AWS IoT and HTTPS are mutually failed
AWS IoT and HTTPS are mutually failed
I am running AWS IoT and HTTPS simultaneously and they do not work at the same time. AWS IoT worked great if I didn't start another HTTPS session, so did HTTPS. If I got both running together, I got the following errors:
E (320154) esp-tls: mbedtls_ssl_handshake returned -0x2700
E (320164) esp-tls: Failed to open new connection
E (320164) TRANS_SSL: Failed to open a new connection
E (320164) HTTP_CLIENT: Connection failed, sock < 0
E (320174) HTTPS_CLIENT: Error perform http request ESP_ERR_HTTP_CONNECT
W (332144) mbedtls: ssl_tls.c:5713 x509_verify_cert() returned -9984 (-0x2700)
Am I missing anything or that is the limitation of ESP32?
Samson
E (320154) esp-tls: mbedtls_ssl_handshake returned -0x2700
E (320164) esp-tls: Failed to open new connection
E (320164) TRANS_SSL: Failed to open a new connection
E (320164) HTTP_CLIENT: Connection failed, sock < 0
E (320174) HTTPS_CLIENT: Error perform http request ESP_ERR_HTTP_CONNECT
W (332144) mbedtls: ssl_tls.c:5713 x509_verify_cert() returned -9984 (-0x2700)
Am I missing anything or that is the limitation of ESP32?
Samson
Re: AWS IoT and HTTPS are mutually failed
Hello chegewara,
Thank you for pointing some directions. I went some of the discussions and tried somethings. I still could not get it working. If you don't mind, could you give me some more specific hints? Thank you so much.
Samson
Thank you for pointing some directions. I went some of the discussions and tried somethings. I still could not get it working. If you don't mind, could you give me some more specific hints? Thank you so much.
Samson
Re: AWS IoT and HTTPS are mutually failed
error you get from mbedtls is self explanatory.
You have incorrect certificate or your certificate is not activated in aws IoT.
You have incorrect certificate or your certificate is not activated in aws IoT.
transport_tls and mbedtls do not support concurrent SSL sessions if there is more than one domain destinations
AWS IOT SDK has nothing to do with this problem. The current ESP32 transport_tls and mbedtls simply do not support concurrent sessions when there is more than one SSL destination. If you create two HTTPS sessions going to two different HTTPS destinations (different destination domains and certificates), only the first one can be established. The second one will fail.
Samson
Samson
Re: transport_tls and mbedtls do not support concurrent SSL sessions if there is more than one domain destinations
This should not be true. Is it possible you're accidentally passing the wrong certificate to one of the sessions? (If they're embedded in the binary, they'll each need to have different names.)samsonch wrote: ↑Wed Jan 02, 2019 11:03 amAWS IOT SDK has nothing to do with this problem. The current ESP32 transport_tls and mbedtls simply do not support concurrent sessions when there is more than one SSL destination. If you create two HTTPS sessions going to two different HTTPS destinations (different destination domains and certificates), only the first one can be established. The second one will fail.
If that's not it, is it possible for you to please post a full project (or as much of it as possible) somewhere?
Re: AWS IoT and HTTPS are mutually failed
I have opposite situation. I have AWS IoT app and i am sending https url to my app to start OTA update and it works without CA cert. To OTA update i am using basically native OTA example:
I am using server with letsencrypt certificate and it works without issue.
Code: Select all
esp_http_client_config_t config = {
.url = (char*)pvParameter,
// .cert_pem = (char *)server_cert_pem_start,
};
esp_http_client_handle_t client = esp_http_client_init(&config);
if (client == NULL) {
ESP_LOGE(TAG, "Failed to initialise HTTP connection");
task_fatal_error();
}
err = esp_http_client_open(client, 0);
if (err != ESP_OK) {
ESP_LOGE(TAG, "Failed to open HTTP connection: %s", esp_err_to_name(err));
esp_http_client_cleanup(client);
task_fatal_error();
}
Re: AWS IoT and HTTPS are mutually failed
If the cert_pem field of esp_http_client_config_t is NULL then certificate validation is disabled.
Will update the docs to make this clear.
Re: AWS IoT and HTTPS are mutually failed
Thats change in API i missed, thanks for clarification. I will try to add certificate to see if i have the same issue that OP.
EDIT i can confirm it works for me with native ota over https + aws IoT
Re: transport_tls and mbedtls do not support concurrent SSL sessions if there is more than one domain destinations
I am pretty sure I was passing the correct certificate to the right session. If I put a semaphore to make the two sessions running exclusively, each session worked great. I will see if I could make a small project to simulate this.ESP_Angus wrote: ↑Thu Jan 03, 2019 2:21 amThis should not be true. Is it possible you're accidentally passing the wrong certificate to one of the sessions? (If they're embedded in the binary, they'll each need to have different names.)samsonch wrote: ↑Wed Jan 02, 2019 11:03 amAWS IOT SDK has nothing to do with this problem. The current ESP32 transport_tls and mbedtls simply do not support concurrent sessions when there is more than one SSL destination. If you create two HTTPS sessions going to two different HTTPS destinations (different destination domains and certificates), only the first one can be established. The second one will fail.
If that's not it, is it possible for you to please post a full project (or as much of it as possible) somewhere?
Who is online
Users browsing this forum: Bing [Bot], Google [Bot] and 121 guests