SSL wih signed certificates

[jpenninkhof]

I have been trying to use "espconn_secure_connect" to setup a https connection to a cloud services with 2048-bit signed certificates. Unfortunately when I try to do so, I'm getting an error message in my console: "client handshake failed -261". This is even after I installed the 1.1.0 firmware, which is supposed to support 2048-bit certificates, with recommended memory leak patches from viewtopic.php?f=5&t=508.

I have noticed that if I used a self-signed certificate on a test-server, the handshake seems to work well though. But for more serious projects, this would need to be able to run against https services (e.g. public cloud services) with signed certificates as well. I'm really puzzled why it wouldn't work on signed certificates though. If you have any insights you could share, it would be greatly appreciated.

It would be great if Espressif could provide more details in this area. Ultimately, I think it is best to provide the source code of the libssl module, but it might already be very helpful if a list of error codes and their explanation would be published. Using this list it may become easier to troubleshoot/debug this nasty issue.

Espressif, if you happen to read this, I think resolving this SSL thing is important. Without proper SSL support, you will hardly be able to use this chip to build serious Things of the Internet, instead they would be limited to Things of your Home-network. For example, in forums such as this: http://scn.sap.com/community/developer- ... ta--part-2 (Overcoming Limitations of ESP8266), the ESP8266 is already written off as a chip for an autonomous IoT things and is mentioned that you would need to use to bridge if you dive into more serious scenarios. So, please do take this seriously.

[ESP_Faye]

Hi，

Here is a demo of SSL http://bbs.espressif.com/viewtopic.php?f=21&t=389

Please try to enlarge SSL buffer by espconn_secure_set_size

Code: Select all

espconn_secure_set_size(ESPCONN_CLIENT,5120); // set SSL buffer size, if your SSL packet larger than 2048 bytes


Thanks for your interest in ESP8266 !

[jpenninkhof]

Hi Faye,

After using espconn_secure_set_size(ESPCONN_CLIENT,5120), the client does seem to make a proper handscake. Thanks for that!
However, it seems that it crashes somewhere else now...

It seems that the callback set with espconn_regist_sentcb isn't executed anymore. Would you know what that could be caused by?
When I use an unsecure (non-SSL) call, this callback is triggered properly...

Best regards,
Jan Penninkhof

[jpenninkhof]

Thanks for the suggestion Faye. Making the SSL buffer a bit larger does seem to get the process a little further and the handshake was executed properly. This is a great step forward

The bad news however, is it appears that the ssl connection seems to fail somewhere else. It seems that the espconn_sent now crashes somewhere, and I'm also not receiving a callback to the function I registered with espconn_regist_sentcb anymore.

Any other suggestions leading in the right direction would be greatly appreciated.

[jpenninkhof]

Woops, forgot to replace the espconn_sent calls with espconn_secure_sent. I now have a working https line with the SAP Hana Cloud, straight from the chip!
Awesomeness! Thanks for your help!

[orcema]

When i try to do the same action connecting to

hcp.sap.com

i get an error

..reconnect callback, error code -11 !!!

while using the script available at

http://bbs.espressif.com/viewtopic.php?f=21&t=389

What am i doing wrong ?

I am using the latest sdk 1.20 with updated ssl library