mbedtls Handshake not starting

[Greg]

Hi,

I need to set up a connection to a mqtt server with a TLS 1.2 Handshake with certificate verification.

When Using sdk with libssl the TLS Handshake works perfectly. Unfortunately libssl only supports TLS 1.1.

So I switched to using the mbedtls patch for the sdk 2.0. When I disable the certificate verification, the TLS 1.2 Handshake works fine. But as soon as I switch on the certificate verification by calling espconn_secure_cert_req_enable() and espconn_secure_ca_enable() the Handshake fails. I investigated the problem by using wireshark. With enabled certificate verification, the Handshake does not even begin ! There is not even a client Hello !

The Debug output in this case is the following:
client handshake start.
espconn_mbedtls.c 652, type[private_key],length[610]
client handshake failed!
Reason:[-0x7f00]

I think, there is something wrong with the certificates. I am using Exactly the same certificate and key-file as with libssl. Does mbedtls need a different format for the files ? Unfortunately there is no example that I could find. The only example that is provided by espressif for mbedtls has the espconn_secure_cert_req_enable() and espconn_secure_ca_enable() calls commented out.

Since there is no example for a mbedtls TLS V1.2 based certifiate verification and no evidence that anybody could ever establish a TLS 1.2 connection with the expressif sdk I begin to doubt that it works at all...
Or is a different certificate/key format needed for mbedtls ?

Any help is highly appreciated !

Thanks a lot,
Gregor

[ai-thinker sky]

hi,
I met the same problem.The debug shows that the chip can connect the website but mbedtls Handshake failed. I use the offical demo and follow its guide.I try to connect other website and it failed.I ping my Internet and it's ok.I hope that the FAE can give us a rely.
Best regards!

SDK ver: 2.0.0(656edbf) compiled @ Jul 19 2016 17:58:40
phy ver: 1055, pp ver: 10.2

SDK version:2.0.0(656edbf)
data : 0x3ffe8000 ~ 0x3ffe8418, len: 1048
rodata: 0x3ffe8420 ~ 0x3ffe9400, len: 4064
bss : 0x3ffe9400 ~ 0x3ffef7e8, len: 25576
heap : 0x3ffef7e8 ~ 0x3fffc000, len: 51224
sleep disable
mode : sta(5c:cf:7f:1d:bd:0f)
add if0
scandone
state: 0 -> 2 (b0)
state: 2 -> 3 (0)
state: 3 -> 5 (10)
add 0
aid 1
cnt

connected with iPhone, channel 11
dhcp client start...
event 0
ip:172.27.190.9,mask:255.255.0.0,gw:172.27.190.1
event 3
heap 49216
user_dns_found 115.29.202.58
heap 48824
espconn connect return 0 !
client handshake start.
client handshake failed!
Reason:[-0x7200]
reconnect callback, error code -114 !
pm open,type:0 0
ip:172.27.190.9,mask:255.255.0.0,gw:172.27.190.1
ip:172.27.190.9,mask:255.255.0.0,gw:172.27.190.1