Page 1 of 1

SSL client freezes after bad certificate error

Posted: Wed May 24, 2017 12:18 pm
by ememberus
Test code and instructions are in this thread:

viewtopic.php?f=66&t=4245

Running the test caused CPU to permanently freeze.
No exception was logged, so my guess it is a deadlock
or something else of the kind.
Why watchdog did not kick in remains a mystery.
Free heap was ~21K and probably not the issue.
SDK version = 2.0.0.

Code: Select all

...
connected with DEV, channel 11
dhcp client start...
ip:10.0.0.135,mask:255.255.255.0,gw:10.0.0.1
user_sent_data: TCP not connected
user_check_ip: WiFi connected !!!
dns_check_cb: remote IP resolved, connecting...
2017-05-24 03:39:05 GMT
tcp_reconnect_cb: TCP connect error -11, reconnecting... !!!
pm open,type:2 0
user_check_ip: WiFi connected !!!
dns_check_cb: remote IP resolved, connecting...
bcn_timout,ap_probe_send_start
client handshake start.
client handshake start.
user_sent_data: TCP not connected
user_check_ip: WiFi connected !!!
dns_check_cb: remote IP resolved, connecting...
client handshake failed
Error: invalid handshake
2017-05-24 03:39:20 GMT
tcp_reconnect_cb: TCP connect error -28, reconnecting... !!!
client handshake failed
Error: bad certificate
2017-05-24 03:39:20 GMT
tcp_reconnect_cb: TCP connect error -28, reconnecting... !!!

Re: SSL client freezes after bad certificate error

Posted: Sun May 28, 2017 10:30 pm
by pratik
Sorry, too little details in just a log to comment on this kind of issue.
WDT will not overflow if the CPU is idle (SDK takes care of WDT when idle). It will only trigger if it is stuck and the WDT is not reset by user code.

Re: SSL client freezes after bad certificate error

Posted: Wed May 31, 2017 3:24 am
by ememberus
Hi
I realized that too - it looks like the internal event loop is running
(i.e. resetting watchdog timer), but it is not receiving any events
to process. Feels to me like a bug in the connection FSM.

Looking at some crash logs I also strongly suspect that periodic crashes
in my test occur because NULL pointer is passed to memcpy().
Since I do not call memcpy() explicitely, it must be called somewhere
inside the SDK.

Further research on the subject revealed that Arduino also has no working
wrapper for SLL on ESP8266. This makes me think that underlying Espressif
library is broken and no one seems to be working on a fix for years.

Do you think I am wasting my time on ESP8266 and Espressif SDKs?

Re: SSL client freezes after bad certificate error

Posted: Wed May 31, 2017 1:52 pm
by ESP_Faye
Hi,

So sorry for the inconvenience.

Would you mind to use the mbedTLS?

Re: SSL client freezes after bad certificate error

Posted: Thu Jun 01, 2017 12:02 am
by ememberus
Hello, thank you for your helpful response.
It looks like I have a problem with built-in TCP stack.
What can you recommend that can be built from source?
Thank you in advance!

Re: SSL client freezes after bad certificate error

Posted: Thu Jun 01, 2017 4:51 pm
by pratik
Do you think I am wasting my time on ESP8266 and Espressif SDKs?


Not at all. I have an HTTPS server running with TLS 1.2 that serves files in milliseconds from an SD card directory. I use mbedTLS BTW.
You can use libSSL as well, but it has a bug where it refuses to send data a second time in server mode. But apart from that both libraries are very stable.

Without code, it becomes a little difficult to help.
BTW, if you are getting crashes, make sure you have default certificates and keys installed (if required). Otherwise you will definitely see crashes!

Re: SSL client freezes after bad certificate error

Posted: Fri Jun 02, 2017 12:11 am
by ememberus
If you are curious, my code is in:

viewtopic.php?f=66&t=4245

This code runs only libssl client, which, apart from SSL server, seems to have its own bugs.
I believe, the client should work without any certificates.
Therefore, lack of certificates does not explain these crashes.

SSL client freezes after bad certificate error

Posted: Sat Oct 07, 2017 7:25 am
by Stephkike
I did not complete Q1

Q1: The CA certificate path is in the local machine store. How do you properly configure the server so that it can find the local issuer certificate?

SSL client freezes after bad certificate error

Posted: Thu Oct 12, 2017 4:02 am
by Andrewgvks
every time i try to install the lobby client i get "save ee lobby client has stopped working." and "windows is checking for a solution to the problem...". then nothing happens. How do I fix this????