search

MicrochipTech / mbedtls-examples

8 stars 10 forks source link

mbedtls_ssl_handshake returned -0x7780 #7

Closed zxb1717 closed 4 years ago

zxb1717 commented 4 years ago

. Seeding the random number generator... ok . Loading the CA root certificate ... ok (0 skipped) . Connecting to tcp/qa2.greenlotstest.com/443...SSL: gethostbyname OK Change DNS to IP:52.33.121.44:443 ok . Setting up the SSL/TLS structure... ok . Performing the SSL/TLS handshake... --------------ssl->state = 0 ------------------- --------------ssl->state = 1 ------------------- --------------ssl->state = 2 ------------------- --------------ssl->state = 3 ------------------- --------------ssl->state = 4 ------------------- --------------ssl->state = 5 ------------------- --------------ssl->state = 6 ------------------- --------------ssl->state = 7 ------------------- --------------ssl->state = 8 ------------------- --------------ssl->state = 9 ------------------- --------------ssl->state = 10 ------------------- --------------ssl->state = 11 ------------------- --------------ssl->state = 17 ------------------- ..\PolarSSL\src\ssl_tls.c:4095: is a fatal alert message (msg 40) ..\PolarSSL\src\ssl_tls.c:3822: mbedtls_ssl_handle_message_type() returned -30592 (-0x7780) ..\PolarSSL\src\ssl_cli.c:3279: mbedtls_ssl_read_record() returned -30592 (-0x7780)

this is my log above, i tried many times,and it always stucked here at the same place and the same code. someone can give me any suggestion, thanks. if more detailed log needed, i will upload it.

zxb1717 commented 4 years ago

by the way, the value of ssl->state is defined in ssl.h: typedef enum { MBEDTLS_SSL_HELLO_REQUEST, //=0 MBEDTLS_SSL_CLIENT_HELLO, //=1 MBEDTLS_SSL_SERVER_HELLO, //=2 MBEDTLS_SSL_SERVER_CERTIFICATE, //=3 MBEDTLS_SSL_SERVER_KEY_EXCHANGE, //=4 MBEDTLS_SSL_CERTIFICATE_REQUEST, //=5 MBEDTLS_SSL_SERVER_HELLO_DONE, //=6 MBEDTLS_SSL_CLIENT_CERTIFICATE, //=7 MBEDTLS_SSL_CLIENT_KEY_EXCHANGE, //=8 MBEDTLS_SSL_CERTIFICATE_VERIFY, //=9 MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC, //=10 MBEDTLS_SSL_CLIENT_FINISHED, //=11 MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC, //=12 MBEDTLS_SSL_SERVER_FINISHED, //=13 MBEDTLS_SSL_FLUSH_BUFFERS, //=14 MBEDTLS_SSL_HANDSHAKE_WRAPUP, //=15 MBEDTLS_SSL_HANDSHAKE_OVER, //=16 MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET, //=17 MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,//=18 } mbedtls_ssl_states;

zxb1717 commented 4 years ago

..\PolarSSL\src\ssl_cli.c:3382: client state: 11 ..\PolarSSL\src\ssl_tls.c:2475: => flush output ..\PolarSSL\src\ssl_tls.c:2486: <= flush output --------------ssl->state = 11 ------------------- ..\PolarSSL\src\ssl_tls.c:5266: => write finished ..\PolarSSL\src\ssl_tls.c:5100: => calc finished tls sha256 ..\PolarSSL\src\ssl_tls.c:5111: dumping 'finished sha2 state' (32 bytes) ..\PolarSSL\src\ssl_tls.c:5111: 0000: df 9a fc 74 43 04 59 bc 6b 46 db ac cf 1d 7d 62 ...tC.Y.kF....}b ..\PolarSSL\src\ssl_tls.c:5111: 0010: f7 09 11 5e cd b6 33 20 7b 19 0f b9 eb bf f9 99 ...^..3 {....... ..\PolarSSL\src\ssl_tls.c:5119: dumping 'calc finished result' (12 bytes) ..\PolarSSL\src\ssl_tls.c:5119: 0000: 42 88 14 1f 00 89 f4 ba 3a 40 8f c1 B.......:@.. ..\PolarSSL\src\ssl_tls.c:5124: <= calc finished ..\PolarSSL\src\ssl_tls.c:5319: switching to new transform spec for outbound data ..\PolarSSL\src\ssl_tls.c:2763: => write record ..\PolarSSL\src\ssl_tls.c:1269: => encrypt buf ..\PolarSSL\src\ssl_tls.c:1278: dumping 'before encrypt: output payload' (16 bytes) ..\PolarSSL\src\ssl_tls.c:1278: 0000: 14 00 00 0c 42 88 14 1f 00 89 f4 ba 3a 40 8f c1 ....B.......:@.. ..\PolarSSL\src\ssl_tls.c:1386: dumping 'additional data used for AEAD' (13 bytes) ..\PolarSSL\src\ssl_tls.c:1386: 0000: 00 00 00 00 00 00 00 00 16 03 03 00 10 ............. ..\PolarSSL\src\ssl_tls.c:1417: dumping 'IV used' (8 bytes) ..\PolarSSL\src\ssl_tls.c:1417: 0000: 00 00 00 00 00 00 00 00 ........ ..\PolarSSL\src\ssl_tls.c:1427: before encrypt: msglen = 24, including 0 bytes of padding ..\PolarSSL\src\ssl_tls.c:1453: dumping 'after encrypt: tag' (16 bytes) ..\PolarSSL\src\ssl_tls.c:1453: 0000: d9 17 6e 19 52 88 07 92 e9 c6 1d ea 11 cf 10 45 ..n.R..........E ..\PolarSSL\src\ssl_tls.c:1587: <= encrypt buf ..\PolarSSL\src\ssl_tls.c:2903: output record: msgtype = 22, version = [3:3], msglen = 40 ..\PolarSSL\src\ssl_tls.c:2904: dumping 'output record sent to network' (45 bytes) ..\PolarSSL\src\ssl_tls.c:2904: 0000: 16 03 03 00 28 00 00 00 00 00 00 00 00 08 28 9d ....(.........(. ..\PolarSSL\src\ssl_tls.c:2904: 0010: ab 53 1f fa ee 84 00 a1 8c e6 06 37 22 d9 17 6e .S.........7"..n ..\PolarSSL\src\ssl_tls.c:2904: 0020: 19 52 88 07 92 e9 c6 1d ea 11 cf 10 45 .R..........E ..\PolarSSL\src\ssl_tls.c:2475: => flush output ..\PolarSSL\src\ssl_tls.c:2492: message length: 45, out_left: 45 ..\PolarSSL\src\ssl_tls.c:2497: ssl->f_send() returned -78 (-0x004e) ..\PolarSSL\src\ssl_tls.c:2909: mbedtls_ssl_flush_output() returned -78 (-0x004e) ..\PolarSSL\src\ssl_tls.c:5370: mbedtls_ssl_write_record() returned -78 (-0x004e) ..\PolarSSL\src\ssl_tls.c:6702: <= handshake failed ! mbedtls_ssl_handshake returned -0x4e

Last error was: -78 - UNKNOWN ERROR CODE (004E)

zxb1717 commented 4 years ago

Anybody please help me

bryan-hunt commented 4 years ago

You have to explain what you’re trying to do here. The logs don’t really make much sense. Did you go through the provisioning process with an ECC device and verify the certificates are correct? Also it looks like you’re trying to connect to a custom provider - have you verified the mutual TLS settings for the server match what is being attempted by the connect example?

zxb1717 commented 4 years ago

@bryan-hunt First of all, thanks for your reply! 1.You have to explain what you’re trying to do here. < I want to connect to a customer backend through mbedtls on stm32 platform, but it always failed at the same place> 2.Did you go through the provisioning process with an ECC device and verify the certificates are [correct?] <yes, i'm sure the certificates from server side are correct>

  1. Also it looks like you’re trying to connect to a custom provider
    • have you verified the mutual TLS settings for the server match what is being attempted by the connect example? <Sorry, i can't get any feedback from server side , i don't know what kinds of settings should be configurated before we start the tls-handshake.>
bryan-hunt commented 4 years ago

Are you using an ATECC608A in your device?

zxb1717 commented 4 years ago

@bryan-hunt No, i didn't use this.

zxb1717 commented 4 years ago

hello, somebody please give some advice.

bryan-hunt commented 4 years ago

This project is to demonstrate integration of an ATECC608A device into mbedtls to handle operations such as ECDH and ECDSA. This is to both demonstrate the elliptic curve acceleration capabilities and most of all the authentication features of the ATECC608A. As you are not using this device this is the wrong venue for requesting support.

zxb1717 commented 4 years ago

@bryan-hunt Sorry . Thanks anyway