Gprs ssl error http 500

Mbed OS Best practice
1

I’m trying to make a GPRS SSL connection to a TPA, where I must do the handshake and validate the CA at the beginning and send a message to the server, after the server receives the message, it asks for a new handshake to validate the client and key certificate. My code for how I am structuring the steps is below. However, this error appears after sending the message and I don’t see what may be causing this error. I would like some help in this regard, to try to understand what I am doing wrong or to know the cause of the error, without being so generic.

The error:
. Seeding the random number generator… ok
. Loading the CA root certificate … ok (0 skipped)
. Loading the Client certificate … ok (0 skipped)
. Loading the key … ok (0 skipped)
. Connecting to tcp/195.138.11.17/10320… ok
. Setting up the SSL/TLS structure… ok
. Performing the SSL/TLS handshake…
Verify requested for (Depth 1):
cert. version : 3
serial number : F4:A4:A4:A5:39:9B:80:57
issuer name : C=PT, O=SIBS, OU=CER, CN=MB-ROOT-V1
subject name : C=PT, O=SIBS, OU=CER, CN=MB-ROOT-V1
issued on : 2005-11-30 05:24:03
expires on : 2037-09-03 05:24:03
signed using : RSA with SHA1
RSA key size : 1024 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign
This certificate has no flags

Verify requested for (Depth 0):
cert. version : 3
serial number : 9B:C1:58:00:06:40:BD
issuer name : C=PT, O=SIBS, OU=CER, CN=MB-ROOT-V1
subject name : C=PT, L=Lisboa, O=SIBS - Forward Payment Solutions SA, OU=SPP, OU=SRV, OU=POS-MB-TR, CN=SRV-POS-MB-TR, emailAddress=gestao.chaves@sibs.pt
issued on : 2018-07-30 00:00:00
expires on : 2021-07-30 00:00:00
signed using : RSA with SHA1
RSA key size : 2048 bits
basic constraints : CA=true
key usage : Digital Signature, Key Encipherment, Key Agreement
ext key usage : TLS Web Server Authentication
cert. version : 3
serial number : 9B:C1:58:00:06:40:BD
issuer name : C=PT, O=SIBS, OU=CER, CN=MB-ROOT-V1
subject name : C=PT, L=Lisboa, O=SIBS - Forward Payment Solutions SA, OU=SPP, OU=SRV, OU=POS-MB-TR, CN=SRV-POS-MB-TR, emailAddress=gestao.chaves@sibs.pt
issued on : 2018-07-30 00:00:00
expires on : 2021-07-30 00:00:00
signed using : RSA with SHA1
RSA key size : 2048 bits
basic constraints : CA=true
key usage : Digital Signature, Key Encipherment, Key Agreement
ext key usage : TLS Web Server Authentication
cert. version : 3
serial number : 9B:C1:58:00:06:40:BD
issuer name : C=PT, O=SIBS, OU=CER, CN=MB-ROOT-V1
subject name : C=PT, L=Lisboa, O=SIBS - Forward Payment Solutions SA, OU=SPP, OU=SRV, OU=POS-MB-TR, CN=SRV-POS-MB-TR, emailAddress=gestao.chaves@sibs.pt
issued on : 2018-07-30 00:00:00
expires on : 2021-07-30 00:00:00
signed using : RSA with SHA1
RSA key size : 2048 bits
basic constraints : CA=true
key usage : Digital Signature, Key Encipherment, Key Agreement
ext key usage : TLS Web Server Authentication

ok
. Verifying peer X.509 certificate… failed

Write to server: 230 bytes written

POST /pos/msp/ssl HTTP/1.1

Host: 195.138.11.17:10320

Content-Type: application/octet-stream

Content-Length: 111

< Read from server:
HTTP/1.1 500 Internal Server Error
Date: Tue, 11 May 2021 08:06:27 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: SAMEORIGIN
Content-Length: 531
Connection: close
Content-Type: text/html; charset=iso-8859-1

500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at webmaster@1407.org to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

int ssl_test()
{
const int ciphersuites[3] = {MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,0};

int ret = 1,
	len;
unsigned char buf[1024];

int ServerVerificationFlag = 0;
const char *pers = "ssl_client1";
Buffer_t tFileBuf;
Buffer_t tFileBuf1;
Buffer_t tFileBuf2;

#define SERVER_PORT "10320" //10314
#define SERVER_NAME "195.138.11.17" // 172.17.1.32

OpenPPP(); 

uint32_t 					flags;
mbedtls_net_context			server_fd;
mbedtls_entropy_context		entropy;
mbedtls_ctr_drbg_context	ctr_drbg;
mbedtls_ssl_context			ssl;
mbedtls_ssl_config			conf;
mbedtls_x509_crt			cacert;
mbedtls_x509_crt			clicert;
mbedtls_pk_context			pkey;

/* 0. Initialize the RNG and the session data */
mbedtls_net_init( &server_fd );
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_x509_crt_init( &cacert );
mbedtls_x509_crt_init(&clicert);
mbedtls_pk_init(&pkey);

printf( "\n  . Seeding the random number generator..." );

do
{
	mbedtls_entropy_init( &entropy );
	if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 )
	{
		printf( " failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret );
		break;
	}

	printf( " ok\n" );

	/* 0. Initialize certificates */
	printf( "  . Loading the CA root certificate ..." );

	if ( gen_ReadFileData("gp_ca1.der", &tFileBuf, 0, 0) )
	{
		break;
	}

	if( (ret = mbedtls_x509_crt_parse(&cacert, tFileBuf.Content, tFileBuf.Len)) < 0 )
	{
		printf( " failed\n  !  mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret );
		break;
	}

	printf( " ok (%d skipped)\n", ret );

	printf( "  . Loading the Client certificate ..." );

	if ( gen_ReadFileData("gp_clt1.der", &tFileBuf1, 0, 0) )
	{
		break;
	}

	if( (ret = mbedtls_x509_crt_parse(&clicert, tFileBuf1.Content, tFileBuf1.Len)) < 0 )
	{
		printf( " failed\n  !  mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret );
		break;
	}

	printf( " ok (%d skipped)\n", ret );

	printf( "  . Loading the key ..." );

	if ( gen_ReadFileData("gp_key1.der", &tFileBuf2, 0, 0) )
	{
		break;
	}

	if( (ret = mbedtls_pk_parse_key(&pkey, tFileBuf2.Content, tFileBuf2.Len, NULL, 0)) < 0 )
	{
		printf( " failed\n  !  mbedtls_pk_parse_key returned -0x%x\n\n", (unsigned int) -ret );
		break;
	}

	printf( " ok (%d skipped)\n", ret );

	/* 1. Start the connection */
	printf( "  . Connecting to tcp/%s/%s...", SERVER_NAME, SERVER_PORT );

	if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME, SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 )
	{
		printf( " failed\n  ! mbedtls_net_connect returned %d\n\n", ret );
		break;
	}
			     mbedtls_ssl_conf_verify(&conf, my_verify, NULL);
        mbedtls_ssl_conf_dbg(&conf, my_debug, NULL);
        mbedtls_debug_set_threshold(DEBUG_LEVEL);

	printf( " ok\n" );

	/* 2. Setup stuff */
	printf( "  . Setting up the SSL/TLS structure..." );

	if( ( ret = mbedtls_ssl_config_defaults( &conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 )
	{
		printf( " failed\n  ! mbedtls_ssl_config_defaults returned %d\n\n", ret );
		break;
	}

	mbedtls_ssl_conf_verify(&conf, _iot_tls_verify_cert, NULL);

	if (ServerVerificationFlag == 1)
    {
        mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
    }
    else
    {
        mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
    }

	mbedtls_ssl_conf_min_version(&conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3);
	mbedtls_ssl_conf_max_version(&conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3);
	printf( " ok\n" );

	/* OPTIONAL is not optimal for security,
	 * but makes interop easier in this simplified example */
	mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL); //MBEDTLS_SSL_VERIFY_REQUIRED );

	mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );

	mbedtls_ssl_conf_ciphersuites(&conf, ciphersuites);
	mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );

	if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) != 0 )
	{
		printf( " failed\n  ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
		break;
	}

	if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
	{
		printf( " failed\n  ! mbedtls_ssl_setup returned %d\n\n", ret );
		break;
	}

	if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 )
	{
		printf( " failed\n  ! mbedtls_ssl_set_hostname returned %d\n\n", ret );
		break;
	}

	mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );


	/* 4. Handshake */
	printf( "  . Performing the SSL/TLS handshake..." );

	while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 )
	{
		if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
		{
			printf( " failed\n  ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
			break;
		}
	}

	if ( ret != 0 )
	{
		break;
	}

	printf( " ok\n" );

    /* 5. Verify the server certificate */
	printf( "  . Verifying peer X.509 certificate..." );

	/* In real life, we probably want to bail out when ret != 0 */
	if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
	{

// char vrfy_buf[512];
printf( " failed\n" );
// mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! “, flags );
// printf( “%s\n”, vrfy_buf );
}
else
printf( " ok\n” );

	/* 3. Write the GET request */
	printf( "  > Write to server:" );
	BYTE abMsg[] = {"\x50\x4F\x53\x54\x20\x2F\x70\x6F\x73\x2F\x6D\x73\x70\x2F\x73\x73\x6C\x20\x48\x54\x54\x50\x2F\x31\x2E\x31\x0D\x0A\x48\x6F\x73\x74\x3A\x20\x31\x39\x35\x2E\x31\x33\x38\x2E\x31\x31\x2E\x31\x37\x3A\x31\x30\x33\x32\x30\x0D\x0A\x43\x6F\x6E\x74\x65\x6E\x74\x2D\x54\x79\x70\x65\x3A\x20\x61\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E\x2F\x6F\x63\x74\x65\x74\x2D\x73\x74\x72\x65\x61\x6D\x0D\x0A\x43\x6F\x6E\x74\x65\x6E\x74\x2D\x4C\x65\x6E\x67\x74\x68\x3A\x20\x31\x31\x31\x0D\x0A\x0D\x0A\x00\x6D\x51\x30\x32\x31\x30\x30\x30\x34\x37\x37\x31\x31\x30\x36\x30\x30\x33\x34\x56\x32\x30\x32\x31\x30\x35\x30\x34\x31\x31\x30\x30\x31\x33\x30\x30\x30\x30\x30\x30\x30\x30\x39\x37\x38\x32\x35\x42\x37\x41\x34\x44\x42\x42\x44\x45\x30\x33\x43\x41\x44\x32\x38\x38\x41\x42\x38\x46\x38\x36\x34\x46\x46\x46\x42\x42\x36\x46\x41\x45\x34\x35\x38\x41\x44\x43\x36\x45\x34\x41\x31\x33\x32\x33\x38\x45\x43\x30\x38\x41\x33\x38\x42\x44\x34\x41\x39\x41\x33\x30"};

	while( ( ret = mbedtls_ssl_write( &ssl, abMsg, 227 ) ) <= 0 )
	{
		if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE )
		{
			printf( " failed\n  ! mbedtls_ssl_write returned %d\n\n", ret );
			break;
		}
	}

	printf( " %d bytes written\n\n%s", sizeof(abMsg), (char *) abMsg );

	/* 7. Read the HTTP response */
	printf( "  < Read from server:" );

	do
	{
		len = sizeof( buf ) - 1;
		memset( buf, 0, sizeof( buf ) );
		ret = mbedtls_ssl_read( &ssl, buf, len );

		if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )
			continue;

		if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY )
			break;

		if( ret < 0 )
		{
			printf( "failed\n  ! mbedtls_ssl_read returned %d\n\n", ret );
			break;
		}

		if( ret == 0 )
		{
			printf( "\n\nEOF\n\n" );
			break;
		}

		len = ret;
		gen_PrintDgBuff("[READ SSL]bytes read\n ", buf, len);
	} while( 1 );
} while(0);

mbedtls_ssl_close_notify( &ssl );

mbedtls_net_free( &server_fd );
mbedtls_x509_crt_free( &clicert );
mbedtls_x509_crt_free( &cacert );
mbedtls_pk_free( &pkey );
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );

if ( tFileBuf.Content != NULL )
{
	free(tFileBuf.Content);
}
if ( tFileBuf1.Content != NULL )
{
	free(tFileBuf1.Content);
}
if ( tFileBuf2.Content != NULL )
{
	free(tFileBuf2.Content);
}

return ret;