X509_verify_cert() returned -9984 (-0x2700)

Hello,
I’m getting this problem with my TLS connection.
I’m trying to connect to a file server (https://files.000webhost.com/) using the COMODO CA as the following:
-----BEGIN CERTIFICATE-----
MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCB
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMjEy
MDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
Q09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZh
bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAI7CAhnhoFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28Sh
bXcDow+G+eMGnD4LgYqbSRutA776S9uMIO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0
Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4TgllfQcBhglo/uLQeTnaG6
ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh7lgUq/51
UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0n
c13cRTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQY
MBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz
30O0Oija5zAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgG
BmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNv
bS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB
AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9E
T1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21v
ZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2p
mj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/
e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsItG8kO3KdY3RYPBps
P0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdoltMY
dVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc
2bXhc3js9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxG
V/Iz2tDIY+3GH5QFlkoakdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4
HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBmGqW5prU5wfWYQ//u+aen/e7KJD2AFsQX
j4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODcQgPmlKidrv0PJFGUzpII
0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje3WYkN5Ap
lBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf
+AZxAeKCINT+b72x
-----END CERTIFICATE-----

However, as I start handshaking, I got the following error: x509_verify_cert() returned -9984 (-0x2700).
This is my log:

I (9301) mbedtls: ssl_cli.c:3405 client state: 0

I (9302) mbedtls: ssl_tls.c:2751 => flush output

I (9306) mbedtls: ssl_tls.c:2763 <= flush output

I (9312) mbedtls: ssl_cli.c:3405 client state: 1

I (9317) mbedtls: ssl_tls.c:2751 => flush output

I (9323) mbedtls: ssl_tls.c:2763 <= flush output

I (9328) mbedtls: ssl_cli.c:774 => write client hello

I (9337) mbedtls: ssl_tls.c:3180 => write handshake message

I (9342) mbedtls: ssl_tls.c:3337 => write record

I (9348) mbedtls: ssl_tls.c:2751 => flush output

I (9351) mbedtls: ssl_tls.c:2770 message length: 254, out_left: 254

I (9360) mbedtls: ssl_tls.c:2775 ssl->f_send() returned 254 (-0xffffff02)

I (9366) mbedtls: ssl_tls.c:2803 <= flush output

I (9372) mbedtls: ssl_tls.c:3470 <= write record

I (9377) mbedtls: ssl_tls.c:3314 <= write handshake message

I (9383) mbedtls: ssl_cli.c:1106 <= write client hello

I (9390) mbedtls: ssl_cli.c:3405 client state: 2

I (9395) mbedtls: ssl_tls.c:2751 => flush output

I (9400) mbedtls: ssl_tls.c:2763 <= flush output

I (9406) mbedtls: ssl_cli.c:1499 => parse server hello

I (9412) mbedtls: ssl_tls.c:4305 => read record

I (9417) mbedtls: ssl_tls.c:2532 => fetch input

I (9423) mbedtls: ssl_tls.c:2693 in_left: 0, nb_want: 5

I (9429) mbedtls: ssl_tls.c:2717 in_left: 0, nb_want: 5

I (9435) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

I (9443) mbedtls: ssl_tls.c:2738 <= fetch input

I (9449) mbedtls: ssl_tls.c:2532 => fetch input

I (9454) mbedtls: ssl_tls.c:2693 in_left: 5, nb_want: 70

I (9460) mbedtls: ssl_tls.c:2717 in_left: 5, nb_want: 70

I (9466) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 65 (-0xffffffbf)

I (9475) mbedtls: ssl_tls.c:2738 <= fetch input

I (9483) mbedtls: ssl_tls.c:4379 <= read record

I (9487) mbedtls: ssl_cli.c:1781 server hello, total extension length: 21

I (9493) mbedtls: ssl_cli.c:1970 <= parse server hello

I (9499) mbedtls: ssl_cli.c:3405 client state: 3

I (9504) mbedtls: ssl_tls.c:2751 => flush output

I (9510) mbedtls: ssl_tls.c:2763 <= flush output

I (9515) mbedtls: ssl_tls.c:5440 => parse certificate

I (9521) mbedtls: ssl_tls.c:4305 => read record

I (9527) mbedtls: ssl_tls.c:2532 => fetch input

I (9532) mbedtls: ssl_tls.c:2693 in_left: 0, nb_want: 5

I (9538) mbedtls: ssl_tls.c:2717 in_left: 0, nb_want: 5

I (9544) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

I (9553) mbedtls: ssl_tls.c:2738 <= fetch input

I (9558) mbedtls: ssl_tls.c:2532 => fetch input

I (9563) mbedtls: ssl_tls.c:2693 in_left: 5, nb_want: 2644

I (9571) mbedtls: ssl_tls.c:2717 in_left: 5, nb_want: 2644

I (9576) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 2639 (-0xfffff5b1)

I (9585) mbedtls: ssl_tls.c:2738 <= fetch input

I (9614) mbedtls: ssl_tls.c:4379 <= read record

W (9661) mbedtls: ssl_tls.c:5713 x509_verify_cert() returned -9984 (-0x2700)

I (9662) mbedtls: ssl_tls.c:5244 => send alert message

I (9665) mbedtls: ssl_tls.c:3337 => write record

I (9670) mbedtls: ssl_tls.c:2751 => flush output

I (9675) mbedtls: ssl_tls.c:2770 message length: 7, out_left: 7

I (9683) mbedtls: ssl_tls.c:2775 ssl->f_send() returned 7 (-0xfffffff9)

I (9690) mbedtls: ssl_tls.c:2803 <= flush output

I (9695) mbedtls: ssl_tls.c:3470 <= write record

I (9701) mbedtls: ssl_tls.c:5257 <= send alert message

I (9707) mbedtls: ssl_tls.c:5810 <= parse certificate

I (9712) mbedtls: ssl_tls.c:8031 <= handshake

Am I wrong in the use of the certificate? Can you help me?
Thank you,
Mattia Berton

Hi @MattiaBerton
Thank you for your question.
Using debug_level=3 you will see that the verification flags are 4, which means:

MBEDTLS_X509_BADCERT_CN_MISMATCH

You will also see in the logs:

Verify requested for (Depth 0):
cert. version     : 3
serial number     : 31:5E:54:EA:E8:52:71:34:86:A3:6D:90:95:22:7D:BE
issuer name       : C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
subject name      : OU=Domain Control Validated, OU=EssentialSSL Wildcard, CN=*.000webhost.com
issued  on        : 2018-10-19 00:00:00
expires on        : 2020-12-17 23:59:59
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
subject alt name  : *.000webhost.com, 000webhost.com
key usage         : Digital Signature, Key Encipherment
ext key usage     : TLS Web Server Authentication, TLS Web Client Authentication
  ! The certificate Common Name (CN) does not match with the expected CN

The reason is because the subject_alt_name CN of the server certificate(*.000webhost.com, 000webhost.com) does not match the hostname set:

    if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
    {
        for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next )
        {
            if( x509_crt_check_cn( &cur->buf, cn, cn_len ) == 0 )
                break;
        }

        if( cur == NULL )
            *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
    }

You should have in your code the following line:

mbedtls_ssl_set_hostname( &ssl, "files.000webhost.com" );

or

mbedtls_ssl_set_hostname( &ssl, server_addr );

or

mbedtls_ssl_set_hostname( &ssl, "*.000webhost.com" );

or

mbedtls_ssl_set_hostname( &ssl, "000webhost.com" );

I suggest you look at https://tls.mbed.org/kb/development/debugging-tls for additional guidelines.
Regards,
Mbed TLS Team member
Ron

Hello Ron,
thank you for your answer.
But something is not clear to me: why the CA provided is not correct since the CN field matches with the hostname I’m trying to connect to?

Thank you,
Mattia Berton

Hi Mattia,
Why do you think the CA is not correct?
The CA is correct, and another means of security is checking the subject name.
The error you received is not because of the CA, but because the hostname did not match the subject_alt_name extension in the certificate
Regards,
Ron

Hello Ron,
but if the hostname I’m connecting is files.000webhost.com and the certificate has subject_alt_name which includes *.000webhost.com, why you say that the hostname did not match the subject_alt_name extension in the certificate?

Thank you,
Mattia Berton

Hi Mattia,
Have you called mbedtls_ssl_set_hostname() in your application to set the hostname?
There is a difference between the server address that you are connecting to, and the hostname that is set in the tls session. The first is only networking connection, and the second is the name of the server. They are not neccessarily the same.

Regards,
Ron

Hello Ron,
no, I didn’t call mbedtls_ssl_set_hostname in my application, but that’s because it is an example of ESP32 IDF which should work out-of-the-box.
Also, the same example worked with “https://bertronics.netsons.org/” with this certificate:
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----

but not with the server and certificate provided. I really can’t understand why with one site I need to use the mbedtls_ssl_set_hostname() function while in the other I don’t…

Hi Mattia,
The certificate you just posted is a CA certificate. The failure you encountered was on the server certificate.
I tried connecting to bertronics, and I got same verification failure of the subject name vs. hostname CN comparison failure.
Regards
Ron.

ron -
how does one do this? mbedtls_ssl_set_hostname (&ssl, “domainname”); ?
I have the same issue using s3 on aws, handshake is failing. I do not have access to this structure (&ssl) from my application code.
Thank you

Tim

Hi Tim,
If you do not have access to this structure, it probably means you are using some wrapper API on top of Mbed TLS.
I suggest you look at the wrapper API, to see if there is some API that does this functionality.
Regards

Thanks for your reply Ron, I’d been using the esp_idf example ota “simple_ota” which gives no visibility to the mbed libs. I switched to a more thorough example at

for those having the issue I was with S3 on AWS this will help.

T

As you can see in their example, in https://github.com/RadialDevGroup/esp32-ota-https-example/blob/master/main/ota_example_main.c

EXAMPLE_SERVER_DNS is used both for setting the hostname and for the tcp connect.
Also in this example, you will see the comment before setting the hostname:

/* Hostname set here should match CN in server certificate */

So, you will need to change the hostname in this function call, to the valid hostname of your server

Hi,

I have also troubles with x509_verify_cert(). Can somenone help me, please?

  . Seeding the random number generator... ok
  . Loading the CA root certificate ... ok (0 skipped)
  . Connecting to tcp/iotlorawan.azurewebsites.net/443... ok
  . Setting up the SSL/TLS structure... ok
  . Performing the SSL/TLS handshake...../mbedTLS/library/ssl_tls.c:6335: => handshake
../mbedTLS/library/ssl_cli.c:3279: client state: 0
../mbedTLS/library/ssl_tls.c:2416: => flush output
../mbedTLS/library/ssl_tls.c:2428: <= flush output
../mbedTLS/library/ssl_cli.c:3279: client state: 1
../mbedTLS/library/ssl_tls.c:2416: => flush output
../mbedTLS/library/ssl_tls.c:2428: <= flush output
../mbedTLS/library/ssl_cli.c:0717: => write client hello
../mbedTLS/library/ssl_cli.c:0755: client hello, max version: [3:3]
../mbedTLS/library/ssl_cli.c:0693: client hello, current time: 0
../mbedTLS/library/ssl_cli.c:0764: dumping 'client hello, random bytes' (32 bytes)
../mbedTLS/library/ssl_cli.c:0764: 0000:  00 00 00 00 4c 2f 10 a0 bd 28 2d bf d9 44 c0 ca  ....L/...(-..D..
../mbedTLS/library/ssl_cli.c:0764: 0010:  8c 3b 31 5e 03 3c 67 4c 3d c1 4c 86 0f 77 84 c6  .;1^.<gL=.L..w..
../mbedTLS/library/ssl_cli.c:0817: client hello, session id len.: 0
../mbedTLS/library/ssl_cli.c:0818: dumping 'client hello, session id' (0 bytes)
../mbedTLS/library/ssl_cli.c:0885: client hello, add ciphersuite: c030
../mbedTLS/library/ssl_cli.c:0918: client hello, got 2 ciphersuites
../mbedTLS/library/ssl_cli.c:0949: client hello, compress len.: 1
../mbedTLS/library/ssl_cli.c:0951: client hello, compress alg.: 0
../mbedTLS/library/ssl_cli.c:0178: client hello, adding signature_algorithms extension
../mbedTLS/library/ssl_cli.c:0263: client hello, adding supported_elliptic_curves extension
../mbedTLS/library/ssl_cli.c:0326: client hello, adding supported_point_formats extension
../mbedTLS/library/ssl_cli.c:1023: client hello, total extension length: 42
../mbedTLS/library/ssl_tls.c:2701: => write record
../mbedTLS/library/ssl_tls.c:2838: output record: msgtype = 22, version = [3:1], msglen = 91
../mbedTLS/library/ssl_tls.c:2416: => flush output
../mbedTLS/library/ssl_tls.c:2435: message length: 96, out_left: 96
../mbedTLS/library/ssl_tls.c:2441: ssl->f_send() returned 96 (-0xffffffa0)
../mbedTLS/library/ssl_tls.c:2460: <= flush output
../mbedTLS/library/ssl_tls.c:2850: <= write record
../mbedTLS/library/ssl_cli.c:1049: <= write client hello
../mbedTLS/library/ssl_cli.c:3279: client state: 2
../mbedTLS/library/ssl_tls.c:2416: => flush output
../mbedTLS/library/ssl_tls.c:2428: <= flush output
../mbedTLS/library/ssl_cli.c:1410: => parse server hello
../mbedTLS/library/ssl_tls.c:3728: => read record
../mbedTLS/library/ssl_tls.c:2208: => fetch input
../mbedTLS/library/ssl_tls.c:2366: in_left: 0, nb_want: 5
../mbedTLS/library/ssl_tls.c:2390: in_left: 0, nb_want: 5
../mbedTLS/library/ssl_tls.c:2391: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
../mbedTLS/library/ssl_tls.c:2403: <= fetch input
../mbedTLS/library/ssl_tls.c:3488: input record: msgtype = 22, version = [3:3], msglen = 3409
../mbedTLS/library/ssl_tls.c:2208: => fetch input
../mbedTLS/library/ssl_tls.c:2366: in_left: 5, nb_want: 3414
../mbedTLS/library/ssl_tls.c:2390: in_left: 5, nb_want: 3414
../mbedTLS/library/ssl_tls.c:2391: ssl->f_recv(_timeout)() returned 2675 (-0xfffff58d)
../mbedTLS/library/ssl_tls.c:2390: in_left: 2680, nb_want: 3414
../mbedTLS/library/ssl_tls.c:2391: ssl->f_recv(_timeout)() returned 734 (-0xfffffd22)
../mbedTLS/library/ssl_tls.c:2403: <= fetch input
../mbedTLS/library/ssl_tls.c:3089: handshake message: msglen = 3409, type = 2, hslen = 81
../mbedTLS/library/ssl_tls.c:3753: <= read record
../mbedTLS/library/ssl_cli.c:1483: dumping 'server hello, version' (2 bytes)
../mbedTLS/library/ssl_cli.c:1483: 0000:  03 03                                            ..
../mbedTLS/library/ssl_cli.c:1509: server hello, current time: 1563184260
../mbedTLS/library/ssl_cli.c:1516: dumping 'server hello, random bytes' (32 bytes)
../mbedTLS/library/ssl_cli.c:1516: 0000:  5d 2c 4c 84 a9 bb a5 07 24 10 51 bc 63 f7 f0 1c  ],L.....$.Q.c...
../mbedTLS/library/ssl_cli.c:1516: 0010:  34 5b e3 de 16 04 dd 3b 8d 9c d1 f8 61 84 a9 f5  4[.....;....a...
../mbedTLS/library/ssl_cli.c:1586: server hello, session id len.: 32
../mbedTLS/library/ssl_cli.c:1587: dumping 'server hello, session id' (32 bytes)
../mbedTLS/library/ssl_cli.c:1587: 0000:  f3 34 00 00 09 7b 01 b3 a2 b0 c9 19 c3 95 1e 6f  .4...{.........o
../mbedTLS/library/ssl_cli.c:1587: 0010:  78 19 a0 0c 4b 0d 60 7f b5 9b d6 5b 91 2f c8 2b  x...K.`....[./.+
../mbedTLS/library/ssl_cli.c:1623: no session has been resumed
../mbedTLS/library/ssl_cli.c:1625: server hello, chosen ciphersuite: c030
../mbedTLS/library/ssl_cli.c:1626: server hello, compress alg.: 0
../mbedTLS/library/ssl_cli.c:1640: server hello, chosen ciphersuite: TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
../mbedTLS/library/ssl_cli.c:1671: server hello, total extension length: 5
../mbedTLS/library/ssl_cli.c:1689: found renegotiation extension
../mbedTLS/library/ssl_cli.c:1859: <= parse server hello
../mbedTLS/library/ssl_cli.c:3279: client state: 3
../mbedTLS/library/ssl_tls.c:2416: => flush output
../mbedTLS/library/ssl_tls.c:2428: <= flush output
../mbedTLS/library/ssl_tls.c:4223: => parse certificate
../mbedTLS/library/ssl_tls.c:3728: => read record
../mbedTLS/library/ssl_tls.c:3089: handshake message: msglen = 3328, type = 11, hslen = 2991
../mbedTLS/library/ssl_tls.c:3753: <= read record
../mbedTLS/library/ssl_tls.c:4389: peer certificate #1:
../mbedTLS/library/ssl_tls.c:4389: cert. version     : 3
../mbedTLS/library/ssl_tls.c:4389: serial number     : 05:4C:65:FF:6B:4E:12:38:90:53:3B:09:5C:71:79:CD
../mbedTLS/library/ssl_tls.c:4389: issuer name       : C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
../mbedTLS/library/ssl_tls.c:4389: subject name      : C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=*.azurewebsites.net
../mbedTLS/library/ssl_tls.c:4389: issued  on        : 2019-05-10 00:00:00
../mbedTLS/library/ssl_tls.c:4389: expires on        : 2021-05-10 12:00:00
../mbedTLS/library/ssl_tls.c:4389: signed using      : RSA with SHA-256
../mbedTLS/library/ssl_tls.c:4389: RSA key size      : 2048 bits
../mbedTLS/library/ssl_tls.c:4389: basic constraints : CA=false
../mbedTLS/library/ssl_tls.c:4389: subject alt name  : *.azurewebsites.net, *.scm.azurewebsites.net, *.sso.azurewebsites.net, *.azure-mobile.net, *.scm.azure-mobile.net
../mbedTLS/library/ssl_tls.c:4389: key usage         : Digital Signature, Key Encipherment
../mbedTLS/library/ssl_tls.c:4389: ext key usage     : TLS Web Server Authentication, TLS Web Client Authentication
../mbedTLS/library/ssl_tls.c:4389: value of 'crt->rsa.N' (2048 bits) is:
../mbedTLS/library/ssl_tls.c:4389:  c5 9d de a6 a1 b1 30 68 85 cf b9 8e d3 fc d5 7b
../mbedTLS/library/ssl_tls.c:4389:  c8 e8 76 83 8f 4f c6 a3 7c b8 15 ba e6 77 6b 1a
../mbedTLS/library/ssl_tls.c:4389:  b1 8c 2b 31 7c 03 b1 90 98 92 02 d8 33 7c 36 fd
../mbedTLS/library/ssl_tls.c:4389:  30 cf ac 91 c0 b9 f3 54 c8 a8 4b 24 ea a0 7d b2
../mbedTLS/library/ssl_tls.c:4389:  73 9b 46 0b f2 db ff 7b e9 67 ee 60 df 22 5a eb
../mbedTLS/library/ssl_tls.c:4389:  be fe 2a eb 56 2d ee 5b 22 b4 d7 41 53 9c f4 0c
../mbedTLS/library/ssl_tls.c:4389:  bf 4e 89 1b 92 b8 8b 65 7c 08 19 bc 4e 2f 07 80
../mbedTLS/library/ssl_tls.c:4389:  32 cc 03 53 65 dc 74 48 0f f3 49 a7 6a a4 c5 6b
../mbedTLS/library/ssl_tls.c:4389:  1b 86 ad fe df ef 4a e5 8f 21 4d 55 5e a1 7f 75
../mbedTLS/library/ssl_tls.c:4389:  31 d1 29 b1 17 c9 06 36 f8 7c 4b c3 b1 67 0b f1
../mbedTLS/library/ssl_tls.c:4389:  58 fb 25 4b b6 93 90 ce e5 07 8d 2b 9a 48 9c 58
../mbedTLS/library/ssl_tls.c:4389:  c8 a0 7e 30 bf c9 51 99 14 b9 d8 9c 73 14 78 7e
../mbedTLS/library/ssl_tls.c:4389:  16 35 19 92 63 cb c1 8d 9d 6d 9c c0 18 1b e4 18
../mbedTLS/library/ssl_tls.c:4389:  e8 6a 3a a4 26 8f 2a a9 c4 92 3e d0 66 a6 24 b1
../mbedTLS/library/ssl_tls.c:4389:  55 d8 de 41 08 f7 a6 53 5d ea b6 bb c0 67 1e 74
../mbedTLS/library/ssl_tls.c:4389:  5d 88 82 9c 4c ae e6 1e d5 91 c2 4a 34 1c 90 11
../mbedTLS/library/ssl_tls.c:4389: value of 'crt->rsa.E' (17 bits) is:
../mbedTLS/library/ssl_tls.c:4389:  01 00 01
../mbedTLS/library/ssl_tls.c:4389: peer certificate #2:
../mbedTLS/library/ssl_tls.c:4389: cert. version     : 3
../mbedTLS/library/ssl_tls.c:4389: serial number     : 01:FD:A3:EB:6E:CA:75:C8:88:43:8B:72:4B:CF:BC:91
../mbedTLS/library/ssl_tls.c:4389: issuer name       : C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
../mbedTLS/library/ssl_tls.c:4389: subject name      : C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA
../mbedTLS/library/ssl_tls.c:4389: issued  on        : 2013-03-08 12:00:00
../mbedTLS/library/ssl_tls.c:4389: expires on        : 2023-03-08 12:00:00
../mbedTLS/library/ssl_tls.c:4389: signed using      : RSA with SHA-256
../mbedTLS/library/ssl_tls.c:4389: RSA key size      : 2048 bits
../mbedTLS/library/ssl_tls.c:4389: basic constraints : CA=true, max_pathlen=0
../mbedTLS/library/ssl_tls.c:4389: key usage         : Digital Signature, Key Cert Sign, CRL Sign
../mbedTLS/library/ssl_tls.c:4389: value of 'crt->rsa.N' (2048 bits) is:
../mbedTLS/library/ssl_tls.c:4389:  dc ae 58 90 4d c1 c4 30 15 90 35 5b 6e 3c 82 15
../mbedTLS/library/ssl_tls.c:4389:  f5 2c 5c bd e3 db ff 71 43 fa 64 25 80 d4 ee 18
../mbedTLS/library/ssl_tls.c:4389:  a2 4d f0 66 d0 0a 73 6e 11 98 36 17 64 af 37 9d
../mbedTLS/library/ssl_tls.c:4389:  fd fa 41 84 af c7 af 8c fe 1a 73 4d cf 33 97 90
../mbedTLS/library/ssl_tls.c:4389:  a2 96 87 53 83 2b b9 a6 75 48 2d 1d 56 37 7b da
../mbedTLS/library/ssl_tls.c:4389:  31 32 1a d7 ac ab 06 f4 aa 5d 4b b7 47 46 dd 2a
../mbedTLS/library/ssl_tls.c:4389:  93 c3 90 2e 79 80 80 ef 13 04 6a 14 3b b5 9b 92
../mbedTLS/library/ssl_tls.c:4389:  be c2 07 65 4e fc da fc ff 7a ae dc 5c 7e 55 31
../mbedTLS/library/ssl_tls.c:4389:  0c e8 39 07 a4 d7 be 2f d3 0b 6a d2 b1 df 5f fe
../mbedTLS/library/ssl_tls.c:4389:  57 74 53 3b 35 80 dd ae 8e 44 98 b3 9f 0e d3 da
../mbedTLS/library/ssl_tls.c:4389:  e0 d7 f4 6b 29 ab 44 a7 4b 58 84 6d 92 4b 81 c3
../mbedTLS/library/ssl_tls.c:4389:  da 73 8b 12 97 48 90 04 45 75 1a dd 37 31 97 92
../mbedTLS/library/ssl_tls.c:4389:  e8 cd 54 0d 3b e4 c1 3f 39 5e 2e b8 f3 5c 7e 10
../mbedTLS/library/ssl_tls.c:4389:  8e 86 41 00 8d 45 66 47 b0 a1 65 ce a0 aa 29 09
../mbedTLS/library/ssl_tls.c:4389:  4e f3 97 eb e8 2e ab 0f 72 a7 30 0e fa c7 f4 fd
../mbedTLS/library/ssl_tls.c:4389:  14 77 c3 a4 5b 28 57 c2 b3 f9 82 fd b7 45 58 9b
../mbedTLS/library/ssl_tls.c:4389: value of 'crt->rsa.E' (17 bits) is:
../mbedTLS/library/ssl_tls.c:4389:  01 00 01
../mbedTLS/library/ssl_tls.c:4454: x509_verify_cert() returned -9984 (-0x2700)
../mbedTLS/library/ssl_tls.c:4490: <= parse certificate
../mbedTLS/library/ssl_tls.c:6345: <= handshake
 failed
  ! mbedtls_ssl_handshake returned -0x2700

../mbedTLS/library/ssl_tls.c:7055: => free
../mbedTLS/library/ssl_tls.c:7120: <= free

@JiriPelant
What doesmbedtls_ssl_get_verify_result() return?

I’m using ssl_clinet example. tls_ssl_get_verify_result() is called after SSL/TLS handshake, which fails, so the program ends. When should I call it?

Thanks

Hi @JiriPelant
What is the debug_level you are running your sample application? Please run your application with debug_level=4 to see full logs.

In addition, have you set the correct ca certificate as trusted root certificate?

Hi Ron,

of course, bad certificate. :see_no_evil:

Thank you very much and sorry for the stupid question!