ESP32: Investigation necessarry: is SSL CA/Chain really validated without providing a CA ?

[adelin-mcbsoft]

Hi Gil,

Me again (and again, and again). :D
I just want to bring to your attention and old discussed issue, regarding the SSL Certificate and Handshaking, on ESP32.

Situation 1: When not using any sort of certificate but using an WSS (secure) server/URL, the debug messages report that the certificate is verified, though I don't provide any CA resource (as browsers do).

Situation 2: When I provide a good CA along with the client.setCAcert() method, the verification passes as well.

(messages for both situation 1 and 2):

[V][ssl_client.cpp:53] start_ssl_client(): Free internal heap before TLS 277372
[V][ssl_client.cpp:55] start_ssl_client(): Starting socket
[V][ssl_client.cpp:90] start_ssl_client(): Seeding the random number generator
[V][ssl_client.cpp:99] start_ssl_client(): Setting up the SSL/TLS structure...
[V][ssl_client.cpp:112] start_ssl_client(): Loading CA cert
[V][ssl_client.cpp:177] start_ssl_client(): Setting hostname for TLS session...
[V][ssl_client.cpp:192] start_ssl_client(): Performing the SSL/TLS handshake...
[V][ssl_client.cpp:213] start_ssl_client(): Verifying peer X.509 certificate...
[V][ssl_client.cpp:222] start_ssl_client(): Certificate verified.
[V][ssl_client.cpp:237] start_ssl_client(): Free internal heap after TLS 236048

Situation 3: However, when I provide a wrong CA resource (e.g. an invalid CA root cert.), the handshaking fails (as it should).

The question is: When not providing a CA resource (Situation 1), does the library verifies indeed the certificate in any way or not? Does it connect remotely to the CA Roots and verifies it? I guess this ssl_client is inherited by Espressifs library...

I tested the above situations with an LetsEncrypt certificate along its roots ( https://letsencrypt.org/certificates/ ).

Many thanks,
Best,

A.

[gilmaimon]

Hi, again!

I'm always glad to read your issues, sadly I'm a bit short on time right now.

This is definitely a very good question, I believe it is inherited from WiFiClient from the esp32 library. What I think happened, is that espressif changed the implementation recently. But, I haven't tested anything yet by myself, I will do my best to look into it this weekend.

Just wanted to let you know the library is still active and that I'm not ignoring the issue by any way.

Best regards,
Gil.

[gilmaimon]

So, let's see.
I'm using Arduino IDE 1.8.7 and version 1.0.1 of esp32 libraries (looking in board manager, there is also 1.02 which I will try in a moment).
With the correct CA, logs:

[D][WiFiGeneric.cpp:342] _eventCallback(): Event: 0 - WIFI_READY
18:09:11.252 -> [D][WiFiGeneric.cpp:342] _eventCallback(): Event: 2 - STA_START
18:09:11.252 -> .[D][WiFiGeneric.cpp:342] _eventCallback(): Event: 4 - STA_CONNECTED
.[D][WiFiGeneric.cpp:342] _eventCallback(): Event: 7 - STA_GOT_IP
18:09:12.318 -> [D][WiFiGeneric.cpp:385] _eventCallback(): STA IP: 10.0.0.22, MASK: 255.255.255.0, GW: 10.0.0.138
[V][ssl_client.cpp:53] start_ssl_client(): Free internal heap before TLS 288372
18:09:13.267 -> [V][ssl_client.cpp:55] start_ssl_client(): Starting socket
[V][ssl_client.cpp:88] start_ssl_client(): Seeding the random number generator
18:09:13.680 -> [V][ssl_client.cpp:97] start_ssl_client(): Setting up the SSL/TLS structure...
18:09:13.680 -> [V][ssl_client.cpp:110] start_ssl_client(): Loading CA cert
18:09:13.680 -> [V][ssl_client.cpp:175] start_ssl_client(): Setting hostname for TLS session...
18:09:13.680 -> [V][ssl_client.cpp:190] start_ssl_client(): Performing the SSL/TLS handshake...
[V][ssl_client.cpp:211] start_ssl_client(): Verifying peer X.509 certificate...
18:09:14.194 -> [V][ssl_client.cpp:220] start_ssl_client(): Certificate verified.
18:09:14.194 -> [V][ssl_client.cpp:235] start_ssl_client(): Free internal heap after TLS 247604
18:09:14.194 -> [E][WiFiClient.cpp:264] setOption(): 9
18:09:14.194 -> [V][ssl_client.cpp:274] send_ssl_data(): Writing HTTP request...
Connnection Opened
18:09:14.398 -> [V][ssl_client.cpp:274] send_ssl_data(): Writing HTTP request...
18:09:14.398 -> [V][ssl_client.cpp:274] send_ssl_data(): Writing HTTP request...
18:09:14.398 -> [V][ssl_client.cpp:274] send_ssl_data(): Writing HTTP request...
18:09:14.398 -> [V][ssl_client.cpp:274] send_ssl_data(): Writing HTTP request...
18:09:14.398 -> [V][ssl_client.cpp:274] send_ssl_data(): Writing HTTP request...
Got Message: Hello Server
18:09:14.601 -> Got a Pong!
[V][ssl_client.cpp:274] send_ssl_data(): Writing HTTP request...
18:09:44.694 -> [V][ssl_client.cpp:274] send_ssl_data(): Writing HTTP request...
18:09:44.694 -> Got a Ping!
...

With no CA:

[D][WiFiGeneric.cpp:342] _eventCallback(): Event: 0 - WIFI_READY
18:12:51.976 -> [D][WiFiGeneric.cpp:342] _eventCallback(): Event: 2 - STA_START
..[D][WiFiGeneric.cpp:342] _eventCallback(): Event: 4 - STA_CONNECTED
.[D][WiFiGeneric.cpp:342] _eventCallback(): Event: 7 - STA_GOT_IP
18:12:54.114 -> [D][WiFiGeneric.cpp:385] _eventCallback(): STA IP: 10.0.0.22, MASK: 255.255.255.0, GW: 10.0.0.138
[V][ssl_client.cpp:53] start_ssl_client(): Free internal heap before TLS 288208
18:12:55.031 -> [V][ssl_client.cpp:55] start_ssl_client(): Starting socket
[V][ssl_client.cpp:88] start_ssl_client(): Seeding the random number generator
18:12:55.768 -> [V][ssl_client.cpp:97] start_ssl_client(): Setting up the SSL/TLS structure...
18:12:55.768 -> [I][ssl_client.cpp:151] start_ssl_client(): WARNING: Use certificates for a more secure communication!
18:12:55.768 -> [V][ssl_client.cpp:175] start_ssl_client(): Setting hostname for TLS session...
18:12:55.768 -> [V][ssl_client.cpp:190] start_ssl_client(): Performing the SSL/TLS handshake...
[V][ssl_client.cpp:211] start_ssl_client(): Verifying peer X.509 certificate...
18:12:56.276 -> [V][ssl_client.cpp:220] start_ssl_client(): Certificate verified.
18:12:56.276 -> [V][ssl_client.cpp:235] start_ssl_client(): Free internal heap after TLS 247692
18:12:56.276 -> [E][WiFiClient.cpp:264] setOption(): 9
18:12:56.276 -> [V][ssl_client.cpp:274] send_ssl_data(): Writing HTTP request...
Connnection Opened
18:12:56.480 -> [V][ssl_client.cpp:274] send_ssl_data(): Writing HTTP request...
18:12:56.480 -> [V][ssl_client.cpp:274] send_ssl_data(): Writing HTTP request...
18:12:56.480 -> [V][ssl_client.cpp:274] send_ssl_data(): Writing HTTP request...
18:12:56.480 -> [V][ssl_client.cpp:274] send_ssl_data(): Writing HTTP request...
18:12:56.480 -> [V][ssl_client.cpp:274] send_ssl_data(): Writing HTTP request...
Got Message: Hello Server
18:12:56.679 -> Got a Pong!
[V][ssl_client.cpp:274] send_ssl_data(): Writing HTTP request...
18:13:26.786 -> [V][ssl_client.cpp:274] send_ssl_data(): Writing HTTP request...
18:13:26.786 -> Got a Ping!
...

Really the only diff in the logs is that when you pass a CACert, this code gets executed, which prints the log:

[V][ssl_client.cpp:110] start_ssl_client(): Loading CA cert

And when no CACert is present, this code gets executed which led me to this PR

Looks like since that PR, the ESP32 libraries support Self-Signed Certificates. I had no idea that was a thing, now I do know.

Overall, looks like this behavior is as intended, and yet it is better and safer to provider a certificate.
For completeness I also updated the esp32 libraries to version 1.0.2 (latest) and everything still worked the same.

Best wishes,
Gil.

[adelin-mcbsoft]

So - just to be sure I got it right - if you don't provide a CA, it does secure the communication with the existing public certificates of the host, yet it does not verify if it's a valid one - right ?

[gilmaimon]

Yes, looks like it does some kind of verification

[adelin-mcbsoft]

Cool! Thanks Gil, another dilemma (and hopefully the last one) solved.

(Offtopic, I may have one more though - but it's currently under investigation... I have a situation where ESP disconnects for some (yet - unknown) reason, and doesn't want to client.connect back until reset. But it's still under investigation, may not be related to the library).

Anyway, once again, thanks a lot for your support! Means a lot for me and my project, and hopefully it will pay off (for both of us) someday.

Wish you all the best and a great weekend (at least what's left of it),

Best,
A.

[gilmaimon]

@adelin-mcbsoft Interesting. connect should not be called more than once per client, so if you somehow need to call connect again, make sure you reset the object (buy assigning it to a new instance, for example).

Hopefully you will resolve the rest, and if not - I'm here to help!

Have a great weekend,
Gil.