Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot create an SSL connection using secure authenticated channel #256

Open
atulfj opened this issue Oct 1, 2024 · 1 comment
Open

Cannot create an SSL connection using secure authenticated channel #256

atulfj opened this issue Oct 1, 2024 · 1 comment

Comments

@atulfj
Copy link

atulfj commented Oct 1, 2024

I am trying to write an application using the current Certifier API. I was able to perform cold_init() and also solve an earlier error with certify_me() by generating new provisioned files. However, I have encountered another error during the initiation of an SSL connection. Following are the error messages:

From server side:
server_channel_accept_and_auth() error, line 3395, Can't SSL_accept connection, res=-1 Accept error(a00041b, 1051): SSL routines SSL_ERROR_ZERO_RETURN: zero return error

From client side:
init_client_ssl() error, line 3266, ssl_connect failed, ret=-1, err=1: SSL_ERROR_SSL: generic ssl error cannot init SSL channel as client

Initially I thought it was an issue with expired or invalid root certificates. After studying the certifier framework, I got the understanding that the arguments of cc_trust_manager::init_policy_key() are used as SSL certificates. So, I used embed_policy_key.exe --input=policy_cert_file.bin --output=policy_key.cc to generate a new certificate. However, the error remains persistent even after doing this.

I would appreciate any insight into this problem. Is there any step that I have missed, or am I doing something wrong that's why the SSL_accept() is failing?
@gapisback
Copy link
Collaborator

HI, @atulfj -- Sorry about the delay in responding.

Have you tried to go thru our sample apps programs to model the development of your code?

The example_app.cc in common/ dir is the canonical way we expect applications to be written.

Also the sample_apps/run_example.sh driver script is useful to run these sample apps. Did you get a chance to do that, and go thru its steps to figure out what certificate and other setup stuff you need to do in order to get the sample-app to work?

If you haven't already done so, I suggest you go thru the instructions in this README file and try out these commands, to exercise the steps to run the program in --dry-run mode.

That may give you some better insights on what you need to do to get your app working w.r.t. certificates and so on:

cd ./sample_apps

./run_example.sh --dry-run simple_app setup

./run_example.sh --dry-run simple_app run_test

Finally, if you can post some outputs from your setup steps you've taken, that might help some of the others on this group to debug your issue.

Cc: @jlmucb @yelvmw

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gapisback @atulfj