SSL connection via AT commands

[munderhill]

Is there a way to connect to a secure server (https) using the AT commands? If so, how would that be done?

[ESP_Faye]

Hi,

Sorry for the inconvenience.

We don't have an AT command to create SSL connection now.

You can try to defined your own AT command about SSL.

[doughboy]

I am writing AT command to support SSL, but it seems none of the espconn_secure_* api works. At least when I connect to real ssl servers using real cerfificates. (and yes, I have set buffer size to 8196 and use the patched ssl library) esp module will reset (I think due to wdt timeout). I already reported this via email.

[Her Mary]

Here is a SSL demo http://bbs.espressif.com/viewtopic.php?f=7&t=386

[doughboy]

Here is a SSL demo http://bbs.espressif.com/viewtopic.php?f=7&t=386

that is just a copy of the iot example program, lol.
I can tell you with absolute certainty, the ssl api does not work.

[ESP_Faye]

Hi,

Thanks for your interest in ESP8266,

Please have a try with the demo code here http://bbs.espressif.com/viewtopic.php?f=21&t=389
Notice that there is a SSL patch http://bbs.espressif.com/viewtopic.php?f=5&t=382

In your case, you need to only change the IP , port and buffer size in user_check_ip , just as below

Code: Select all

       const char esp_server_ip[4] = {96, 114, 157, 81};

       os_memcpy(user_tcp_conn.proto.tcp->remote_ip, esp_server_ip, 4);

       user_tcp_conn.proto.tcp->remote_port = 465; // remote SSL port of tcp server
     
       user_tcp_conn.proto.tcp->local_port = espconn_port(); //local port of ESP8266

       espconn_regist_connectcb(&user_tcp_conn, user_tcp_connect_cb); // register connect callback
       espconn_regist_reconcb(&user_tcp_conn, user_tcp_recon_cb); // register reconnect callback as error handler

       espconn_secure_set_size(ESPCONN_CLIENT,5120); // set SSL buffer size, if your SSL packet larger than 2048
       espconn_secure_connect(&user_tcp_conn); // tcp SSL connect


Please have a try and let me know if your problem be solved or not ?

[doughboy]

I looked at the sample, and it is similar to my current program.
So I tried to connect to iot.espressif.cn port 8443 and I got a successful connection.
But if I connect to iot.espressif.cn port 443, I get -11. I have already set the buffer to 8192.
you need to make ssl api work with normal websites like smtp.gmail.com:465. Otherwise, there is no real practical use for it other than a novelty API.
I got a firmware with ssl code compiled in 0.93SDK and it is able to connect to smtp.gmail.com:465 just fine, so I think some regression was introduced since then. I compiled my program back to 1.0sdk and they all do not work connecting to normal ssl websites.

This is the log from my program.
AT+CIPSTARTSSL="iot.espressif.cn",443

host: iot.espressif.cn port:443
Free heap: 17680
remote ip 255.255.255.255
using dns
in dns handler
remote ip 115.29.202.58
called connect.
tcp state: 6 error handler:-11
SSL server requires packet size >8192 limit

ERROR
AT+CIPSTARTSSL="iot.espressif.cn",8443

host: iot.espressif.cn port:8443
Free heap: 17680
remote ip 255.255.255.255
using dns
in dns handler
remote ip 115.29.202.58
called connect.
in listener handler
CONNECT

OK
AT+CIPCLOSESSL

in disconnect handler
CLOSED

OK

[doughboy]

ok, some correction.

Using exactly the same code, if I used the patched ssl, I get wdt reset. I was using the older libssl.a from 1.0sdk in my previous post. So there is something wrong with the patched ssl library.

AT+CIPSTARTSSL="iot.espressif.cn",8443

host: iot.espressif.cn port:8443
Free heap: 17568
remote ip 255.255.255.255
buffer size 8192
using dns
in dns handler
remote ip 115.29.202.58
called connect.

ets Jan 8 2013,rst cause:4, boot mode:(3,3)

wdt reset
load 0x40100000, len 1320, room 16
tail 8
chksum 0xb8
load 0x3ffe8000, len 776, room 0
tail 8
chksum 0xd9
load 0x3ffe8308, len 412, room 0
tail 12
chksum 0xb9
csum 0xb9

2nd boot version : 1.3(b3)
SPI Speed : 40MHz
SPI Mode : QIO
SPI Flash Size : 16Mbit
jump to run user1

[doughboy]

ok, I tried one more time, using the patched SSL library, but this time, I removed the call to espconn_secure_set_size, and I am able to connect to iot.espressif.cn 8443, but not port 443.

So I'm pretty sure the bug is in espconn_secure_set method. It cause the module to wdt reset.

[doughboy]

The sample code has the call to espconn_secure_set_size commented out.
I bet if you uncomment that and set size to 8192 and compile that with patched ssl library, you will also get wdt reset.

I tried different values and if I set > 5k, espconn_secure_connect will wdt even connecting to iot.espressif.cn:8443.
I call system_get_free_heap_size() before calling espconn_secure_set_size and I get

Free heap: 17552

So I think there should be memory to malloc a buffer size of 8192.