https_request example fails with updated certificate.

ravenb72
Posts: 3
Joined: Tue Jun 21, 2022 8:59 pm

https_request example fails with updated certificate.

Postby ravenb72 » Wed Jun 22, 2022 1:18 pm

The https_request example that is supplied works with the provided certificate even though it has expired. I retrieved the latest certificate file for https://www.howsmyssl.com/a/check using a browser and replaced the old one.
Now, the first of the 3 requests works but the last two fail with the following errors:
  1. I (18265) example: https_request using cacert_buf
  2. E (18925) esp-tls-mbedtls: mbedtls_ssl_handshake returned -0x2700
  3. I (18925) esp-tls-mbedtls: Failed to verify peer certificate!I (18925) esp-tls-mbedtls: verification info:   ! The certificate is not correctly signed by the trusted CA
  4.  
  5. E (18935) esp-tls: Failed to open new connection
  6. E (18945) example: Connection failed...
  7.  
  8. ------
  9.  
  10. I (29955) example: https_request using global ca_store
  11. W (30205) wifi:<ba-add>idx:2 (ifx:0, 94:53:30:e2:c1:b0), tid:3, ssn:0, winSize:64
  12. E (30495) esp-tls-mbedtls: mbedtls_ssl_handshake returned -0x2700
  13. I (30495) esp-tls-mbedtls: Failed to verify peer certificate!I (30505) esp-tls-mbedtls: verification info:   ! The certificate is not correctly signed by the trusted CA
  14.  
  15. E (30515) esp-tls: Failed to open new connection
  16. E (30515) example: Connection failed...
Retrieved Certificate for https://www.howsmyssl.com/a/check:
  1. -----BEGIN CERTIFICATE-----
  2. MIIEjjCCA3agAwIBAgISA5cSeCYmxRnm7L/MLS+5Sma7MA0GCSqGSIb3DQEBCwUA
  3. MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
  4. EwJSMzAeFw0yMjA2MTQwMzAyMTJaFw0yMjA5MTIwMzAyMTFaMBwxGjAYBgNVBAMT
  5. EXd3dy5ob3dzbXlzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELNaZ
  6. bNkFgjEDFBDeP4hxKlLNg8mPQJyR/U0xhw/ZPDLM8cy1tYt/qr1eV2763fn8PnnL
  7. /VdZ4hqEF7lncpLgIKOCAn0wggJ5MA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAU
  8. BggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUlI7e
  9. Qv+gBHoSQ/rwxWB9HXV+BeYwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsU
  10. wsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5j
  11. ci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8wTQYDVR0R
  12. BEYwRIINaG93c215c3NsLmNvbYINaG93c215dGxzLmNvbYIRd3d3Lmhvd3NteXNz
  13. bC5jb22CEXd3dy5ob3dzbXl0bHMuY29tMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcG
  14. CysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5
  15. cHQub3JnMIIBBAYKKwYBBAHWeQIEAgSB9QSB8gDwAHcA36Veq2iCTx9sre64X04+
  16. WurNohKkal6OOxLAIERcKnMAAAGBYGBKJAAABAMASDBGAiEA3JEiu/PKb1Qg5iZ5
  17. hrIHSVn/+UZRzJ1+qB6OTTmXp74CIQCID4gOGEmFv+spEFxWDtzVNPiUuskK5VZi
  18. vDJZi09xKQB1ACl5vvCeOTkh8FZzn2Old+W+V32cYAr4+U1dJlwlXceEAAABgWBg
  19. ShYAAAQDAEYwRAIgYl2BTtsOfd4rHD2KrdZMm991xyp2bCMffTtslAf+j9gCIBrF
  20. ywTrHuH3B1UMhHihP6YtCB3g0NrmDg0NgJ9uGKIyMA0GCSqGSIb3DQEBCwUAA4IB
  21. AQAXmgKqwecl1ac+DwFs3Sr/NHq9FZEbr9f/UOIPUVzELg89RG7EASI7taQr+Xyl
  22. DvH13FhmRQpOEjmbcqakVzErg9IGY4m518czgIo4w04QsyTNXDCpKtK9MN8tqhn0
  23. PEMM9ju1zYVVGGNagQehoxN2MuG8JVjb+BF+jFWKqtxtukft/wTNtVj+uqJwvCos
  24. 6f6dKw6XtnPXXALGb3TZdEfQT+zDwevygjWPCTtlZ5YAi5pmrT1heP4Tfb8vB5Mm
  25. LgeCBmlPqW/GMVIILI8p5fazH+/g2bviv7+w+TJk75lK72i5MyF7RLZwMSQmxNMH
  26. R+1M4Mok2p6GhfanJGxUltOc
  27. -----END CERTIFICATE-----
I get similar behavior when trying to access our AWS servers. The OTA example also fails when I attempt to retrieve the binary from our AWS servers. It works if I spin up a Debian VM and generate a certificate file with openssl as per the instructions.


Who is online

Users browsing this forum: No registered users and 77 guests