Page 2 of 4

Re: SSL example

Posted: Wed Aug 12, 2015 9:29 pm
by rudi
hdrut wrote:Hi Rudi yes! That was the problem....

..How are you doing? Have you managed to do some progress on copy protection for ESP?

I am now trying SSL communication, just started...

Cheers, i am going to celebrate my birthday today !!


Hi Horacio ! All the Best from me to you!
Happy Birthday to you!
https://www.youtube.com/watch?v=Vdsqbh_0zzg

Thanks i am fine, hope u too ;-)
Yes, copy protect runs like a charme ;))))
hope for open src the bootloader code from espressif, will be touch more possibles.

SSL works fine, Horacio, 'huafan' has made fine examples too, have a look and a try:
viewtopic.php?f=7&t=386

celebrate your birthday fine! - see you 'jumping' and hear you singing ;-) ;-) ;-)
la la lalalala yeap ...

best wishes!
rudi ;-)

edit: see at this too:
viewtopic.php?f=16&p=3173#p3173

Re: SSL example

Posted: Thu Aug 13, 2015 2:37 am
by hdrut
Thank you Rudi!


any chance to "share" your knowledge with me?? :P


Cheers!




rudi wrote:
hdrut wrote:Hi Rudi yes! That was the problem....

..How are you doing? Have you managed to do some progress on copy protection for ESP?

I am now trying SSL communication, just started...

Cheers, i am going to celebrate my birthday today !!


Hi Horacio ! All the Best from me to you!
Happy Birthday to you!
https://www.youtube.com/watch?v=Vdsqbh_0zzg

Thanks i am fine, hope u too ;-)
Yes, copy protect runs like a charme ;))))
hope for open src the bootloader code from espressif, will be touch more possibles.

SSL works fine, Horacio, 'huafan' has made fine examples too, have a look and a try:
viewtopic.php?f=7&t=386

celebrate your birthday fine! - see you 'jumping' and hear you singing ;-) ;-) ;-)
la la lalalala yeap ...

best wishes!
rudi ;-)

edit: see at this too:
viewtopic.php?f=16&p=3173#p3173

Re: Memory Leak/Usage

Posted: Thu Aug 13, 2015 4:44 am
by zaxl
Espressif_Faye wrote:Hi,

So sorry for the inconvenience.

Please update to esp_iot_sdk_v1.3.0 and try the SSL patch here http://bbs.espressif.com/viewtopic.php?f=46&t=925

Please have a try. If your problem is still unsolved, feel free to let us know !

Thanks for your interest in Espressif Systems and ESP8266 !


Yes, it fixes the missing disconnect callbacks. Leak is gone too - will torture it a little bit more but it's fine. Thanks!!
The SDK 1.3.0 frees some more memory which is great. Keep the good work!

However I've faced the next issue now - the more free memory allows me to enable the ca server verification -
i got just handshake fail debug message - no reconnect or disconnect callback- the connection stays up until the server closes, i.e. no error code. Any pointers on how to debug/resolve this? Web server is apache , i've placed the host as the default vhost so the esp ssl clients get the first certificate during the ssl handshake. I'm using a self signed certificate /CA and Intermediate CA/ - would it pass the verification?

Re: Memory Leak/Usage

Posted: Thu Aug 13, 2015 10:50 am
by ESP_Faye
Hi,

Did your espconn_secure_connect return ESPCONN_OK ?

Re: Memory Leak/Usage

Posted: Thu Aug 13, 2015 1:42 pm
by zaxl
Espressif_Faye wrote:Hi,

Did your espconn_secure_connect return ESPCONN_OK ?


Yes:
esp_secure_connect:0
client handshake start.
client handshake failed

esp_ca_cert.bin size is 1649 bytes.

SSL buffer size is 5120 - i've received errors before when it was to small.
netstat on the server shows the connection in established state.

openssl s_client -connect server:443 reports:

depth=2 C = BG, ST = BG, O = Test, OU = RCA, CN = RCA
verify error:num=19:self signed certificate in certificate chain
verify return:0

Certificate chain
0 s:/C=BG/ST=BG/O=Test/OU=Test/CN=Test
i:/C=BG/ST=BG/O=Test/OU=ICA/CN=ICA
1 s:/C=BG/ST=BG/O=Test/OU=ICA/CN=ICA
i:/C=BG/ST=BG/O=Test/OU=RCA/CN=RCA
2 s:/C=BG/ST=BG/O=Test/OU=RCA/CN=RCA
i:/C=BG/ST=BG/O=Test/OU=RCA/CN=RCA
-- BEGIN CERTIFICATE ---
.....
-----END CERTIFICATE-----
subject=/C=BG/ST=BG/O=Test/OU=Test/CN=Test
issuer=/C=BG/ST=BG/O=Test/OU=ICA/CN=ICA
---
No client certificate CA names sent
---
SSL handshake has read 3075 bytes and written 421 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256

Re: Memory Leak/Usage

Posted: Fri Aug 14, 2015 11:27 am
by ESP_Faye
Hi,

Please call espconn_regist_disconcb before espconn_secure_connect, for example

Code: Select all

        espconn_regist_connectcb(pespconn, user_tcp_connect_cb);
        espconn_regist_reconcb(pespconn, user_tcp_recon_cb);
        // register disconnect cb here, because that SSL handshake may fail.
        espconn_regist_disconcb(pespconn, user_tcp_discon_cb); 
       
       //espconn_secure_set_size(ESPCONN_CLIENT,5120);
       
        espconn_secure_connect(pespconn); // tcp SSL connect


If your problem is still unsolved, please provide your test code, we will have a try.

Re: Memory Leak/Usage

Posted: Mon Aug 17, 2015 6:36 pm
by zaxl
Hi, Faye,

Espressif_Faye wrote:Hi,

Please call espconn_regist_disconcb before espconn_secure_connect, for example

Code: Select all

        espconn_regist_connectcb(pespconn, user_tcp_connect_cb);
        espconn_regist_reconcb(pespconn, user_tcp_recon_cb);
        // register disconnect cb here, because that SSL handshake may fail.
        espconn_regist_disconcb(pespconn, user_tcp_discon_cb); 
       
       //espconn_secure_set_size(ESPCONN_CLIENT,5120);
       
        espconn_secure_connect(pespconn); // tcp SSL connect


If your problem is still unsolved, please provide your test code, we will have a try.


It's there but the disconnect callback is actually called but after 5 minutes , when the server closes the connection.
/see the tcpdump.log/ And not after the handshake failure.

I'm attaching archive with test code, there is a README.txt containing relevant info and instructions.
I'm testing against sdk1.3.0 + ssl patch.

If i do not do secure_ca_enable - everything is fine.

So there are two problems:
1. CA verification does not work
2. Disconnect callback is called on server close , not when the handshake fails

Re: Memory Leak/Usage

Posted: Tue Aug 18, 2015 2:06 pm
by ESP_Faye
Hi,

Could you have a try with our SSL server "iot.espressif.cn" port 443 ?

Here is the CA of our SSL server.

Documentation "5A-ESP8266__SDK__SSL_User_Manual" is in \esp_iot_sdk_v1.3.0\document\

Re: Memory Leak/Usage

Posted: Tue Aug 18, 2015 2:48 pm
by zaxl
Espressif_Faye wrote:Hi,

Could you have a try with our SSL server "iot.espressif.cn" port 443 ?

Here is the CA of our SSL server.

Documentation "5A-ESP8266__SDK__SSL_User_Manual" is in \esp_iot_sdk_v1.3.0\document\

Hi,
I've replaced the esp_ca_cert.bin with espressif's and it fails again:
.....
dhcp client start...
chg_B:-60
FH:46632 t:4
Got ip
ip:192.168.0.104,mask:255.255.255.0,gw:192.168.0.1
Starting request to:[https://iot.espressif.cn/]
hostname=iot.espressif.cn
port=443
path=/
DNS request
DNS pending
FH:46360 t:6
DNS found iot.espressif.cn 115.29.202.58
FH:28672 t:7
client handshake start.
client handshake failed
Disconnected
http_status=-1
httperr:-1
FH:44480 t:8
..........

BUT this time faster.
With my self signed certificate - it fails and waits 5 minutes for the server to close..
With espressif's certificate which is not self signed - it disconnects how it should - right after the handshake failure.

Other minor difference to note is that espressif's server accepts client certificates - mine does not.

Re: Memory Leak/Usage

Posted: Wed Aug 19, 2015 4:28 pm
by ESP_Faye
Hi,

Here is my test project and test log, it can connect to Espressif Cloud successfully.

The last log "tcp disconnect succeed !!! " means the Espressif Cloud disconnect to ESP8266, it is not a problem.

Please have a try.
Flash download tool.png