curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: HTTPS hangs

From: Ray Satiro via curl-library <curl-library_at_cool.haxx.se>
Date: Fri, 5 May 2017 18:33:48 -0400

On 5/5/2017 10:38 AM, Greg Stewart via curl-library wrote:
> I'm working with the ESP32 hardware and the libcurl library. I need to
> log into a server that requires https. When I run the code below on my
> mac, it works just fine. When I move it to the ESP32, it hangs at
> "curl_easy_perform". I disabled https on the server and removed the
> CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST tokens from the
> code, and it worked great on the ESP32. In production, I will not have
> this luxury. Any ideas on what might be going wrong?

[...]

On 5/5/2017 12:23 PM, Greg Stewart via curl-library wrote:
> I confirmed the date and time are correct. I gave it 5 minutes to run,
> but no progress. When I enabled verbose, I got back
>
> * timeout on name lookup is not supported
>
> * Trying 192.168.1.20...
>
> * TCP_NODELAY set
>
> * Connected to 192.168.1.20 (192.168.1.20) port 443 (#0)
>
> * Error reading ca cert file /etc/ssl/certs/ca-certificates.crt -
> mbedTLS: (-0x3E00) PK - Read/write of file failed
>
> * mbedTLS: Connecting to 192.168.1.20:443 <http://192.168.1.20:443>
>
> * mbedTLS: Set min SSL version to TLS 1.0
>
>
> When I run it on my mac, I get
>
> * Trying 192.168.1.20...
>
> * Connected to 192.168.1.20 (192.168.1.20) port 443 (#0)
>
> * TLS 1.2 connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
>
> * Server certificate: UBNT-68:72:51:60:4D:4F
>
>
> If the library is looking for "/etc/ssl/certs/ca-certificates.crt" on
> the esp32, it won't find it since the esp32 does not have that kind of
> file structure. Not sure where to go from here.

Please don't top-post it makes the conversation hard to follow [1]. Also
when you report a bug we need the curl -V or curl_version() to be able
to help, and a minimal self contained example that can reproduce the
problem. That example was not minimal.

There were some problems using libcurl on ESP32 but they had to do with
mbedTLS as far as I know. I suggest you get the latest version of the
development framework. Then check if you can use just mbedTLS to connect
to your server without a problem. There is some discussion about how to
do that and the other problems in these threads:

https://github.com/curl/curl/issues/1327
https://github.com/espressif/esp-idf/issues/424
https://github.com/espressif/esp-idf/issues/434

Also as Daniel just said a minute ago that lack of the cert file
shouldn't cause a hang.

I've CC'd Neil Kolban who fixed one of the mbedTLS bugs in the IoT
framework, in case he has any idea what's happening here.

[1]: https://curl.haxx.se/mail/etiquette.html#Do_Not_Top_Post

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-05-06