Re: [mbed-tls] How to enable mbedtls complete debug logs? - mbed-tls

19 Jun 2020


      Hi Hannes,
See the output of ssl_client2 output with command line arguments
Could you please help me in resolving the issue. Same source code on Ubuntu is working fine but not working on my embedded device(STM32MP157x-EV1)
Your support is appreciated.
=450a-certificate.pem.crt key_file=/certs/774a17950a-private.pem.key debug_leve
. Seeding the random number generator... ok
  . Loading the CA root certificate ... ok (0 skipped)
  . Loading the client cert. and key... ok
  . Connecting to tcp/a2g7twmqo7hg82-ats.iot.ap-south-1.amazonaws.com/443... ok
  . Setting up the SSL/TLS structure...ssl_tls.c:0081: |3| set_timer to 0 ms
 ok
  . Performing the SSL/TLS handshake...ssl_tls.c:8084: |2| => handshake
ssl_cli.c:3510: |2| client state: 0
ssl_tls.c:2755: |2| => flush output
ssl_tls.c:2767: |2| <= flush output
ssl_cli.c:3510: |2| client state: 1
ssl_tls.c:2755: |2| => flush output
ssl_tls.c:2767: |2| <= flush output
ssl_cli.c:0774: |2| => write client hello
ssl_cli.c:0812: |3| client hello, max version: [3:3]
ssl_cli.c:0703: |3| client hello, current time: 1592572806
ssl_cli.c:0821: |3| dumping 'client hello, random bytes' (32 bytes)
ssl_cli.c:0821: |3| 0000:  5e ec bb 86 f1 65 15 c9 27 e1 12 b3 af 40 7d ab  ^....e..'....@}.
ssl_cli.c:0821: |3| 0010:  16 2e 28 f5 f6 e1 82 9b 2d 5c e7 93 e1 e6 e8 17  ..(.....-......
ssl_cli.c:0874: |3| client hello, session id len.: 0
ssl_cli.c:0875: |3| dumping 'client hello, session id' (0 bytes)
ssl_cli.c:0922: |3| client hello, add ciphersuite: cca8
ssl_cli.c:0922: |3| client hello, add ciphersuite: cca9
ssl_cli.c:0922: |3| client hello, add ciphersuite: ccaa
ssl_cli.c:0922: |3| client hello, add ciphersuite: c02c
ssl_cli.c:0922: |3| client hello, add ciphersuite: c030
ssl_cli.c:0922: |3| client hello, add ciphersuite: 009f
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0ad
ssl_cli.c:0922: |3| client hello, add ciphersuite: c09f
ssl_cli.c:0922: |3| client hello, add ciphersuite: c024
ssl_cli.c:0922: |3| client hello, add ciphersuite: c028
ssl_cli.c:0922: |3| client hello, add ciphersuite: 006b
ssl_cli.c:0922: |3| client hello, add ciphersuite: c00a
ssl_cli.c:0922: |3| client hello, add ciphersuite: c014
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0039
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0af
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0a3
ssl_cli.c:0922: |3| client hello, add ciphersuite: c087
ssl_cli.c:0922: |3| client hello, add ciphersuite: c08b
ssl_cli.c:0922: |3| client hello, add ciphersuite: c07d
ssl_cli.c:0922: |3| client hello, add ciphersuite: c073
ssl_cli.c:0922: |3| client hello, add ciphersuite: c077
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00c4
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0088
ssl_cli.c:0922: |3| client hello, add ciphersuite: c02b
ssl_cli.c:0922: |3| client hello, add ciphersuite: c02f
ssl_cli.c:0922: |3| client hello, add ciphersuite: 009e
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0ac
ssl_cli.c:0922: |3| client hello, add ciphersuite: c09e
ssl_cli.c:0922: |3| client hello, add ciphersuite: c023
ssl_cli.c:0922: |3| client hello, add ciphersuite: c027
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0067
ssl_cli.c:0922: |3| client hello, add ciphersuite: c009
ssl_cli.c:0922: |3| client hello, add ciphersuite: c013
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0033
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0ae
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0a2
ssl_cli.c:0922: |3| client hello, add ciphersuite: c086
ssl_cli.c:0922: |3| client hello, add ciphersuite: c08a
ssl_cli.c:0922: |3| client hello, add ciphersuite: c07c
ssl_cli.c:0922: |3| client hello, add ciphersuite: c072
ssl_cli.c:0922: |3| client hello, add ciphersuite: c076
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00be
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0045
ssl_cli.c:0922: |3| client hello, add ciphersuite: ccac
ssl_cli.c:0922: |3| client hello, add ciphersuite: ccad
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00ab
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0a7
ssl_cli.c:0922: |3| client hello, add ciphersuite: c038
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00b3
ssl_cli.c:0922: |3| client hello, add ciphersuite: c036
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0091
ssl_cli.c:0922: |3| client hello, add ciphersuite: c091
ssl_cli.c:0922: |3| client hello, add ciphersuite: c09b
ssl_cli.c:0922: |3| client hello, add ciphersuite: c097
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0ab
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00aa
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0a6
ssl_cli.c:0922: |3| client hello, add ciphersuite: c037
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00b2
ssl_cli.c:0922: |3| client hello, add ciphersuite: c035
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0090
ssl_cli.c:0922: |3| client hello, add ciphersuite: c090
ssl_cli.c:0922: |3| client hello, add ciphersuite: c096
ssl_cli.c:0922: |3| client hello, add ciphersuite: c09a
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0aa
ssl_cli.c:0922: |3| client hello, add ciphersuite: 009d
ssl_cli.c:0922: |3| client hello, add ciphersuite: c09d
ssl_cli.c:0922: |3| client hello, add ciphersuite: 003d
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0035
ssl_cli.c:0922: |3| client hello, add ciphersuite: c032
ssl_cli.c:0922: |3| client hello, add ciphersuite: c02a
ssl_cli.c:0922: |3| client hello, add ciphersuite: c00f
ssl_cli.c:0922: |3| client hello, add ciphersuite: c02e
ssl_cli.c:0922: |3| client hello, add ciphersuite: c026
ssl_cli.c:0922: |3| client hello, add ciphersuite: c005
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0a1
ssl_cli.c:0922: |3| client hello, add ciphersuite: c07b
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00c0
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0084
ssl_cli.c:0922: |3| client hello, add ciphersuite: c08d
ssl_cli.c:0922: |3| client hello, add ciphersuite: c079
ssl_cli.c:0922: |3| client hello, add ciphersuite: c089
ssl_cli.c:0922: |3| client hello, add ciphersuite: c075
ssl_cli.c:0922: |3| client hello, add ciphersuite: 009c
ssl_cli.c:0922: |3| client hello, add ciphersuite: c09c
ssl_cli.c:0922: |3| client hello, add ciphersuite: 003c
ssl_cli.c:0922: |3| client hello, add ciphersuite: 002f
ssl_cli.c:0922: |3| client hello, add ciphersuite: c031
ssl_cli.c:0922: |3| client hello, add ciphersuite: c029
ssl_cli.c:0922: |3| client hello, add ciphersuite: c00e
ssl_cli.c:0922: |3| client hello, add ciphersuite: c02d
ssl_cli.c:0922: |3| client hello, add ciphersuite: c025
ssl_cli.c:0922: |3| client hello, add ciphersuite: c004
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0a0
ssl_cli.c:0922: |3| client hello, add ciphersuite: c07a
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00ba
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0041
ssl_cli.c:0922: |3| client hello, add ciphersuite: c08c
ssl_cli.c:0922: |3| client hello, add ciphersuite: c078
ssl_cli.c:0922: |3| client hello, add ciphersuite: c088
ssl_cli.c:0922: |3| client hello, add ciphersuite: c074
ssl_cli.c:0922: |3| client hello, add ciphersuite: ccae
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00ad
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00b7
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0095
ssl_cli.c:0922: |3| client hello, add ciphersuite: c093
ssl_cli.c:0922: |3| client hello, add ciphersuite: c099
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00ac
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00b6
ssl_cli.c:0922: |3| client hello, add ciphersuite: 0094
ssl_cli.c:0922: |3| client hello, add ciphersuite: c092
ssl_cli.c:0922: |3| client hello, add ciphersuite: c098
ssl_cli.c:0922: |3| client hello, add ciphersuite: ccab
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00a9
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0a5
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00af
ssl_cli.c:0922: |3| client hello, add ciphersuite: 008d
ssl_cli.c:0922: |3| client hello, add ciphersuite: c08f
ssl_cli.c:0922: |3| client hello, add ciphersuite: c095
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0a9
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00a8
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0a4
ssl_cli.c:0922: |3| client hello, add ciphersuite: 00ae
ssl_cli.c:0922: |3| client hello, add ciphersuite: 008c
ssl_cli.c:0922: |3| client hello, add ciphersuite: c08e
ssl_cli.c:0922: |3| client hello, add ciphersuite: c094
ssl_cli.c:0922: |3| client hello, add ciphersuite: c0a8
ssl_cli.c:0934: |3| client hello, got 127 ciphersuites (excluding SCSVs)
ssl_cli.c:0943: |3| adding EMPTY_RENEGOTIATION_INFO_SCSV
ssl_cli.c:0992: |3| client hello, compress len.: 1
ssl_cli.c:0994: |3| client hello, compress alg.: 0
ssl_cli.c:0069: |3| client hello, adding server name extension: a2g7twmqo7hg82-ats.iot.ap-south-1.amazonaws.com
ssl_cli.c:0186: |3| client hello, adding signature_algorithms extension
ssl_cli.c:0271: |3| client hello, adding supported_elliptic_curves extension
ssl_cli.c:0336: |3| client hello, adding supported_point_formats extension
ssl_cli.c:0518: |3| client hello, adding encrypt_then_mac extension
ssl_cli.c:0552: |3| client hello, adding extended_master_secret extension
ssl_cli.c:0585: |3| client hello, adding session ticket extension
ssl_cli.c:1071: |3| client hello, total extension length: 128
ssl_tls.c:3184: |2| => write handshake message
ssl_tls.c:3343: |2| => write record
ssl_tls.c:3423: |3| output record: msgtype = 22, version = [3:1], msglen = 429
ssl_tls.c:3426: |4| dumping 'output record sent to network' (434 bytes)
ssl_tls.c:3426: |4| 0000:  16 03 01 01 ad 01 00 01 a9 03 03 5e ec bb 86 f1  ...........^....
ssl_tls.c:3426: |4| 0010:  65 15 c9 27 e1 12 b3 af 40 7d ab 16 2e 28 f5 f6  e..'....@}...(..
ssl_tls.c:3426: |4| 0020:  e1 82 9b 2d 5c e7 93 e1 e6 e8 17 00 01 00 cc a8  ...-...........
ssl_tls.c:3426: |4| 0030:  cc a9 cc aa c0 2c c0 30 00 9f c0 ad c0 9f c0 24  .....,.0.......$
ssl_tls.c:3426: |4| 0040:  c0 28 00 6b c0 0a c0 14 00 39 c0 af c0 a3 c0 87  .(.k.....9......
ssl_tls.c:3426: |4| 0050:  c0 8b c0 7d c0 73 c0 77 00 c4 00 88 c0 2b c0 2f  ...}.s.w.....+./
ssl_tls.c:3426: |4| 0060:  00 9e c0 ac c0 9e c0 23 c0 27 00 67 c0 09 c0 13  .......#.'.g....
ssl_tls.c:3426: |4| 0070:  00 33 c0 ae c0 a2 c0 86 c0 8a c0 7c c0 72 c0 76  .3.........|.r.v
ssl_tls.c:3426: |4| 0080:  00 be 00 45 cc ac cc ad 00 ab c0 a7 c0 38 00 b3  ...E.........8..
ssl_tls.c:3426: |4| 0090:  c0 36 00 91 c0 91 c0 9b c0 97 c0 ab 00 aa c0 a6  .6..............
ssl_tls.c:3426: |4| 00a0:  c0 37 00 b2 c0 35 00 90 c0 90 c0 96 c0 9a c0 aa  .7...5..........
ssl_tls.c:3426: |4| 00b0:  00 9d c0 9d 00 3d 00 35 c0 32 c0 2a c0 0f c0 2e  .....=.5.2.*....
ssl_tls.c:3426: |4| 00c0:  c0 26 c0 05 c0 a1 c0 7b 00 c0 00 84 c0 8d c0 79  .&.....{.......y
ssl_tls.c:3426: |4| 00d0:  c0 89 c0 75 00 9c c0 9c 00 3c 00 2f c0 31 c0 29  ...u.....<./.1.)
ssl_tls.c:3426: |4| 00e0:  c0 0e c0 2d c0 25 c0 04 c0 a0 c0 7a 00 ba 00 41  ...-.%.....z...A
ssl_tls.c:3426: |4| 00f0:  c0 8c c0 78 c0 88 c0 74 cc ae 00 ad 00 b7 00 95  ...x...t........
ssl_tls.c:3426: |4| 0100:  c0 93 c0 99 00 ac 00 b6 00 94 c0 92 c0 98 cc ab  ................
ssl_tls.c:3426: |4| 0110:  00 a9 c0 a5 00 af 00 8d c0 8f c0 95 c0 a9 00 a8  ................
ssl_tls.c:3426: |4| 0120:  c0 a4 00 ae 00 8c c0 8e c0 94 c0 a8 00 ff 01 00  ................
ssl_tls.c:3426: |4| 0130:  00 80 00 00 00 34 00 32 00 00 2f 61 32 67 37 74  .....4.2../a2g7t
ssl_tls.c:3426: |4| 0140:  77 6d 71 6f 37 68 67 38 32 2d 61 74 73 2e 69 6f  wmqo7hg82-ats.io
ssl_tls.c:3426: |4| 0150:  74 2e 61 70 2d 73 6f 75 74 68 2d 31 2e 61 6d 61  t.ap-south-1.ama
ssl_tls.c:3426: |4| 0160:  7a 6f 6e 61 77 73 2e 63 6f 6d 00 0d 00 16 00 14  zonaws.com......
ssl_tls.c:3426: |4| 0170:  06 03 06 01 05 03 05 01 04 03 04 01 03 03 03 01  ................
ssl_tls.c:3426: |4| 0180:  02 03 02 01 00 0a 00 18 00 16 00 19 00 1c 00 18  ................
ssl_tls.c:3426: |4| 0190:  00 1b 00 17 00 16 00 1a 00 15 00 14 00 13 00 12  ................
ssl_tls.c:3426: |4| 01a0:  00 0b 00 02 01 00 00 16 00 00 00 17 00 00 00 23  ...............#
ssl_tls.c:3426: |4| 01b0:  00 00                                            ..
ssl_tls.c:2755: |2| => flush output
ssl_tls.c:2774: |2| message length: 434, out_left: 434
ssl_tls.c:2779: |2| ssl->f_send() returned 434 (-0xfffffe4e)
ssl_tls.c:2807: |2| <= flush output
ssl_tls.c:3476: |2| <= write record
ssl_tls.c:3320: |2| <= write handshake message
ssl_cli.c:1106: |2| <= write client hello
ssl_cli.c:3510: |2| client state: 2
ssl_tls.c:2755: |2| => flush output
ssl_tls.c:2767: |2| <= flush output
ssl_cli.c:1499: |2| => parse server hello
ssl_tls.c:4311: |2| => read record
ssl_tls.c:2536: |2| => fetch input
ssl_tls.c:2697: |2| in_left: 0, nb_want: 5
ssl_tls.c:2721: |2| in_left: 0, nb_want: 5
ssl_tls.c:2722: |2| ssl->f_recv(_timeout)() returned -80 (-0x0050)
ssl_tls.c:4973: |1| mbedtls_ssl_fetch_input() returned -80 (-0x0050)
ssl_tls.c:4344: |1| ssl_get_next_record() returned -80 (-0x0050)
ssl_cli.c:1506: |1| mbedtls_ssl_read_record() returned -80 (-0x0050)
ssl_tls.c:8094: |2| <= handshake
 failed
  ! mbedtls_ssl_handshake returned -0x50
Last error was: -0x50 - NET - Connection was reset by peer
ssl_tls.c:8934: |2| => free
ssl_tls.c:8999: |2| <= free
Regards,
Srinivas.
[cid:e050759f-7151-4fb6-8259-848135ad05b0]
________________________________
From: Hannes Tschofenig Hannes.Tschofenig@arm.com
Sent: 19 June 2020 18:35
To: Srinivasa Rao Ragolu srinivasa@alifsemi.com
Subject: RE: How to enable mbedtls complete debug logs?
Hi Srinivas,
Here is a good summary:
https://tls.mbed.org/kb/development/debugging-tls
If you just run the examples (such as ssl_client2 and ssl_server2) on the command line then you just need to use a command line parameter to set the debug level.
Ciao
Hannes
From: mbed-tls mbed-tls-bounces@lists.trustedfirmware.org On Behalf Of Srinivasa Rao Ragolu via mbed-tls
Sent: Friday, June 19, 2020 2:44 PM
To: mbed-tls@lists.trustedfirmware.org
Subject: [mbed-tls] How to enable mbedtls complete debug logs?
Hi All,
Please help me with the procedure, how to enable complete debug logs in mbedtls.
Regards,
Srinivas.
[cid:image001.jpg@01D6464B.1CC8C6E0]
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.