Trouble with handshake with WolfSSL

Question

I'm having some issues using WolfSSL. I tried to ask a question on the WolfSSL forums, but registration is not working right now.

I am using WolfSSL to develop a simple email client for the Nintendo Wii. WolfSSL is the only library that claims to have Wii compatibility. I've successfully built the library with devKitPro, and everything seems to be working, but it fails on the handshake.

Here is some sample code:

bool Internet::sslSetup(){

  if(wolfSSL_Init() != SSL_SUCCESS){
    sslReportError();
    return false;
  }
  setState("SSL Init");

  method = wolfSSLv23_client_method();
  if (method == NULL) {
    sslReportError();
    return false;
  }
  setState("SSL Method Set");

  ctx = wolfSSL_CTX_new(method);
  wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);

  if(ctx == NULL){
    sslReportError();
    return false;
  }
  setState("SSL Ctx Init");

  sslSocket = wolfSSL_new(ctx);
  if(sslSocket == NULL){
    sslReportError();
    return false;
  }
  setState("SSL Socket Init");

  wolfSSL_set_fd(sslSocket, socket);
  if(sslSocket == NULL){
    sslReportError();
    return false;
  }
  setState("SSL Socket connected to net socket");

  return true;
}

I don't have any way to debug on the Wii, so I am relegated to text debugging. Here is my log for the WolfSSL debug output:

13 05 2016 00:55 wolfSSL Entering wolfSSL_Init 
13 05 2016 00:55 wolfSSL Entering WOLFSSL_CTX_new 
13 05 2016 00:55 wolfSSL Entering wolfSSL_CertManagerNew 
13 05 2016 00:55 wolfSSL Leaving WOLFSSL_CTX_new, return 0 
13 05 2016 00:55 wolfSSL Entering wolfSSL_CTX_set_verify 
13 05 2016 00:55 wolfSSL Entering SSL_new 
13 05 2016 00:55 wolfSSL Leaving SSL_new, return 0 
13 05 2016 00:55 wolfSSL Entering SSL_set_fd 
13 05 2016 00:55 wolfSSL Leaving SSL_set_fd, return 1 
13 05 2016 00:55 wolfSSL Entering SSL_connect() 
13 05 2016 00:55 growing output buffer
13 05 2016 00:55 Shrinking output buffer
13 05 2016 00:55 connect state: CLIENT_HELLO_SENT 
13 05 2016 00:55 received record layer msg 
13 05 2016 00:55 got ALERT! 
13 05 2016 00:55 Got alert 
13 05 2016 00:55 wolfSSL error occurred, error = 40 
13 05 2016 00:55 wolfSSL error occurred, error = -313 

Any ideas? Trying to connect to smtp.gmail.com on port 465.

Answer 1

It looks like a TLS handshake error because:

• the client sent the client hello
• it received an alert
• alert 40 means handshake error, see https://www.rfc-editor.org/rfc/rfc5246#section-7.2

Next steps would be to:

• investigate what's the -313 error
• can you get a wireshark trace from a computer on the same network to get more details of what the sever hello contains? e.g. that could happen for several reasons e.g. server not happy with the list of cyphers available from client