BearSSL in ESP8266 core 2.5.0 breaks IotHubClient

[rbernardini]

Hello all, I've been struggling to make a simple Azure Iot Hub Client on my NodeMCU v3 Board (ESP8266 very much like Adafruit feather). I couldn't get even the first message go through. My ConnectionStatusCallback received

• Status: IOTHUB_CLIENT_CONNECTION_UNAUTHENTICATED
• Reason: IOTHUB_CLIENT_CONNECTION_NO_NETWORK

Network was working OK (IP; DNS, routing)

Digging into the code I've found the failure to originate inside sslClient_connect which calls sslClient.connect(ip, port). Which, basically, doesn't work in the BearSSL version included in Arduino Core 2.5.0.

Arduino Core 2.5.0 and BearSSL are regarded as beta code but nonetheless Arduino IDE and Platform.io use them by default. Falling back to previos core version didn't fix the issue.

My solution was to force the compiler to use axTLS (previous SSL library now regarded as deprecated in the new core)

in sslClient_arduino.cpp:

ifdef ARDUINO_ARCH_ESP8266

define USING_AXTLS

include "ESP8266WiFi.h"

//#include "WiFiClientSecure.h"

include

using namespace axTLS;

static WiFiClientSecure sslClient; // for ESP8266

elif ARDUINO_ARCH_ESP32

I'm not sure what's the right thing to do here. I'm using this as a temporary fix hoping for the issue to be solved in the stable release of core 2.5.0

[jantenhove]

Thanks for the workaround. I'm running into the same problem.

[Elgaatoo]

@jantenhove thanks for the quick response. I added these lines from @rbernardini in to sslClient_arduino.cpp. However I'm getting this error:

C:\Users\name\Documents\Arduino\libraries\AzureIoTUtility\src\adapters\sslClient_arduino.cpp:13:35: fatal error: WiFiClientSecureAxTLS.h: No such file or directory

include

                               ^

compilation terminated.

exit status 1

[rbernardini]

By the time I posted that, Arduino for ESP8266 was transitioning from AxTLS to BearSSL. Maybe they consider the transition complete by now and removed AxTLS from the package. (BearSSL should be able to connect so a SSL server then)

[jantenhove]

I still need this workaround with 2.5.2. I believe WiFiClientSecureAxTLS is still included in the latest release: https://github.com/esp8266/Arduino/blob/master/libraries/ESP8266WiFi/src/WiFiClientSecureAxTLS.cpp

[rbernardini]

maybe you should fix the path to WiFiClientSecureAxTLS.h ? or add it to the include search path?

[tonyganch]

@rbernardini, you've been a life saver to me, thank you so much.

I've found that with 2.5.2 you can edit file ~/Library/Arduino15/packages/esp8266/hardware/esp8266/2.5.2/libraries/ESP8266WiFi/src/WiFiClientSecure.h (or wherever you have this library). You can just uncomment the code they have there: https://github.com/esp8266/Arduino/blob/c18b402c31dc27ffc4b8817035ad8a44670c1b2e/libraries/ESP8266WiFi/src/WiFiClientSecure.h#L27

That has fixed the issue for me.

[jbobotek]

Note that this library has been updated since and now supports the built in BearSSL implementation.