ESP8266 Developer Zone The Official ESP8266 Forum 2017-10-12T04:02:59+08:00 https://bbs.espressif.com:443/feed.php?f=66&t=4706 2017-10-12T04:02:59+08:00 2017-10-12T04:02:59+08:00 https://bbs.espressif.com:443/viewtopic.php?t=4706&p=16383#p16383 <![CDATA[SSL client freezes after bad certificate error]]> Statistics: Posted by Andrewgvks — Thu Oct 12, 2017 4:02 am

]]> 2017-10-07T07:25:48+08:00 2017-10-07T07:25:48+08:00 https://bbs.espressif.com:443/viewtopic.php?t=4706&p=16225#p16225 <![CDATA[SSL client freezes after bad certificate error]]>
Q1: The CA certificate path is in the local machine store. How do you properly configure the server so that it can find the local issuer certificate?

Statistics: Posted by Stephkike — Sat Oct 07, 2017 7:25 am

]]> 2017-06-02T00:11:16+08:00 2017-06-02T00:11:16+08:00 https://bbs.espressif.com:443/viewtopic.php?t=4706&p=13630#p13630 <![CDATA[Re: SSL client freezes after bad certificate error]]>
viewtopic.php?f=66&t=4245

This code runs only libssl client, which, apart from SSL server, seems to have its own bugs.
I believe, the client should work without any certificates.
Therefore, lack of certificates does not explain these crashes.

Statistics: Posted by ememberus — Fri Jun 02, 2017 12:11 am

]]> 2017-06-01T16:51:36+08:00 2017-06-01T16:51:36+08:00 https://bbs.espressif.com:443/viewtopic.php?t=4706&p=13615#p13615 <![CDATA[Re: SSL client freezes after bad certificate error]]>

Do you think I am wasting my time on ESP8266 and Espressif SDKs?


Not at all. I have an HTTPS server running with TLS 1.2 that serves files in milliseconds from an SD card directory. I use mbedTLS BTW.
You can use libSSL as well, but it has a bug where it refuses to send data a second time in server mode. But apart from that both libraries are very stable.

Without code, it becomes a little difficult to help.
BTW, if you are getting crashes, make sure you have default certificates and keys installed (if required). Otherwise you will definitely see crashes!

Statistics: Posted by Guest — Thu Jun 01, 2017 4:51 pm

]]> 2017-06-01T00:02:26+08:00 2017-06-01T00:02:26+08:00 https://bbs.espressif.com:443/viewtopic.php?t=4706&p=13573#p13573 <![CDATA[Re: SSL client freezes after bad certificate error]]> It looks like I have a problem with built-in TCP stack.
What can you recommend that can be built from source?
Thank you in advance!

Statistics: Posted by ememberus — Thu Jun 01, 2017 12:02 am

]]> 2017-05-31T13:52:23+08:00 2017-05-31T13:52:23+08:00 https://bbs.espressif.com:443/viewtopic.php?t=4706&p=13566#p13566 <![CDATA[Re: SSL client freezes after bad certificate error]]>
So sorry for the inconvenience.

Would you mind to use the mbedTLS?

Statistics: Posted by ESP_Faye — Wed May 31, 2017 1:52 pm

]]> 2017-05-31T03:24:55+08:00 2017-05-31T03:24:55+08:00 https://bbs.espressif.com:443/viewtopic.php?t=4706&p=13553#p13553 <![CDATA[Re: SSL client freezes after bad certificate error]]> I realized that too - it looks like the internal event loop is running
(i.e. resetting watchdog timer), but it is not receiving any events
to process. Feels to me like a bug in the connection FSM.

Looking at some crash logs I also strongly suspect that periodic crashes
in my test occur because NULL pointer is passed to memcpy().
Since I do not call memcpy() explicitely, it must be called somewhere
inside the SDK.

Further research on the subject revealed that Arduino also has no working
wrapper for SLL on ESP8266. This makes me think that underlying Espressif
library is broken and no one seems to be working on a fix for years.

Do you think I am wasting my time on ESP8266 and Espressif SDKs?

Statistics: Posted by ememberus — Wed May 31, 2017 3:24 am

]]> 2017-05-28T22:30:23+08:00 2017-05-28T22:30:23+08:00 https://bbs.espressif.com:443/viewtopic.php?t=4706&p=13485#p13485 <![CDATA[Re: SSL client freezes after bad certificate error]]> WDT will not overflow if the CPU is idle (SDK takes care of WDT when idle). It will only trigger if it is stuck and the WDT is not reset by user code.

Statistics: Posted by Guest — Sun May 28, 2017 10:30 pm

]]> 2017-05-24T12:18:42+08:00 2017-05-24T12:18:42+08:00 https://bbs.espressif.com:443/viewtopic.php?t=4706&p=13364#p13364 <![CDATA[SSL client freezes after bad certificate error]]>
viewtopic.php?f=66&t=4245

Running the test caused CPU to permanently freeze.
No exception was logged, so my guess it is a deadlock
or something else of the kind.
Why watchdog did not kick in remains a mystery.
Free heap was ~21K and probably not the issue.
SDK version = 2.0.0.

Code:

...
connected with DEV, channel 11
dhcp client start...
ip:10.0.0.135,mask:255.255.255.0,gw:10.0.0.1
user_sent_data: TCP not connected
user_check_ip: WiFi connected !!!
dns_check_cb: remote IP resolved, connecting...
2017-05-24 03:39:05 GMT
tcp_reconnect_cb: TCP connect error -11, reconnecting... !!!
pm open,type:2 0
user_check_ip: WiFi connected !!!
dns_check_cb: remote IP resolved, connecting...
bcn_timout,ap_probe_send_start
client handshake start.
client handshake start.
user_sent_data: TCP not connected
user_check_ip: WiFi connected !!!
dns_check_cb: remote IP resolved, connecting...
client handshake failed
Error: invalid handshake
2017-05-24 03:39:20 GMT
tcp_reconnect_cb: TCP connect error -28, reconnecting... !!!
client handshake failed
Error: bad certificate
2017-05-24 03:39:20 GMT
tcp_reconnect_cb: TCP connect error -28, reconnecting... !!!

Statistics: Posted by ememberus — Wed May 24, 2017 12:18 pm

]]>