Skip to content

espClient.loadCertificate(cert) #4004

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
thomas-rode opened this issue Dec 20, 2017 · 4 comments
Closed

espClient.loadCertificate(cert) #4004

thomas-rode opened this issue Dec 20, 2017 · 4 comments
Labels
waiting for feedback Waiting on additional info. If it's not received, the issue may be closed.

Comments

@thomas-rode
Copy link

Basic Infos

Hardware

Hardware: ESP-12 or Wemos mini
Core Version: 2.4.0-rc2

Description

i use a standard certificate from OU = Amazon Web Services O=Amazon.com Inc. L=Seattle ST=Washington C=US vid valid Dates from 31.08.2016 till 01.01.2050.
Using espClient.loadCertificate(cert); or espClient.setCertificate(binaryCert, len); the dubug output is

Organizational Unit (OU): Amazon Web Services O=Amazon.com Inc. L=Seattle ST=Washington C=US
Not Before: Wed Aug 31 20:25:41 2016
Not After: Tue Nov 25 17:31:43 1913

there must be an problem in the time calculation (2050 --> 1913).

Problem description

Settings in IDE

Module: Generic ESP8266 Module
Flash Size: 4MB/1MB
CPU Frequency: 80Mhz?
Flash Mode: dio
Flash Frequency: 40Mhz
Upload Using: SERIAL
Reset Method: nodemcu

Sketch

// Load certificate file
File cert = SPIFFS.open("/cert.der", "r"); //replace cert.crt eith your uploaded file name
if (!cert) {            Serial.println("Failed to open cert file");  
} else                  Serial.println("Success to open cert file");
delay(1000);
if (espClient.loadCertificate(cert))        Serial.println("cert loaded\n");
else                                        Serial.println("cert not loaded\n");

Debug Messages

Heap: 34424
=== CERTIFICATE ISSUED TO ===
Common Name (CN): AWS IoT Certificate
Organization (O):
Basic Constraints: critical, CA:FALSE, pathlen:10000
Key Usage: critical, Digital Signature
=== CERTIFICATE ISSUED BY ===
Common Name (CN):
Organization (O):
Organizational Unit (OU): Amazon Web Services O=Amazon.com Inc. L=Seattle ST=Washington C=US
Not Before: Wed Aug 31 20:25:41 2016
Not After: Tue Nov 25 17:31:43 1913
RSA bitsize: 2048
Sig Type: SHA256

messages here
any ideas ?
@d-a-v
Copy link
Collaborator

d-a-v commented Dec 20, 2017

You might have rediscovered the year 2038's end of [32bits] world more info
hint: 1900+2050-2038=

@thomas-rode
Copy link
Author

may be, but can that be the problem that AWS rejects the connection?

State: receiving Certificate Request (13)
State: receiving Server Hello Done (14)
State: sending Certificate (11)
:wr 12 12 0
:wrc 12 12 0
:sent 12
:rn 7
:rcl
:abort
State: sending Client Key Exchange (16)
Error: connection lost
Alert: close notify
failed, rc=-2 try again in 5 seconds

@igrr
Copy link
Member

igrr commented Dec 26, 2017

There's currently an issue that TLS connection timeout is set too low: #3944.
I've just tried setting up a connection to AWS IoT, and after the fix to the connection timeout, connection was successful.

Please double check that you are using the right certificate, e.g. by connecting using mosquitto_pub tool.

@igrr igrr added the waiting for feedback Waiting on additional info. If it's not received, the issue may be closed. label Dec 27, 2017
@devyte
Copy link
Collaborator

devyte commented Jul 13, 2018

Closing due to bearssl merged and migration from axtls. Also, lack of feedback in several months.

@devyte devyte closed this as completed Jul 13, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
waiting for feedback Waiting on additional info. If it's not received, the issue may be closed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@igrr @d-a-v @devyte @thomas-rode