I am building an HTTP(S) server on Intel SGX, using mbedtls as my TLS library.
I can serve content as expected using HTTP, but when switching over to TLS/SSL using mbedtls I am getting some more complex issues and the error messages are difficult to understand.
Concretely, when I access my site using the “https://” prefix, I can tell that mongoose/mbedtls goes out and reads cert.pem and key.pem, and then makes a recv call on “/”. During that recv call it coughs up the following error:
mg_ssl_if_mbed_err 0x7f9e8c023060 mbedTLS error: -0x7780
From mbedtls src I can read this slightly not so useful explanation:
#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A fatal alert message was received from our peer. */
My starting point is the simplest_web_server_ssl.
Questions: How do I enable mg and mbedtls debug logging? How do I interpret these errors (or even; what can be some reasons for this error)?
Sincerely grateful for any hints!
See https://github.com/cesanta/mongoose/blob/6.16/mongoose.c#L5161 and https://github.com/cesanta/mongoose/blob/6.16/mongoose.c#L5075
Thus you can increase debug log level by calling cs_log_set_level(LL_VERBOSE_DEBUG)
The error you see is most probably due to the invalid cert your client does not accept.
Try to access your server by curl -k https://IPADDR
-k option disables cert verification. If that curl command works, then just fix your cert - your C code works fine.