 
#include <sys/types.h> 

int client(byte *request_get, const byte *ipAddr)
{
    int fd;
    int len;
    int ret;
    const int PORT = 443;
    struct sockaddr_in addr;
    memset(&addr,0,sizeof(addr));

    WOLFSSL *ssl = NULL;
    WOLFSSL_CTX* ctx = NULL;

    do
    { 
        wolfSSL_Init();
        //Use highest version possible from
        if ((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())) == NULL) 
        {
            printf( "wolfSSL_CTX_new error.\n");
            wolfSSL_CTX_free(ctx);
            return -1;
        }
/*
        //加载百度根目录证书
        if ((ret = wolfSSL_CTX_load_verify_locations(ctx,"GlobalSign_root.cer", NULL)) != SSL_SUCCESS) 
        {
            printf( "Error loading GlobalSign_root.cer,"" please check the file. %d\n",ret);
            wolfSSL_CTX_free(ctx);
    		return -1;
		}
*/		
        wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);

        
        if ((ssl = wolfSSL_new(ctx)) == NULL)
        {
            printf("wolfssl new fail\n");
            break;
        } 

        //****socket*******
        if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
        {
            printf("fd < 0\n");
            break;
        }

        addr.sin_addr.s_addr = inet_addr(ipAddr); //baidu ip
        addr.sin_family = AF_INET;
        addr.sin_port = htons(PORT);

        while(connect(fd,(struct sockaddr*)&addr,sizeof(addr)) != 0)
        {
            printf("connect error \n");	
        }
        //****socket********

        if ((ret = wolfSSL_set_fd(ssl,fd)) != SSL_SUCCESS)
        {
            printf("set fd fail\n");
            break;
        }
        
        if ((ret = wolfSSL_connect(ssl)) != SSL_SUCCESS)
        {
            char buffer[80];
            int err = wolfSSL_get_error(ssl, ret);
            printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));   
            break;
        }

        //wolfssl will connect before write/read
        len = wolfSSL_write(ssl,(byte*)request_get,strlen(request_get));
        if(len < 0)
        {
            printf("ssl write fail\n");
            break;
        }
        printf("%s",request_get);
  
        char ch[1024];
        while(wolfSSL_read(ssl, &ch, 1024) > 0)
        { 
            printf("%s", ch);
            memset(ch, 0, 1024);
        }
       
    } while (0);

    close(fd); 
    wolfSSL_shutdown(ssl);
    wolfSSL_free(ssl);
    wolfSSL_CTX_free(ctx);
    wolfSSL_Cleanup();

}

int main()
{
    #if defined(DEBUG_WOLFSSL)
  //      wolfSSL_Debugging_ON();
    #endif

	const byte ipAddr[] = "14.215.177.39";  //百度ip,ping得出

    byte request_get[] = "GET https://www.baidu.com"" HTTP/1.1\r\n"
    "Accept: */*\r\n""Accept-Language: zh-Hans-CN, zh-Hans; q=0.8, en-US; q=0.5, en; q=0.3\r\n"
    "Connection: close\r\n""Host: www.baidu.com\r\n\r\n";
  
    client(request_get, ipAddr);
    
    return 0;
}

 类似资料: