New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FAILED: esp-idf/mbedtls/x509_crt_bundle (Invalid certificate) (IDFGH-3345) #5322
Comments
Hi @pc0808f, thanks for reporting this issue. How did you setup the IDF environment for 4.2? (using the ESP-IDF shortcut? running export.bat?). I'm asking because I notice your python environment still points to the 4.0 install (see the line about \python_env\idf4.0_py3.8_env). |
I try using visual studio code to build. and i got the same result. If I disable the "Certificate Bundle" in menuconfig, then it can be build. is it right to disable the "Certificate Bundle"? -- ccache will be used for faster recompilation |
You shouldnt have to disable it, but havent been able to reproduce the error on my end. Could do the following to help me debug it:
Thanks for your help! |
Hi @ESP-Marius ,this is above : |
Closed by c343323863c55f8e1 |
Hello everyone, I still got the error. After setting the cert file to UNIX, it is still return an error. Does anybody know the solution? Thank you. |
same. im having the same error anyone knows how to solve this? |
same now with new IDF 4.3.1[1/307] cmd.exe /C "cd /D C:\Users\ingfe\eclipse-workspace\esp32_eclipsetest\build\bootloader && C:\Espressif\ESP_Tool.espressif\tools\cmake\3.16.4\bin\cmake.exe --build ."
|
Same issue. ESP-IDF v4.3.1 running ubuntu 20.04. I was able to build by disabling the "certificate bundle" in the menuconfig as mentioned above.
|
i tried converting the cacrt_all.pem file to utf-8 encodingbut it says cannot convert. there seems to be a line with this (line 1149) $ iconv -f US-ASCII -t UTF-8 cacrt_all.pem > cacrt_all.pem.utf8 |
I found this - #7621 The certificates have expired today. This explains how to disable the certificates. |
To be more precisely, the EC-ACC certificate is invalid. It works after I removed it. |
A possible hackish workaround for us was to downgrade the cryptography package (35.0.0 was just released, the previous version seems to 'work'):
substituting the correct path (it seems esp tools at least for us do not use the host pip packages directly) |
Thanks @andy31415, it worked for me. |
The EC-ACC certificate contains a negative serial number:
According the the cryptography release doc those values are prohibited. |
Hello guys, I am also experiencing the same issue. I attached my compile code. |
This can help. |
I have submitted a fix here |
You saved my day! |
Is there a way to do this on Eclipse IDE? I am not yet familiar with VS code and mid project. |
IFAIK the sdkconfig file is the same, you can edit it with any text editor, or run a command on esp-idf cmd that opens a configuration GUI, not sure which command as i never used it. you can also download the changed file from this commit and paste it into you pc. it will also fix this |
So I ended up finding the sdkconfig file and made changes to only check the basic certificates and it compiled! So happy. Thank you for the help! My next question would be, how to save my new settings so I don't have to change the sdk file every time I want to compile? |
Hi Guys,
That should solve the issue without having to check all pip cryptography stuff. Hope this helps someone. |
THANKS DUDE, IT WORKS !!! |
Works for me too!! Thanks!! |
hi, I followed the steps but when I build again, the sdkconfig is overwritten and the line with CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL comes back to CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL=y :-/ any hints ? |
Hi @ZeRico , Try that before closing up and right after reopen the file and confirm if the file changed. Let me know if this does not work then I can help look for some other way. |
@ZeRico I had same issue until if fixed the spacing at the beginning to look more like the other lines I was doing:
I changed it to:
|
(IDFGH-3345) espressif#5322. Remove the EC-ACC certificate.
Thanks for point it out.. It works !! |
hi ther! probably that space before the sentence was the issue. |
For anyone using Visual Code on Win10 and following the Getting Started guide, and ends up on this page :-) Select: View->Command Palette Voila! Thanks all for the above suggestions! |
@Ro8ch I cant find sdkConfig file, is it possible I dont have it? |
this problem suddenly appeared for me today |
You can do it with |
Segui esta recomendação e funcionou perfeitamente, muito obrigado! |
|
@miLORD1337 Well done man, your hint is the only that works out of Eclipse or VSCode. Of course the editing of the file "sdkconfig" is no sense as it is clearly stated the file is automatically created each time by the framework, so the patch is overridden. |
Experienced this issue using ESP-MDF (https://github.com/espressif/esp-mdf/tree/cf502740f5a6c82a0dc3059e7591c262795f70b2) with ESP-IDF 4.3.1. Described fix by @miLORD1337 worked for me as well on Ubuntu w/out an IDE. What are the side effects of “use only most recent certificates”? |
INSTRUCTIONS
Environment
Problem Description
//Detailed problem description goes here.
When i build in IDF4.0 do not have this problem.
but when i build in IDF4.2 it happend.
Is there anyone know how to solve this problem?
Expected Behavior
Just helloworld....
Actual Behavior
[601/796] Generating x509_crt_bundle
FAILED: esp-idf/mbedtls/x509_crt_bundle
cmd.exe /C "cd /D D:\esp23\esp-idf\workspace\blink\build\esp-idf\mbedtls && D:\esp23.espressif2\python_env\idf4.0_py3.8_env\Scripts\python.exe D:/esp23/esp-idf/components/mbedtls/esp_crt_bundle/gen_crt_bundle.py --input D:/esp23/esp-idf/components/mbedtls/esp_crt_bundle/cacrt_all.pem -q"
gen_crt_bundle.py: Invalid certificate in D:/esp23/esp-idf/components/mbedtls/esp_crt_bundle/cacrt_all.pem
Invalid certificate
Steps to reproduce
Code to reproduce this issue
the origial helloworld.
Debug Logs
The text was updated successfully, but these errors were encountered: