Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

esp_websocket_client is not able to use the global CA store (IDFGH-7589) #56

Closed
0xFEEDC0DE64 opened this issue Jun 13, 2022 · 2 comments
Closed

esp_websocket_client is not able to use the global CA store (IDFGH-7589) #56

0xFEEDC0DE64 opened this issue Jun 13, 2022 · 2 comments

Comments

@0xFEEDC0DE64
Copy link
Contributor

I experience problems with using the websocket client with the global CA store.
The global CA store has been enabled in sdkconfig.

I generate my websocket client config like this:

    esp_websocket_client_config_t ws_cfg = {
        .uri = url.data(),
        .task_stack = 4*1024,
        .subprotocol = "ocpp1.6",
        .pingpong_timeout_sec = 20,
        .use_global_ca_store = use_global_ca_store,
        .skip_cert_common_name_check = skip_cert_common_name_check
    };

    if (!cert.empty())
    {
        ws_cfg.cert_pem = cert.data();
        ws_cfg.cert_len = cert.size();
    }

And I get to see error messages like this:

W (13330) WEBSOCKET_CLIENT esp_websocket_client.c:416 esp_websocket_client_init(): `reconnect_timeout_ms` is not set, or it is less than or equal to zero, using default time out 10000 (milliseconds)
W (13340) WEBSOCKET_CLIENT esp_websocket_client.c:273 esp_websocket_client_set_config(): `network_timeout_ms` is not set, or it is less than or equal to zero, using default time out 10000 (milliseconds)
E (13490) esp-tls-mbedtls esp_tls_mbedtls.c:417 set_global_ca_store(): global_cacert is NULL
E (13490) esp-tls-mbedtls esp_tls_mbedtls.c:88 esp_create_mbedtls_handle(): Failed to set client configurations, returned [0x0103] (ESP_ERR_INVALID_STATE)
E (13500) esp-tls esp_tls.c:425 esp_tls_low_level_conn(): create_ssl_handle failed
E (13510) esp-tls esp_tls.c:467 esp_tls_conn_new_sync(): Failed to open new connection
E (13520) TRANSPORT_BASE transport_ssl.c:116 ssl_connect(): Failed to open a new connection
E (13530) TRANSPORT_WS transport_ws.c:144 ws_connect(): Error connecting to host ocpp.space.fronius.com:443
E (13530) WEBSOCKET_CLIENT esp_websocket_client.c:661 esp_websocket_client_task(): esp_transport_connect() failed with -1
E (13550) WEBSOCKET_CLIENT esp_websocket_client.c:190 esp_websocket_client_error(): esp_transport_connect() failed with -1
W (13560) ESPOCPP OcppSocket.cpp:111 websocketClientEventHandler(): WEBSOCKET_EVENTS event_id=WEBSOCKET_EVENT_ERROR esp_transport_connect() failed with -1

I'm suspecting the global_cacert is NULL message, I'm missing the crt_bundle_attach function pointer as seen in the http client and mqtt client.

Should I try to replicate the crt_bundle_attach functionality in the websocket client (and pull-request)?
@github-actions github-actions bot changed the title esp_websocket_client is not able to use the global CA store esp_websocket_client is not able to use the global CA store (IDFGH-7589) Jun 13, 2022
@0xFEEDC0DE64
Copy link
Contributor Author

How can I call esp_mbedtls_set_global_ca_store() with the right arguments to make the global CA store work with the websocket client?

@0xFEEDC0DE64
Copy link
Contributor Author

I did a quick rebase of my branch and found out that you also added the option that I needed. Nice, this issue can be closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@0xFEEDC0DE64