Perform authentification using CyaSSL
Sven
Hello everybody,
first of all, I am a complete beginner in secure communication over the internet - just that you know. Right now I am trying to implement a communication with the Google Accounts' Server (https://accounts.google.com) to be able to authorize with the server using OAuth 2.0 as described here: https://developers.google.com/accounts/ … orDevices. My platform is a x86-64 running Win7, coding in C / C++ with Visual Studio. As the SSL library I am using CyaSSL 2.0.8.
The source of my problems seems to be the CA certificate. What I did: I went to https://accounts.google.com with my Browser (Chrome) and exported the Certificate to a DER-coded binary X.509 file (*.cer). In my program I called CyaSSL_CTX_use_certificate_file(ctx, "..\\google_ca.cer", SSL_FILETYPE_RAW). When I try to send something the CyaSSL_connect() fails with the code -155.
Here is the debug output:
CyaSSL Entering CyaSSL_Init CyaSSL Entering CYASSL_CTX_new CyaSSL Leaving CYASSL_CTX_new, return 0 CyaSSL Entering CyaSSL_CTX_use_certificate_file CyaSSL Entering SSL_new CyaSSL Leaving SSL_new, return 0 CyaSSL Entering SSL_set_fd CyaSSL Leaving SSL_set_fd, return 1 CyaSSL Entering SSL_connect() connect state: CLIENT_HELLO_SENT received record layer msg CyaSSL Entering DoHandShakeMsg() processing server hello CyaSSL Leaving DoHandShakeMsg(), return 0 growing input buffer received record layer msg CyaSSL Entering DoHandShakeMsg() processing certificate Loading peer's cert chain Put another cert into chain Put another cert into chain Found Basic CA constraint Found optional critical flag, moving past About to verify certificate signature No CA signer to verify with Failed to verify CA from chain Veriying Peer's cert Found Basic CA constraint Found optional critical flag, moving past About to verify certificate signature No CA signer to verify with Failed to verify Peer's cert No callback override availalbe, fatal CyaSSL Leaving DoHandShakeMsg(), return -155 CyaSSL error occured, error = -155
CyaSSL_Debugging_ON();
if(CyaSSL_Init() != 0)
exit("Error: CyaSSL_Init");
CYASSL_CTX* ctx;
if ( (ctx = CyaSSL_CTX_new(CyaTLSv1_client_method())) == NULL)
exit("CyaSSL_CTX_new error.");
if (CyaSSL_CTX_use_certificate_file(ctx, "..\\google_ca.cer", SSL_FILETYPE_RAW) != SSL_SUCCESS)
exit("Error loading CA cert, please check the file.");
// Socket- / TCP-Stuff
WSADATA wsaData;
if(WSAStartup(MAKEWORD(2, 2), &wsaData) != 0)
exit("Error: WSAStartup", WSAGetLastError());
sockaddr_in addr;
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = inet_addr("173.194.69.84");
addr.sin_port = htons(443);
SOCKET sock = socket(AF_INET, SOCK_STREAM, 0);
if(sock == INVALID_SOCKET)
exit("Error: Invalid socket", WSAGetLastError());
if(connect(sock, (SOCKADDR*) &addr, sizeof(addr)) != 0)
exit("Error: connect", WSAGetLastError());
// Socket- / TCP-Stuff
CYASSL* ssl;
if ((ssl = CyaSSL_new(ctx)) == NULL)
exit("CyaSSL_new error.");
CyaSSL_set_fd(ssl, sock);
if(CyaSSL_connect(ssl) != 0)
exit("Error: CyaSSL_connect");
// READ WRITE:
char recvbuf[4096];
int result;
if((result = CyaSSL_write(ssl, query, strlen(query))) == -1)
exit("Error: CyaSSL_write", CyaSSL_get_error(ssl, result));
if((result = CyaSSL_read(ssl, recvbuf, 4096)) == -1)
exit("Error: CyaSSL_read", CyaSSL_get_error(ssl, result));
CyaSSL_free(ssl);
CyaSSL_CTX_free(ctx);
CyaSSL_Cleanup();
// Socket- / TCP-Stuff
closesocket(sock);
WSACleanup(); // Socket- / TCP-Stuff
Can anybody help me?
