Page 1 of 1

ESP8266 - SSL Webserver

Posted: Mon Mar 13, 2017 2:37 am
by tpic
Hi,

I was able to extend the latest version of the at-firmware to also support a SSL - webserver.

My implementation has just one problem:
The Client opens the SSL Socket, the handshake is successful and it can send multiple packets to the ESP8266 (The connection is kept open), but from the server side the espconn_secure_send function works only once. After the first call (which also results in a successful call of the sent callback), the espconn_secure_send function always returns -5 (ESPCONN_INPROGRESS) and the sent-callback is never called.
After I close and reopen the Socket, the send-function works again for one transmission.

Has anyone an idea? I tried to set the keepalive-stuff but I'm not sure if it works for the SSL-connection.
As it is possible to continue the transmission from the client side, the connection is still open, but from ESP8266-side a transmission is blocked.

Thank you!

Re: ESP8266 - SSL Webserver

Posted: Sat May 20, 2017 9:55 am
by davydnorris
I have just had exactly the same issue!

I have recently modified esphttpd to add support for SSL, and have experienced the exact same problems as you. I've posted in the community forum as well but here's my debug dump from the esphttpd server as I try to connect to the root (which redirects to the index.tpl) and the wifi root (which redirects to wifi.tpl). As can be seen, the first send always works but the next fails with error -5

Code: Select all

server handshake start.
server handshake ok!
Conn... port = 443, state = 3
Conn req from  10.1.1.7:61075, using pool slot 0
ConS... port = 443, state = 3
Recv... port = 443, state = 5
URL = /
Is url index 0
Is url index 1
Pool slot 0 is done. Cleaning up for next req
RTSn... port = 443, state= 5
Sending... port = 443, len = 128, state= 4, ret = 0
Sent... port = 443, state = 3
Recv... port = 443, state = 5
URL = /index.tpl
Is url index 0
Is url index 3
Heatshrink compressed file; decode parms = b4
RTSn... port = 443, state= 5
Sending... port = 443, len = 99, state= 4, ret = -5
Disc... port = 443, state = 6
Pool slot 0: socket closed.
server handshake start.
server handshake ok!
Conn... port = 443, state = 3
Conn req from  10.1.1.7:61076, using pool slot 0
ConS... port = 443, state = 3
Recv... port = 443, state = 5
URL = /index.tpl
Is url index 0
Is url index 3
Heatshrink compressed file; decode parms = b4
RTSn... port = 443, state= 5
Sending... port = 443, len = 99, state= 4, ret = 0
Sent... port = 443, state = 3
RTSn... port = 443, state= 3
Sending... port = 443, len = 1024, state= 4, ret = -5
Disc... port = 443, state = 6
Pool slot 0: socket closed.
server handshake start.
server handshake ok!
Conn... port = 443, state = 3
Conn req from  10.1.1.7:61077, using pool slot 0
ConS... port = 443, state = 3
Recv... port = 443, state = 5
URL = /wifi/
Is url index 0
Is url index 9
Pool slot 0 is done. Cleaning up for next req
RTSn... port = 443, state= 5
Sending... port = 443, len = 136, state= 4, ret = 0
Sent... port = 443, state = 3
Recv... port = 443, state = 5
URL = /wifi/wifi.tpl
Is url index 0
Is url index 11
Heatshrink compressed file; decode parms = b4
RTSn... port = 443, state= 5
Sending... port = 443, len = 99, state= 4, ret = -5
Disc... port = 443, state = 6
Pool slot 0: socket closed.
server handshake start.
server handshake ok!
Conn... port = 443, state = 3
Conn req from  10.1.1.7:61078, using pool slot 0
ConS... port = 443, state = 3
Recv... port = 443, state = 5
URL = /wifi/wifi.tpl
Is url index 0
Is url index 11
Heatshrink compressed file; decode parms = b4
RTSn... port = 443, state= 5
Sending... port = 443, len = 99, state= 4, ret = 0
Sent... port = 443, state = 3
RTSn... port = 443, state= 3
Sending... port = 443, len = 1031, state= 4, ret = -5
Disc... port = 443, state = 6
Pool slot 0: socket closed.


This is stopping me from a fairly major project where I need to use SSL while configuring the ESP units. Please Espressif, can you look into this for us? Happy to supply my code changes to the esphttpd if you like

Re: ESP8266 - SSL Webserver

Posted: Wed May 31, 2017 11:20 am
by ESP_Faye
Hi,

So sorry for the inconvenience, would you mind to use mbedTLS instead? It is much better than the current one.