I'm trying to test client certificates and found a public website that allows you to test against it.
In a browser, if a client cert isn't supplied (the default action) it gives an error.
However, when I try the same thing from the mbedTLS ssl_client2 sample project, I get a fatal alert message type 40.
Is anyone able to determine what the problem might be?
Thanks.
debug
. Seeding the random number generator... ok
. Loading the CA root certificate ... ok (0 skipped)
. Loading the client cert. and key... ok
. Connecting to tcp/prod.idrix.eu/443... ok
. Setting up the SSL/TLS structure...ssl_tls.c:0081: |3| set_timer to 0 ms
ok
. Performing the SSL/TLS handshake...ssl_tls.c:8081: |2| => handshake
ssl_cli.c:3500: |2| client state: 0
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2766: |2| <= flush output
ssl_cli.c:3500: |2| client state: 1
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2766: |2| <= flush output
ssl_cli.c:0774: |2| => write client hello
ssl_cli.c:0812: |3| client hello, max version: [3:3]
ssl_cli.c:0703: |3| client hello, current time: 1543817141
ssl_cli.c:0821: |3| dumping 'client hello, random bytes' (32 bytes)
ssl_cli.c:0821: |3| 0000: 5c 04 c7 b5 84 9c 13 b6 b9 08 a2 a4 e5 68 7c 10 \............h|.
ssl_cli.c:0821: |3| 0010: 90 62 00 7e 6c 43 96 84 6b 58 a0 58 76 2c 19 19 .b.~lC..kX.Xv,..
ssl_cli.c:0874: |3| client hello, session id len.: 0
ssl_cli.c:0875: |3| dumping 'client hello, session id' (0 bytes)
ssl_cli.c:0922: |3| client hello, add ciphersuite: cca8
ssl_cli.c:0922: |3| client hello, add ciphersuite: cca9
ssl_cli.c:0922: |3| client hello, add ciphersuite: ccaa
ssl_cli.c:0922: |3| client hello, add ciphersuite: c02c
ssl_cli.c:0922: |3| client hello, add ciphersuite: c030
ssl_cli.c:0922: |3| client hello, add ciphersuite: 009f
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0ad
ssl_cli.c:0922: |3| client hello, add ciphersuite: c09f
ssl_cli.c:0922: |3| client hello, add ciphersuite: c024
ssl_cli.c:0922: |3| client hello, add ciphersuite: c028
ssl_cli.c:0922: |3| client hello, add ciphersuite: 006b
ssl_cli.c:0922: |3| client hello, add ciphersuite: c00a
ssl_cli.c:0922: |3| client hello, add ciphersuite: c014
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0039
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0af
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0a3
ssl_cli.c:0922: |3| client hello, add ciphersuite: c087
ssl_cli.c:0922: |3| client hello, add ciphersuite: c08b
ssl_cli.c:0922: |3| client hello, add ciphersuite: c07d
ssl_cli.c:0922: |3| client hello, add ciphersuite: c073
ssl_cli.c:0922: |3| client hello, add ciphersuite: c077
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00c4
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0088
ssl_cli.c:0922: |3| client hello, add ciphersuite: c02b
ssl_cli.c:0922: |3| client hello, add ciphersuite: c02f
ssl_cli.c:0922: |3| client hello, add ciphersuite: 009e
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0ac
ssl_cli.c:0922: |3| client hello, add ciphersuite: c09e
ssl_cli.c:0922: |3| client hello, add ciphersuite: c023
ssl_cli.c:0922: |3| client hello, add ciphersuite: c027
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0067
ssl_cli.c:0922: |3| client hello, add ciphersuite: c009
ssl_cli.c:0922: |3| client hello, add ciphersuite: c013
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0033
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0ae
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0a2
ssl_cli.c:0922: |3| client hello, add ciphersuite: c086
ssl_cli.c:0922: |3| client hello, add ciphersuite: c08a
ssl_cli.c:0922: |3| client hello, add ciphersuite: c07c
ssl_cli.c:0922: |3| client hello, add ciphersuite: c072
ssl_cli.c:0922: |3| client hello, add ciphersuite: c076
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00be
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0045
ssl_cli.c:0922: |3| client hello, add ciphersuite: c008
ssl_cli.c:0922: |3| client hello, add ciphersuite: c012
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0016
ssl_cli.c:0922: |3| client hello, add ciphersuite: ccac
ssl_cli.c:0922: |3| client hello, add ciphersuite: ccad
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00ab
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0a7
ssl_cli.c:0922: |3| client hello, add ciphersuite: c038
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00b3
ssl_cli.c:0922: |3| client hello, add ciphersuite: c036
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0091
ssl_cli.c:0922: |3| client hello, add ciphersuite: c091
ssl_cli.c:0922: |3| client hello, add ciphersuite: c09b
ssl_cli.c:0922: |3| client hello, add ciphersuite: c097
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0ab
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00aa
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0a6
ssl_cli.c:0922: |3| client hello, add ciphersuite: c037
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00b2
ssl_cli.c:0922: |3| client hello, add ciphersuite: c035
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0090
ssl_cli.c:0922: |3| client hello, add ciphersuite: c090
ssl_cli.c:0922: |3| client hello, add ciphersuite: c096
ssl_cli.c:0922: |3| client hello, add ciphersuite: c09a
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0aa
ssl_cli.c:0922: |3| client hello, add ciphersuite: c034
ssl_cli.c:0922: |3| client hello, add ciphersuite: 008f
ssl_cli.c:0922: |3| client hello, add ciphersuite: 009d
ssl_cli.c:0922: |3| client hello, add ciphersuite: c09d
ssl_cli.c:0922: |3| client hello, add ciphersuite: 003d
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0035
ssl_cli.c:0922: |3| client hello, add ciphersuite: c032
ssl_cli.c:0922: |3| client hello, add ciphersuite: c02a
ssl_cli.c:0922: |3| client hello, add ciphersuite: c00f
ssl_cli.c:0922: |3| client hello, add ciphersuite: c02e
ssl_cli.c:0922: |3| client hello, add ciphersuite: c026
ssl_cli.c:0922: |3| client hello, add ciphersuite: c005
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0a1
ssl_cli.c:0922: |3| client hello, add ciphersuite: c07b
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00c0
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0084
ssl_cli.c:0922: |3| client hello, add ciphersuite: c08d
ssl_cli.c:0922: |3| client hello, add ciphersuite: c079
ssl_cli.c:0922: |3| client hello, add ciphersuite: c089
ssl_cli.c:0922: |3| client hello, add ciphersuite: c075
ssl_cli.c:0922: |3| client hello, add ciphersuite: 009c
ssl_cli.c:0922: |3| client hello, add ciphersuite: c09c
ssl_cli.c:0922: |3| client hello, add ciphersuite: 003c
ssl_cli.c:0922: |3| client hello, add ciphersuite: 002f
ssl_cli.c:0922: |3| client hello, add ciphersuite: c031
ssl_cli.c:0922: |3| client hello, add ciphersuite: c029
ssl_cli.c:0922: |3| client hello, add ciphersuite: c00e
ssl_cli.c:0922: |3| client hello, add ciphersuite: c02d
ssl_cli.c:0922: |3| client hello, add ciphersuite: c025
ssl_cli.c:0922: |3| client hello, add ciphersuite: c004
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0a0
ssl_cli.c:0922: |3| client hello, add ciphersuite: c07a
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00ba
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0041
ssl_cli.c:0922: |3| client hello, add ciphersuite: c08c
ssl_cli.c:0922: |3| client hello, add ciphersuite: c078
ssl_cli.c:0922: |3| client hello, add ciphersuite: c088
ssl_cli.c:0922: |3| client hello, add ciphersuite: c074
ssl_cli.c:0922: |3| client hello, add ciphersuite: 000a
ssl_cli.c:0922: |3| client hello, add ciphersuite: c00d
ssl_cli.c:0922: |3| client hello, add ciphersuite: c003
ssl_cli.c:0922: |3| client hello, add ciphersuite: ccae
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00ad
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00b7
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0095
ssl_cli.c:0922: |3| client hello, add ciphersuite: c093
ssl_cli.c:0922: |3| client hello, add ciphersuite: c099
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00ac
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00b6
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0094
ssl_cli.c:0922: |3| client hello, add ciphersuite: c092
ssl_cli.c:0922: |3| client hello, add ciphersuite: c098
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0093
ssl_cli.c:0922: |3| client hello, add ciphersuite: ccab
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00a9
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0a5
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00af
ssl_cli.c:0922: |3| client hello, add ciphersuite: 008d
ssl_cli.c:0922: |3| client hello, add ciphersuite: c08f
ssl_cli.c:0922: |3| client hello, add ciphersuite: c095
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0a9
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00a8
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0a4
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00ae
ssl_cli.c:0922: |3| client hello, add ciphersuite: 008c
ssl_cli.c:0922: |3| client hello, add ciphersuite: c08e
ssl_cli.c:0922: |3| client hello, add ciphersuite: c094
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0a8
ssl_cli.c:0922: |3| client hello, add ciphersuite: 008b
ssl_cli.c:0934: |3| client hello, got 137 ciphersuites (excluding SCSVs)
ssl_cli.c:0943: |3| adding EMPTY_RENEGOTIATION_INFO_SCSV
ssl_cli.c:0992: |3| client hello, compress len.: 1
ssl_cli.c:0994: |3| client hello, compress alg.: 0
ssl_cli.c:0069: |3| client hello, adding server name extension: prod.idrix.eu
ssl_cli.c:0186: |3| client hello, adding signature_algorithms extension
ssl_cli.c:0271: |3| client hello, adding supported_elliptic_curves extension
ssl_cli.c:0336: |3| client hello, adding supported_point_formats extension
ssl_cli.c:0518: |3| client hello, adding encrypt_then_mac extension
ssl_cli.c:0552: |3| client hello, adding extended_master_secret extension
ssl_cli.c:0585: |3| client hello, adding session ticket extension
ssl_cli.c:1071: |3| client hello, total extension length: 94
ssl_tls.c:3183: |2| => write handshake message
ssl_tls.c:3340: |2| => write record
ssl_tls.c:3420: |3| output record: msgtype = 22, version = [3:1], msglen = 415
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2773: |2| message length: 420, out_left: 420
ssl_tls.c:2778: |2| ssl->f_send() returned 420 (-0xfffffe5c)
ssl_tls.c:2806: |2| <= flush output
ssl_tls.c:3473: |2| <= write record
ssl_tls.c:3317: |2| <= write handshake message
ssl_cli.c:1106: |2| <= write client hello
ssl_cli.c:3500: |2| client state: 2
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2766: |2| <= flush output
ssl_cli.c:1499: |2| => parse server hello
ssl_tls.c:4308: |2| => read record
ssl_tls.c:2535: |2| => fetch input
ssl_tls.c:2696: |2| in_left: 0, nb_want: 5
ssl_tls.c:2720: |2| in_left: 0, nb_want: 5
ssl_tls.c:2721: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2741: |2| <= fetch input
ssl_tls.c:4053: |3| input record: msgtype = 22, version = [3:3], msglen = 65
ssl_tls.c:2535: |2| => fetch input
ssl_tls.c:2696: |2| in_left: 5, nb_want: 70
ssl_tls.c:2720: |2| in_left: 5, nb_want: 70
ssl_tls.c:2721: |2| ssl->f_recv(_timeout)() returned 65 (-0xffffffbf)
ssl_tls.c:2741: |2| <= fetch input
ssl_tls.c:3623: |3| handshake message: msglen = 65, type = 2, hslen = 65
ssl_tls.c:4382: |2| <= read record
ssl_cli.c:1579: |3| dumping 'server hello, version' (2 bytes)
ssl_cli.c:1579: |3| 0000: 03 03 ..
ssl_cli.c:1604: |3| server hello, current time: 662125670
ssl_cli.c:1610: |3| dumping 'server hello, random bytes' (32 bytes)
ssl_cli.c:1610: |3| 0000: 27 77 3c 66 93 98 4e 5e e3 ff 35 07 00 fc ef 72 'w<f..N^..5....r
ssl_cli.c:1610: |3| 0010: 00 22 18 31 2c 1a 48 13 ca d4 52 de 3e 64 2f e2 .".1,.H...R.>d/.
ssl_cli.c:1690: |3| server hello, session id len.: 0
ssl_cli.c:1691: |3| dumping 'server hello, session id' (0 bytes)
ssl_cli.c:1729: |3| no session has been resumed
ssl_cli.c:1731: |3| server hello, chosen ciphersuite: c030
ssl_cli.c:1732: |3| server hello, compress alg.: 0
ssl_cli.c:1764: |3| server hello, chosen ciphersuite: TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
ssl_cli.c:1789: |2| server hello, total extension length: 21
ssl_cli.c:1925: |3| unknown extension found: 0 (ignoring)
ssl_cli.c:1809: |3| found renegotiation extension
ssl_cli.c:1888: |3| found supported_point_formats extension
ssl_cli.c:1874: |3| found session_ticket extension
ssl_cli.c:1978: |2| <= parse server hello
ssl_cli.c:3500: |2| client state: 3
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2766: |2| <= flush output
ssl_tls.c:5652: |2| => parse certificate
ssl_tls.c:4308: |2| => read record
ssl_tls.c:2535: |2| => fetch input
ssl_tls.c:2696: |2| in_left: 0, nb_want: 5
ssl_tls.c:2720: |2| in_left: 0, nb_want: 5
ssl_tls.c:2721: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2741: |2| <= fetch input
ssl_tls.c:4053: |3| input record: msgtype = 22, version = [3:3], msglen = 4962
ssl_tls.c:2535: |2| => fetch input
ssl_tls.c:2696: |2| in_left: 5, nb_want: 4967
ssl_tls.c:2720: |2| in_left: 5, nb_want: 4967
ssl_tls.c:2721: |2| ssl->f_recv(_timeout)() returned 4962 (-0xffffec9e)
ssl_tls.c:2741: |2| <= fetch input
ssl_tls.c:3623: |3| handshake message: msglen = 4962, type = 11, hslen = 4962
ssl_tls.c:4382: |2| <= read record
ssl_tls.c:5603: |3| peer certificate #1:
ssl_tls.c:5603: |3| cert. version : 3
ssl_tls.c:5603: |3| serial number : C9:BF:52:02:20:64:1B:E2:F1:B7:BA:23:B8:7F:1D:00
ssl_tls.c:5603: |3| issuer name : C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
ssl_tls.c:5603: |3| subject name : OU=Domain Control Validated, OU=PositiveSSL, CN=prod.idrix.eu
ssl_tls.c:5603: |3| issued on : 2018-08-15 00:00:00
ssl_tls.c:5603: |3| expires on : 2020-08-14 23:59:59
ssl_tls.c:5603: |3| signed using : RSA with SHA-256
ssl_tls.c:5603: |3| RSA key size : 4096 bits
ssl_tls.c:5603: |3| basic constraints : CA=false
ssl_tls.c:5603: |3| subject alt name : prod.idrix.eu, www.prod.idrix.eu
ssl_tls.c:5603: |3| key usage : Digital Signature, Key Encipherment
ssl_tls.c:5603: |3| ext key usage : TLS Web Server Authentication, TLS Web Client Authentication
ssl_tls.c:5603: |3| value of 'crt->rsa.N' (4096 bits) is:
ssl_tls.c:5603: |3| d0 b2 53 3d 6a 6a 97 d5 17 84 1f 89 0a 13 d5 97
ssl_tls.c:5603: |3| 2f d5 72 d9 98 d1 ea 55 00 34 94 42 21 b8 45 61
ssl_tls.c:5603: |3| 46 80 6d 41 98 00 5f c6 d1 9a 8b 2e 3f 39 a1 66
ssl_tls.c:5603: |3| d6 50 e7 c7 9a 74 ab 4b e2 a2 e0 9f 23 52 76 df
ssl_tls.c:5603: |3| a0 d0 2f 7c 09 d3 51 d4 3e 06 9e fc ae 5d aa 1f
ssl_tls.c:5603: |3| b2 02 36 72 d8 b1 14 73 86 b6 40 87 28 d8 0c 50
ssl_tls.c:5603: |3| 75 5e 0a 88 61 12 83 a6 41 3b ed 85 23 65 08 96
ssl_tls.c:5603: |3| f0 f2 08 5e bb cb f8 d7 85 59 67 08 ac 48 7f 23
ssl_tls.c:5603: |3| 94 f4 19 fe 72 93 89 1a 6a e8 92 80 7b 11 3e fd
ssl_tls.c:5603: |3| b5 f5 c6 47 34 86 f5 7d 1e 06 7b 30 0c a5 ef 6c
ssl_tls.c:5603: |3| 71 1b b3 fa a6 8e 1d 34 d5 60 ca a8 2a 7e 5e 73
ssl_tls.c:5603: |3| c8 f0 e2 fe 8f d0 87 77 53 a5 06 0f 8d 18 9e 82
ssl_tls.c:5603: |3| 2b bd df 87 13 74 ac b7 df 19 92 4d 0b 6b d3 eb
ssl_tls.c:5603: |3| c5 28 82 d4 2e 85 47 8e 57 71 d4 17 64 59 d7 61
ssl_tls.c:5603: |3| 7e f7 24 cd fa 16 c3 33 06 c6 b3 84 85 1f 93 3e
ssl_tls.c:5603: |3| 4c d4 0d e0 d5 78 6a 20 97 dd c7 12 53 10 1d 25
ssl_tls.c:5603: |3| 4e 81 69 fa 0f 82 35 ff af 94 99 39 bb 41 32 8b
ssl_tls.c:5603: |3| 0d e0 d6 f4 31 de b8 43 63 3f ff b4 c5 bf 88 50
ssl_tls.c:5603: |3| 2b c4 6c a9 02 ac 9c 2c 8c b3 0f e1 cf 4d 8e 6e
ssl_tls.c:5603: |3| 96 6a c4 1c 1e 8f f1 35 6f 41 21 e5 4c 70 c4 fd
ssl_tls.c:5603: |3| 57 b1 a6 fb d8 14 ee 2d 66 c9 eb 38 cb 57 61 1e
ssl_tls.c:5603: |3| 31 06 3b d4 0e 7f f1 59 f9 87 fc 90 4a f2 1a 75
ssl_tls.c:5603: |3| 53 10 df 71 32 5f cf 15 85 42 52 30 29 f0 af ea
ssl_tls.c:5603: |3| 12 8a ca 53 67 8b 0e af 16 5e ed e5 f8 af 7f 15
ssl_tls.c:5603: |3| ff 6c 7d c8 6e 94 87 4c e5 d3 43 69 c6 25 a8 7a
ssl_tls.c:5603: |3| 2d e8 29 85 a6 5e 77 f1 62 8f 92 bd ac 2a b1 44
ssl_tls.c:5603: |3| 18 2a 24 07 8d 6b 74 1c 49 2e a3 f4 a7 90 b3 9c
ssl_tls.c:5603: |3| cd 63 b2 dc d7 f0 cb 1d e5 39 8f 26 26 4b b1 30
ssl_tls.c:5603: |3| 85 26 64 c8 83 fe 51 0b 03 9a d2 e4 91 48 0b 87
ssl_tls.c:5603: |3| 7b 33 f6 6a 63 36 8c bb c1 32 84 d4 49 54 8c c9
ssl_tls.c:5603: |3| ef 05 13 dc f8 f7 49 1a 97 93 dd f5 61 73 dc 56
ssl_tls.c:5603: |3| 38 2f d9 72 6e d9 bf b2 75 41 39 56 3c a2 bf bd
ssl_tls.c:5603: |3| value of 'crt->rsa.E' (17 bits) is:
ssl_tls.c:5603: |3| 01 00 01
ssl_tls.c:5603: |3| peer certificate #2:
ssl_tls.c:5603: |3| cert. version : 3
ssl_tls.c:5603: |3| serial number : 2B:2E:6E:EA:D9:75:36:6C:14:8A:6E:DB:A3:7C:8C:07
ssl_tls.c:5603: |3| issuer name : C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
ssl_tls.c:5603: |3| subject name : C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
ssl_tls.c:5603: |3| issued on : 2014-02-12 00:00:00
ssl_tls.c:5603: |3| expires on : 2029-02-11 23:59:59
ssl_tls.c:5603: |3| signed using : RSA with SHA-384
ssl_tls.c:5603: |3| RSA key size : 2048 bits
ssl_tls.c:5603: |3| basic constraints : CA=true, max_pathlen=0
ssl_tls.c:5603: |3| key usage : Digital Signature, Key Cert Sign, CRL Sign
ssl_tls.c:5603: |3| ext key usage : TLS Web Server Authentication, TLS Web Client Authentication
ssl_tls.c:5603: |3| value of 'crt->rsa.N' (2048 bits) is:
ssl_tls.c:5603: |3| 8e c2 02 19 e1 a0 59 a4 eb 38 35 8d 2c fd 01 d0
ssl_tls.c:5603: |3| d3 49 c0 64 c7 0b 62 05 45 16 3a a8 a0 c0 0c 02
ssl_tls.c:5603: |3| 7f 1d cc db c4 a1 6d 77 03 a3 0f 86 f9 e3 06 9c
ssl_tls.c:5603: |3| 3e 0b 81 8a 9b 49 1b ad 03 be fa 4b db 8c 20 ed
ssl_tls.c:5603: |3| d5 ce 5e 65 8e 3e 0d af 4c c2 b0 b7 45 5e 52 2f
ssl_tls.c:5603: |3| 34 de 48 24 64 b4 41 ae 00 97 f7 be 67 de 9e d0
ssl_tls.c:5603: |3| 7a a7 53 80 3b 7c ad f5 96 55 6f 97 47 0a 7c 85
ssl_tls.c:5603: |3| 8b 22 97 8d b3 84 e0 96 57 d0 70 18 60 96 8f ee
ssl_tls.c:5603: |3| 2d 07 93 9d a1 ba ca d1 cd 7b e9 c4 2a 9a 28 21
ssl_tls.c:5603: |3| 91 4d 6f 92 4f 25 a5 f2 7a 35 dd 26 dc 46 a5 d0
ssl_tls.c:5603: |3| ac 59 35 8c ff 4e 91 43 50 3f 59 93 1e 6c 51 21
ssl_tls.c:5603: |3| ee 58 14 ab fe 75 50 78 3e 4c b0 1c 86 13 fa 6b
ssl_tls.c:5603: |3| 98 bc e0 3b 94 1e 85 52 dc 03 93 24 18 6e cb 27
ssl_tls.c:5603: |3| 51 45 e6 70 de 25 43 a4 0d e1 4a a5 ed b6 7e c8
ssl_tls.c:5603: |3| cd 6d ee 2e 1d 27 73 5d dc 45 30 80 aa e3 b2 41
ssl_tls.c:5603: |3| 0b af bd 44 87 da b9 e5 1b 9d 7f ae e5 85 82 a5
ssl_tls.c:5603: |3| value of 'crt->rsa.E' (17 bits) is:
ssl_tls.c:5603: |3| 01 00 01
ssl_tls.c:5603: |3| peer certificate #3:
ssl_tls.c:5603: |3| cert. version : 3
ssl_tls.c:5603: |3| serial number : 27:66:EE:56:EB:49:F3:8E:AB:D7:70:A2:FC:84:DE:22
ssl_tls.c:5603: |3| issuer name : C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
ssl_tls.c:5603: |3| subject name : C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
ssl_tls.c:5603: |3| issued on : 2000-05-30 10:48:38
ssl_tls.c:5603: |3| expires on : 2020-05-30 10:48:38
ssl_tls.c:5603: |3| signed using : RSA with SHA-384
ssl_tls.c:5603: |3| RSA key size : 4096 bits
ssl_tls.c:5603: |3| basic constraints : CA=true
ssl_tls.c:5603: |3| key usage : Digital Signature, Key Cert Sign, CRL Sign
ssl_tls.c:5603: |3| value of 'crt->rsa.N' (4096 bits) is:
ssl_tls.c:5603: |3| 91 e8 54 92 d2 0a 56 b1 ac 0d 24 dd c5 cf 44 67
ssl_tls.c:5603: |3| 74 99 2b 37 a3 7d 23 70 00 71 bc 53 df c4 fa 2a
ssl_tls.c:5603: |3| 12 8f 4b 7f 10 56 bd 9f 70 72 b7 61 7f c9 4b 0f
ssl_tls.c:5603: |3| 17 a7 3d e3 b0 04 61 ee ff 11 97 c7 f4 86 3e 0a
ssl_tls.c:5603: |3| fa 3e 5c f9 93 e6 34 7a d9 14 6b e7 9c b3 85 a0
ssl_tls.c:5603: |3| 82 7a 76 af 71 90 d7 ec fd 0d fa 9c 6c fa df b0
ssl_tls.c:5603: |3| 82 f4 14 7e f9 be c4 a6 2f 4f 7f 99 7f b5 fc 67
ssl_tls.c:5603: |3| 43 72 bd 0c 00 d6 89 eb 6b 2c d3 ed 8f 98 1c 14
ssl_tls.c:5603: |3| ab 7e e5 e3 6e fc d8 a8 e4 92 24 da 43 6b 62 b8
ssl_tls.c:5603: |3| 55 fd ea c1 bc 6c b6 8b f3 0e 8d 9a e4 9b 6c 69
ssl_tls.c:5603: |3| 99 f8 78 48 30 45 d5 ad e1 0d 3c 45 60 fc 32 96
ssl_tls.c:5603: |3| 51 27 bc 67 c3 ca 2e b6 6b ea 46 c7 c7 20 a0 b1
ssl_tls.c:5603: |3| 1f 65 de 48 08 ba a4 4e a9 f2 83 46 37 84 eb e8
ssl_tls.c:5603: |3| cc 81 48 43 67 4e 72 2a 9b 5c bd 4c 1b 28 8a 5c
ssl_tls.c:5603: |3| 22 7b b4 ab 98 d9 ee e0 51 83 c3 09 46 4e 6d 3e
ssl_tls.c:5603: |3| 99 fa 95 17 da 7c 33 57 41 3c 8d 51 ed 0b b6 5c
ssl_tls.c:5603: |3| af 2c 63 1a df 57 c8 3f bc e9 5d c4 9b af 45 99
ssl_tls.c:5603: |3| e2 a3 5a 24 b4 ba a9 56 3d cf 6f aa ff 49 58 be
ssl_tls.c:5603: |3| f0 a8 ff f4 b8 ad e9 37 fb ba b8 f4 0b 3a f9 e8
ssl_tls.c:5603: |3| 43 42 1e 89 d8 84 cb 13 f1 d9 bb e1 89 60 b8 8c
ssl_tls.c:5603: |3| 28 56 ac 14 1d 9c 0a e7 71 eb cf 0e dd 3d a9 96
ssl_tls.c:5603: |3| a1 48 bd 3c f7 af b5 0d 22 4c c0 11 81 ec 56 3b
ssl_tls.c:5603: |3| f6 d3 a2 e2 5b b7 b2 04 22 52 95 80 93 69 e8 8e
ssl_tls.c:5603: |3| 4c 65 f1 91 03 2d 70 74 02 ea 8b 67 15 29 69 52
ssl_tls.c:5603: |3| 02 bb d7 df 50 6a 55 46 bf a0 a3 28 61 7f 70 d0
ssl_tls.c:5603: |3| c3 a2 aa 2c 21 aa 47 ce 28 9c 06 45 76 bf 82 18
ssl_tls.c:5603: |3| 27 b4 d5 ae b4 cb 50 e6 6b f4 4c 86 71 30 e9 a6
ssl_tls.c:5603: |3| df 16 86 e0 d8 ff 40 dd fb d0 42 88 7f a3 33 3a
ssl_tls.c:5603: |3| 2e 5c 1e 41 11 81 63 ce 18 71 6b 2b ec a6 8a b7
ssl_tls.c:5603: |3| 31 5c 3a 6a 47 e0 c3 79 59 d6 20 1a af f2 6a 98
ssl_tls.c:5603: |3| aa 72 bc 57 4a d2 4b 9d bb 10 fc b0 4c 41 e5 ed
ssl_tls.c:5603: |3| 1d 3d 5e 28 9d 9c cc bf b3 51 da a7 47 e5 84 53
ssl_tls.c:5603: |3| value of 'crt->rsa.E' (17 bits) is:
ssl_tls.c:5603: |3| 01 00 01
Verify requested for (Depth 2):
cert. version : 3
serial number : 27:66:EE:56:EB:49:F3:8E:AB:D7:70:A2:FC:84:DE:22
issuer name : C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
subject name : C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
issued on : 2000-05-30 10:48:38
expires on : 2020-05-30 10:48:38
signed using : RSA with SHA-384
RSA key size : 4096 bits
basic constraints : CA=true
key usage : Digital Signature, Key Cert Sign, CRL Sign
! The certificate is not correctly signed by the trusted CA
Verify requested for (Depth 1):
cert. version : 3
serial number : 2B:2E:6E:EA:D9:75:36:6C:14:8A:6E:DB:A3:7C:8C:07
issuer name : C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
subject name : C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
issued on : 2014-02-12 00:00:00
expires on : 2029-02-11 23:59:59
signed using : RSA with SHA-384
RSA key size : 2048 bits
basic constraints : CA=true, max_pathlen=0
key usage : Digital Signature, Key Cert Sign, CRL Sign
ext key usage : TLS Web Server Authentication, TLS Web Client Authentication
This certificate has no flags
Verify requested for (Depth 0):
cert. version : 3
serial number : C9:BF:52:02:20:64:1B:E2:F1:B7:BA:23:B8:7F:1D:00
issuer name : C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
subject name : OU=Domain Control Validated, OU=PositiveSSL, CN=prod.idrix.eu
issued on : 2018-08-15 00:00:00
expires on : 2020-08-14 23:59:59
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=false
subject alt name : prod.idrix.eu, www.prod.idrix.eu
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication, TLS Web Client Authentication
This certificate has no flags
ssl_tls.c:5754: |1| x509_verify_cert() returned -9984 (-0x2700)
ssl_tls.c:5849: |3| ! Certificate verification flags 8
ssl_tls.c:5860: |2| <= parse certificate
ssl_cli.c:3500: |2| client state: 4
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2766: |2| <= flush output
ssl_cli.c:2329: |2| => parse server key exchange
ssl_tls.c:4308: |2| => read record
ssl_tls.c:2535: |2| => fetch input
ssl_tls.c:2696: |2| in_left: 0, nb_want: 5
ssl_tls.c:2720: |2| in_left: 0, nb_want: 5
ssl_tls.c:2721: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2741: |2| <= fetch input
ssl_tls.c:4053: |3| input record: msgtype = 22, version = [3:3], msglen = 589
ssl_tls.c:2535: |2| => fetch input
ssl_tls.c:2696: |2| in_left: 5, nb_want: 594
ssl_tls.c:2720: |2| in_left: 5, nb_want: 594
ssl_tls.c:2721: |2| ssl->f_recv(_timeout)() returned 589 (-0xfffffdb3)
ssl_tls.c:2741: |2| <= fetch input
ssl_tls.c:3623: |3| handshake message: msglen = 589, type = 12, hslen = 589
ssl_tls.c:4382: |2| <= read record
ssl_cli.c:2417: |3| dumping 'server key exchange' (585 bytes)
ssl_cli.c:2417: |3| 0000: 03 00 17 41 04 30 3a 31 56 e1 f1 6a b0 04 b6 b3 ...A.0:1V..j....
ssl_cli.c:2417: |3| 0010: 24 1b 82 0f 34 59 ec ef 8b ed 02 9f dd 95 02 4a $...4Y.........J
ssl_cli.c:2417: |3| 0020: 6f c9 8e 7b dd f1 c5 a1 7a e5 20 38 9d 6c 83 f8 o..{....z. 8.l..
ssl_cli.c:2417: |3| 0030: 10 cc d0 f9 00 b3 a6 73 80 ed 90 dd 9a 05 81 67 .......s.......g
ssl_cli.c:2417: |3| 0040: 4b 9f 8f 03 41 06 01 02 00 8a 3c e6 76 49 e1 42 K...A.....<.vI.B
ssl_cli.c:2417: |3| 0050: e1 83 24 10 ea 3e 04 5a 81 d4 6f 6a 9d a9 3f 57 ..$..>.Z..oj..?W
ssl_cli.c:2417: |3| 0060: a1 01 ca 8b cd 39 5d bf d0 48 be 03 e0 54 64 1a .....9]..H...Td.
ssl_cli.c:2417: |3| 0070: 4c f5 c1 f2 b6 bb 60 c8 92 96 bc 6d 78 b8 71 30 L.....`....mx.q0
ssl_cli.c:2417: |3| 0080: b0 d9 c3 6c 69 bd 82 b1 df 4f ba 6d cb f7 31 37 ...li....O.m..17
ssl_cli.c:2417: |3| 0090: b9 88 d7 69 df 2e ba cd 17 46 d3 15 12 f6 87 fb ...i.....F......
ssl_cli.c:2417: |3| 00a0: 0e fd 3d 08 29 77 95 4d 70 de 6c da ee a7 2c 2e ..=.)w.Mp.l...,.
ssl_cli.c:2417: |3| 00b0: 77 bf 0f 99 21 27 86 1c 46 c6 7b f7 ce 22 2f 8d w...!'..F.{.."/.
ssl_cli.c:2417: |3| 00c0: b8 53 cc c1 ee 55 ce 0e 9f 0b 6c 25 e8 0d ad fb .S...U....l%....
ssl_cli.c:2417: |3| 00d0: d4 f9 bd b5 cf 4a c2 60 e2 6c ba 91 fa 39 15 23 .....J.`.l...9.#
ssl_cli.c:2417: |3| 00e0: b5 3a 96 a7 d2 75 3c c9 f0 fb 85 c3 6c 2e 10 c5 .:...u<.....l...
ssl_cli.c:2417: |3| 00f0: e6 a8 cc c3 bd d3 3a 99 2a 2e 4e 75 db c6 01 c4 ......:.*.Nu....
ssl_cli.c:2417: |3| 0100: 91 ef ed 2f 08 6a 1a a0 71 7c 85 34 09 d3 58 59 .../.j..q|.4..XY
ssl_cli.c:2417: |3| 0110: 00 9e b8 20 0b 4f 97 2e d7 32 98 6e 63 21 74 99 ... .O...2.nc!t.
ssl_cli.c:2417: |3| 0120: c7 98 04 ae b9 7a bf ee 5d 8c 69 1b 09 e6 20 db .....z..].i... .
ssl_cli.c:2417: |3| 0130: 3d fa d1 89 c6 f0 02 7c f8 59 b7 2e 1e 41 54 4c =......|.Y...ATL
ssl_cli.c:2417: |3| 0140: 2b e0 36 89 41 6e cc b8 3f 0a f2 8c 30 fd 9a cb +.6.An..?...0...
ssl_cli.c:2417: |3| 0150: 07 29 92 c4 ab c8 ca 65 e1 d7 4d b0 11 bf c5 85 .).....e..M.....
ssl_cli.c:2417: |3| 0160: 28 5b d0 55 0a 9d da 69 b3 57 01 5a 55 6b 44 30 ([.U...i.W.ZUkD0
ssl_cli.c:2417: |3| 0170: 63 f4 aa 0d de e1 62 6f 28 9d 90 07 d2 78 05 37 c.....bo(....x.7
ssl_cli.c:2417: |3| 0180: 00 a7 4d 9c d5 f8 3b 56 39 60 89 66 0c bd 0b 3a ..M...;V9`.f...:
ssl_cli.c:2417: |3| 0190: 19 2c 69 c0 49 f2 bd 35 00 2e a9 30 3f 25 a6 29 .,i.I..5...0?%.)
ssl_cli.c:2417: |3| 01a0: 29 2d 67 8f 0e 0e 8b f4 b7 6b 49 c8 80 28 0d 09 )-g......kI..(..
ssl_cli.c:2417: |3| 01b0: ba 7f 4d dc 56 c9 a9 42 f0 97 21 0e 16 5d f8 33 ..M.V..B..!..].3
ssl_cli.c:2417: |3| 01c0: 58 07 45 58 a9 9f df 91 b1 86 75 c0 a1 56 3b a7 X.EX......u..V;.
ssl_cli.c:2417: |3| 01d0: ed cf f8 8b 51 40 fe 37 62 09 96 65 4e c7 f5 de ....Q@.7b..eN...
ssl_cli.c:2417: |3| 01e0: 16 5f de 94 32 68 8e a8 1d 0a f2 fe d8 ba 64 3f ._..2h........d?
ssl_cli.c:2417: |3| 01f0: d3 df ef 94 00 a2 c1 03 b6 53 d9 31 55 b0 7a 93 .........S.1U.z.
ssl_cli.c:2417: |3| 0200: 20 99 9d bf 1f 74 2a 51 e3 d2 71 a9 a2 62 16 83 ....t*Q..q..b..
ssl_cli.c:2417: |3| 0210: 9e 8d 09 dd c9 50 61 2f 14 31 cc ac 1b 31 48 f8 .....Pa/.1...1H.
ssl_cli.c:2417: |3| 0220: 4c df b6 86 8c 1a 2b 65 fb b7 1e ae d6 e6 ee c7 L.....+e........
ssl_cli.c:2417: |3| 0230: a0 7c da c8 56 a2 9a 72 60 83 dc af e6 55 23 32 .|..V..r`....U#2
ssl_cli.c:2417: |3| 0240: 4a 7a b4 3b e6 ad 4b 97 59 Jz.;..K.Y
ssl_cli.c:2038: |2| ECDH curve: secp256r1
ssl_cli.c:2048: |3| value of 'ECDH: Qp(X)' (254 bits) is:
ssl_cli.c:2048: |3| 30 3a 31 56 e1 f1 6a b0 04 b6 b3 24 1b 82 0f 34
ssl_cli.c:2048: |3| 59 ec ef 8b ed 02 9f dd 95 02 4a 6f c9 8e 7b dd
ssl_cli.c:2048: |3| value of 'ECDH: Qp(Y)' (256 bits) is:
ssl_cli.c:2048: |3| f1 c5 a1 7a e5 20 38 9d 6c 83 f8 10 cc d0 f9 00
ssl_cli.c:2048: |3| b3 a6 73 80 ed 90 dd 9a 05 81 67 4b 9f 8f 03 41
ssl_cli.c:2271: |2| Server used SignatureAlgorithm 1
ssl_cli.c:2272: |2| Server used HashAlgorithm 6
ssl_cli.c:2573: |3| dumping 'signature' (512 bytes)
ssl_cli.c:2573: |3| 0000: 8a 3c e6 76 49 e1 42 e1 83 24 10 ea 3e 04 5a 81 .<.vI.B..$..>.Z.
ssl_cli.c:2573: |3| 0010: d4 6f 6a 9d a9 3f 57 a1 01 ca 8b cd 39 5d bf d0 .oj..?W.....9]..
ssl_cli.c:2573: |3| 0020: 48 be 03 e0 54 64 1a 4c f5 c1 f2 b6 bb 60 c8 92 H...Td.L.....`..
ssl_cli.c:2573: |3| 0030: 96 bc 6d 78 b8 71 30 b0 d9 c3 6c 69 bd 82 b1 df ..mx.q0...li....
ssl_cli.c:2573: |3| 0040: 4f ba 6d cb f7 31 37 b9 88 d7 69 df 2e ba cd 17 O.m..17...i.....
ssl_cli.c:2573: |3| 0050: 46 d3 15 12 f6 87 fb 0e fd 3d 08 29 77 95 4d 70 F........=.)w.Mp
ssl_cli.c:2573: |3| 0060: de 6c da ee a7 2c 2e 77 bf 0f 99 21 27 86 1c 46 .l...,.w...!'..F
ssl_cli.c:2573: |3| 0070: c6 7b f7 ce 22 2f 8d b8 53 cc c1 ee 55 ce 0e 9f .{.."/..S...U...
ssl_cli.c:2573: |3| 0080: 0b 6c 25 e8 0d ad fb d4 f9 bd b5 cf 4a c2 60 e2 .l%.........J.`.
ssl_cli.c:2573: |3| 0090: 6c ba 91 fa 39 15 23 b5 3a 96 a7 d2 75 3c c9 f0 l...9.#.:...u<..
ssl_cli.c:2573: |3| 00a0: fb 85 c3 6c 2e 10 c5 e6 a8 cc c3 bd d3 3a 99 2a ...l.........:.*
ssl_cli.c:2573: |3| 00b0: 2e 4e 75 db c6 01 c4 91 ef ed 2f 08 6a 1a a0 71 .Nu......./.j..q
ssl_cli.c:2573: |3| 00c0: 7c 85 34 09 d3 58 59 00 9e b8 20 0b 4f 97 2e d7 |.4..XY... .O...
ssl_cli.c:2573: |3| 00d0: 32 98 6e 63 21 74 99 c7 98 04 ae b9 7a bf ee 5d 2.nc!t......z..]
ssl_cli.c:2573: |3| 00e0: 8c 69 1b 09 e6 20 db 3d fa d1 89 c6 f0 02 7c f8 .i... .=......|.
ssl_cli.c:2573: |3| 00f0: 59 b7 2e 1e 41 54 4c 2b e0 36 89 41 6e cc b8 3f Y...ATL+.6.An..?
ssl_cli.c:2573: |3| 0100: 0a f2 8c 30 fd 9a cb 07 29 92 c4 ab c8 ca 65 e1 ...0....).....e.
ssl_cli.c:2573: |3| 0110: d7 4d b0 11 bf c5 85 28 5b d0 55 0a 9d da 69 b3 .M.....([.U...i.
ssl_cli.c:2573: |3| 0120: 57 01 5a 55 6b 44 30 63 f4 aa 0d de e1 62 6f 28 W.ZUkD0c.....bo(
ssl_cli.c:2573: |3| 0130: 9d 90 07 d2 78 05 37 00 a7 4d 9c d5 f8 3b 56 39 ....x.7..M...;V9
ssl_cli.c:2573: |3| 0140: 60 89 66 0c bd 0b 3a 19 2c 69 c0 49 f2 bd 35 00 `.f...:.,i.I..5.
ssl_cli.c:2573: |3| 0150: 2e a9 30 3f 25 a6 29 29 2d 67 8f 0e 0e 8b f4 b7 ..0?%.))-g......
ssl_cli.c:2573: |3| 0160: 6b 49 c8 80 28 0d 09 ba 7f 4d dc 56 c9 a9 42 f0 kI..(....M.V..B.
ssl_cli.c:2573: |3| 0170: 97 21 0e 16 5d f8 33 58 07 45 58 a9 9f df 91 b1 .!..].3X.EX.....
ssl_cli.c:2573: |3| 0180: 86 75 c0 a1 56 3b a7 ed cf f8 8b 51 40 fe 37 62 .u..V;.....Q@.7b
ssl_cli.c:2573: |3| 0190: 09 96 65 4e c7 f5 de 16 5f de 94 32 68 8e a8 1d ..eN...._..2h...
ssl_cli.c:2573: |3| 01a0: 0a f2 fe d8 ba 64 3f d3 df ef 94 00 a2 c1 03 b6 .....d?.........
ssl_cli.c:2573: |3| 01b0: 53 d9 31 55 b0 7a 93 20 99 9d bf 1f 74 2a 51 e3 S.1U.z. ....t*Q.
ssl_cli.c:2573: |3| 01c0: d2 71 a9 a2 62 16 83 9e 8d 09 dd c9 50 61 2f 14 .q..b.......Pa/.
ssl_cli.c:2573: |3| 01d0: 31 cc ac 1b 31 48 f8 4c df b6 86 8c 1a 2b 65 fb 1...1H.L.....+e.
ssl_cli.c:2573: |3| 01e0: b7 1e ae d6 e6 ee c7 a0 7c da c8 56 a2 9a 72 60 ........|..V..r`
ssl_cli.c:2573: |3| 01f0: 83 dc af e6 55 23 32 4a 7a b4 3b e6 ad 4b 97 59 ....U#2Jz.;..K.Y
ssl_cli.c:2609: |3| dumping 'parameters hash' (64 bytes)
ssl_cli.c:2609: |3| 0000: 8b 0f 6a e7 d0 94 49 b4 1f 39 13 65 54 b0 da a0 ..j...I..9.eT...
ssl_cli.c:2609: |3| 0010: 96 93 e5 bf 64 dd b5 b2 6e c3 95 d2 0d b9 22 39 ....d...n....."9
ssl_cli.c:2609: |3| 0020: 71 ac e4 ab ad 42 52 f6 ff 4c d6 3e c9 62 de 90 q....BR..L.>.b..
ssl_cli.c:2609: |3| 0030: 83 40 13 02 ba 5d 5c 36 60 f1 54 a3 fc db ea 3c .@...]\6`.T....<
ssl_cli.c:2657: |2| <= parse server key exchange
ssl_cli.c:3500: |2| client state: 5
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2766: |2| <= flush output
ssl_cli.c:2690: |2| => parse certificate request
ssl_tls.c:4308: |2| => read record
ssl_tls.c:2535: |2| => fetch input
ssl_tls.c:2696: |2| in_left: 0, nb_want: 5
ssl_tls.c:2720: |2| in_left: 0, nb_want: 5
ssl_tls.c:2721: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2741: |2| <= fetch input
ssl_tls.c:4053: |3| input record: msgtype = 22, version = [3:3], msglen = 4
ssl_tls.c:2535: |2| => fetch input
ssl_tls.c:2696: |2| in_left: 5, nb_want: 9
ssl_tls.c:2720: |2| in_left: 5, nb_want: 9
ssl_tls.c:2721: |2| ssl->f_recv(_timeout)() returned 4 (-0xfffffffc)
ssl_tls.c:2741: |2| <= fetch input
ssl_tls.c:3623: |3| handshake message: msglen = 4, type = 14, hslen = 4
ssl_tls.c:4382: |2| <= read record
ssl_cli.c:2717: |3| got no certificate request
ssl_cli.c:2839: |2| <= parse certificate request
ssl_cli.c:3500: |2| client state: 6
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2766: |2| <= flush output
ssl_cli.c:2849: |2| => parse server hello done
ssl_tls.c:4308: |2| => read record
ssl_tls.c:4378: |2| reuse previously read message
ssl_tls.c:4382: |2| <= read record
ssl_cli.c:2879: |2| <= parse server hello done
ssl_cli.c:3500: |2| client state: 7
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2766: |2| <= flush output
ssl_tls.c:5326: |2| => write certificate
ssl_tls.c:5343: |2| <= skip write certificate
ssl_cli.c:3500: |2| client state: 8
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2766: |2| <= flush output
ssl_cli.c:2891: |2| => write client key exchange
ssl_cli.c:2970: |3| value of 'ECDH: Q(X)' (256 bits) is:
ssl_cli.c:2970: |3| a8 32 a7 0d c5 5a 9b 24 96 94 70 3f 33 7c 3d be
ssl_cli.c:2970: |3| cc c5 ab 54 cc c2 22 98 d8 48 5a a4 bc 80 f5 2b
ssl_cli.c:2970: |3| value of 'ECDH: Q(Y)' (255 bits) is:
ssl_cli.c:2970: |3| 75 0d 3d 3c 10 e6 88 f8 73 ed e3 10 5a 45 71 43
ssl_cli.c:2970: |3| c5 21 c0 2f 55 8f 4b e4 6e b2 67 32 c8 f3 2c 6d
ssl_cli.c:2997: |3| value of 'ECDH: z' (256 bits) is:
ssl_cli.c:2997: |3| f0 cf dc e8 0c 10 bc c4 31 2f 81 ce 5d 4a c2 57
ssl_cli.c:2997: |3| 4e 13 92 ff d0 00 a2 2d 0a ac 4f 33 ba 52 a3 dd
ssl_tls.c:3183: |2| => write handshake message
ssl_tls.c:3340: |2| => write record
ssl_tls.c:3420: |3| output record: msgtype = 22, version = [3:3], msglen = 70
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2773: |2| message length: 75, out_left: 75
ssl_tls.c:2778: |2| ssl->f_send() returned 75 (-0xffffffb5)
ssl_tls.c:2806: |2| <= flush output
ssl_tls.c:3473: |2| <= write record
ssl_tls.c:3317: |2| <= write handshake message
ssl_cli.c:3162: |2| <= write client key exchange
ssl_cli.c:3500: |2| client state: 9
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2766: |2| <= flush output
ssl_cli.c:3214: |2| => write certificate verify
ssl_tls.c:0628: |2| => derive keys
ssl_tls.c:0706: |3| dumping 'premaster secret' (32 bytes)
ssl_tls.c:0706: |3| 0000: f0 cf dc e8 0c 10 bc c4 31 2f 81 ce 5d 4a c2 57 ........1/..]J.W
ssl_tls.c:0706: |3| 0010: 4e 13 92 ff d0 00 a2 2d 0a ac 4f 33 ba 52 a3 dd N......-..O3.R..
ssl_tls.c:0795: |3| ciphersuite = TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
ssl_tls.c:0796: |3| dumping 'master secret' (48 bytes)
ssl_tls.c:0796: |3| 0000: ab 2f e3 c3 82 6a 61 a5 99 0e bb 7a 93 08 32 b6 ./...ja....z..2.
ssl_tls.c:0796: |3| 0010: 51 a0 43 ba 93 f2 16 3f a6 23 0e 6d 59 2f b2 cd Q.C....?.#.mY/..
ssl_tls.c:0796: |3| 0020: 1e 49 af 02 49 cc a5 f4 90 e8 aa e3 c7 c7 33 8b .I..I.........3.
ssl_tls.c:0921: |3| keylen: 32, minlen: 24, ivlen: 12, maclen: 0
ssl_tls.c:1116: |2| <= derive keys
ssl_cli.c:3243: |2| <= skip write certificate verify
ssl_cli.c:3500: |2| client state: 10
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2766: |2| <= flush output
ssl_tls.c:5876: |2| => write change cipher spec
ssl_tls.c:3183: |2| => write handshake message
ssl_tls.c:3340: |2| => write record
ssl_tls.c:3420: |3| output record: msgtype = 20, version = [3:3], msglen = 1
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2773: |2| message length: 6, out_left: 6
ssl_tls.c:2778: |2| ssl->f_send() returned 6 (-0xfffffffa)
ssl_tls.c:2806: |2| <= flush output
ssl_tls.c:3473: |2| <= write record
ssl_tls.c:3317: |2| <= write handshake message
ssl_tls.c:5890: |2| <= write change cipher spec
ssl_cli.c:3500: |2| client state: 11
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2766: |2| <= flush output
ssl_tls.c:6395: |2| => write finished
ssl_tls.c:6269: |2| => calc finished tls sha384
ssl_tls.c:6293: |3| dumping 'calc finished result' (12 bytes)
ssl_tls.c:6293: |3| 0000: 35 96 d6 0e 39 1e 03 d9 5b 11 ed 4e 5...9...[..N
ssl_tls.c:6299: |2| <= calc finished
ssl_tls.c:6440: |3| switching to new transform spec for outbound data
ssl_tls.c:3183: |2| => write handshake message
ssl_tls.c:3340: |2| => write record
ssl_tls.c:1444: |2| => encrypt buf
ssl_tls.c:1617: |3| before encrypt: msglen = 24, including 0 bytes of padding
ssl_tls.c:1780: |2| <= encrypt buf
ssl_tls.c:3420: |3| output record: msgtype = 22, version = [3:3], msglen = 40
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2773: |2| message length: 45, out_left: 45
ssl_tls.c:2778: |2| ssl->f_send() returned 45 (-0xffffffd3)
ssl_tls.c:2806: |2| <= flush output
ssl_tls.c:3473: |2| <= write record
ssl_tls.c:3317: |2| <= write handshake message
ssl_tls.c:6504: |2| <= write finished
ssl_cli.c:3500: |2| client state: 12
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2766: |2| <= flush output
ssl_cli.c:3393: |2| => parse new session ticket
ssl_tls.c:4308: |2| => read record
ssl_tls.c:2535: |2| => fetch input
ssl_tls.c:2696: |2| in_left: 0, nb_want: 5
ssl_tls.c:2720: |2| in_left: 0, nb_want: 5
ssl_tls.c:2721: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2741: |2| <= fetch input
ssl_tls.c:4053: |3| input record: msgtype = 22, version = [3:3], msglen = 218
ssl_tls.c:2535: |2| => fetch input
ssl_tls.c:2696: |2| in_left: 5, nb_want: 223
ssl_tls.c:2720: |2| in_left: 5, nb_want: 223
ssl_tls.c:2721: |2| ssl->f_recv(_timeout)() returned 218 (-0xffffff26)
ssl_tls.c:2741: |2| <= fetch input
ssl_tls.c:3623: |3| handshake message: msglen = 218, type = 4, hslen = 218
ssl_tls.c:4382: |2| <= read record
ssl_cli.c:3443: |3| ticket length: 208
ssl_cli.c:3481: |3| ticket in use, discarding session id
ssl_cli.c:3484: |2| <= parse new session ticket
ssl_cli.c:3500: |2| client state: 12
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2766: |2| <= flush output
ssl_tls.c:5899: |2| => parse change cipher spec
ssl_tls.c:4308: |2| => read record
ssl_tls.c:2535: |2| => fetch input
ssl_tls.c:2696: |2| in_left: 0, nb_want: 5
ssl_tls.c:2720: |2| in_left: 0, nb_want: 5
ssl_tls.c:2721: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2741: |2| <= fetch input
ssl_tls.c:4053: |3| input record: msgtype = 20, version = [3:3], msglen = 1
ssl_tls.c:2535: |2| => fetch input
ssl_tls.c:2696: |2| in_left: 5, nb_want: 6
ssl_tls.c:2720: |2| in_left: 5, nb_want: 6
ssl_tls.c:2721: |2| ssl->f_recv(_timeout)() returned 1 (-0xffffffff)
ssl_tls.c:2741: |2| <= fetch input
ssl_tls.c:4382: |2| <= read record
ssl_tls.c:5922: |3| switching to new transform spec for inbound data
ssl_tls.c:5963: |2| <= parse change cipher spec
ssl_cli.c:3500: |2| client state: 13
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2766: |2| <= flush output
ssl_tls.c:6521: |2| => parse finished
ssl_tls.c:6269: |2| => calc finished tls sha384
ssl_tls.c:6293: |3| dumping 'calc finished result' (12 bytes)
ssl_tls.c:6293: |3| 0000: 21 ff 30 00 3c e8 95 13 8a 28 e1 b4 !.0.<....(..
ssl_tls.c:6299: |2| <= calc finished
ssl_tls.c:4308: |2| => read record
ssl_tls.c:2535: |2| => fetch input
ssl_tls.c:2696: |2| in_left: 0, nb_want: 5
ssl_tls.c:2720: |2| in_left: 0, nb_want: 5
ssl_tls.c:2721: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2741: |2| <= fetch input
ssl_tls.c:4053: |3| input record: msgtype = 22, version = [3:3], msglen = 40
ssl_tls.c:2535: |2| => fetch input
ssl_tls.c:2696: |2| in_left: 5, nb_want: 45
ssl_tls.c:2720: |2| in_left: 5, nb_want: 45
ssl_tls.c:2721: |2| ssl->f_recv(_timeout)() returned 40 (-0xffffffd8)
ssl_tls.c:2741: |2| <= fetch input
ssl_tls.c:1793: |2| => decrypt buf
ssl_tls.c:2375: |2| <= decrypt buf
ssl_tls.c:3623: |3| handshake message: msglen = 16, type = 20, hslen = 16
ssl_tls.c:4382: |2| <= read record
ssl_tls.c:6589: |2| <= parse finished
ssl_cli.c:3500: |2| client state: 14
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2766: |2| <= flush output
ssl_cli.c:3611: |2| handshake: done
ssl_cli.c:3500: |2| client state: 15
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2766: |2| <= flush output
ssl_tls.c:6333: |3| => handshake wrapup
ssl_tls.c:6306: |3| => handshake wrapup: final free
ssl_tls.c:6326: |3| <= handshake wrapup: final free
ssl_tls.c:6388: |3| <= handshake wrapup
ssl_tls.c:8091: |2| <= handshake
ok
[ Protocol is TLSv1.2 ]
[ Ciphersuite is TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 ]
[ Record expansion is 29 ]
[ Maximum fragment length is 16384 ]
. Verifying peer X.509 certificate... failed
! The certificate is not correctly signed by the trusted CA
. Peer certificate information ...
cert. version : 3
serial number : C9:BF:52:02:20:64:1B:E2:F1:B7:BA:23:B8:7F:1D:00
issuer name : C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
subject name : OU=Domain Control Validated, OU=PositiveSSL, CN=prod.idrix.eu
issued on : 2018-08-15 00:00:00
expires on : 2020-08-14 23:59:59
signed using : RSA with SHA-256
RSA key size : 4096 bits
basic constraints : CA=false
subject alt name : prod.idrix.eu, www.prod.idrix.eu
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication, TLS Web Client Authentication
> Write to server:ssl_tls.c:8679: |2| => write
ssl_tls.c:3340: |2| => write record
ssl_tls.c:1444: |2| => encrypt buf
ssl_tls.c:1617: |3| before encrypt: msglen = 133, including 0 bytes of padding
ssl_tls.c:1780: |2| <= encrypt buf
ssl_tls.c:3420: |3| output record: msgtype = 23, version = [3:3], msglen = 149
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2773: |2| message length: 154, out_left: 154
ssl_tls.c:2778: |2| ssl->f_send() returned 154 (-0xffffff66)
ssl_tls.c:2806: |2| <= flush output
ssl_tls.c:3473: |2| <= write record
ssl_tls.c:8707: |2| <= write
125 bytes written in 1 fragments
GET /secure/ HTTP/1.1
Host: prod.idrix.eu
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
< Read from server:ssl_tls.c:8267: |2| => read
ssl_tls.c:0081: |3| set_timer to 0 ms
ssl_tls.c:4308: |2| => read record
ssl_tls.c:2535: |2| => fetch input
ssl_tls.c:2696: |2| in_left: 0, nb_want: 5
ssl_tls.c:2720: |2| in_left: 0, nb_want: 5
ssl_tls.c:2721: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2741: |2| <= fetch input
ssl_tls.c:4053: |3| input record: msgtype = 22, version = [3:3], msglen = 28
ssl_tls.c:2535: |2| => fetch input
ssl_tls.c:2696: |2| in_left: 5, nb_want: 33
ssl_tls.c:2720: |2| in_left: 5, nb_want: 33
ssl_tls.c:2721: |2| ssl->f_recv(_timeout)() returned 28 (-0xffffffe4)
ssl_tls.c:2741: |2| <= fetch input
ssl_tls.c:1793: |2| => decrypt buf
ssl_tls.c:2375: |2| <= decrypt buf
ssl_tls.c:3623: |3| handshake message: msglen = 4, type = 0, hslen = 4
ssl_tls.c:4382: |2| <= read record
ssl_tls.c:8354: |1| received handshake message
ssl_tls.c:8431: |3| refusing renegotiation, sending alert
ssl_tls.c:5247: |2| => send alert message
ssl_tls.c:5248: |3| send alert level=1 message=100
ssl_tls.c:3340: |2| => write record
ssl_tls.c:1444: |2| => encrypt buf
ssl_tls.c:1617: |3| before encrypt: msglen = 10, including 0 bytes of padding
ssl_tls.c:1780: |2| <= encrypt buf
ssl_tls.c:3420: |3| output record: msgtype = 21, version = [3:3], msglen = 26
ssl_tls.c:2754: |2| => flush output
ssl_tls.c:2773: |2| message length: 31, out_left: 31
ssl_tls.c:2778: |2| ssl->f_send() returned 31 (-0xffffffe1)
ssl_tls.c:2806: |2| <= flush output
ssl_tls.c:3473: |2| <= write record
ssl_tls.c:5260: |2| <= send alert message
ssl_tls.c:0081: |3| set_timer to 0 ms
ssl_tls.c:4308: |2| => read record
ssl_tls.c:2535: |2| => fetch input
ssl_tls.c:2696: |2| in_left: 0, nb_want: 5
ssl_tls.c:2720: |2| in_left: 0, nb_want: 5
ssl_tls.c:2721: |2| ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2741: |2| <= fetch input
ssl_tls.c:4053: |3| input record: msgtype = 21, version = [3:3], msglen = 26
ssl_tls.c:2535: |2| => fetch input
ssl_tls.c:2696: |2| in_left: 5, nb_want: 31
ssl_tls.c:2720: |2| in_left: 5, nb_want: 31
ssl_tls.c:2721: |2| ssl->f_recv(_timeout)() returned 26 (-0xffffffe6)
ssl_tls.c:2741: |2| <= fetch input
ssl_tls.c:1793: |2| => decrypt buf
ssl_tls.c:2375: |2| <= decrypt buf
ssl_tls.c:5167: |2| got an alert message, type: [2:40]
ssl_tls.c:5175: |1| is a fatal alert message (msg 40)
ssl_tls.c:4366: |1| mbedtls_ssl_handle_message_type() returned -30592 (-0x7780)
ssl_tls.c:8332: |1| mbedtls_ssl_read_record() returned -30592 (-0x7780)
mbedtls_ssl_read returned -0x7780
Last error was: -0x7780 - SSL - A fatal alert message was received from our peer
ssl_tls.c:8931: |2| => free
ssl_tls.c:8996: |2| <= free
+ Press Enter to exit this program.
Hi All,
I'm trying to test client certificates and found a public website that allows you to test against it.
In a browser, if a client cert isn't supplied (the default action) it gives an error.
However, when I try the same thing from the mbedTLS ssl_client2 sample project, I get a fatal alert message type 40. Is anyone able to determine what the problem might be?
Thanks.
commandline
debug