i want to use ESP to talk to an HTTPS server, and i know about espconn_secure_connect and such.
what i do not see in the SDK, however, is a way to pass CA certificates that should be trusted.
and since having SSL/TLS without actually verifying the server is like having none at all, i'm wondering - what am i missing?
i see that ESP SDK uses axTLS as the TLS library, which needs to be compiled with CONFIG_SSL_CERT_VERIFICATION to enable cert verification.
is this option enabled when SDK is built? if so, how can i call add_cert_auth with the relevant context?
thanks in advance!
Some details: http://www.esp8266.com/viewtopic.php?f=6&t=3343#p19188
If the staff from espressif see this, you are welcome to take a look and reply
I've upgraded to SDK version 1.1.2 and using the sample code at viewtopic.php?f=21&t=389 with DNS disabled, here are my findings:
1. HTTP 200 when connecting to https://iot.espressif.cn/ (184.108.40.206)
2. HTTP 405 when connecting to https://www.baidu.com/ (220.127.116.11)
3. Error -61 when connecting to https://www.espressif.com/ (18.104.22.168)
4. Error -28 when connecting to https://my.flair.zone/api/help
Poking around at the SSL certs, (1), (2) and (3) are using SHA-1 and (4) is using SHA-256. Is there really no plan to support SHA-2?
PS: I don't know if CA verification fixes this problem. My understanding is that CA verification just authenticates the server the client is talking to. If the client trusts that the server is who he really is (I'm not saying this is ideal), then it should be able to skip CA verification. HTTPS experts please correct me if I'm wrong.
"4. Error -28 when connecting to https://my.flair.zone/api/help"
Can you share why is there an SSL handshake error? What were the client/server unable to converge on?
Sorry for the inconvenience.
Please have a try with the latest SDK_v1.2.0 with SSL patch here http://bbs.espressif.com/viewtopic.php?f=5&t=708&p=2599#p2599
Thanks for your interest in Espressif Systems and ESP8266 !
got ip !!!
client handshake start.
client handshake failed
reconnect callback, error code -28 !!!
Did you folks succeed with https://my.flair.zone/api/help (22.214.171.124)? Are you using different sample code from viewtopic.php?f=21&t=389?
Who is online
Users browsing this forum: No registered users and 26 guests
Newbies Start Here
Are you new to ESP8266?
Unsure what to do?
Dunno where to start?
Start right here!
We also have a RTOS version and a MESH version too!
Complete listing of the official ESP8266 related documentation release by ESPRESSIF!
Must read here!