wolfSSL错误码-188
呼延鹏云
wolfssl错误码-188
官方解析错误是 ASN sig error, no CA signer to verify certificate
即没有 CA 签名者来验证证书
WolfSSL客户端的默认策略是验证服务器,也就是如果不加载 CA 来验证服务器,将回返回连接错误,错误码为-188。
解决方法有两种:
1 强制不验证证书
在wolfSSL_new(ctx) 前加上下面这句
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
2 提供CA证书
wolfSSL_CTX_load_verify_locations(ctx,"GlobalSign_root.cer", NULL)
测试代码:
/**
* ******************************************************
* Copyright (c) 2021—2021 lestly All rights reserved.
* File Name ssl.c
* Author lestly
* Version V1.0
* date 2021/8/10
* 2021/8/11
* Description 测试wolfssl https功能
* *******************************************************
*/
#include <stdio.h>
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <sys/socket.h>
#include <unistd.h>
#include <sys/types.h>
int client(byte *request_get, const byte *ipAddr)
{
int fd;
int len;
int ret;
const int PORT = 443;
struct sockaddr_in addr;
memset(&addr,0,sizeof(addr));
WOLFSSL *ssl = NULL;
WOLFSSL_CTX* ctx = NULL;
do
{
wolfSSL_Init();
//Use highest version possible from
if ((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())) == NULL)
{
printf( "wolfSSL_CTX_new error.\n");
wolfSSL_CTX_free(ctx);
return -1;
}
/*
//加载百度根目录证书
if ((ret = wolfSSL_CTX_load_verify_locations(ctx,"GlobalSign_root.cer", NULL)) != SSL_SUCCESS)
{
printf( "Error loading GlobalSign_root.cer,"" please check the file. %d\n",ret);
wolfSSL_CTX_free(ctx);
return -1;
}
*/
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
if ((ssl = wolfSSL_new(ctx)) == NULL)
{
printf("wolfssl new fail\n");
break;
}
//****socket*******
if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
{
printf("fd < 0\n");
break;
}
addr.sin_addr.s_addr = inet_addr(ipAddr); //baidu ip
addr.sin_family = AF_INET;
addr.sin_port = htons(PORT);
while(connect(fd,(struct sockaddr*)&addr,sizeof(addr)) != 0)
{
printf("connect error \n");
}
//****socket********
if ((ret = wolfSSL_set_fd(ssl,fd)) != SSL_SUCCESS)
{
printf("set fd fail\n");
break;
}
if ((ret = wolfSSL_connect(ssl)) != SSL_SUCCESS)
{
char buffer[80];
int err = wolfSSL_get_error(ssl, ret);
printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer));
break;
}
//wolfssl will connect before write/read
len = wolfSSL_write(ssl,(byte*)request_get,strlen(request_get));
if(len < 0)
{
printf("ssl write fail\n");
break;
}
printf("%s",request_get);
char ch[1024];
while(wolfSSL_read(ssl, &ch, 1024) > 0)
{
printf("%s", ch);
memset(ch, 0, 1024);
}
} while (0);
close(fd);
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
wolfSSL_Cleanup();
}
int main()
{
#if defined(DEBUG_WOLFSSL)
// wolfSSL_Debugging_ON();
#endif
const byte ipAddr[] = "14.215.177.39"; //百度ip,ping得出
byte request_get[] = "GET https://www.baidu.com"" HTTP/1.1\r\n"
"Accept: */*\r\n""Accept-Language: zh-Hans-CN, zh-Hans; q=0.8, en-US; q=0.5, en; q=0.3\r\n"
"Connection: close\r\n""Host: www.baidu.com\r\n\r\n";
client(request_get, ipAddr);
return 0;
}
类似资料: