Arm Mbed OS support forum

MbedTLS Application unable to mutually authenticate with Azure App Function

I have an MbedTLS application that attempts to communicate with an Azure App Function that is set to require a client certificate. When the application is run, it sends a request to the Azure App Services and receives a server certificate that it verifies. I expect the server to then request the client certificate to fulfil mutual authentication. However it seems the MbedTLS app does not receive this request and instead gets a -80 (-0x0050) return value.
There is a debug line that states “got no certificate request” which I’m not sure whether that means the server side (app function) actually sent the request for the client certificate or not.

The following is the log from the MbedTLS debugger:

ssl_tls.c:4936: |3| Certificate verification flags clear
ssl_tls.c:4941: |2| <= parse certificate
ssl_cli.c:3465: |2| client state: 4
ssl_tls.c:2656: |2| => flush output
ssl_tls.c:2668: |2| <= flush output
ssl_cli.c:2352: |2| => parse server key exchange
ssl_tls.c:3994: |2| => read record
ssl_tls.c:4103: |4| dumping ‘remaining content in record’ (337 bytes)
ssl_tls.c:4103: |4| 0000: 0c 00 01 49 03 00 17 41 04 ed 30 b1 36 fb 63 e0 …I…A…0.6.c.
ssl_tls.c:4103: |4| 0010: ef ec 60 10 b6 4f 74 85 6e 10 c6 8d 0b 86 da d3 …..Ot.n....... ssl_tls.c:4103: |4| 0020: 8f f2 83 81 96 5d 8d 1b 0a 73 ef 3c 35 28 82 5c .....]...s.<5(.\ ssl_tls.c:4103: |4| 0030: 46 30 f3 57 fd 6f 08 00 92 73 5d d5 cb ac 31 de F0.W.o...s]...1. ssl_tls.c:4103: |4| 0040: 81 0a 33 b3 76 68 0c 34 bd 04 01 01 00 d7 a6 92 ..3.vh.4........ ssl_tls.c:4103: |4| 0050: 72 42 10 0e 44 71 16 4c c7 e3 dd ed 43 52 93 f6 rB..Dq.L....CR.. ssl_tls.c:4103: |4| 0060: df 0c 6c 60 bb b0 e6 84 7f 75 5d 0a 0d 04 db 87 ..l…u]…
ssl_tls.c:4103: |4| 0070: fd 45 c6 d6 67 23 37 8b cd 8d 28 df 2e 86 4e 10 .E…g#7…(…N.
ssl_tls.c:4103: |4| 0080: f5 6c 5c a7 3d d7 90 3b b0 01 24 29 29 e6 80 30 .l.=…;…$))…0
ssl_tls.c:4103: |4| 0090: 40 c3 10 60 e8 e9 52 fd bf 57 ad dc 47 9f 5d 43 @…..R..W..G.]C ssl_tls.c:4103: |4| 00a0: 4c 8b fd fc 8d f4 41 1c 9d f8 a5 a5 4b f0 dc 87 L.....A.....K... ssl_tls.c:4103: |4| 00b0: cf f9 66 2c 91 df a8 e9 e6 34 75 3c 5d 2b 99 b4 ..f,.....4u<]+.. ssl_tls.c:4103: |4| 00c0: 9a 08 1d d8 3d f4 ef 8a ab a9 3b 19 f9 5a b9 d2 ....=.....;..Z.. ssl_tls.c:4103: |4| 00d0: 85 07 ba c7 bd 00 38 7c 87 e4 52 5c 0d 36 fe a7 ......8|..R\.6.. ssl_tls.c:4103: |4| 00e0: ac e4 a3 38 86 93 95 61 c6 43 e2 5f a8 8c 3c 15 ...8...a.C._..<. ssl_tls.c:4103: |4| 00f0: 5c ae 21 4e 79 59 98 1e a3 cd 4f c8 a2 2f 41 0b \.!NyY....O../A. ssl_tls.c:4103: |4| 0100: ff 89 21 f6 56 c9 15 61 ad cd df c9 50 71 a4 4f ..!.V..a....Pq.O ssl_tls.c:4103: |4| 0110: e1 e9 79 e3 7f 6a da 71 b4 9f 07 b5 63 c2 36 ba ..y..j.q....c.6. ssl_tls.c:4103: |4| 0120: 53 6b 05 dd d7 9c fe 57 e8 9e 25 e8 e4 51 56 53 Sk.....W..%..QVS ssl_tls.c:4103: |4| 0130: 35 5e 17 eb ba 72 35 46 7b 69 c9 a2 de 9f 71 df 5^...r5F{i....q. ssl_tls.c:4103: |4| 0140: ed c4 c6 c2 c5 e9 fa 60 9d 0d 52 cd 04 0e 00 00 .......…R…
ssl_tls.c:4103: |4| 0150: 00 .
ssl_tls.c:3344: |3| handshake message: msglen = 337, type = 12, hslen = 333
ssl_tls.c:4031: |2| <= read record
ssl_cli.c:2426: |3| dumping ‘server key exchange’ (329 bytes)
ssl_cli.c:2426: |3| 0000: 03 00 17 41 04 ed 30 b1 36 fb 63 e0 ef ec 60 10 …A…0.6.c…. ssl_cli.c:2426: |3| 0010: b6 4f 74 85 6e 10 c6 8d 0b 86 da d3 8f f2 83 81 .Ot.n........... ssl_cli.c:2426: |3| 0020: 96 5d 8d 1b 0a 73 ef 3c 35 28 82 5c 46 30 f3 57 .]...s.<5(.\F0.W ssl_cli.c:2426: |3| 0030: fd 6f 08 00 92 73 5d d5 cb ac 31 de 81 0a 33 b3 .o...s]...1...3. ssl_cli.c:2426: |3| 0040: 76 68 0c 34 bd 04 01 01 00 d7 a6 92 72 42 10 0e vh.4........rB.. ssl_cli.c:2426: |3| 0050: 44 71 16 4c c7 e3 dd ed 43 52 93 f6 df 0c 6c 60 Dq.L....CR....l
ssl_cli.c:2426: |3| 0060: bb b0 e6 84 7f 75 5d 0a 0d 04 db 87 fd 45 c6 d6 …u]…E…
ssl_cli.c:2426: |3| 0070: 67 23 37 8b cd 8d 28 df 2e 86 4e 10 f5 6c 5c a7 g#7…(…N…l.
ssl_cli.c:2426: |3| 0080: 3d d7 90 3b b0 01 24 29 29 e6 80 30 40 c3 10 60 =…;…$))…0@… ssl_cli.c:2426: |3| 0090: e8 e9 52 fd bf 57 ad dc 47 9f 5d 43 4c 8b fd fc ..R..W..G.]CL... ssl_cli.c:2426: |3| 00a0: 8d f4 41 1c 9d f8 a5 a5 4b f0 dc 87 cf f9 66 2c ..A.....K.....f, ssl_cli.c:2426: |3| 00b0: 91 df a8 e9 e6 34 75 3c 5d 2b 99 b4 9a 08 1d d8 .....4u<]+...... ssl_cli.c:2426: |3| 00c0: 3d f4 ef 8a ab a9 3b 19 f9 5a b9 d2 85 07 ba c7 =.....;..Z...... ssl_cli.c:2426: |3| 00d0: bd 00 38 7c 87 e4 52 5c 0d 36 fe a7 ac e4 a3 38 ..8|..R\.6.....8 ssl_cli.c:2426: |3| 00e0: 86 93 95 61 c6 43 e2 5f a8 8c 3c 15 5c ae 21 4e ...a.C._..<.\.!N ssl_cli.c:2426: |3| 00f0: 79 59 98 1e a3 cd 4f c8 a2 2f 41 0b ff 89 21 f6 yY....O../A...!. ssl_cli.c:2426: |3| 0100: 56 c9 15 61 ad cd df c9 50 71 a4 4f e1 e9 79 e3 V..a....Pq.O..y. ssl_cli.c:2426: |3| 0110: 7f 6a da 71 b4 9f 07 b5 63 c2 36 ba 53 6b 05 dd .j.q....c.6.Sk.. ssl_cli.c:2426: |3| 0120: d7 9c fe 57 e8 9e 25 e8 e4 51 56 53 35 5e 17 eb ...W..%..QVS5^.. ssl_cli.c:2426: |3| 0130: ba 72 35 46 7b 69 c9 a2 de 9f 71 df ed c4 c6 c2 .r5F{i....q..... ssl_cli.c:2426: |3| 0140: c5 e9 fa 60 9d 0d 52 cd 04 ...…R…
ssl_cli.c:2009: |2| ECDH curve: secp256r1
ssl_cli.c:2019: |3| value of ‘ECDH: Qp(X)’ (256 bits) is:
ssl_cli.c:2019: |3| ed 30 b1 36 fb 63 e0 ef ec 60 10 b6 4f 74 85 6e
ssl_cli.c:2019: |3| 10 c6 8d 0b 86 da d3 8f f2 83 81 96 5d 8d 1b 0a
ssl_cli.c:2019: |3| value of ‘ECDH: Qp(Y)’ (255 bits) is:
ssl_cli.c:2019: |3| 73 ef 3c 35 28 82 5c 46 30 f3 57 fd 6f 08 00 92
ssl_cli.c:2019: |3| 73 5d d5 cb ac 31 de 81 0a 33 b3 76 68 0c 34 bd
ssl_cli.c:2294: |2| Server used SignatureAlgorithm 1
ssl_cli.c:2295: |2| Server used HashAlgorithm 4
ssl_cli.c:2581: |3| dumping ‘signature’ (256 bytes)
ssl_cli.c:2581: |3| 0000: d7 a6 92 72 42 10 0e 44 71 16 4c c7 e3 dd ed 43 …rB…Dq.L…C
ssl_cli.c:2581: |3| 0010: 52 93 f6 df 0c 6c 60 bb b0 e6 84 7f 75 5d 0a 0d R…l.....u].. ssl_cli.c:2581: |3| 0020: 04 db 87 fd 45 c6 d6 67 23 37 8b cd 8d 28 df 2e ....E..g#7...(.. ssl_cli.c:2581: |3| 0030: 86 4e 10 f5 6c 5c a7 3d d7 90 3b b0 01 24 29 29 .N..l\.=..;..$)) ssl_cli.c:2581: |3| 0040: e6 80 30 40 c3 10 60 e8 e9 52 fd bf 57 ad dc 47 ..0@..…R…W…G
ssl_cli.c:2581: |3| 0050: 9f 5d 43 4c 8b fd fc 8d f4 41 1c 9d f8 a5 a5 4b .]CL…A…K
ssl_cli.c:2581: |3| 0060: f0 dc 87 cf f9 66 2c 91 df a8 e9 e6 34 75 3c 5d …f,…4u<]
ssl_cli.c:2581: |3| 0070: 2b 99 b4 9a 08 1d d8 3d f4 ef 8a ab a9 3b 19 f9 +…=…;…
ssl_cli.c:2581: |3| 0080: 5a b9 d2 85 07 ba c7 bd 00 38 7c 87 e4 52 5c 0d Z…8|…R.
ssl_cli.c:2581: |3| 0090: 36 fe a7 ac e4 a3 38 86 93 95 61 c6 43 e2 5f a8 6…8…a.C..
ssl_cli.c:2581: |3| 00a0: 8c 3c 15 5c ae 21 4e 79 59 98 1e a3 cd 4f c8 a2 .<…!NyY…O…
ssl_cli.c:2581: |3| 00b0: 2f 41 0b ff 89 21 f6 56 c9 15 61 ad cd df c9 50 /A…!.V…a…P
ssl_cli.c:2581: |3| 00c0: 71 a4 4f e1 e9 79 e3 7f 6a da 71 b4 9f 07 b5 63 q.O…y…j.q…c
ssl_cli.c:2581: |3| 00d0: c2 36 ba 53 6b 05 dd d7 9c fe 57 e8 9e 25 e8 e4 .6.Sk…W…%…
ssl_cli.c:2581: |3| 00e0: 51 56 53 35 5e 17 eb ba 72 35 46 7b 69 c9 a2 de QVS5^…r5F{i…
ssl_cli.c:2581: |3| 00f0: 9f 71 df ed c4 c6 c2 c5 e9 fa 60 9d 0d 52 cd 04 .q…..R.. ssl_cli.c:2617: |3| dumping 'parameters hash' (32 bytes) ssl_cli.c:2617: |3| 0000: 8c 70 b6 05 26 a9 8e 8b 44 c7 2c 01 e0 da 17 d2 .p..&...D.,..... ssl_cli.c:2617: |3| 0010: ca 34 c3 ea 3b bb d7 81 c8 7b e9 7c 72 a7 48 bd .4..;....{.|r.H. ssl_cli.c:2652: |2| <= parse server key exchange ssl_cli.c:3465: |2| client state: 5 ssl_tls.c:2656: |2| => flush output ssl_tls.c:2668: |2| <= flush output ssl_cli.c:2685: |2| => parse certificate request ssl_tls.c:3994: |2| => read record ssl_tls.c:4103: |4| dumping 'remaining content in record' (4 bytes) ssl_tls.c:4103: |4| 0000: 0e 00 00 00 .... ssl_tls.c:3344: |3| handshake message: msglen = 4, type = 14, hslen = 4 ssl_tls.c:4031: |2| <= read record **ssl_cli.c:2711: |3| got no certificate request** ssl_cli.c:2834: |2| <= parse certificate request ssl_cli.c:3465: |2| client state: 6 ssl_tls.c:2656: |2| => flush output ssl_tls.c:2668: |2| <= flush output ssl_cli.c:2844: |2| => parse server hello done ssl_tls.c:3994: |2| => read record ssl_tls.c:4027: |2| <= reuse previously read message ssl_tls.c:4031: |2| <= read record ssl_cli.c:2874: |2| <= parse server hello done ssl_cli.c:3465: |2| client state: 7 ssl_tls.c:2656: |2| => flush output ssl_tls.c:2668: |2| <= flush output ssl_tls.c:4454: |2| => write certificate ssl_tls.c:4471: |2| <= skip write certificate ssl_cli.c:3465: |2| client state: 8 ssl_tls.c:2656: |2| => flush output ssl_tls.c:2668: |2| <= flush output ssl_cli.c:2886: |2| => write client key exchange ssl_cli.c:2960: |3| value of 'ECDH: Q(X)' (256 bits) is: ssl_cli.c:2960: |3| a9 7e 88 56 1b a4 3c a1 59 d5 84 36 6d 58 06 d6 ssl_cli.c:2960: |3| c8 bc 85 06 0d 52 00 67 9d 8e 3e 55 a2 ad ac 91 ssl_cli.c:2960: |3| value of 'ECDH: Q(Y)' (255 bits) is: ssl_cli.c:2960: |3| 4c e4 9d bb 96 48 89 41 da e5 d1 2b 67 25 b2 2a ssl_cli.c:2960: |3| a8 49 c0 4c 68 7e 02 0f 92 b3 bf 37 b2 d6 0c c4 ssl_cli.c:2984: |3| dumping 'Pre master secret' (32 bytes) ssl_cli.c:2984: |3| 0000: e5 6e 7f 3f 6c 68 77 80 34 ca 8a c1 a4 3e f3 e9 .n.?lhw.4....>.. ssl_cli.c:2984: |3| 0010: 70 ef 3a dc d3 79 e2 19 de a3 11 58 37 f5 1d 32 p.:..y.....X7..2 ssl_cli.c:2987: |3| value of 'ECDH: z' (256 bits) is: ssl_cli.c:2987: |3| e5 6e 7f 3f 6c 68 77 80 34 ca 8a c1 a4 3e f3 e9 ssl_cli.c:2987: |3| 70 ef 3a dc d3 79 e2 19 de a3 11 58 37 f5 1d 32 ssl_tls.c:2949: |2| => write record ssl_tls.c:3092: |3| output record: msgtype = 22, version = [3:3], msglen = 70 ssl_tls.c:3097: |4| dumping 'output record sent to network' (75 bytes) ssl_tls.c:3097: |4| 0000: 16 03 03 00 46 10 00 00 42 41 04 a9 7e 88 56 1b ....F...BA..~.V. ssl_tls.c:3097: |4| 0010: a4 3c a1 59 d5 84 36 6d 58 06 d6 c8 bc 85 06 0d .<.Y..6mX....... ssl_tls.c:3097: |4| 0020: 52 00 67 9d 8e 3e 55 a2 ad ac 91 4c e4 9d bb 96 R.g..>U....L.... ssl_tls.c:3097: |4| 0030: 48 89 41 da e5 d1 2b 67 25 b2 2a a8 49 c0 4c 68 H.A...+g%.*.I.Lh ssl_tls.c:3097: |4| 0040: 7e 02 0f 92 b3 bf 37 b2 d6 0c c4 ~.....7.... ssl_tls.c:2656: |2| => flush output ssl_tls.c:2674: |2| message length: 75, out_left: 75 ssl_tls.c:2681: |2| ssl->f_send() returned 75 (-0xffffffb5) ssl_tls.c:2708: |2| <= flush output ssl_tls.c:3107: |2| <= write record ssl_cli.c:3153: |2| <= write client key exchange ssl_cli.c:3465: |2| client state: 9 ssl_tls.c:2656: |2| => flush output ssl_tls.c:2668: |2| <= flush output ssl_cli.c:3204: |2| => write certificate verify ssl_tls.c:0519: |2| => derive keys ssl_tls.c:0603: |3| dumping 'premaster secret' (32 bytes) ssl_tls.c:0603: |3| 0000: e5 6e 7f 3f 6c 68 77 80 34 ca 8a c1 a4 3e f3 e9 .n.?lhw.4....>.. ssl_tls.c:0603: |3| 0010: 70 ef 3a dc d3 79 e2 19 de a3 11 58 37 f5 1d 32 p.:..y.....X7..2 ssl_tls.c:0612: |3| using extended master secret ssl_tls.c:1103: |2| => calc verify sha256 ssl_tls.c:1108: |3| dumping 'calculated verify result' (32 bytes) ssl_tls.c:1108: |3| 0000: 6a b5 9a 2e 2c 82 f6 97 ba 4a 0c 88 4f 0c 7b 50 j...,....J..O.{P ssl_tls.c:1108: |3| 0010: 7b 88 41 e4 73 02 02 73 2c 55 d6 02 29 fe 82 e8 {.A.s..s,U..)... ssl_tls.c:1109: |2| <= calc verify ssl_tls.c:0633: |3| dumping 'session hash' (32 bytes) ssl_tls.c:0633: |3| 0000: 6a b5 9a 2e 2c 82 f6 97 ba 4a 0c 88 4f 0c 7b 50 j...,....J..O.{P ssl_tls.c:0633: |3| 0010: 7b 88 41 e4 73 02 02 73 2c 55 d6 02 29 fe 82 e8 {.A.s..s,U..)... ssl_tls.c:0692: |3| ciphersuite = TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 ssl_tls.c:0694: |3| dumping 'master secret' (48 bytes) ssl_tls.c:0694: |3| 0000: 78 78 e7 63 08 3e db 6e 2e 35 9e 71 2f f0 0a 82 xx.c.>.n.5.q/... ssl_tls.c:0694: |3| 0010: 68 97 23 13 96 27 c7 94 65 1b 51 32 c4 5d 4e 3d h.#..'..e.Q2.]N= ssl_tls.c:0694: |3| 0020: 39 20 f8 eb b0 75 15 08 1e fd 92 e7 1b be cb 14 9 ...u.......... ssl_tls.c:0695: |4| dumping 'random bytes' (64 bytes) ssl_tls.c:0695: |4| 0000: 61 d5 b4 b3 ae d9 35 7e ff a1 95 6d 42 ef 6f a3 a.....5~...mB.o. ssl_tls.c:0695: |4| 0010: 7d 53 4c 3f 62 26 32 41 74 b9 41 43 8d 52 52 67 }SL?b&2At.AC.RRg ssl_tls.c:0695: |4| 0020: 61 d5 b4 b3 59 a0 92 db 70 01 34 3c 37 c7 b2 91 a...Y...p.4<7... ssl_tls.c:0695: |4| 0030: f6 fd 31 23 95 2c b5 79 42 75 53 34 42 80 2e 1d ..1#.,.yBuS4B... ssl_tls.c:0696: |4| dumping 'key block' (256 bytes) ssl_tls.c:0696: |4| 0000: 2e 3b 55 84 a0 dd a1 2e 1c ba 88 63 41 70 b6 3d .;U........cAp.= ssl_tls.c:0696: |4| 0010: 9e 44 a0 b4 96 cd 73 48 78 d3 ab b3 3d 96 e3 ef .D....sHx...=... ssl_tls.c:0696: |4| 0020: ed 8e c7 5c 0c 9a f0 a4 01 28 2a 55 c1 0d 7e c9 ...\.....(*U..~. ssl_tls.c:0696: |4| 0030: 03 4e ab 88 a9 a6 2f 55 9f 43 26 09 c8 a4 63 af .N..../U.C&...c. ssl_tls.c:0696: |4| 0040: c2 dd c7 6f 72 72 f0 02 65 a8 ad 5f e1 d2 8c 46 ...orr..e.._...F ssl_tls.c:0696: |4| 0050: 4e ea fc f0 f1 9c 0a d6 96 98 e8 bb 2c 4a d0 85 N...........,J.. ssl_tls.c:0696: |4| 0060: 92 0b 91 24 5b 2a cb 09 ed cc a5 44 bb 9f bd ae ...$[*.....D.... ssl_tls.c:0696: |4| 0070: 52 4d a6 fa 17 d1 86 ba 4e b0 5f ea 02 e0 d5 40 RM......N._....@ ssl_tls.c:0696: |4| 0080: c8 bc f2 98 98 a1 2c 47 a3 a9 d8 3f 49 99 9d f9 ......,G...?I... ssl_tls.c:0696: |4| 0090: e9 a7 6f 23 72 90 59 cc bc 7e 75 fe 4c 59 50 a2 ..o#r.Y..~u.LYP. ssl_tls.c:0696: |4| 00a0: 26 b5 a8 46 ad 52 93 32 26 d5 58 d9 10 43 e8 b3 &..F.R.2&.X..C.. ssl_tls.c:0696: |4| 00b0: 28 9a 60 8e 86 6f de 5e 7f 8f 40 aa 0d dd fd 3e (.…o.^…@…>
ssl_tls.c:0696: |4| 00c0: 01 8b ef 1a 52 de 2f 35 64 a7 c9 43 a4 d7 4a 48 …R./5d…C…JH
ssl_tls.c:0696: |4| 00d0: 20 cb ce b3 c1 bd 0a bf 6e d2 5b 7a 0b 31 ac 7e …n.[z.1.~
ssl_tls.c:0696: |4| 00e0: 86 3c 9e d5 a5 16 7b 68 f3 db c9 12 9f d5 08 a3 .<…{h…
ssl_tls.c:0696: |4| 00f0: a1 17 57 f9 a2 1e f2 ff 4e 0d 3f 11 a5 a1 7d 91 …W…N.?..}.
ssl_tls.c:0817: |3| keylen: 16, minlen: 24, ivlen: 12, maclen: 0
ssl_tls.c:1014: |2| <= derive keys
ssl_cli.c:3225: |2| <= skip write certificate verify
ssl_cli.c:3465: |2| client state: 10
ssl_tls.c:2656: |2| => flush output
ssl_tls.c:2668: |2| <= flush output
ssl_tls.c:4957: |2| => write change cipher spec
ssl_tls.c:2949: |2| => write record
ssl_tls.c:3092: |3| output record: msgtype = 20, version = [3:3], msglen = 1
ssl_tls.c:3097: |4| dumping ‘output record sent to network’ (6 bytes)
ssl_tls.c:3097: |4| 0000: 14 03 03 00 01 01 …
ssl_tls.c:2656: |2| => flush output
ssl_tls.c:2674: |2| message length: 6, out_left: 6
ssl_tls.c:2681: |2| ssl->f_send() returned 6 (-0xfffffffa)
ssl_tls.c:2708: |2| <= flush output
ssl_tls.c:3107: |2| <= write record
ssl_tls.c:4971: |2| <= write change cipher spec
ssl_cli.c:3465: |2| client state: 11
ssl_tls.c:2656: |2| => flush output
ssl_tls.c:2668: |2| <= flush output
ssl_tls.c:5490: |2| => write finished
ssl_tls.c:5315: |2| => calc finished tls sha256
ssl_tls.c:5326: |4| dumping ‘finished sha2 state’ (32 bytes)
ssl_tls.c:5326: |4| 0000: 25 5f cf 75 49 9e a3 65 d4 23 12 32 61 a6 0a ae %
.uI…e.#.2a…
ssl_tls.c:5326: |4| 0010: 0f 13 22 5f eb eb df e2 86 a5 55 dc c1 03 38 75 …"_…U…8u
ssl_tls.c:5339: |3| dumping ‘calc finished result’ (12 bytes)
ssl_tls.c:5339: |3| 0000: 4c d0 12 cd 49 87 95 f5 d1 32 ea 96 L…I…2…
ssl_tls.c:5345: |2| <= calc finished
ssl_tls.c:5544: |3| switching to new transform spec for outbound data
ssl_tls.c:2949: |2| => write record
ssl_tls.c:1342: |2| => encrypt buf
ssl_tls.c:1352: |4| dumping ‘before encrypt: output payload’ (16 bytes)
ssl_tls.c:1352: |4| 0000: 14 00 00 0c 4c d0 12 cd 49 87 95 f5 d1 32 ea 96 …L…I…2…
ssl_tls.c:1479: |4| dumping ‘additional data for AEAD’ (13 bytes)
ssl_tls.c:1479: |4| 0000: 00 00 00 00 00 00 00 00 16 03 03 00 10 …
ssl_tls.c:1509: |4| dumping ‘IV used (internal)’ (12 bytes)
ssl_tls.c:1509: |4| 0000: ed 8e c7 5c 00 00 00 00 00 00 00 00 …
ssl_tls.c:1511: |4| dumping ‘IV used (transmitted)’ (8 bytes)
ssl_tls.c:1511: |4| 0000: 00 00 00 00 00 00 00 00 …
ssl_tls.c:1521: |3| before encrypt: msglen = 24, including 0 bytes of padding
ssl_tls.c:1548: |4| dumping ‘after encrypt: tag’ (16 bytes)
ssl_tls.c:1548: |4| 0000: 62 3a 19 d7 84 b8 52 77 6f be a7 b0 d8 30 07 56 b:…Rwo…0.V
ssl_tls.c:1682: |2| <= encrypt buf
ssl_tls.c:3092: |3| output record: msgtype = 22, version = [3:3], msglen = 40
ssl_tls.c:3097: |4| dumping ‘output record sent to network’ (45 bytes)
ssl_tls.c:3097: |4| 0000: 16 03 03 00 28 00 00 00 00 00 00 00 00 e3 ce ba …(…
ssl_tls.c:3097: |4| 0010: a3 c3 44 a7 15 6d b3 ac 4e f5 b2 35 79 62 3a 19 …D…m…N…5yb:.
ssl_tls.c:3097: |4| 0020: d7 84 b8 52 77 6f be a7 b0 d8 30 07 56 …Rwo…0.V
ssl_tls.c:2656: |2| => flush output
ssl_tls.c:2674: |2| message length: 45, out_left: 45
ssl_tls.c:2681: |2| ssl->f_send() returned 45 (-0xffffffd3)
ssl_tls.c:2708: |2| <= flush output
ssl_tls.c:3107: |2| <= write record
ssl_tls.c:5599: |2| <= write finished
ssl_cli.c:3465: |2| client state: 12
ssl_tls.c:2656: |2| => flush output
ssl_tls.c:2668: |2| <= flush output
ssl_tls.c:4980: |2| => parse change cipher spec
ssl_tls.c:3994: |2| => read record
ssl_tls.c:2437: |2| => fetch input
ssl_tls.c:2597: |2| in_left: 0, nb_want: 5
ssl_tls.c:2621: |2| in_left: 0, nb_want: 5
ssl_tls.c:2623: |2| ssl->f_recv(timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2643: |2| <= fetch input
ssl_tls.c:3737: |4| dumping ‘input record header’ (5 bytes)
ssl_tls.c:3737: |4| 0000: 14 03 03 00 01 …
ssl_tls.c:3743: |3| input record: msgtype = 20, version = [3:3], msglen = 1
ssl_tls.c:2437: |2| => fetch input
ssl_tls.c:2597: |2| in_left: 5, nb_want: 6
ssl_tls.c:2621: |2| in_left: 5, nb_want: 6
ssl_tls.c:2623: |2| ssl->f_recv(timeout)() returned 1 (-0xffffffff)
ssl_tls.c:2643: |2| <= fetch input
ssl_tls.c:3922: |4| dumping ‘input record from network’ (6 bytes)
ssl_tls.c:3922: |4| 0000: 14 03 03 00 01 01 …
ssl_tls.c:4031: |2| <= read record
ssl_tls.c:5008: |3| switching to new transform spec for inbound data
ssl_tls.c:5058: |2| <= parse change cipher spec
ssl_cli.c:3465: |2| client state: 13
ssl_tls.c:2656: |2| => flush output
ssl_tls.c:2668: |2| <= flush output
ssl_tls.c:5616: |2| => parse finished
ssl_tls.c:5315: |2| => calc finished tls sha256
ssl_tls.c:5326: |4| dumping ‘finished sha2 state’ (32 bytes)
ssl_tls.c:5326: |4| 0000: 25 5f cf 75 49 9e a3 65 d4 23 12 32 61 a6 0a ae %
.uI…e.#.2a…
ssl_tls.c:5326: |4| 0010: 0f 13 22 5f eb eb df e2 86 a5 55 dc c1 03 38 75 …"
…U…8u
ssl_tls.c:5339: |3| dumping ‘calc finished result’ (12 bytes)
ssl_tls.c:5339: |3| 0000: 61 f8 30 b7 dd b9 72 c5 f0 4d c3 cc a.0…r…M…
ssl_tls.c:5345: |2| <= calc finished
ssl_tls.c:3994: |2| => read record
ssl_tls.c:2437: |2| => fetch input
ssl_tls.c:2597: |2| in_left: 0, nb_want: 5
ssl_tls.c:2621: |2| in_left: 0, nb_want: 5
ssl_tls.c:2623: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2643: |2| <= fetch input
ssl_tls.c:3737: |4| dumping ‘input record header’ (5 bytes)
ssl_tls.c:3737: |4| 0000: 16 03 03 00 28 …(
ssl_tls.c:3743: |3| input record: msgtype = 22, version = [3:3], msglen = 40
ssl_tls.c:2437: |2| => fetch input
ssl_tls.c:2597: |2| in_left: 5, nb_want: 45
ssl_tls.c:2621: |2| in_left: 5, nb_want: 45
ssl_tls.c:2623: |2| ssl->f_recv(_timeout)() returned 40 (-0xffffffd8)
ssl_tls.c:2643: |2| <= fetch input
ssl_tls.c:3922: |4| dumping ‘input record from network’ (45 bytes)
ssl_tls.c:3922: |4| 0000: 16 03 03 00 28 00 00 00 00 00 00 00 00 06 25 73 …(…%s
ssl_tls.c:3922: |4| 0010: 6c d2 a9 dd f3 8d 79 e5 28 29 f9 59 49 ff 06 29 l…y.().YI…)
ssl_tls.c:3922: |4| 0020: 6c d7 d3 ba b9 eb d7 8c 74 d8 26 75 58 l…t.&uX
ssl_tls.c:1695: |2| => decrypt buf
ssl_tls.c:1782: |4| dumping ‘additional data for AEAD’ (13 bytes)
ssl_tls.c:1782: |4| 0000: 00 00 00 00 00 00 00 00 16 03 03 00 10 …
ssl_tls.c:1811: |4| dumping ‘IV used’ (12 bytes)
ssl_tls.c:1811: |4| 0000: 0c 9a f0 a4 00 00 00 00 00 00 00 00 …
ssl_tls.c:1812: |4| dumping ‘TAG used’ (16 bytes)
ssl_tls.c:1812: |4| 0000: ff 06 29 6c d7 d3 ba b9 eb d7 8c 74 d8 26 75 58 …)l…t.&uX
ssl_tls.c:2277: |2| <= decrypt buf
ssl_tls.c:3949: |4| dumping ‘input payload after decrypt’ (16 bytes)
ssl_tls.c:3949: |4| 0000: 14 00 00 0c 61 f8 30 b7 dd b9 72 c5 f0 4d c3 cc …a.0…r…M…
ssl_tls.c:3344: |3| handshake message: msglen = 16, type = 20, hslen = 16
ssl_tls.c:4031: |2| <= read record
ssl_tls.c:5684: |2| <= parse finished
ssl_cli.c:3465: |2| client state: 14
ssl_tls.c:2656: |2| => flush output
ssl_tls.c:2668: |2| <= flush output
ssl_cli.c:3576: |2| handshake: done
ssl_cli.c:3465: |2| client state: 15
ssl_tls.c:2656: |2| => flush output
ssl_tls.c:2668: |2| <= flush output
ssl_tls.c:5428: |3| => handshake wrapup
ssl_tls.c:5401: |3| => handshake wrapup: final free
ssl_tls.c:5421: |3| <= handshake wrapup: final free
ssl_tls.c:5483: |3| <= handshake wrapup
ssl_tls.c:6971: |2| <= handshake
ok
[ Protocol is TLSv1.2 ]
[ Ciphersuite is TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 ]
[ Record expansion is 29 ]
[ Maximum fragment length is 16384 ]
. Verifying peer X.509 certificate… ok
. Peer certificate information …
cert. version : 3
serial number : 07:B8:8C:29:4F:B7:C8:F8:4B:5E:5D:35:41:F1:88:AC
issuer name : C=US, O=DigiCert Inc, CN=GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1
subject name : CN=www.keyserver.scrim.rtiuk.net
issued on : 2021-10-01 00:00:00
expires on : 2022-03-31 23:59:59
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : www.keyserver.scrim.rtiuk.net
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication, TLS Web Client Authentication

Write to server:ssl_tls.c:7556: |2| => write
ssl_tls.c:2949: |2| => write record
ssl_tls.c:1342: |2| => encrypt buf
ssl_tls.c:1352: |4| dumping ‘before encrypt: output payload’ (73 bytes)
ssl_tls.c:1352: |4| 0000: 47 45 54 20 2f 61 70 69 2f 6b 65 79 73 65 72 76 GET /api/keyserv
ssl_tls.c:1352: |4| 0010: 65 72 5f 76 33 20 48 54 54 50 2f 31 2e 31 0d 0a er_v3 HTTP/1.1…
ssl_tls.c:1352: |4| 0020: 48 6f 73 74 3a 20 77 77 77 2e 6b 65 79 73 65 72 Host: www.keyser
ssl_tls.c:1352: |4| 0030: 76 65 72 2e 73 63 72 69 6d 2e 72 74 69 75 6b 2e ver.scrim.rtiuk.
ssl_tls.c:1352: |4| 0040: 6e 65 74 0d 0a 0d 0a 0d 0a net…
ssl_tls.c:1479: |4| dumping ‘additional data for AEAD’ (13 bytes)
ssl_tls.c:1479: |4| 0000: 00 00 00 00 00 00 00 01 17 03 03 00 49 …I
ssl_tls.c:1509: |4| dumping ‘IV used (internal)’ (12 bytes)
ssl_tls.c:1509: |4| 0000: ed 8e c7 5c 00 00 00 00 00 00 00 01 …
ssl_tls.c:1511: |4| dumping ‘IV used (transmitted)’ (8 bytes)
ssl_tls.c:1511: |4| 0000: 00 00 00 00 00 00 00 01 …
ssl_tls.c:1521: |3| before encrypt: msglen = 81, including 0 bytes of padding
ssl_tls.c:1548: |4| dumping ‘after encrypt: tag’ (16 bytes)
ssl_tls.c:1548: |4| 0000: 3a 87 16 fa 06 37 74 bf 3c ae cd 56 bd 5b 52 d0 :…7t.<…V.[R.
ssl_tls.c:1682: |2| <= encrypt buf
ssl_tls.c:3092: |3| output record: msgtype = 23, version = [3:3], msglen = 97
ssl_tls.c:3097: |4| dumping ‘output record sent to network’ (102 bytes)
ssl_tls.c:3097: |4| 0000: 17 03 03 00 61 00 00 00 00 00 00 00 01 f3 b8 0c …a…
ssl_tls.c:3097: |4| 0010: b6 34 b6 c0 9f b3 0c d2 c9 af 97 fc 71 c6 da 17 .4…q…
ssl_tls.c:3097: |4| 0020: 70 56 74 23 31 31 02 87 ca 48 2a 27 81 4c 3d 16 pVt#11…H*’.L=.
ssl_tls.c:3097: |4| 0030: 3d 40 10 05 8d 27 e3 c2 28 37 19 4f 86 fd 03 dd =@…’…(7.O…
ssl_tls.c:3097: |4| 0040: 39 90 d8 98 f6 3f ed 3f 3e f7 f5 0c 72 e7 7e ee 9…?.?>…r.~.
ssl_tls.c:3097: |4| 0050: 3d ce 5e 28 51 9a 3a 87 16 fa 06 37 74 bf 3c ae =.^(Q.:…7t.<.
ssl_tls.c:3097: |4| 0060: cd 56 bd 5b 52 d0 .V.[R.
ssl_tls.c:2656: |2| => flush output
ssl_tls.c:2674: |2| message length: 102, out_left: 102
ssl_tls.c:2681: |2| ssl->f_send() returned 102 (-0xffffff9a)
ssl_tls.c:2708: |2| <= flush output
ssl_tls.c:3107: |2| <= write record
ssl_tls.c:7584: |2| <= write
73 bytes written in 1 fragments

GET /api/keyserver_v3 HTTP/1.1

Host: www.keyserver.scrim.rtiuk.net

< Read from server:ssl_tls.c:7147: |2| => read
ssl_tls.c:0078: |3| set_timer to 0 ms
ssl_tls.c:3994: |2| => read record
ssl_tls.c:2437: |2| => fetch input
ssl_tls.c:2597: |2| in_left: 0, nb_want: 5
ssl_tls.c:2621: |2| in_left: 0, nb_want: 5
ssl_tls.c:2623: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2643: |2| <= fetch input
ssl_tls.c:3737: |4| dumping ‘input record header’ (5 bytes)
ssl_tls.c:3737: |4| 0000: 16 03 03 00 1c …
ssl_tls.c:3743: |3| input record: msgtype = 22, version = [3:3], msglen = 28
ssl_tls.c:2437: |2| => fetch input
ssl_tls.c:2597: |2| in_left: 5, nb_want: 33
ssl_tls.c:2621: |2| in_left: 5, nb_want: 33
ssl_tls.c:2623: |2| ssl->f_recv(_timeout)() returned 28 (-0xffffffe4)
ssl_tls.c:2643: |2| <= fetch input
ssl_tls.c:3922: |4| dumping ‘input record from network’ (33 bytes)
ssl_tls.c:3922: |4| 0000: 16 03 03 00 1c 00 00 00 00 00 00 00 01 02 1f 0b …
ssl_tls.c:3922: |4| 0010: b6 10 ac 6a 61 24 9b bf a2 a5 99 b2 db 19 e7 1e …ja$…
ssl_tls.c:3922: |4| 0020: a6 .
ssl_tls.c:1695: |2| => decrypt buf
ssl_tls.c:1782: |4| dumping ‘additional data for AEAD’ (13 bytes)
ssl_tls.c:1782: |4| 0000: 00 00 00 00 00 00 00 01 16 03 03 00 04 …
ssl_tls.c:1811: |4| dumping ‘IV used’ (12 bytes)
ssl_tls.c:1811: |4| 0000: 0c 9a f0 a4 00 00 00 00 00 00 00 01 …
ssl_tls.c:1812: |4| dumping ‘TAG used’ (16 bytes)
ssl_tls.c:1812: |4| 0000: 10 ac 6a 61 24 9b bf a2 a5 99 b2 db 19 e7 1e a6 …ja$…
ssl_tls.c:2277: |2| <= decrypt buf
ssl_tls.c:3949: |4| dumping ‘input payload after decrypt’ (4 bytes)
ssl_tls.c:3949: |4| 0000: 00 00 00 00 …
ssl_tls.c:3344: |3| handshake message: msglen = 4, type = 0, hslen = 4
ssl_tls.c:4031: |2| <= read record
ssl_tls.c:7234: |1| received handshake message
ssl_tls.c:7311: |3| refusing renegotiation, sending alert
ssl_tls.c:4375: |2| => send alert message
ssl_tls.c:4376: |3| send alert level=1 message=100
ssl_tls.c:2949: |2| => write record
ssl_tls.c:1342: |2| => encrypt buf
ssl_tls.c:1352: |4| dumping ‘before encrypt: output payload’ (2 bytes)
ssl_tls.c:1352: |4| 0000: 01 64 .d
ssl_tls.c:1479: |4| dumping ‘additional data for AEAD’ (13 bytes)
ssl_tls.c:1479: |4| 0000: 00 00 00 00 00 00 00 02 15 03 03 00 02 …
ssl_tls.c:1509: |4| dumping ‘IV used (internal)’ (12 bytes)
ssl_tls.c:1509: |4| 0000: ed 8e c7 5c 00 00 00 00 00 00 00 02 …
ssl_tls.c:1511: |4| dumping ‘IV used (transmitted)’ (8 bytes)
ssl_tls.c:1511: |4| 0000: 00 00 00 00 00 00 00 02 …
ssl_tls.c:1521: |3| before encrypt: msglen = 10, including 0 bytes of padding
ssl_tls.c:1548: |4| dumping ‘after encrypt: tag’ (16 bytes)
ssl_tls.c:1548: |4| 0000: e4 d2 92 dd 1a 51 a6 4e 34 2b dd 65 42 9e 42 61 …Q.N4+.eB.Ba
ssl_tls.c:1682: |2| <= encrypt buf
ssl_tls.c:3092: |3| output record: msgtype = 21, version = [3:3], msglen = 26
ssl_tls.c:3097: |4| dumping ‘output record sent to network’ (31 bytes)
ssl_tls.c:3097: |4| 0000: 15 03 03 00 1a 00 00 00 00 00 00 00 02 58 15 e4 …X…
ssl_tls.c:3097: |4| 0010: d2 92 dd 1a 51 a6 4e 34 2b dd 65 42 9e 42 61 …Q.N4+.eB.Ba
ssl_tls.c:2656: |2| => flush output
ssl_tls.c:2674: |2| message length: 31, out_left: 31
ssl_tls.c:2681: |2| ssl->f_send() returned 31 (-0xffffffe1)
ssl_tls.c:2708: |2| <= flush output
ssl_tls.c:3107: |2| <= write record
ssl_tls.c:4388: |2| <= send alert message
ssl_tls.c:0078: |3| set_timer to 0 ms
ssl_tls.c:3994: |2| => read record
ssl_tls.c:2437: |2| => fetch input
ssl_tls.c:2597: |2| in_left: 0, nb_want: 5
ssl_tls.c:2621: |2| in_left: 0, nb_want: 5
ssl_tls.c:2623: |2| ssl->f_recv(_timeout)() returned -80 (-0x0050)
ssl_tls.c:4141: |1| mbedtls_ssl_fetch_input() returned -80 (-0x0050)
ssl_tls.c:4005: |1| mbedtls_ssl_read_record_layer() returned -80 (-0x0050)
ssl_tls.c:7212: |1| mbedtls_ssl_read_record() returned -80 (-0x0050)