Memory Leak/Usage
Re: Memory Leak/Usage
Postby zaxl » Wed Aug 19, 2015 5:43 pm
If using v1.3.0 without SSL memory leak patch it does work with iot.espressif.cn.
If using v1.3.0 WITH SSL patch - it does work with stock v1.3.0 but doesn't work with ssl patch.
Works with ssl patch if i call secure_ca_enable after setting the buffer size.
espconn_secure_set_size(ESPCONN_CLIENT,SSLBUF);
secure_ca_enable(1,0x3d);
but if the call chain is in reverse doesn't work.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
the above observations may be messed up since
now i see that you made changes on iot.espressif.cn
openssl s_client -connect iot.espressif.cn:443
Results in:
Verify return code: 20 (unable to get local issuer certificate)
I did the same on my server /removed the issuer certificate from the chain/ and the handshake went ok.
So seems the issue is with the issuer certificate verification.
zaxl
Re: Memory Leak/Usage
Postby ESP_Faye » Mon Aug 24, 2015 10:12 am
Please have a try with this new libssl, based on esp_iot_sdk_v1.3.0
- Attachments
-
- libssl.zip
- (151.31 KiB) Downloaded 682 times
Re: Memory Leak/Usage
Postby zaxl » Mon Aug 24, 2015 2:49 pm
Espressif_Faye wrote:Hi,
Please have a try with this new libssl, based on esp_iot_sdk_v1.3.0
I'm sorry but it didn't work.
Test with only the server cert - OK
Test with server and issuer cert - Fail
But there is a little improvement - now it fails immediately - does not wait for server close.
zaxl
Re: Memory Leak/Usage
Postby zaxl » Tue Aug 25, 2015 8:29 pm
Espressif_Faye wrote:Hi,
There are two new APIs in the new lib that may help, please have a try.API1.jpgAPI2.jpg
If i got it right - tested with:
espconn_secure_cert_req_disable(3); // disable client certificates in server and client
The result is the same as the previous test.
I do not use client certificates /but it's a very welcome addition!/ - i want to verify that the server i'm connected to is authentic.
May be an option to consider self signed certificates valid would help in my case.
zaxl
Re: Memory Leak/Usage
Postby ESP_Faye » Wed Aug 26, 2015 5:31 pm
Is the "https://ssl.test.com" your SSL server ? We can not access to it by browser.
What is the IP, port and CA cert of your SSL server?
Code: Select all
espconn_secure_ca_enable(ESPCONN_CLIENT, CA_FLASH_ADDR); // flash sector which stored "esp_ca_cert.bin"
espconn_secure_cert_req_enable(ESPCONN_CLIENT, CERT_FLASH_ADDR); // flash sector which stored "esp_cert_private_key.bin"
espconn_secure_connect(&conn);
How to get "esp_ca_cert.bin", please refer to documentation "5A-ESP8266__SDK__SSL_User_Manual" in \esp_iot_sdk_v1.3.0\document, tools in \esp_iot_sdk_v1.3.0\tools.
How to get "esp_cert_private_key.bin", please refer to the attachment.
- Attachments
-
- Certificate Request.zip
- (1.9 MiB) Downloaded 699 times
Re: Memory Leak/Usage
Postby zaxl » Thu Aug 27, 2015 8:54 pm
Espressif_Faye wrote:Hi,
Is the "https://ssl.test.com" your SSL server ? We can not access to it by browser.
What is the IP, port and CA cert of your SSL server?
Check your private messages about my server and ca cert details.Code: Select all
espconn_secure_ca_enable(ESPCONN_CLIENT, CA_FLASH_ADDR); // flash sector which stored "esp_ca_cert.bin"
espconn_secure_cert_req_enable(ESPCONN_CLIENT, CERT_FLASH_ADDR); // flash sector which stored "esp_cert_private_key.bin"
espconn_secure_connect(&conn);
How to get "esp_ca_cert.bin", please refer to documentation "5A-ESP8266__SDK__SSL_User_Manual" in \esp_iot_sdk_v1.3.0\document, tools in \esp_iot_sdk_v1.3.0\tools.
How to get "esp_cert_private_key.bin", please refer to the attachment.
Having two scripts called make_cert.py is a bit confusing.
When acting as a client it doesn't make sense to have all the certs and keys issued merged -
so i used a simple
cat private.key certificate.key > esp_cert_private_key.bin
the script does exactly the same.
{ code }
int sect;
sect = 0x6b;
os_printf("cachain at %x\n", sect);
espconn_secure_ca_enable(ESPCONN_CLIENT, sect);
sect = 0x6c;
os_printf("client key at %x\n", sect);
espconn_secure_cert_req_enable(ESPCONN_CLIENT, sect);
{ end code }
cachain at 6b
client key at 6c
E:M 51440
Fatal exception (28):
epc1=0x4000e1e0, epc2=0x00000000, epc3=0x00000000, excvaddr=0x00000000, depc=0x00000000
/ 0x4000e1e0 is at pm_set_sleep_time but i'm not sure if i got it right /
zaxl
Re: Memory Leak/Usage
Postby zaxl » Fri Aug 28, 2015 1:23 pm
Espressif_Faye wrote:Hi,
Is the "https://ssl.test.com" your SSL server ? We can not access to it by browser.
What is the IP, port and CA cert of your SSL server?
No, i've send you the real server and both .bin files in a private message.
I see it is in my outbox and not in the send items.
Please, take a look.
zaxl
Re: Memory Leak/Usage
Postby ESP_Faye » Thu Sep 10, 2015 4:24 pm
Sorry that we only support ROOT CA, do not support Intermediate CA + root CA right now.
But your request is very important to us, we will think over it and support it in the future.
Thanks for your interest in ESP8266 !
Who is online
Users browsing this forum: No registered users and 3 guests
Login
Newbies Start Here
Are you new to ESP8266?
Unsure what to do?
Dunno where to start?
Start right here!
Latest SDK
Documentation
Complete listing of the official ESP8266 related documentation release by ESPRESSIF!
Must read here!
- All times are UTC+08:00
- Top
- Delete all board cookies
About Us
Espressif Systems is a fabless semiconductor company providing cutting-edge low power WiFi SoCs and wireless solutions for wireless communications and Internet of Things applications. We are the manufacturer of ESP8266EX.