SSL without CA or fingerprint not working

[qnten]

Im using this function to connect to my server: webSocket.beginSSL("websocket.example.com", 443, "/led");, and I had the same error as described in #428.

It only worked after I added this else { _client.ssl->setInsecure(); } to line 176.

arduinoWebSockets/src/WebSocketsClient.cpp

Lines 167 to 176 in c038f10

	if(_CA_cert) {
	DEBUG_WEBSOCKETS("[WS-Client] setting CA certificate");
	#if defined(ESP32)
	_client.ssl->setCACert(_CA_cert);
	#elif defined(ESP8266)
	_client.ssl->setCACert((const uint8_t *)_CA_cert, strlen(_CA_cert) + 1);
	#else
	#error setCACert not implemented
	#endif
	}

Am I using the wrong method to connect or is this a bug?

[sebastien-savalle]

I had the same issue. Empty fingerprint is not working as expected.

You could submit a pull request with your change ?

[sovcik]

I think the problem is self-signed certificate.

If you use setInsecure it will skip certificate verification completely. If you do not provide certificate (ESP32) or fingerprint (ESP8266) it works just fine even now.

I do not this change is a good idea.

[sovcik]

If you want to use self-signed certificate, then you should provide host's certificate or fingerprint while using WSS.

[ahmad7091]

I also had this problem, but nobody said is this a right way to solve the problem?

[ziolelle]

It seems that the problem is out again, with or without using the fingerprint in the call beginSSL, the connection won't work.

Only using the workaround of @qnten I successfully connected to a wss server (i.e. wss://echo.websocket.org)

Is it due to new standard concerning usage of WiFiClientSecureBearSSL lib ?
The compilation gives two warning concerning usage of deprecated functions:
_client.ssl->setCACert at line 173
and
_client.ssl->verify at line 761
in file WebSocketsClient.cpp

BR
Daniele