Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

04_https_request certificate format incorrect #112

Closed
ggsubs opened this issue Nov 19, 2016 · 6 comments
Closed

04_https_request certificate format incorrect #112

ggsubs opened this issue Nov 19, 2016 · 6 comments

Comments

@ggsubs
Copy link
Contributor

ggsubs commented Nov 19, 2016
edited

The server cert file included in the example is in an incorrect format. The file is pem, the example expects der encoded. The cert file can be converted by:

openssl x509 -inform pem -in server_root_cert.pem -outform der -out server_root_cert.der

Once converted component.mk should be updated as well as the extern ref to the object:

extern const uint8_t server_root_cert_pem_start[] asm("_binary_server_root_cert_der_start");
extern const uint8_t server_root_cert_pem_end[]   asm("_binary_server_root_cert_der_end");
@negativekelvin
Copy link
Contributor

Example works for me as is.

@projectgus
Copy link
Contributor

What caused you to think that the example code expects a DER formatted certificate?

The certificate data is passed to the mbedTLS function mbedtls_x509_crt_parse, which supports both PEM and DER format certificates provided that support is enabled in the mbedTLS configuration file. We should have support for both in the default esp_config.h configuration in esp-idf.

DER format certificates are a computationally simpler to parse (no decoding step), but PEM is a lot easier to work with which is why I chose it for the example.

@ggsubs
Copy link
Contributor Author

ggsubs commented Nov 20, 2016
edited

When the pem format used mbedTls returned a format error:

I (396) example: Seeding the random number generator
I (406) example: Loading the CA root certificate...
E (406) example: mbedtls_x509_crt_parse returned -0x2180

2180 is MBEDTLS_ERR_X509_INVALID_FORMAT. The example only worked when replaced the cert with der format.

@projectgus
Copy link
Contributor

Thanks for clarifying. I don't get this failure on the current esp-idf master 8ab4e11:

I (207) example: Seeding the random number generator
I (207) example: Loading the CA root certificate...
I (217) example: Setting hostname for TLS session...
I (217) example: Setting up the SSL/TLS structure...

Maybe a clean build might help, or there's some other modification or config tweak which will allow me to reproduce?

Angus

@igrr
Copy link
Member

igrr commented Nov 22, 2016

We have reproduced this on OS X. @ggsubs which OS are you running?

@projectgus projectgus mentioned this issue Nov 23, 2016
Closed
igrr pushed a commit that referenced this issue Nov 24, 2016
@projectgus
build system: Fix null-terminating of text files for embedding on OS X
5ac7810 
Ref github #112
igrr pushed a commit that referenced this issue Nov 24, 2016
@projectgus
Merge branch 'bugfix/embed_text_files' into 'master'
8693e80 
build system: Fix null-terminating of text files for embedding on OS X

Ref github #112

`/bin/echo -ne` echoes literal `-ne` on OS X.


See merge request !238
@igrr
Copy link
Member

igrr commented Nov 24, 2016

Fixed in 5ac7810.

@igrr igrr closed this as completed Nov 24, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@projectgus @ggsubs @igrr @negativekelvin