esp32 wss_server example handshake failed

dtaylor
Posts: 8
Joined: Tue Aug 24, 2021 5:27 pm

esp32 wss_server example handshake failed

Postby dtaylor » Mon Sep 13, 2021 4:39 pm

Hello,
I'm trying to get the secure websocket example working but can't connect. I managed to get the ws_server working successfully. I was also able to successfully get the simple https server working. Here is the debug from mbedtls. I am using the certificate and key provided in the example.

I'm using the ESP32-WROOM-32E and LAN8720 Ethernet PHY.

Any help or links to help me resolve this issue would be very much appreciated!

I (6504) wss_echo_server: Ethernet Got IP Address
I (6504) wss_echo_server: ~~~~~~~~~~~
I (6504) wss_echo_server: ETHIP:10.10.100.100
I (6514) wss_echo_server: ETHMASK:255.255.255.0
I (6514) wss_echo_server: ETHGW:10.10.100.254
I (6524) wss_echo_server: ~~~~~~~~~~~
I (6524) wss_echo_server: Starting server
I (6534) esp_https_server: Starting server
I (6544) esp_https_server: Server listening on port 443
I (6544) wss_echo_server: Registering URI handlers
I (170684) esp_https_server: performing session handshake
I (170694) mbedtls: ssl_tls.c:8203 => handshake

I (170694) mbedtls: ssl_srv.c:4285 server state: 0

I (170694) mbedtls: ssl_tls.c:2847 => flush output

I (170704) mbedtls: ssl_tls.c:2859 <= flush output

I (170704) mbedtls: ssl_tls.c:2628 => fetch input

I (170714) mbedtls: ssl_tls.c:2789 in_left: 0, nb_want: 5

I (170724) mbedtls: ssl_tls.c:2813 in_left: 0, nb_want: 5

I (170724) mbedtls: ssl_tls.c:2814 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

I (170734) mbedtls: ssl_tls.c:2834 <= fetch input

I (170744) mbedtls: ssl_srv.c:4285 server state: 1

I (170744) mbedtls: ssl_tls.c:2847 => flush output

I (170754) mbedtls: ssl_tls.c:2859 <= flush output

I (170754) mbedtls: ssl_srv.c:1236 => parse client hello

I (170764) mbedtls: ssl_tls.c:2628 => fetch input

I (170764) mbedtls: ssl_tls.c:2789 in_left: 5, nb_want: 5

I (170774) mbedtls: ssl_tls.c:2834 <= fetch input

I (170784) mbedtls: ssl_tls.c:2628 => fetch input

I (170784) mbedtls: ssl_tls.c:2789 in_left: 5, nb_want: 138

I (170794) mbedtls: ssl_tls.c:2813 in_left: 5, nb_want: 138

I (170794) mbedtls: ssl_tls.c:2814 ssl->f_recv(_timeout)() returned 133 (-0xffffff7b)

I (170804) mbedtls: ssl_tls.c:2834 <= fetch input

I (170824) mbedtls: ssl_srv.c:2024 selected ciphersuite: TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384

I (170824) mbedtls: ssl_srv.c:2058 <= parse client hello

I (170834) mbedtls: ssl_srv.c:4285 server state: 2

I (170834) mbedtls: ssl_tls.c:2847 => flush output

I (170844) mbedtls: ssl_tls.c:2859 <= flush output

I (170844) mbedtls: ssl_srv.c:2442 => write server hello

I (170854) mbedtls: ssl_tls.c:3286 => write handshake message

I (170864) mbedtls: ssl_tls.c:3445 => write record

I (170864) mbedtls: ssl_tls.c:2847 => flush output

I (170874) mbedtls: ssl_tls.c:2866 message length: 96, out_left: 96

I (170884) mbedtls: ssl_tls.c:2871 ssl->f_send() returned 96 (-0xffffffa0)

I (170884) mbedtls: ssl_tls.c:2899 <= flush output

I (170894) mbedtls: ssl_tls.c:3578 <= write record

I (170894) mbedtls: ssl_tls.c:3422 <= write handshake message

I (170904) mbedtls: ssl_srv.c:2663 <= write server hello

I (170914) mbedtls: ssl_srv.c:4285 server state: 3

I (170914) mbedtls: ssl_tls.c:2847 => flush output

I (170924) mbedtls: ssl_tls.c:2859 <= flush output

I (170924) mbedtls: ssl_tls.c:5437 => write certificate

I (170934) mbedtls: ssl_tls.c:3286 => write handshake message

I (170944) mbedtls: ssl_tls.c:3445 => write record

I (170954) mbedtls: ssl_tls.c:2847 => flush output

I (170954) mbedtls: ssl_tls.c:2866 message length: 830, out_left: 830

I (170954) mbedtls: ssl_tls.c:2871 ssl->f_send() returned 830 (-0xfffffcc2)

I (170964) mbedtls: ssl_tls.c:2899 <= flush output

I (170974) mbedtls: ssl_tls.c:3578 <= write record

I (170974) mbedtls: ssl_tls.c:3422 <= write handshake message

I (170984) mbedtls: ssl_tls.c:5541 <= write certificate

I (170994) mbedtls: ssl_srv.c:4285 server state: 4

I (170994) mbedtls: ssl_tls.c:2847 => flush output

I (171004) mbedtls: ssl_tls.c:2859 <= flush output

I (171004) mbedtls: ssl_srv.c:3296 => write server key exchange

I (171014) mbedtls: ssl_srv.c:3074 ECDHE curve: secp384r1

I (172104) mbedtls: ssl_tls.c:3286 => write handshake message

I (172104) mbedtls: ssl_tls.c:3445 => write record

I (172114) mbedtls: ssl_tls.c:2847 => flush output

I (172114) mbedtls: ssl_tls.c:2866 message length: 370, out_left: 370

I (172124) mbedtls: ssl_tls.c:2871 ssl->f_send() returned 370 (-0xfffffe8e)

I (172124) mbedtls: ssl_tls.c:2899 <= flush output

I (172134) mbedtls: ssl_tls.c:3578 <= write record

I (172144) mbedtls: ssl_tls.c:3422 <= write handshake message

I (172144) mbedtls: ssl_srv.c:3380 <= write server key exchange

I (172154) mbedtls: ssl_srv.c:4285 server state: 5

I (172154) mbedtls: ssl_tls.c:2847 => flush output

I (172164) mbedtls: ssl_tls.c:2859 <= flush output

I (172174) mbedtls: ssl_srv.c:2708 => write certificate request

I (172174) mbedtls: ssl_srv.c:2726 <= skip write certificate request

I (172184) mbedtls: ssl_srv.c:4285 server state: 6

I (172194) mbedtls: ssl_tls.c:2847 => flush output

I (172194) mbedtls: ssl_tls.c:2859 <= flush output

I (172204) mbedtls: ssl_srv.c:3388 => write server hello done

I (172204) mbedtls: ssl_tls.c:3286 => write handshake message

I (172214) mbedtls: ssl_tls.c:3445 => write record

I (172224) mbedtls: ssl_tls.c:2847 => flush output

I (172224) mbedtls: ssl_tls.c:2866 message length: 9, out_left: 9

I (172234) mbedtls: ssl_tls.c:2871 ssl->f_send() returned -80 (-0x0050)


W (172244) mbedtls: ssl_tls.c:3574 mbedtls_ssl_flush_output() returned -80 (-0x0050)

W (172244) mbedtls: ssl_tls.c:3417 ssl_write_record() returned -80 (-0x0050)

W (172254) mbedtls: ssl_srv.c:3403 mbedtls_ssl_write_handshake_msg() returned -80 (-0x0050)


I (172264) mbedtls: ssl_tls.c:8213 <= handshake

E (172274) esp-tls-mbedtls: mbedtls_ssl_handshake returned -80
E (172274) esp_https_server: esp_tls_create_server_session failed

I (172284) wss_echo_server: Client disconnected 57
W (172294) httpd: httpd_accept_conn: session creation failed
E (172294) wss_keep_alive: Cannot remove client fd:57
W (172294) httpd: httpd_server: error accepting new connection

dtaylor
Posts: 8
Joined: Tue Aug 24, 2021 5:27 pm

Re: esp32 wss_server example handshake failed

Postby dtaylor » Mon Sep 13, 2021 6:05 pm

Please also, let me know if additional information would help solve this so I can add this info to my original question.
Thank you! :)

dtaylor
Posts: 8
Joined: Tue Aug 24, 2021 5:27 pm

Re: esp32 wss_server example handshake failed

Postby dtaylor » Mon Sep 13, 2021 6:44 pm

Just looking for differences in config of working https server and my not working wss_server example. Found in https server that PSK verification was disabled. So disabled this in wss_server example and now get this error towards the end of the handshake:



I (160312) mbedtls: ssl_tls.c:2814 ssl->f_recv(_timeout)() returned 2 (-0xfffffffe)

I (160322) mbedtls: ssl_tls.c:2834 <= fetch input

I (160322) mbedtls: ssl_tls.c:5278 got an alert message, type: [2:46]

W (160332) mbedtls: ssl_tls.c:5286 is a fatal alert message (msg 46)

W (160342) mbedtls: ssl_tls.c:4477 mbedtls_ssl_handle_message_type() returned -30592 (-0x7780)

W (160342) mbedtls: ssl_srv.c:3760 mbedtls_ssl_read_record() returned -30592 (-0x7780)

I (160352) mbedtls: ssl_tls.c:8213 <= handshake

E (160362) esp-tls-mbedtls: mbedtls_ssl_handshake returned -30592
E (160372) esp_https_server: esp_tls_create_server_session failed
I (160372) wss_echo_server: Client disconnected 57
W (160382) httpd: httpd_accept_conn: session creation failed
E (160382) wss_keep_alive: Cannot remove client fd:57
W (160392) httpd: httpd_server: error accepting new connection

dtaylor
Posts: 8
Joined: Tue Aug 24, 2021 5:27 pm

Re: esp32 wss_server example handshake failed

Postby dtaylor » Mon Sep 13, 2021 7:16 pm

Additional information:

I tried this using client to connect from google chrome, firefox and safari. None worked.

I also tried making an Android application and connect from a websocket client there. Still didn't work but got an client side error that indicates the certificate is the issue:

Error No subjectAltNames on the certificate match

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 144 guests