SSL client freezes after bad certificate error

ememberus
Posts: 21
Joined: Thu May 04, 2017 12:53 am

SSL client freezes after bad certificate error

Postby ememberus » Wed May 24, 2017 12:18 pm

Test code and instructions are in this thread:

viewtopic.php?f=66&t=4245

Running the test caused CPU to permanently freeze.
No exception was logged, so my guess it is a deadlock
or something else of the kind.
Why watchdog did not kick in remains a mystery.
Free heap was ~21K and probably not the issue.
SDK version = 2.0.0.

Code: Select all

...
connected with DEV, channel 11
dhcp client start...
ip:10.0.0.135,mask:255.255.255.0,gw:10.0.0.1
user_sent_data: TCP not connected
user_check_ip: WiFi connected !!!
dns_check_cb: remote IP resolved, connecting...
2017-05-24 03:39:05 GMT
tcp_reconnect_cb: TCP connect error -11, reconnecting... !!!
pm open,type:2 0
user_check_ip: WiFi connected !!!
dns_check_cb: remote IP resolved, connecting...
bcn_timout,ap_probe_send_start
client handshake start.
client handshake start.
user_sent_data: TCP not connected
user_check_ip: WiFi connected !!!
dns_check_cb: remote IP resolved, connecting...
client handshake failed
Error: invalid handshake
2017-05-24 03:39:20 GMT
tcp_reconnect_cb: TCP connect error -28, reconnecting... !!!
client handshake failed
Error: bad certificate
2017-05-24 03:39:20 GMT
tcp_reconnect_cb: TCP connect error -28, reconnecting... !!!

User avatar
pratik
Posts: 467
Joined: Wed Jun 29, 2016 7:17 pm
Location: India
Contact:

Re: SSL client freezes after bad certificate error

Postby pratik » Sun May 28, 2017 10:30 pm

Sorry, too little details in just a log to comment on this kind of issue.
WDT will not overflow if the CPU is idle (SDK takes care of WDT when idle). It will only trigger if it is stuck and the WDT is not reset by user code.
Regards,
Pratik Panda
Website: http://www.PratikPanda.com

Custom firmware, Knowledge base and freelancing (ESP8266/ESP32):
http://www.iot-bits.com

ememberus
Posts: 21
Joined: Thu May 04, 2017 12:53 am

Re: SSL client freezes after bad certificate error

Postby ememberus » Wed May 31, 2017 3:24 am

Hi
I realized that too - it looks like the internal event loop is running
(i.e. resetting watchdog timer), but it is not receiving any events
to process. Feels to me like a bug in the connection FSM.

Looking at some crash logs I also strongly suspect that periodic crashes
in my test occur because NULL pointer is passed to memcpy().
Since I do not call memcpy() explicitely, it must be called somewhere
inside the SDK.

Further research on the subject revealed that Arduino also has no working
wrapper for SLL on ESP8266. This makes me think that underlying Espressif
library is broken and no one seems to be working on a fix for years.

Do you think I am wasting my time on ESP8266 and Espressif SDKs?

ESP_Faye
Posts: 1627
Joined: Mon Oct 27, 2014 11:08 am

Re: SSL client freezes after bad certificate error

Postby ESP_Faye » Wed May 31, 2017 1:52 pm

Hi,

So sorry for the inconvenience.

Would you mind to use the mbedTLS?

ememberus
Posts: 21
Joined: Thu May 04, 2017 12:53 am

Re: SSL client freezes after bad certificate error

Postby ememberus » Thu Jun 01, 2017 12:02 am

Hello, thank you for your helpful response.
It looks like I have a problem with built-in TCP stack.
What can you recommend that can be built from source?
Thank you in advance!

User avatar
pratik
Posts: 467
Joined: Wed Jun 29, 2016 7:17 pm
Location: India
Contact:

Re: SSL client freezes after bad certificate error

Postby pratik » Thu Jun 01, 2017 4:51 pm

Do you think I am wasting my time on ESP8266 and Espressif SDKs?


Not at all. I have an HTTPS server running with TLS 1.2 that serves files in milliseconds from an SD card directory. I use mbedTLS BTW.
You can use libSSL as well, but it has a bug where it refuses to send data a second time in server mode. But apart from that both libraries are very stable.

Without code, it becomes a little difficult to help.
BTW, if you are getting crashes, make sure you have default certificates and keys installed (if required). Otherwise you will definitely see crashes!
Regards,
Pratik Panda
Website: http://www.PratikPanda.com

Custom firmware, Knowledge base and freelancing (ESP8266/ESP32):
http://www.iot-bits.com

ememberus
Posts: 21
Joined: Thu May 04, 2017 12:53 am

Re: SSL client freezes after bad certificate error

Postby ememberus » Fri Jun 02, 2017 12:11 am

If you are curious, my code is in:

viewtopic.php?f=66&t=4245

This code runs only libssl client, which, apart from SSL server, seems to have its own bugs.
I believe, the client should work without any certificates.
Therefore, lack of certificates does not explain these crashes.

Stephkike
Posts: 2
Joined: Fri Sep 22, 2017 8:55 am
Location: Bulgaria
Contact:

SSL client freezes after bad certificate error

Postby Stephkike » Sat Oct 07, 2017 7:25 am

I did not complete Q1

Q1: The CA certificate path is in the local machine store. How do you properly configure the server so that it can find the local issuer certificate?
Time-tested robot trading software for profitable investments

Andrewgvks
Posts: 4
Joined: Thu Sep 21, 2017 7:22 am
Location: Bulgaria
Contact:

SSL client freezes after bad certificate error

Postby Andrewgvks » Thu Oct 12, 2017 4:02 am

every time i try to install the lobby client i get "save ee lobby client has stopped working." and "windows is checking for a solution to the problem...". then nothing happens. How do I fix this????
Time-tested expert advisor for self-earnings

Who is online

Users browsing this forum: No registered users and 2 guests