Error messages from Mongoose web server with mbedtls TLS

Question

I am building an HTTP(S) server on Intel SGX, using mbedtls as my TLS library.

I can serve content as expected using HTTP, but when switching over to TLS/SSL using mbedtls I am getting some more complex issues and the error messages are difficult to understand.

Concretely, when I access my site using the “https://” prefix, I can tell that mongoose/mbedtls goes out and reads cert.pem and key.pem, and then makes a recv call on “/”. During that recv call it coughs up the following error:

mg_ssl_if_mbed_err 0x7f9e8c023060 mbedTLS error: -0x7780

From mbedtls src I can read this slightly not so useful explanation:

#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A fatal alert message was received from our peer. */

My starting point is the simplest_web_server_ssl.

Questions: How do I enable mg and mbedtls debug logging? How do I interpret these errors (or even; what can be some reasons for this error)?

Sincerely grateful for any hints!

Answer 1

See https://github.com/cesanta/mongoose/blob/6.16/mongoose.c#L5161 and https://github.com/cesanta/mongoose/blob/6.16/mongoose.c#L5075

Thus you can increase debug log level by calling cs_log_set_level(LL_VERBOSE_DEBUG)

The error you see is most probably due to the invalid cert your client does not accept.

Try to access your server by curl -k https://IPADDR

-k option disables cert verification. If that curl command works, then just fix your cert - your C code works fine.