Not able to call function (SSL_CTX_use_certificate_chain_file) in ssl.h

CryptoMiner
Posts: 2
Joined: Fri May 31, 2019 6:43 pm

Not able to call function (SSL_CTX_use_certificate_chain_file) in ssl.h

Postby CryptoMiner » Fri May 31, 2019 7:02 pm

Hi I am trying to create a WSS over HTTPS client. I am using the example project from esp-idf/examples/protocols/openssl_client/. This project builds and connects to my server, however it returns a http bad request 400.

In order to fix this I think I need to secure the connection with my certificate, so I tried to use: SSL_CTX_use_certificate_chain_file().

The compiler is not able to use this function though and gives the following output:

Code: Select all

Project is not inside a git repository, will not use 'git describe' to determine PROJECT_VER.
App "openssl_client" version: 1
CC build/main/openssl_client_example_main.o
AR build/main/libmain.a
Generating esp32.project.ld
LD build/openssl_client.elf
/home/vijit/esp/openssl_client_jt/build/main/libmain.a(openssl_client_example_main.o):(.literal.openssl_example_task+0x50): undefined reference to `SSL_CTX_use_certificate_chain_file'
/home/vijit/esp/openssl_client_jt/build/main/libmain.a(openssl_client_example_main.o): In function `openssl_example_task':
/home/vijit/esp/openssl_client_jt/main/openssl_client_example_main.c:60: undefined reference to `SSL_CTX_use_certificate_chain_file'
collect2: error: ld returned 1 exit status
make: *** [/home/vijit/esp/esp-idf/make/project.mk:521: /home/vijit/esp/openssl_client_jt/build/openssl_client.elf] Error 1
Here is the C file I am using, I did not change any of the other files in the project. The lines I added are in red.

Code: Select all

/* OpenSSL client Example

   This example code is in the Public Domain (or CC0 licensed, at your option.)

   Unless required by applicable law or agreed to in writing, this
   software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
   CONDITIONS OF ANY KIND, either express or implied.
*/

#include "openssl_client_example.h"

#include <string.h>

#include "openssl/ssl.h"

#include "freertos/FreeRTOS.h"
#include "freertos/task.h"

#include "esp_log.h"
#include "esp_wifi.h"
#include "esp_event.h"
#include "nvs_flash.h"
#include "tcpip_adapter.h"
#include "protocol_examples_common.h"

#include "lwip/sockets.h"
#include "lwip/netdb.h"

const static char *TAG = "openssl_example";

static void openssl_example_task(void *p)
{
    int ret;
    SSL_CTX *ctx;
    SSL *ssl;
    int sockfd;
    struct sockaddr_in sock_addr;
    struct hostent *hp;
    struct ip4_addr *ip4_addr;
    
    int recv_bytes = 0;
    char recv_buf[OPENSSL_EXAMPLE_RECV_BUF_LEN];
    
    const char send_data[] = OPENSSL_EXAMPLE_REQUEST;
    const int send_bytes = sizeof(send_data);

    ESP_LOGI(TAG, "OpenSSL demo thread start OK");

    ESP_LOGI(TAG, "get target IP address");
    hp = gethostbyname(OPENSSL_EXAMPLE_TARGET_NAME);
    if (!hp) {
        ESP_LOGI(TAG, "failed");
        goto failed1;
    }
    ESP_LOGI(TAG, "OK");

    ip4_addr = (struct ip4_addr *)hp->h_addr;
    ESP_LOGI(TAG, IPSTR, IP2STR(ip4_addr));

    ESP_LOGI(TAG, "create SSL context ......");
    ctx = SSL_CTX_new(TLSv1_2_client_method());
    if (!ctx) {
        ESP_LOGI(TAG, "failed");
        goto failed1;
    }

[color=#FF0000]    if(!SSL_CTX_use_certificate_chain_file(ctx, "ca_cert.pem")) {
        ESP_LOGI(TAG, "SSL_CTX_use_certificate_chain_file problem\n");
        goto failed2;
    }[/color]

    ESP_LOGI(TAG, "OK");

    ESP_LOGI(TAG, "create socket ......");
    sockfd = socket(AF_INET, SOCK_STREAM, 0);
    if (sockfd < 0) {
        ESP_LOGI(TAG, "failed");
        goto failed2;
    }
    ESP_LOGI(TAG, "OK");

    ESP_LOGI(TAG, "bind socket ......");
    memset(&sock_addr, 0, sizeof(sock_addr));
    sock_addr.sin_family = AF_INET;
    sock_addr.sin_addr.s_addr = 0;
    sock_addr.sin_port = htons(OPENSSL_EXAMPLE_LOCAL_TCP_PORT);
    ret = bind(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
    if (ret) {
        ESP_LOGI(TAG, "failed");
        goto failed3;
    }
    ESP_LOGI(TAG, "OK");

    ESP_LOGI(TAG, "socket connect to remote %s ......", OPENSSL_EXAMPLE_TARGET_NAME);
    memset(&sock_addr, 0, sizeof(sock_addr));
    sock_addr.sin_family = AF_INET;
    sock_addr.sin_addr.s_addr = ip4_addr->addr;
    sock_addr.sin_port = htons(OPENSSL_EXAMPLE_TARGET_TCP_PORT);
    ret = connect(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
    if (ret) {
        ESP_LOGI(TAG, "failed");
        goto failed3;
    }
    ESP_LOGI(TAG, "OK");

    ESP_LOGI(TAG, "create SSL ......");
    ssl = SSL_new(ctx);
    if (!ssl) {
        ESP_LOGI(TAG, "failed");
        goto failed3;
    }
    ESP_LOGI(TAG, "OK");

    SSL_set_fd(ssl, sockfd);

    ESP_LOGI(TAG, "SSL connected to %s port %d ......",
        OPENSSL_EXAMPLE_TARGET_NAME, OPENSSL_EXAMPLE_TARGET_TCP_PORT);
    ret = SSL_connect(ssl);
    if (!ret) {
        ESP_LOGI(TAG, "failed " );
        goto failed4;
    }
    ESP_LOGI(TAG, "OK");

    ESP_LOGI(TAG, "send https request to %s port %d ......",
        OPENSSL_EXAMPLE_TARGET_NAME, OPENSSL_EXAMPLE_TARGET_TCP_PORT);
    ret = SSL_write(ssl, send_data, send_bytes);
    if (ret <= 0) {
        ESP_LOGI(TAG, "failed");
        goto failed5;
    }
    ESP_LOGI(TAG, "OK");

    do {
        ret = SSL_read(ssl, recv_buf, OPENSSL_EXAMPLE_RECV_BUF_LEN - 1);
        if (ret <= 0) {
            break;
        }
        recv_buf[ret] = '\0';
        recv_bytes += ret;
        ESP_LOGI(TAG, "%s", recv_buf);
    } while (1);
    
    ESP_LOGI(TAG, "totally read %d bytes data from %s ......", recv_bytes, OPENSSL_EXAMPLE_TARGET_NAME);

failed5:
    SSL_shutdown(ssl);
failed4:
    SSL_free(ssl);
    ssl = NULL;
failed3:
    close(sockfd);
    sockfd = -1;
failed2:
    SSL_CTX_free(ctx);
    ctx = NULL;
failed1:
    vTaskDelete(NULL);
    return ;
}

static void openssl_example_client_init(void)
{
    int ret;
    xTaskHandle openssl_handle;

    ret = xTaskCreate(openssl_example_task,
                      OPENSSL_EXAMPLE_TASK_NAME,
                      OPENSSL_EXAMPLE_TASK_STACK_WORDS,
                      NULL,
                      OPENSSL_EXAMPLE_TASK_PRIORITY,
                      &openssl_handle);

    if (ret != pdPASS)  {
        ESP_LOGI(TAG, "create thread %s failed", OPENSSL_EXAMPLE_TASK_NAME);
    }
}

void app_main(void)
{
    ESP_ERROR_CHECK( nvs_flash_init() );
    ESP_ERROR_CHECK(nvs_flash_init());
    tcpip_adapter_init();
    ESP_ERROR_CHECK(esp_event_loop_create_default());

    /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
     * Read "Establishing Wi-Fi or Ethernet Connection" section in
     * examples/protocols/README.md for more information about this function.
     */
    ESP_ERROR_CHECK(example_connect());

    openssl_example_client_init();
}
Can anyone help me find out why this function is not being called, because it is in the openssl/ssl.h file in the components folder.

Thanks,
Vijit Singh

Ritesh
Posts: 1383
Joined: Tue Sep 06, 2016 9:37 am
Location: India
Contact:

Re: Not able to call function (SSL_CTX_use_certificate_chain_file) in ssl.h

Postby Ritesh » Sat Jun 01, 2019 8:56 am

Hi,

I have checked that function and found that it should be under ss.h header file itself. Would you please check that declaration is available or not into openssl package?

Please find few more links regarding that.

https://www.openssl.org/docs/man1.0.2/m ... _file.html
https://www.ibm.com/support/knowledgece ... _file.html
https://www.len.ro/work/openssl-example/ --> Example in which that API has been called.

Let me know if you still don't find any solution for that
Regards,
Ritesh Prajapati

CryptoMiner
Posts: 2
Joined: Fri May 31, 2019 6:43 pm

Re: Not able to call function (SSL_CTX_use_certificate_chain_file) in ssl.h

Postby CryptoMiner » Sat Jun 01, 2019 6:07 pm

Hi Ritesh,

Thanks for the quick reply. I can see that this function is includes in the header file in esp-idf/components/openssl/include/openssl/ssl.h on line 987:

Code: Select all

/**
 * @brief load the certification chain file into SSL context
 *
 * @param ctx  - SSL context point
 * @param file - certification chain file name
 *
 * @return result
 *     1 : OK
 *     0 : failed
 */
int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
Is this the path the compiler is reading from?

I also tried to add this to my component.mk file:

Code: Select all

LIBS := CSSL 
However it did not change the error. I still am getting an undefined reference.

I am not able to open the last link you sent with the .ro url.

Ritesh
Posts: 1383
Joined: Tue Sep 06, 2016 9:37 am
Location: India
Contact:

Re: Not able to call function (SSL_CTX_use_certificate_chain_file) in ssl.h

Postby Ritesh » Sun Jun 02, 2019 9:38 am

CryptoMiner wrote:
Sat Jun 01, 2019 6:07 pm
Hi Ritesh,

Thanks for the quick reply. I can see that this function is includes in the header file in esp-idf/components/openssl/include/openssl/ssl.h on line 987:

Code: Select all

/**
 * @brief load the certification chain file into SSL context
 *
 * @param ctx  - SSL context point
 * @param file - certification chain file name
 *
 * @return result
 *     1 : OK
 *     0 : failed
 */
int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
Is this the path the compiler is reading from?

I also tried to add this to my component.mk file:

Code: Select all

LIBS := CSSL
However it did not change the error. I still am getting an undefined reference.

I am not able to open the last link you sent with the .ro url.
Hi,

I have ever checked again and able to open last link as well. Please check again from your end.

Also, Would you please check that is there any configuration is required into SSL to enable it? I am not sure for that.
Regards,
Ritesh Prajapati

Who is online

Users browsing this forum: No registered users and 176 guests