Memory Leak/Usage

zaxl
Posts: 29
Joined: Mon Jun 08, 2015 6:34 pm
Contact:

Re: Memory Leak/Usage

Postby zaxl » Wed Aug 19, 2015 5:43 pm

Hi,

If using v1.3.0 without SSL memory leak patch it does work with iot.espressif.cn.
If using v1.3.0 WITH SSL patch - it does work with stock v1.3.0 but doesn't work with ssl patch.

Works with ssl patch if i call secure_ca_enable after setting the buffer size.
espconn_secure_set_size(ESPCONN_CLIENT,SSLBUF);
secure_ca_enable(1,0x3d);
but if the call chain is in reverse doesn't work.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
the above observations may be messed up since
now i see that you made changes on iot.espressif.cn
openssl s_client -connect iot.espressif.cn:443
Results in:
Verify return code: 20 (unable to get local issuer certificate)


I did the same on my server /removed the issuer certificate from the chain/ and the handshake went ok.
So seems the issue is with the issuer certificate verification.
Regards,
zaxl

ESP_Faye
Posts: 1646
Joined: Mon Oct 27, 2014 11:08 am

Re: Memory Leak/Usage

Postby ESP_Faye » Mon Aug 24, 2015 10:12 am

Hi,

Please have a try with this new libssl, based on esp_iot_sdk_v1.3.0
Attachments
libssl.zip
(151.31 KiB) Downloaded 682 times

zaxl
Posts: 29
Joined: Mon Jun 08, 2015 6:34 pm
Contact:

Re: Memory Leak/Usage

Postby zaxl » Mon Aug 24, 2015 2:49 pm

Hi, Faye!

Espressif_Faye wrote:Hi,

Please have a try with this new libssl, based on esp_iot_sdk_v1.3.0


I'm sorry but it didn't work.
Test with only the server cert - OK
Test with server and issuer cert - Fail

But there is a little improvement - now it fails immediately - does not wait for server close.
Regards,
zaxl

ESP_Faye
Posts: 1646
Joined: Mon Oct 27, 2014 11:08 am

Re: Memory Leak/Usage

Postby ESP_Faye » Tue Aug 25, 2015 8:05 pm

Hi,

There are two new APIs in the new lib that may help, please have a try.
API1.jpg

API2.jpg

zaxl
Posts: 29
Joined: Mon Jun 08, 2015 6:34 pm
Contact:

Re: Memory Leak/Usage

Postby zaxl » Tue Aug 25, 2015 8:29 pm

Hi, Faye!
Espressif_Faye wrote:Hi,

There are two new APIs in the new lib that may help, please have a try.
API1.jpg

API2.jpg


If i got it right - tested with:
espconn_secure_cert_req_disable(3); // disable client certificates in server and client

The result is the same as the previous test.

I do not use client certificates /but it's a very welcome addition!/ - i want to verify that the server i'm connected to is authentic.
May be an option to consider self signed certificates valid would help in my case.
Regards,
zaxl

ESP_Faye
Posts: 1646
Joined: Mon Oct 27, 2014 11:08 am

Re: Memory Leak/Usage

Postby ESP_Faye » Wed Aug 26, 2015 5:31 pm

Hi,

Is the "https://ssl.test.com" your SSL server ? We can not access to it by browser.

What is the IP, port and CA cert of your SSL server?


Code: Select all

espconn_secure_ca_enable(ESPCONN_CLIENT, CA_FLASH_ADDR); // flash sector which stored "esp_ca_cert.bin"
espconn_secure_cert_req_enable(ESPCONN_CLIENT, CERT_FLASH_ADDR); // flash sector which stored "esp_cert_private_key.bin"
espconn_secure_connect(&conn);


How to get "esp_ca_cert.bin", please refer to documentation "5A-ESP8266__SDK__SSL_User_Manual" in \esp_iot_sdk_v1.3.0\document, tools in \esp_iot_sdk_v1.3.0\tools.

How to get "esp_cert_private_key.bin", please refer to the attachment.
Attachments
Certificate Request.zip
(1.9 MiB) Downloaded 699 times

zaxl
Posts: 29
Joined: Mon Jun 08, 2015 6:34 pm
Contact:

Re: Memory Leak/Usage

Postby zaxl » Thu Aug 27, 2015 8:54 pm

Hi, Faye!

Espressif_Faye wrote:Hi,

Is the "https://ssl.test.com" your SSL server ? We can not access to it by browser.

What is the IP, port and CA cert of your SSL server?

Check your private messages about my server and ca cert details.

Code: Select all

espconn_secure_ca_enable(ESPCONN_CLIENT, CA_FLASH_ADDR); // flash sector which stored "esp_ca_cert.bin"
espconn_secure_cert_req_enable(ESPCONN_CLIENT, CERT_FLASH_ADDR); // flash sector which stored "esp_cert_private_key.bin"
espconn_secure_connect(&conn);


How to get "esp_ca_cert.bin", please refer to documentation "5A-ESP8266__SDK__SSL_User_Manual" in \esp_iot_sdk_v1.3.0\document, tools in \esp_iot_sdk_v1.3.0\tools.

How to get "esp_cert_private_key.bin", please refer to the attachment.


Having two scripts called make_cert.py is a bit confusing.
When acting as a client it doesn't make sense to have all the certs and keys issued merged -
so i used a simple
cat private.key certificate.key > esp_cert_private_key.bin
the script does exactly the same.
{ code }
int sect;
sect = 0x6b;
os_printf("cachain at %x\n", sect);
espconn_secure_ca_enable(ESPCONN_CLIENT, sect);
sect = 0x6c;
os_printf("client key at %x\n", sect);
espconn_secure_cert_req_enable(ESPCONN_CLIENT, sect);

{ end code }


cachain at 6b
client key at 6c
E:M 51440
Fatal exception (28):
epc1=0x4000e1e0, epc2=0x00000000, epc3=0x00000000, excvaddr=0x00000000, depc=0x00000000
/ 0x4000e1e0 is at pm_set_sleep_time but i'm not sure if i got it right /
Regards,
zaxl

ESP_Faye
Posts: 1646
Joined: Mon Oct 27, 2014 11:08 am

Re: Memory Leak/Usage

Postby ESP_Faye » Fri Aug 28, 2015 12:44 pm

Hi,

Is the "https://ssl.test.com" your SSL server ? We can not access to it by browser.

What is the IP, port and CA cert of your SSL server?

zaxl
Posts: 29
Joined: Mon Jun 08, 2015 6:34 pm
Contact:

Re: Memory Leak/Usage

Postby zaxl » Fri Aug 28, 2015 1:23 pm

Hi, Faye!

Espressif_Faye wrote:Hi,

Is the "https://ssl.test.com" your SSL server ? We can not access to it by browser.

What is the IP, port and CA cert of your SSL server?


No, i've send you the real server and both .bin files in a private message.
I see it is in my outbox and not in the send items.
Please, take a look.
Regards,
zaxl

ESP_Faye
Posts: 1646
Joined: Mon Oct 27, 2014 11:08 am

Re: Memory Leak/Usage

Postby ESP_Faye » Thu Sep 10, 2015 4:24 pm

Hi,

Sorry that we only support ROOT CA, do not support Intermediate CA + root CA right now.

But your request is very important to us, we will think over it and support it in the future.

Thanks for your interest in ESP8266 !

Who is online

Users browsing this forum: No registered users and 3 guests