ESP32 WiFiClientSecure does NOT appear to check the “notBefore” or “notAfter” dates on SSL certificates. #7747
Description
Board
All (I'm using the ESP32 DevKitv1)
Device Description
Just the above ESP32 board.
Hardware Configuration
None
Version
latest master (checkout manually)
IDE Name
Arduino IDE 1.8.19 with github arduino-esp32 as at 16Jan23.
Operating System
Windows10
Flash frequency
80MHz
PSRAM enabled
no
Upload speed
921600
Description
Using the “Examples/Examples for ..ESP32: WiFiClientSecure/WiFiClientSecure” sketch, it can be seen that the sketch does not even bother to set the ESP32 date. You can also adjust this example to use a website with an SSL cert which has just passed its "notAfter” date (irrespective of if the root-certificate is still valid)...
In either case, the “WiFi_Client_secure.connect(address,port_secure)” still returns 1 meaning “Successful connection” (despite the certificates being out of date).
(PS. the BearSSL library on the ESP8266 DOES successfully check these dates!)
Sketch
Using the “Examples/Examples for ..ESP32: WiFiClientSecure/WiFiClientSecure” sketch.
PPS. Note that the “Examples/Examples for ..ESP32: HTTPclient/BasicHttpsClient” sketch no longer works as something has changed on “jigsaw.w3.org”. However if you change this url to “www.howsmyssl.com” and the “rootCACertificate” to that in the above “Examples/Examples for ..ESP32: WiFiClientSecure/WiFiClientSecure”, it will work, irrespective of what you set the ESP32 date to. (IE. the code in this example sketch which gets the date from "pool.ntp.org" can be completely removed and the sketch will still work fine!)Debug Message
none
Other Steps to Reproduce
No response
I have checked existing issues, online documentation and the Troubleshooting Guide
- I confirm I have checked existing issues, online documentation and Troubleshooting guide.