Mbed forum

X509_verify_cert() returned -9984 (-0x2700)


(Mattia Berton) #1

Hello,
I’m getting this problem with my TLS connection.
I’m trying to connect to a file server (https://files.000webhost.com/) using the COMODO CA as the following:
-----BEGIN CERTIFICATE-----
MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCB
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMjEy
MDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
Q09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZh
bGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAI7CAhnhoFmk6zg1jSz9AdDTScBkxwtiBUUWOqigwAwCfx3M28Sh
bXcDow+G+eMGnD4LgYqbSRutA776S9uMIO3Vzl5ljj4Nr0zCsLdFXlIvNN5IJGS0
Qa4Al/e+Z96e0HqnU4A7fK31llVvl0cKfIWLIpeNs4TgllfQcBhglo/uLQeTnaG6
ytHNe+nEKpooIZFNb5JPJaXyejXdJtxGpdCsWTWM/06RQ1A/WZMebFEh7lgUq/51
UHg+TLAchhP6a5i84DuUHoVS3AOTJBhuyydRReZw3iVDpA3hSqXttn7IzW3uLh0n
c13cRTCAquOyQQuvvUSH2rnlG51/ruWFgqUCAwEAAaOCAWUwggFhMB8GA1UdIwQY
MBaAFLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBSQr2o6lFoL2JDqElZz
30O0Oija5zAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwGwYDVR0gBBQwEjAGBgRVHSAAMAgG
BmeBDAECATBMBgNVHR8ERTBDMEGgP6A9hjtodHRwOi8vY3JsLmNvbW9kb2NhLmNv
bS9DT01PRE9SU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDBxBggrBgEFBQcB
AQRlMGMwOwYIKwYBBQUHMAKGL2h0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9E
T1JTQUFkZFRydXN0Q0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21v
ZG9jYS5jb20wDQYJKoZIhvcNAQEMBQADggIBAE4rdk+SHGI2ibp3wScF9BzWRJ2p
mj6q1WZmAT7qSeaiNbz69t2Vjpk1mA42GHWx3d1Qcnyu3HeIzg/3kCDKo2cuH1Z/
e+FE6kKVxF0NAVBGFfKBiVlsit2M8RKhjTpCipj4SzR7JzsItG8kO3KdY3RYPBps
P0/HEZrIqPW1N+8QRcZs2eBelSaz662jue5/DJpmNXMyYE7l3YphLG5SEXdoltMY
dVEVABt0iN3hxzgEQyjpFv3ZBdRdRydg1vs4O2xyopT4Qhrf7W8GjEXCBgCq5Ojc
2bXhc3js9iPc0d1sjhqPpepUfJa3w/5Vjo1JXvxku88+vZbrac2/4EjxYoIQ5QxG
V/Iz2tDIY+3GH5QFlkoakdH368+PUq4NCNk+qKBR6cGHdNXJ93SrLlP7u3r7l+L4
HyaPs9Kg4DdbKDsx5Q5XLVq4rXmsXiBmGqW5prU5wfWYQ//u+aen/e7KJD2AFsQX
j4rBYKEMrltDR5FL1ZoXX/nUh8HCjLfn4g8wGTeGrODcQgPmlKidrv0PJFGUzpII
0fxQ8ANAe4hZ7Q7drNJ3gjTcBpUC2JD5Leo31Rpg0Gcg19hCC0Wvgmje3WYkN5Ap
lBlGGSW4gNfL1IYoakRwJiNiqZ+Gb7+6kHDSVneFeO/qJakXzlByjAA6quPbYzSf
+AZxAeKCINT+b72x
-----END CERTIFICATE-----

However, as I start handshaking, I got the following error: x509_verify_cert() returned -9984 (-0x2700).
This is my log:

I (9301) mbedtls: ssl_cli.c:3405 client state: 0

I (9302) mbedtls: ssl_tls.c:2751 => flush output

I (9306) mbedtls: ssl_tls.c:2763 <= flush output

I (9312) mbedtls: ssl_cli.c:3405 client state: 1

I (9317) mbedtls: ssl_tls.c:2751 => flush output

I (9323) mbedtls: ssl_tls.c:2763 <= flush output

I (9328) mbedtls: ssl_cli.c:774 => write client hello

I (9337) mbedtls: ssl_tls.c:3180 => write handshake message

I (9342) mbedtls: ssl_tls.c:3337 => write record

I (9348) mbedtls: ssl_tls.c:2751 => flush output

I (9351) mbedtls: ssl_tls.c:2770 message length: 254, out_left: 254

I (9360) mbedtls: ssl_tls.c:2775 ssl->f_send() returned 254 (-0xffffff02)

I (9366) mbedtls: ssl_tls.c:2803 <= flush output

I (9372) mbedtls: ssl_tls.c:3470 <= write record

I (9377) mbedtls: ssl_tls.c:3314 <= write handshake message

I (9383) mbedtls: ssl_cli.c:1106 <= write client hello

I (9390) mbedtls: ssl_cli.c:3405 client state: 2

I (9395) mbedtls: ssl_tls.c:2751 => flush output

I (9400) mbedtls: ssl_tls.c:2763 <= flush output

I (9406) mbedtls: ssl_cli.c:1499 => parse server hello

I (9412) mbedtls: ssl_tls.c:4305 => read record

I (9417) mbedtls: ssl_tls.c:2532 => fetch input

I (9423) mbedtls: ssl_tls.c:2693 in_left: 0, nb_want: 5

I (9429) mbedtls: ssl_tls.c:2717 in_left: 0, nb_want: 5

I (9435) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

I (9443) mbedtls: ssl_tls.c:2738 <= fetch input

I (9449) mbedtls: ssl_tls.c:2532 => fetch input

I (9454) mbedtls: ssl_tls.c:2693 in_left: 5, nb_want: 70

I (9460) mbedtls: ssl_tls.c:2717 in_left: 5, nb_want: 70

I (9466) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 65 (-0xffffffbf)

I (9475) mbedtls: ssl_tls.c:2738 <= fetch input

I (9483) mbedtls: ssl_tls.c:4379 <= read record

I (9487) mbedtls: ssl_cli.c:1781 server hello, total extension length: 21

I (9493) mbedtls: ssl_cli.c:1970 <= parse server hello

I (9499) mbedtls: ssl_cli.c:3405 client state: 3

I (9504) mbedtls: ssl_tls.c:2751 => flush output

I (9510) mbedtls: ssl_tls.c:2763 <= flush output

I (9515) mbedtls: ssl_tls.c:5440 => parse certificate

I (9521) mbedtls: ssl_tls.c:4305 => read record

I (9527) mbedtls: ssl_tls.c:2532 => fetch input

I (9532) mbedtls: ssl_tls.c:2693 in_left: 0, nb_want: 5

I (9538) mbedtls: ssl_tls.c:2717 in_left: 0, nb_want: 5

I (9544) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

I (9553) mbedtls: ssl_tls.c:2738 <= fetch input

I (9558) mbedtls: ssl_tls.c:2532 => fetch input

I (9563) mbedtls: ssl_tls.c:2693 in_left: 5, nb_want: 2644

I (9571) mbedtls: ssl_tls.c:2717 in_left: 5, nb_want: 2644

I (9576) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 2639 (-0xfffff5b1)

I (9585) mbedtls: ssl_tls.c:2738 <= fetch input

I (9614) mbedtls: ssl_tls.c:4379 <= read record

W (9661) mbedtls: ssl_tls.c:5713 x509_verify_cert() returned -9984 (-0x2700)

I (9662) mbedtls: ssl_tls.c:5244 => send alert message

I (9665) mbedtls: ssl_tls.c:3337 => write record

I (9670) mbedtls: ssl_tls.c:2751 => flush output

I (9675) mbedtls: ssl_tls.c:2770 message length: 7, out_left: 7

I (9683) mbedtls: ssl_tls.c:2775 ssl->f_send() returned 7 (-0xfffffff9)

I (9690) mbedtls: ssl_tls.c:2803 <= flush output

I (9695) mbedtls: ssl_tls.c:3470 <= write record

I (9701) mbedtls: ssl_tls.c:5257 <= send alert message

I (9707) mbedtls: ssl_tls.c:5810 <= parse certificate

I (9712) mbedtls: ssl_tls.c:8031 <= handshake

Am I wrong in the use of the certificate? Can you help me?
Thank you,
Mattia Berton


(Ron Eldor) #2

Hi @MattiaBerton
Thank you for your question.
Using debug_level=3 you will see that the verification flags are 4, which means:

MBEDTLS_X509_BADCERT_CN_MISMATCH

You will also see in the logs:

Verify requested for (Depth 0):
cert. version     : 3
serial number     : 31:5E:54:EA:E8:52:71:34:86:A3:6D:90:95:22:7D:BE
issuer name       : C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
subject name      : OU=Domain Control Validated, OU=EssentialSSL Wildcard, CN=*.000webhost.com
issued  on        : 2018-10-19 00:00:00
expires on        : 2020-12-17 23:59:59
signed using      : RSA with SHA-256
RSA key size      : 2048 bits
basic constraints : CA=false
subject alt name  : *.000webhost.com, 000webhost.com
key usage         : Digital Signature, Key Encipherment
ext key usage     : TLS Web Server Authentication, TLS Web Client Authentication
  ! The certificate Common Name (CN) does not match with the expected CN

The reason is because the subject_alt_name CN of the server certificate(*.000webhost.com, 000webhost.com) does not match the hostname set:

    if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
    {
        for( cur = &crt->subject_alt_names; cur != NULL; cur = cur->next )
        {
            if( x509_crt_check_cn( &cur->buf, cn, cn_len ) == 0 )
                break;
        }

        if( cur == NULL )
            *flags |= MBEDTLS_X509_BADCERT_CN_MISMATCH;
    }

You should have in your code the following line:

mbedtls_ssl_set_hostname( &ssl, "files.000webhost.com" );

or

mbedtls_ssl_set_hostname( &ssl, server_addr );

or

mbedtls_ssl_set_hostname( &ssl, "*.000webhost.com" );

or

mbedtls_ssl_set_hostname( &ssl, "000webhost.com" );

I suggest you look at https://tls.mbed.org/kb/development/debugging-tls for additional guidelines.
Regards,
Mbed TLS Team member
Ron


(Mattia Berton) #3

Hello Ron,
thank you for your answer.
But something is not clear to me: why the CA provided is not correct since the CN field matches with the hostname I’m trying to connect to?

Thank you,
Mattia Berton


(Ron Eldor) #4

Hi Mattia,
Why do you think the CA is not correct?
The CA is correct, and another means of security is checking the subject name.
The error you received is not because of the CA, but because the hostname did not match the subject_alt_name extension in the certificate
Regards,
Ron


(Mattia Berton) #5

Hello Ron,
but if the hostname I’m connecting is files.000webhost.com and the certificate has subject_alt_name which includes *.000webhost.com, why you say that the hostname did not match the subject_alt_name extension in the certificate?

Thank you,
Mattia Berton


(Ron Eldor) #6

Hi Mattia,
Have you called mbedtls_ssl_set_hostname() in your application to set the hostname?
There is a difference between the server address that you are connecting to, and the hostname that is set in the tls session. The first is only networking connection, and the second is the name of the server. They are not neccessarily the same.

Regards,
Ron


(Mattia Berton) #7

Hello Ron,
no, I didn’t call mbedtls_ssl_set_hostname in my application, but that’s because it is an example of ESP32 IDF which should work out-of-the-box.
Also, the same example worked with “https://bertronics.netsons.org/” with this certificate:
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----

but not with the server and certificate provided. I really can’t understand why with one site I need to use the mbedtls_ssl_set_hostname() function while in the other I don’t…


(Ron Eldor) #8

Hi Mattia,
The certificate you just posted is a CA certificate. The failure you encountered was on the server certificate.
I tried connecting to bertronics, and I got same verification failure of the subject name vs. hostname CN comparison failure.
Regards
Ron.