Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using files (SPIFFS) to setCertificate. #3248

Closed
JoaquimFlavio opened this issue Sep 23, 2019 · 12 comments
Closed

Using files (SPIFFS) to setCertificate. #3248

JoaquimFlavio opened this issue Sep 23, 2019 · 12 comments
Labels
Status: Stale Issue is stale stage (outdated/stuck)

Comments

@JoaquimFlavio
Copy link

I need get file in the flash of ESP32 to set certificate for connect to my Broker MQTT, but the code return me a connecte error. I search in the network for sollution but don`t found...

I try using loadCertificate and setCertificate but both return the ssl error in the monitor:

rc=-2
  WiFiClientSecure SSL error: X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected
@ferologics
Copy link

Hey @JoaquimFlavio have you been able to resolve your issue? I'm receiving the same error

@JoaquimFlavio
Copy link
Author

@ferologics I don't resolving this complete problem. The loadCertificate method don't working in ESP32, but work in ESP8266! I do not know the reason occurs....
For resolve my problem i need copy the file to char array and poiter to null after end file. I write a simple example:

char array[max lenght of file + 1];//this variable need be global
int i=0;
while(begin to end file){
    array[i] = file.read();
    i++;
}
array[i] = '\0';

esp. setCertificate(array);

@KevinHunter12
Copy link

I also have the same problem :(
[V][ssl_client.cpp:56] start_ssl_client(): Free internal heap before TLS 257816
[V][ssl_client.cpp:58] start_ssl_client(): Starting socket
[V][ssl_client.cpp:93] start_ssl_client(): Seeding the random number generator
[V][ssl_client.cpp:102] start_ssl_client(): Setting up the SSL/TLS structure...
[V][ssl_client.cpp:115] start_ssl_client(): Loading CA cert
[E][ssl_client.cpp:33] _handle_error(): [start_ssl_client():122]: (-8576) X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected
[E][WiFiClientSecure.cpp:132] connect(): start_ssl_client: -8576
[V][ssl_client.cpp:248] stop_ssl_socket(): Cleaning SSL connection.
---> mqtt failed, rc=-2

If i connect to the same server using the same certificate but HTTPS rather than MQTTS it works !

Im reading the certificate from SPIFFS and loading using wifiClient.loadCACert(ca, ca.size())

Any clues??
Thanks
Kevin

@stale
Copy link

stale bot commented Jan 20, 2020

[STALE_SET] This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the Status: Stale Issue is stale stage (outdated/stuck) label Jan 20, 2020
@stale
Copy link

stale bot commented Feb 3, 2020

[STALE_DEL] This stale issue has been automatically closed. Thank you for your contributions.

@stale stale bot closed this as completed Feb 3, 2020
@pulquero
Copy link
Contributor

pulquero commented Jun 1, 2020

I also have this problem, specifically when trying to connect to AWS IoT with cacert, cert and private key.

@pulquero
Copy link
Contributor

pulquero commented Jun 3, 2020

Found the problem! Fix is edit C:\Users<...>\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.4\libraries\WiFiClientSecure\src\WiFiClientSecure.cpp and modify

char *WiFiClientSecure::_streamLoad(Stream& stream, size_t size) {
  /* original code uses a static ptr so the next load overwrites the previous certificate!!!
  static char *dest = nullptr;
  if(dest) {
      free(dest);
  }
  */
  char* dest = (char*)malloc(size);
  if (!dest) {
    return nullptr;
  }
  if (size != stream.readBytes(dest, size)) {
    free(dest);
    dest = nullptr;
  }
  return dest;
}

@me-no-dev please re-open and mark as a bug.

@lbernstone
Copy link
Contributor

Please submit as a PR. Bugs don't fix themselves around here.

pulquero pushed a commit to pulquero/arduino-esp32 that referenced this issue Jun 3, 2020
Fix to allow more than one certificate to be loaded (espressif#3248).
7b20636
@JaronrH
Copy link

JaronrH commented Jun 17, 2020

Thank you, @pulquero!

This fixed my issue with trying to connect to MQTT using PubSubClient and cert verification.

@JaronrH JaronrH mentioned this issue Jun 17, 2020
Open
pulquero pushed a commit to pulquero/arduino-esp32 that referenced this issue Jun 24, 2020
Fix to allow more than one certificate to be loaded (espressif#3248).
c31fdda
@Nomuc Nomuc mentioned this issue Sep 24, 2020
Closed
me-no-dev pushed a commit that referenced this issue Sep 30, 2020
@pulquero
Fix to allow more than one certificate to be loaded (#3248). (#4056)
11d071b 
Co-authored-by: Mark Hale <[email protected]>
@cjkarande
Copy link

@pulquero , well i am still getting the same error even after the said code change. I am using esp32s2 code branch. Am i missing something?

Found the problem! Fix is edit C:\Users<...>\AppData\Local\Arduino15\packages\esp32\hardware\esp32\1.0.4\libraries\WiFiClientSecure\src\WiFiClientSecure.cpp and modify

char *WiFiClientSecure::_streamLoad(Stream& stream, size_t size) {
  /* original code uses a static ptr so the next load overwrites the previous certificate!!!
  static char *dest = nullptr;
  if(dest) {
      free(dest);
  }
  */
  char* dest = (char*)malloc(size);
  if (!dest) {
    return nullptr;
  }
  if (size != stream.readBytes(dest, size)) {
    free(dest);
    dest = nullptr;
  }
  return dest;
}

@me-no-dev please re-open and mark as a bug.

@NarinLab
Copy link

NarinLab commented Mar 9, 2021

Same on here, how can i load spiffs ca.cert.pem to pass to setCACert method:

#include <WiFiClientSecure.h>
#include <MQTTClient.h>

//short code
ssl.setCACert("/ca.cert.pem");
iot.setOptions(900, true, 10000);

@pulquero
Copy link
Contributor

pulquero commented Mar 9, 2021

I use something like this to load the certificates:

template<typename L> void loadFromFile(const char* fname, L&& load) {
  if (SPIFFS.exists(fname)) {
    File f = SPIFFS.open(fname);
    bool rc = load(f, f.size());
    f.close();
  }
}

void loadCertificates(WiFiClientSecure* client) {
  SPIFFS.begin();
  loadFromFile("/ca.cert.pem", [client](Stream& stream, size_t size){return client->loadCACert(stream, size);});
  loadFromFile("/client.cert.pem", [client](Stream& stream, size_t size){return client->loadCertificate(stream, size);});
  loadFromFile("/private.key.pem", [client](Stream& stream, size_t size){return client->loadPrivateKey(stream, size);});
  SPIFFS.end();
}

`

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Stale Issue is stale stage (outdated/stuck)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@cjkarande @ferologics @pulquero @JaronrH @lbernstone @JoaquimFlavio @NarinLab @KevinHunter12