Skip to content

After AxTLS update to v2.0.0, the ESP8266 can work with TLS v1.2 #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dielume opened this issue Aug 25, 2017 · 5 comments
Closed

After AxTLS update to v2.0.0, the ESP8266 can work with TLS v1.2 #5

dielume opened this issue Aug 25, 2017 · 5 comments

Comments

@dielume
Copy link

dielume commented Aug 25, 2017

Hello @copercini, which branch or tag did you clone of esp8266?, I tried with 2.4.0-rc1
but i continue with SSL error 42. I tried your mqtt_x509_DER example with the following output:

ail 8
chksum 0x2d
csum 0x2d
vf6d232f1
~ld

Connecting to SIRA
sta config unchangedscandone
scandone
state: 0 -> 2 (b0)
state: 2 -> 3 (0)
state: 3 -> 5 (10)
add 0
aid 4
cnt

connected with SIRA, channel 6
dhcp client start...
...ip:192.168.1.30,mask:255.255.255.0,gw:192.168.1.1
.
WiFi connected
IP address:
192.168.1.30
SPIFFSImpl: allocating 512+180+1400=2092 bytes
SPIFFSImpl: mounting fs @100000, size=2fb000, block=2000, page=100
SPIFFSImpl: mount rc=0
Heap: 33928
Success to open cert file
SPIFFS_read rc=-1
loadObject: reading 861 bytes, got 0
cert not loaded
Success to open private cert file
SPIFFS_read rc=-1
loadObject: reading 1191 bytes, got 0
private key not loaded
Heap: 33592
SPIFFS_close: fd=2
SPIFFS_close: fd=1
Attempting MQTT connection...:ref 1
please start sntp first !
State: sending Client Hello (1)
:wr 129 129 0
:wrc 129 129 0
:sent 129
:rn 1460
:rd 5, 1460, 0
:rdi 1460, 5
:rd 1455, 1460, 5
:rdi 1455, 1455
:c0 1455, 1460
:rn 1460
:rd 1460, 1460, 0
:rdi 1460, 1460
:c0 1460, 1460
:rn 117
:rd 117, 117, 0
:rdi 117, 117
:c0 117, 117
State: receiving Server Hello (2)
State: receiving Certificate (11)
State: receiving Certificate Request (13)
State: receiving Server Hello Done (14)
State: sending Certificate (11)
:wr 12 12 0
:wrc 12 12 0
State: sending Client Key Exchange (16)
:wr 267 267 0
:wrc 256 267 0
:wrc 11 11 0
:wr 6 6 0
:wrc 6 6 0
State: sending Finished (16)
:wr 85 85 0
:wrc 85 85 0
:sent 12
:rn 7
:rcl
:abort
:rd 5, 7, 0
:rdi 7, 5
:rd 2, 7, 5
:rdi 2, 2
:c0 2, 7
Alert: bad certificate
Error: SSL error 42
Alert: unexpected message
Alert: close notify
failed, rc=-2 try again in 5 seconds

Thanks in advance
@copercini
Copy link
Owner

copercini commented Aug 25, 2017
edited
Loading

Alert: bad certificate

The Amazon recuse the communication due your certificates are invalid....
Double check your client certificates

@dielume
Copy link
Author

dielume commented Aug 25, 2017

@copercini Thanks for the early reply:

I found the error the WiFiClientSecure can't load my certificate and my key
Success to open cert file
SPIFFS_read rc=-1
loadObject: reading 861 bytes, got 0
cert not loaded
Success to open private cert file
SPIFFS_read rc=-1
loadObject: reading 1191 bytes, got 0
private key not loaded

Both are in DER file and i followed your instructions :
Converting PEM to DER format: (On Windoens you should download openssl first)
$ openssl x509 -in aaaaaaaaa-certificate.pem.crt.txt -out cert.der -outform DER
$ openssl rsa -in aaaaaaaaaa-private.pem.key -out private.der -outform DER

could be the branch?
thanks

@copercini
Copy link
Owner

It's some problem in SPIFFS

try change the SPIFFS size in arduino menu and upload again using arduino-esp8266fs-plugin

@dielume
Copy link
Author

dielume commented Aug 25, 2017

@copercini I changed Flash Size from 4M(3M SPIFFS) to 4M(1M SPIFFS) . The cert and can loaded now, and apparently amazon accept my certifcates but receive and Alert: close notify and disconnect.

This is my log:

8
chksum 0x2d
csum 0x2d
vf6d232f1
~ld

Connecting to SIRA
sta config unchangedscandone
scandone
state: 0 -> 2 (b0)
state: 2 -> 3 (0)
state: 3 -> 5 (10)
add 0
aid 4
cnt

connected with SIRA, channel 6
dhcp client start...
...ip:192.168.1.30,mask:255.255.255.0,gw:192.168.1.1
.
WiFi connected
IP address:
192.168.1.30
SPIFFSImpl: allocating 512+180+1400=2092 bytes
SPIFFSImpl: mounting fs @300000, size=fb000, block=2000, page=100
SPIFFSImpl: mount rc=0
Heap: 33720
Success to open cert file
cert loaded
Success to open private cert file
private key loaded
Heap: 26528
SPIFFS_close: fd=2
SPIFFS_close: fd=1
Attempting MQTT connection...:ref 1
State: sending Client Hello (1)
:wr 129 129 0
:wrc 129 129 0
:sent 129
:rn 1460
:rd 5, 1460, 0
:rdi 1460, 5
:rd 1455, 1460, 5
:rdi 1455, 1455
:c0 1455, 1460
:rn 1460
:rd 1460, 1460, 0
:rdi 1460, 1460
:c0 1460, 1460
:rn 117
:rd 117, 117, 0
:rdi 117, 117
:c0 117, 117
State: receiving Server Hello (2)
State: receiving Certificate (11)
State: receiving Certificate Request (13)
State: receiving Server Hello Done (14)
State: sending Certificate (11)
:wr 876 876 0
:wrc 256 876 0
:wrc 256 620 0
:wrc 256 364 0
:wrc 108 108 0
State: sending Client Key Exchange (16)
:wr 267 267 0
:wrc 256 267 0
:wrc 11 11 0
:sent 876
:sent 267
State: sending Certificate Verify (15)
:wr 269 269 0
:wrc 256 269 0
:wrc 13 13 0
:wr 6 6 0
:wrc 6 6 0
State: sending Finished (16)
:wr 85 85 0
:wrc 85 85 0
:sent 269
:sent 91
:rn 91
:rd 5, 91, 0
:rdi 91, 5
:rd 1, 91, 5
:rdi 86, 1
:rd 5, 91, 6
:rdi 85, 5
:rd 80, 91, 11
:rdi 80, 80
:c0 80, 91
State: receiving Finished (16)
:wr 85 85 0
:wrc 85 85 0
:sent 85
:rn 69
:rcl
:abort
:rd 5, 69, 0
:rdi 69, 5
:rd 64, 69, 5
:rdi 64, 64
:c0 64, 69
Alert: close notify
pm open,type:2 0
:ur 1
:del
failed, rc=-4 try again in 5 seconds
Attempting MQTT connection...:ref 1
State: sending Client Hello (1)
:wr 129 129 0
:wrc 129 129 0
:sent 129
:rn 1460
:rd 5, 1460, 0
:rdi 1460, 5
:rd 1455, 1460, 5
:rdi 1455, 1455
:c0 1455, 1460
:rn 1460
:rd 1460, 1460, 0
:rdi 1460, 1460
:c0 1460, 1460
:rn 117
:rd 117, 117, 0
:rdi 117, 117
:c0 117, 117
State: receiving Server Hello (2)
State: receiving Certificate (11)
State: receiving Certificate Request (13)
State: receiving Server Hello Done (14)
State: sending Certificate (11)
:wr 876 876 0
:wrc 256 876 0
:wrc 256 620 0
:wrc 256 364 0
:wrc 108 108 0
State: sending Client Key Exchange (16)
:wr 267 267 0
:wrc 256 267 0
:wrc 11 11 0
:sent 876
:sent 267
State: sending Certificate Verify (15)
:wr 269 269 0
:wrc 256 269 0
:wrc 13 13 0
:wr 6 6 0
:wrc 6 6 0
State: sending Finished (16)
:wr 85 85 0
:wrc 85 85 0
:sent 269
:sent 91
:rn 91
:rd 5, 91, 0
:rdi 91, 5
:rd 1, 91, 5
:rdi 86, 1
:rd 5, 91, 6
:rdi 85, 5
:rd 80, 91, 11
:rdi 80, 80
:c0 80, 91
State: receiving Finished (16)
:wr 85 85 0
:wrc 85 85 0
:sent 85
:rn 69
:rd 5, 69, 0
:rdi 69, 5
:rd 64, 69, 5
:rdi 64, 64
:c0 64, 69
:wr 69 69 0
:wrc 69 69 0
Alert: close notify
:rcl
:abort
:ur 1
:del
failed, rc=-4 try again in 5 seconds
Attempting MQTT connection...:ref 1
State: sending Client Hello (1)

@dielume
Copy link
Author

dielume commented Aug 28, 2017

@copercini Many thanks for all the Help!,
Finally I can do it, my Policy was the last final step. i forgot to able the connections in the Policy.
Too grateful.

@dielume dielume closed this as completed Aug 28, 2017
@once2go once2go mentioned this issue Aug 20, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dielume @copercini