SSL Connect.

younger · Postby **younger** » Sun Jan 04, 2015 10:59 am

Hi ,
I have connected to a ssl server, but it is always failed. The ip and port is 111.206.227.37:2001.

I want to have SSL_connect succeed even if verifying the server fails and reducing security, may like "SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0)" in cyassl.

How to do like this in ESP8266 sdk ?

ESP_Faye · Postby **ESP_Faye** » Sun Jan 04, 2015 2:06 pm

It seems that SSL certificate of your server is not correct， so the connecting fails.

What do you want to do？

younger · Postby **younger** » Sun Jan 04, 2015 2:09 pm

Espressif_Faye wrote:It seems that SSL certificate of your server is not correct， so the connecting fails.

What do you want to do？

The server is JD-Cloud server ,I just use ESP8266 to connect it,but it is fail.

But another code in cyassl "CyaSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0)" will be OK, and the SSL_VERIFY_NONE seems ignored the verify result to ensure the connect suuceed.

In ESP8266 use axtls for ssl, how can I achieve it for SSL_VERIFY_NONE? Maybe I must transplant cyassl instead of axtls in ESP8266?

ESP_Faye · Postby **ESP_Faye** » Sun Jan 04, 2015 5:42 pm

Does your server （111.206.227.37） has port 443 ？

younger · Postby **younger** » Sun Jan 04, 2015 9:07 pm

Espressif_Faye wrote:Does your server （111.206.227.37） has port 443 ？

Only port 2001.

ESP_Faye · Postby **ESP_Faye** » Mon Jan 05, 2015 9:33 am

Please try this:

younger · Postby **younger** » Mon Jan 05, 2015 10:20 am

Espressif_Faye wrote:Please try this:

Hi Espressif_Faye,

Does it work after modify this code?

I have tried this but still fail.

Code: Select all

ip:192.168.1.126,mask:255.255.255.0,gw:192.168.1.1
user_esp_platform_dns_found 111.206.227.37
user_esp_platform_connect
espconn_ssl_connect 0x3fff5a00 0x3fff59a0 0x00006338 1073699992
client handshake start.
espconn_ssl_client ssl_ctx 0x3fff5cf0
send_raw_packet pkt_size 56
send_raw_packet Length 56
espconn_ssl_csent 0x3fff5a00 0x3fff5dbc 56
espconn_ssl_crecv 409 0x3fff5d90 0x3fff5978
do_clnt_handshake: 107 2
do_clnt_handshake: 107 11
Error: Invalid X509 ASN.1 file (X509 not ok)
send_raw_packet pkt_size 7
send_raw_packet Length 7
client handshake failed
espconn_ssl_cclose 0
espconn_ssl_cclose_cb 10 0
send_raw_packet pkt_size 7
send_raw_packet Length 7
user_esp_platform_discon_cb
user_esp_platform_reconnect

ESP_Faye · Postby **ESP_Faye** » Mon Jan 05, 2015 2:04 pm

Sorry.. Please change it back..
int ICACHE_FLASH_ATTR asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
{
return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
asn1_get_utc_time(cert, offset, &x509_ctx->not_before) ||
asn1_get_utc_time(cert, offset, &x509_ctx->not_after));
}

And try this..

younger · Postby **younger** » Mon Jan 05, 2015 2:15 pm

Espressif_Faye wrote::o

Sorry.. Please change it back..
int ICACHE_FLASH_ATTR asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx)
{
return (asn1_next_obj(cert, offset, ASN1_SEQUENCE) < 0 ||
asn1_get_utc_time(cert, offset, &x509_ctx->not_before) ||
asn1_get_utc_time(cert, offset, &x509_ctx->not_after));
}

And try this..

It works very nice,thank you very much.

SSL Connect.

SSL Connect.

Re: SSL Connect.

Re: SSL Connect.

Re: SSL Connect.

Re: SSL Connect.

Re: SSL Connect.

Re: SSL Connect.

Re: SSL Connect.

Re: SSL Connect.

Who is online

Login

Newbies Start Here

Latest SDK

Documentation

About Us

Information