ESP8266 Community Forum

Hi, I am trying to setup a TLS/SSL connection with a remote server using the ESP8266 as the client. I am using the WiFiClientSecure class, and am trying to verify the certificate the server sends back. I am using the platformio command line tool. I am using the esp8266 staging platform to get the latest(ish) source for the ESP8266 Arduino core. I have placed my code at the end of this post for reference.

It seems I am unable to set the CA certificate using WiFiClientSecure::setCACert. While the function returns true (there appears to be a bug in the axTLS library that causes it to not return errors in some cases), I see the following when I enable debug output:



I am not quite sure what is the cause of the issue as axTLS does not return an error code here. I have tried it with a CA certificate generated using openssl s_client (then translated to DER format, and placed in a C file using xxd -i), and the CA certificate in the example. Both produce the same result in setCACertificate.

I was wondering if anyone else had encountered this issue or if anyone has any suggestions. Thanks

My code:

esp8266 staging platform to get the latest(ish) source for the ESP8266 Arduino core.

As far as I know the staging version is old. Or are you referring to 2.4.0rc1? I suggest using the latest version in git. I don't know how to do this using platformio so I only use platformio when using 2.3.0. I use the Arduino IDE when working with the git version.

Does the HTTPSRequestCACert example work? I just add my ssid and password and it works.

EDIT: I just learned platformio supports `platform = espressif8266_stage` which means platformio pulls core files from https://github.com/esp8266/arduino. See the following link for the details. HTTPSRequestCACert works fine using espressif8266_stage.

http://docs.platformio.org/en/latest/pl ... ng-version

The staging repo appears to be slightly off from the main repo:

https://github.com/platformio/platformi ... ressif8266

The CA certificate from the example on the main repo did not work. I can try copying it exactly. If that doesn't work I can install the Arduino IDE to see if that works.

I noticed that you are using the PROGMEM keyword to put the certificate in Flash. You should be using the function that is created to retrieve the cert from flash as follows (this is from my code so the actual cert and length parameters are of course yours):

bool res = client.setCACert_P(CACert, CACertLen);

This seems to work for me. However I am having an unrelated problem in the validation of the cert (at least I think it is unrelated..) where dates that are after 2050 (which use the generalizedtime format) are interpreted incorrectly and cause a verify cert error.