Chat freely about anything...

User avatar
By Pjanssen
#78338 I'm trying to POST some data from my Wemos D1 mini to my webserver. But for some reason I keep running into connection issues.
Here's the code I'm using:
Code: Select all#include <ESP8266WiFi.h>
#include <WiFiClientSecure.h>

const char* ssid = "******";
const char* password = "*****";

const char* host = "www.snkwr.io";
const int httpsPort = 443;

// Use web browser to view and copy
// SHA1 fingerprint of the certificate
const char* fingerprint = "03 60 8A B1 07 25 8C 65 BE D2 EF AC 1E 43 57 C8 2A 01 06 E2";

void setup() {
  Serial.begin(115200);
  Serial.setDebugOutput(true);
  Serial.println();
  Serial.print("connecting to ");
  Serial.println(ssid);
  WiFi.mode(WIFI_STA);
 
  WiFi.begin(ssid, password);
  while (WiFi.status() != WL_CONNECTED) {
    delay(500);
    Serial.print(".");
  }
  Serial.println("");
  Serial.println("WiFi connected");
  Serial.println("IP address: ");
  Serial.println(WiFi.localIP());

  // Use WiFiClientSecure class to create TLS connection
  WiFiClientSecure client;

  IPAddress remote_addr;
  WiFi.hostByName(host, remote_addr);
  Serial.println(remote_addr);
 
  Serial.print("connecting to ");
  Serial.println(host);
  if (!client.connect(host, httpsPort)) {
    Serial.println("connection failed");
    return;
  }

 ....


And this is the result:
Code: Select allconnecting to www.snkwr.io
please start sntp first !
Error: Invalid X509 ASN.1 file (X509 not ok)
connection failed

I can't find anything wrong with the certificate on the site (checked it with ssllabs.com). Strange thing is that it doesn't happen for all websites. http://www.google.com for instance connects successfully.

Any thoughts on what could be wrong here?
User avatar
By Pjanssen
#78360 It appears that the issue is with the server not supporting SNI. The reason for this is that the server has one IP address but hosts a number of unrelated websites, each with its own certificate.
The code for WifiClientSecure first looks up an ip address for a domain name, and then connects to this address. Based on the ip address alone, the server can't setup an SSL connection, since it can't know which certificate to use.