Mbed forum

Error during ssl_parse_server_hello


(Mattia Berton) #1

Hello,
I’m trying to connect to a local Mosquitto broker using 8883 port.
I have a problem during the ssl_parse_server_hello: it returns -78 (0x004E), which should be MBEDTLS_ERR_NET_SEND_FAILED.
What could it be related to?
I have this verbose:

client hello, max version: [3:3]
, at line 757 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c

client hello, current time: 0
, at line 695 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c

dumping ‘client hello, random bytes’ (32 bytes)
, at line 766 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c

0000: 00 00 00 00 39 e7 1c 5d 88 ad 03 bb e2 18 81 65 …9…]…e
, at line 766 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c

0010: ce 28 cb 7a a3 33 7c c0 77 bd 4c f5 82 37 72 af .(.z.3|.w.L…7r.
, at line 766 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c

client hello, session id len.: 0
, at line 819 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c

dumping ‘client hello, session id’ (0 bytes)
, at line 820 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c

client hello, add ciphersuite: c02c
, at line 887 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c

client hello, add ciphersuite: c02b
, at line 887 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c

client hello, got 3 ciphersuites
, at line 920 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c

client hello, compress len.: 1
, at line 951 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c

client hello, compress alg.: 0
, at line 953 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c

client hello, adding signature_algorithms extension
, at line 178 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c

client hello, adding supported_elliptic_curves extension
, at line 263 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c

client hello, adding supported_point_formats extension
, at line 328 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c

client hello, total extension length: 38
, at line 1025 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c

=> write record
, at line 2701 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c

output record: msgtype = 22, version = [3:1], msglen = 89
, at line 2838 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c

dumping ‘output record sent to network’ (94 bytes)
, at line 2841 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c

0000: 16 03 01 00 59 01 00 00 55 03 03 00 00 00 00 39 …Y…U…9
, at line 2841 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c

0010: e7 1c 5d 88 ad 03 bb e2 18 81 65 ce 28 cb 7a a3 …]…e.(.z.
, at line 2841 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c

0020: 33 7c c0 77 bd 4c f5 82 37 72 af 00 00 06 c0 2c 3|.w.L…7r…,
, at line 2841 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c

0030: c0 2b 00 ff 01 00 00 26 00 0d 00 12 00 10 06 03 .+…&…
, at line 2841 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c

0040: 06 01 05 03 05 01 04 03 04 01 03 03 03 01 00 0a …
, at line 2841 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c

0050: 00 06 00 04 00 18 00 17 00 0b 00 02 01 00 …
, at line 2841 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c

=> flush output
, at line 2416 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c

message length: 94, out_left: 94
, at line 2435 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c

ssl->f_send() returned -78 (-0x004e)
, at line 2441 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c

mbedtls_ssl_flush_output() returned -78 (-0x004e)
, at line 2846 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c

mbed
=> free
, at line 7344 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c

<= free
, at line 7409 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_tls.c

tls_ssl_write_record() returned -78 (-0x004e)
, at line 1047 in file …\Middlewares\Third_Party\mbedTLS\library\ssl_cli.c

I also have seen that my Mosquitto broker see the connection, but the handshake is failing.

Could the problem be related to certificate? I attached the server certificate in the parsing: mbedtls_x509_crt_parse(&cacert, (const unsigned char *)mbedtls_m2mqtt_srv_crt, mbedtls_m2mqtt_srv_crt_len );

Edit 07/12 h 17.45: is it possible that the TLS handshaking fails because of a missing timedate?

Thank you,
Mattia


(Ron Eldor) #2

Hi @MattiaBerton
the log you attached shows a networking error while sending the “client hello” message.
According to the log, the handshake hasn’t even reached the server hello message, as your client failed to send the “client hello” message.
Since the error is from the networking layer, I suggest you investigate your bio functions used on your platform. It is the supplied BSD network reference code, you should investigate the errno returned from the write function returned by your system.

If the log is different than the actual failure you are receiving, please upload new logs, as there could be several reasons for failures.
Regards,
Mbed TLS Team member
Ron


(Mattia Berton) #3

Hello Ron,
you were right, the bio functions were not correctly set. Now I can send, but I can’t receive.
Since I have a socket-less implementation using LWIP, is there a way to read the data from the Ethernet to a low level? All examples I have seen uses sockets.
Thank you for your support,
Mattia


(Ron Eldor) #4

Hi Mattia,
Yes, the examples use supplied networking module, which uses BSD sockets.
HOwever, you can replace the bio callbacks that are set in mbedtls_ssl_set_bio() to your own callbacks that call your LWIP interface as described in this article.
The callbacks should have the following prototypes:

typedef int mbedtls_ssl_send_t( void *ctx,
                                const unsigned char *buf,
                                size_t len );

typedef int mbedtls_ssl_recv_t( void *ctx,
                                unsigned char *buf,
                                size_t len );

Regards,
Ron