Need Help with HTTPS Get

gb.123
Posts: 32
Joined: Thu May 20, 2021 9:56 pm

Need Help with HTTPS Get

Postby gb.123 » Wed Dec 08, 2021 11:31 pm

Code: Select all

[Codebox=cpp ]
const String URL = "https://ota.xxxx.com/api";

// Lets Encrypt Root Certificate (Self Signed)
static const char* ota_root_ca=\
"-----BEGIN CERTIFICATE-----\n" \
"MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw\n" \
"TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\n" \
"cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4\n" \
"WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu\n" \
"ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY\n" \
"MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc\n" \
"h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+\n" \
"0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U\n" \
"A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW\n" \
"T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH\n" \
"B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC\n" \
"B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv\n" \
"KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn\n" \
"OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn\n" \
"jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw\n" \
"qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI\n" \
"rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV\n" \
"HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq\n" \
"hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL\n" \
"ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ\n" \
"3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK\n" \
"NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5\n" \
"ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur\n" \
"TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC\n" \
"jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc\n" \
"oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq\n" \
"4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA\n" \
"mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d\n" \
"emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=\n" \
"-----END CERTIFICATE-----\n";

HTTPClient client;

WiFiClientSecure WFSclient;

String updateCerts1(String cert_OTP)
{
        String msg = "Begin Update...";
        Serial.println(msg);
        WFSclient.setCACert(ota_root_ca);
        
        if (!WFSclient.connect(URL.c_str(), 443))
        {
            Serial.println("Connection failed!");
        } 
        else 
        {
            Serial.println("Connected to server!");
            // create HTTP request
            WFSclient.println("GET https://ota.xxxx.com HTTP/1.0");
            WFSclient.println("Host: ota.xxxx.com");
            WFSclient.println("Connection: close");
            WFSclient.println();

            Serial.print("Waiting for response ");
            while (!WFSclient.available())
            {
            delay(50); //
            Serial.print(".");
            }

            // if data is available then receive and print to Terminal
            while (WFSclient.available()) 
            {
            char c = WFSclient.read();
            Serial.write(c);
            }

            // if the server disconnected, stop the client
            if (!WFSclient.connected()) 
            {
            Serial.println();
            Serial.println("Server disconnected");
            WFSclient.stop();
            }
        }
    return "OK";
 }
    

String updateCerts2(String cert_OTP)
{
       
        
        //Connect
        String msg = "Begin Update...";
        Serial.println(msg);
        String finalURL = URL+"/OTAData/GetFile?otp="+cert_OTP;
        boolean start = client.begin(finalURL, ota_root_ca);
        msg = String(start);
        Serial.println(msg);
        
        int8_t resp = client.GET();
        msg = ("ServerResponse:"+String(resp));
        Serial.println(msg);
        if (resp > 0)
        {
            String payload = client.getString();
            msg = ("ServerPayload:"+String(payload));
            Serial.println(msg);
            int32_t payload_length = client.getSize();
            msg = ("ServerPayloadLength:"+String(payload_length));
            Serial.println(msg);
                      
           return "OK";
        }
        else
        {
            return ("Error");
        }
        client.end();
  }
    

[/Codebox]

Hi ! I am using the above code snippet to try and connect to execute a HTTPS get request, but it always throws errors:

updateCerts1(String) : this Throws : handle_error(): X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
Error Code : message code: -9984

updateCerts2(String) throws :
[E][ssl_client.cpp:36] _handle_error(): [start_ssl_client():202]: (-78) UNKNOWN ERROR CODE (004E)
[E][WiFiClientSecure.cpp:132] connect(): start_ssl_client: -78

Sometimes I get : Response = -56

I am using the Letsencrypt Root Certificate (4096 bits) but I have tried with creating my own CA certificate and key of 2048 bits.

I followed the following while creating my own CA :
1. Generate CAkey & CAcert (using CAKey)
2. Generate server cert (ota.xxxx.com) and signed it using CA cert and CAkey using openssl ca command
3. installed the CAcert as ota_root_ca in the above code.

Any help would be greatly appreciated !

Thanks a lot guys

chegewara
Posts: 2207
Joined: Wed Jun 14, 2017 9:00 pm

Re: Need Help with HTTPS Get

Postby chegewara » Thu Dec 09, 2021 9:05 pm

Code: Select all

-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----

gb.123
Posts: 32
Joined: Thu May 20, 2021 9:56 pm

Re: Need Help with HTTPS Get

Postby gb.123 » Thu Dec 09, 2021 11:43 pm

Hi !

Thanks for your reply. I tried the certificate, but it still gives an error (though a different one now). Now for updateCerts1() it gives :

Code: Select all

[E][WiFiGeneric.cpp:685] hostByName(): DNS Failed for https://ota.xxxx.com/api
[E][WiFiClientSecure.cpp:132] connect(): start_ssl_client: -1
Could you tell me what was wrong in the cert I had set ?

Thanks once again !
Last edited by gb.123 on Fri Dec 10, 2021 12:07 am, edited 1 time in total.

chegewara
Posts: 2207
Joined: Wed Jun 14, 2017 9:00 pm

Re: Need Help with HTTPS Get

Postby chegewara » Thu Dec 09, 2021 11:48 pm

It is different error because its different issue.
Did you try to open that URL in browser? It looks like you have problem with server now.

gb.123
Posts: 32
Joined: Thu May 20, 2021 9:56 pm

Re: Need Help with HTTPS Get

Postby gb.123 » Fri Dec 10, 2021 12:05 am

I see you have posted the 'R3' intermediate certificate instead of the 'ISRG Root X1' certificate for lets encrypt.

The server in browser works fine and also it works fine if I test it by sending GET request through 'POSTMAN'.
Infact even the 'ISRG Root X1' root certificate (which I posted in my code seems to work if I append "\r\n" instead of "\n" .

updateCert2() consistently doesn't work and restarts the ESP.

gb.123
Posts: 32
Joined: Thu May 20, 2021 9:56 pm

Re: Need Help with HTTPS Get

Postby gb.123 » Fri Dec 10, 2021 6:45 pm

[Update]: The problem of unknown error code was due to the fact that port 443 was blocked by another task in esp32. The solution was to change the port.

The dns error I am seeing :

Code: Select all

E][WiFiGeneric.cpp:685] hostByName(): DNS Failed for https://ota.xxxx.com/api
[E][WiFiClientSecure.cpp:132] connect(): start_ssl_client: -1
could be due to the fact that I am using "mDNS.h".

Is there any way to manually specify the DNS for one instance of WifiClient or HTTP_Client while running mDNS ?

I tried calling mDNS.end() but still the hostname is unresolvable.

chegewara
Posts: 2207
Joined: Wed Jun 14, 2017 9:00 pm

Re: Need Help with HTTPS Get

Postby chegewara » Sat Dec 11, 2021 5:24 pm

chegewara wrote:
Thu Dec 09, 2021 11:48 pm
Did you try to open that URL in browser? It looks like you have problem with server now.
I asked this question for a reason. When i tried to open URI to your server in browser then i got "Bad gateway error (502)".
I am using lets encrypt on my server (and not only) and CA certificate i am using is the one posted.

Code: Select all

E][WiFiGeneric.cpp:685] hostByName(): DNS Failed for https://ota.xxxx.com/api
[E][WiFiClientSecure.cpp:132] connect(): start_ssl_client: -1
This is different error and has nothing to do with certificate.

gb.123
Posts: 32
Joined: Thu May 20, 2021 9:56 pm

Re: Need Help with HTTPS Get

Postby gb.123 » Sun Dec 12, 2021 9:29 am

@chegewara
I really appreciate your help ! Thank you so much !

You are correct that DNS error has nothing to do with certificate. It was a router problem. The server was supposed to give bad gateway error. Its fixed.

The certificate itself is not a problem, I think that there is some memory issue since after getting DNS error, I start getting the same X509 - Certificate verification failed and subsequently after 2-3 re-tries, it gives me SSL memory allocation failed.

gb.123
Posts: 32
Joined: Thu May 20, 2021 9:56 pm

Re: Need Help with HTTPS Get

Postby gb.123 » Sun Dec 12, 2021 9:05 pm

Would it be ok if I create 2 tasks like this ?

---> xTaskCreatePinnedToCore(TASK1,"TASK1", 2048, NULL, 5, &TaskHandle,1);
This Task in turn creates :

---> xTaskCreatePinnedToCore(TASK2,"TASK2", 8192, NULL, 5, &Task2Handle,1);

Would the heap size of TASK2 be limited to 2048 (as described in TASK1 or would it be 8192 as described in TASK2 ?

ESP_Sprite
Posts: 8921
Joined: Thu Nov 26, 2015 4:08 am

Re: Need Help with HTTPS Get

Postby ESP_Sprite » Mon Dec 13, 2021 1:42 am

That parameter affects the stack size, not the heap size. Heap size generally is only restricted by the available RAM.

Who is online

Users browsing this forum: No registered users and 33 guests