search

JoeyStrandnes / Arduino-Toggl-API

Port of Toggls official API V8
MIT License
7 stars 2 forks source link

ESP32 - The CRT/CRL/CSR format is invalid #9

Closed kcranky closed 3 years ago

kcranky commented 3 years ago

Describe the bug I am unable to run the code on the ESP32, using a DOIT ESP32 Devkit V1. I get this error when using the debug level set to debug.

17:49:58.450 -> [D][WiFiGeneric.cpp:374] _eventCallback(): Event: 0 - WIFI_READY
17:49:58.450 -> [D][WiFiGeneric.cpp:374] _eventCallback(): Event: 2 - STA_START
17:49:59.684 -> [D][WiFiGeneric.cpp:374] _eventCallback(): Event: 4 - STA_CONNECTED
17:49:59.684 -> [D][WiFiGeneric.cpp:374] _eventCallback(): Event: 7 - STA_GOT_IP
17:49:59.684 -> [D][WiFiGeneric.cpp:419] _eventCallback(): STA IP: 192.168.0.223, MASK: 255.255.255.0, GW: 192.168.0.1
17:50:00.770 -> [D][HTTPClient.cpp:287] beginInternal(): host: api.track.toggl.com port: 443 url: /api/v8/me
17:50:00.770 -> [D][HTTPClient.cpp:573] sendRequest(): request type: 'GET' redirCount: 0
17:50:00.770 -> 
17:50:00.817 -> [E][ssl_client.cpp:36] _handle_error(): [start_ssl_client():138]: (-8576) X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected
17:50:00.864 -> [E][WiFiClientSecure.cpp:127] connect(): start_ssl_client: -8576
17:50:00.864 -> [D][HTTPClient.cpp:1112] connect(): failed connect to api.track.toggl.com:443
17:50:00.864 -> [W][HTTPClient.cpp:1411] returnError(): error(-1): connection refused
17:50:00.864 -> [D][HTTPClient.cpp:394] disconnect(): tcp is closed

To Reproduce 1) Create minimal example

void setup() {
  Serial.begin(115200);
  toggl.init(SSID,PASS);
  toggl.setAuth(Token);
  delay(1000);
  Serial.println(toggl.getFullName()); 
}

2) Upload to board 3) Observe serial monitor

Expected behavior I expect Serial output of my name as stored by the Toggl API, but instead just receive a "-1".

Desktop (please complete the following information):

Additional The only docs I've seen online (though I only started looking recently) for HTTPS with the ESP32 involves using the full cert. Do you mind sharing any resources you used when developing the ESP32 aspect so I can learn about it too? Fingerprint seems better (assuming it works, which currently it does not for me ☹).

JoeyStrandnes commented 3 years ago

This is just going to be a quick addition to your problem.

Since I don't really have time to go through all of the code to try and figure it out completely at the moment. Will do so after finals :P

I tested the following code.

#include <Toggl.h>

Toggl toggl;

void setup() {

  Serial.begin(115200);
  toggl.init("SSID","PASS");
  toggl.setAuth("TOKEN");
  delay(1000);
  Serial.println(toggl.getFullName()); 

}

void loop() {

}

Arduino programming configuration.

Console output.

ESP32 V:1.0.5 (current)

[D][WiFiGeneric.cpp:374] _eventCallback(): Event: 0 - WIFI_READY
[D][WiFiGeneric.cpp:374] _eventCallback(): Event: 2 - STA_START
[D][WiFiGeneric.cpp:374] _eventCallback(): Event: 4 - STA_CONNECTED
[D][WiFiGeneric.cpp:374] _eventCallback(): Event: 7 - STA_GOT_IP
[D][WiFiGeneric.cpp:419] _eventCallback(): STA IP: 192.168.1.60, MASK: 255.255.255.0, GW: 192.168.1.1
[D][HTTPClient.cpp:287] beginInternal(): host: api.track.toggl.com port: 443 url: /api/v8/me
[D][HTTPClient.cpp:573] sendRequest(): request type: 'GET' redirCount: 0

[E][ssl_client.cpp:36] _handle_error(): [start_ssl_client():138]: (-8576) X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected
[E][WiFiClientSecure.cpp:127] connect(): start_ssl_client: -8576
[D][HTTPClient.cpp:1112] connect(): failed connect to api.track.toggl.com:443
[W][HTTPClient.cpp:1411] returnError(): error(-1): connection refused
[D][HTTPClient.cpp:394] disconnect(): tcp is closed

Error: -1

ESP32 V:1.0.4

[D][WiFiGeneric.cpp:337] _eventCallback(): Event: 0 - WIFI_READY
[D][WiFiGeneric.cpp:337] _eventCallback(): Event: 2 - STA_START
[D][WiFiGeneric.cpp:337] _eventCallback(): Event: 5 - STA_DISCONNECTED
[W][WiFiGeneric.cpp:353] _eventCallback(): Reason: 2 - AUTH_EXPIRE
[D][WiFiGeneric.cpp:337] _eventCallback(): Event: 4 - STA_CONNECTED
[D][WiFiGeneric.cpp:337] _eventCallback(): Event: 7 - STA_GOT_IP
[D][WiFiGeneric.cpp:381] _eventCallback(): STA IP: 192.168.1.60, MASK: 255.255.255.0, GW: 192.168.1.1
[D][HTTPClient.cpp:276] beginInternal(): host: api.track.toggl.com port: 443 url: /api/v8/me
[I][ssl_client.cpp:156] start_ssl_client(): WARNING: Use certificates for a more secure communication!
[D][HTTPClient.cpp:1025] connect():  connected to api.track.toggl.com:443
[D][HTTPClient.cpp:1158] handleHeaderResponse(): code: 200
[D][HTTPClient.cpp:1161] handleHeaderResponse(): size: 1364
[D][HTTPClient.cpp:1295] writeToStreamDataBlock(): connection closed or file end (written: 1364).
[D][HTTPClient.cpp:368] disconnect(): tcp keep open for reuse

[D][HTTPClient.cpp:368] disconnect(): tcp keep open for reuse

Joey

ESP32 V:1.0.3

ets Jun  8 2016 00:22:57

rst:0x1 (POWERON_RESET),boot:0x16 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:1
load:0x3fff0018,len:4
load:0x3fff001c,len:928
ho 0 tail 12 room 4
load:0x40078000,len:8740
load:0x40080400,len:5788
entry 0x4008069c
[D][WiFiGeneric.cpp:337] _eventCallback(): Event: 0 - WIFI_READY
[D][WiFiGeneric.cpp:337] _eventCallback(): Event: 2 - STA_START
[D][WiFiGeneric.cpp:337] _eventCallback(): Event: 4 - STA_CONNECTED
[D][WiFiGeneric.cpp:337] _eventCallback(): Event: 7 - STA_GOT_IP
[D][WiFiGeneric.cpp:381] _eventCallback(): STA IP: 192.168.1.60, MASK: 255.255.255.0, GW: 192.168.1.1
[D][HTTPClient.cpp:276] beginInternal(): host: api.track.toggl.com port: 443 url: /api/v8/me
[D][HTTPClient.cpp:1025] connect():  connected to api.track.toggl.com:443
[E][ssl_client.cpp:33] handle_error(): SSL - Bad input parameters to function
[E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -28928
[E][ssl_client.cpp:33] handle_error(): SSL - Bad input parameters to function
[E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -28928
[E][ssl_client.cpp:33] handle_error(): SSL - Bad input parameters to function
[E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -28928
[E][ssl_client.cpp:33] handle_error(): SSL - Bad input parameters to function
[E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -28928
[E][ssl_client.cpp:33] handle_error(): SSL - Bad input parameters to function
[E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -28928
[W][HTTPClient.cpp:1318] returnError(): error(-2): send header failed
[E][ssl_client.cpp:33] handle_error(): SSL - Bad input parameters to function
[E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -28928
[E][ssl_client.cpp:33] handle_error(): SSL - Bad input parameters to function
[E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -28928
[D][HTTPClient.cpp:1320] returnError(): tcp stop
[E][ssl_client.cpp:33] handle_error(): SSL - Bad input parameters to function
[E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -28928
[E][ssl_client.cpp:33] handle_error(): SSL - Bad input parameters to function
[E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -28928
[E][ssl_client.cpp:33] handle_error(): SSL - Bad input parameters to function
[E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -28928
[D][HTTPClient.cpp:370] disconnect(): tcp stop

Error: -2

I wrote the code for V:1.0.4 (newest when writing the code) and might just have been lucky. Seems that the problem stems from the way "Arduino ESP32" handles the TCP connection in different library versions.

The fingerprint method seemed like the better and easiest option to implement but might not have been the best choice in hindsight...

Il found some good papers online which helped. I wrote the code about a year ago and "finished" it about 6 months ago so don't remember exactly what papers I used. Il keep adding comments to this issue in the coming days and try and find the resources I used!

This is definitively a more severe problem so should be bumped to the top of the queue.

kcranky commented 3 years ago

I took another look at this and it's pretty easy to resolve. See the PR at https://github.com/JoeyStrandnes/Arduino-Toggl-API/pull/10

Information source: https://techtutorialsx.com/2017/11/18/esp32-arduino-https-get-request/

The Fix 1) Add the root_ca to Toggl.h 2) Change all references to Fingerprint in Toggl_ESP32.cpp to root_ca

I've run the simple test shown above, and here is the debug output:

[D][WiFiGeneric.cpp:374] _eventCallback(): Event: 0 - WIFI_READY
[D][WiFiGeneric.cpp:374] _eventCallback(): Event: 2 - STA_START
[D][WiFiGeneric.cpp:374] _eventCallback(): Event: 4 - STA_CONNECTED
[D][WiFiGeneric.cpp:374] _eventCallback(): Event: 7 - STA_GOT_IP
[D][WiFiGeneric.cpp:419] _eventCallback(): STA IP: 192.168.0.223, MASK: 255.255.255.0, GW: 192.168.0.1
Hello!
[V][HTTPClient.cpp:239] beginInternal(): url: https://api.track.toggl.com/api/v8/me
[D][HTTPClient.cpp:287] beginInternal(): host: api.track.toggl.com port: 443 url: /api/v8/me
[D][HTTPClient.cpp:573] sendRequest(): request type: 'GET' redirCount: 0

[V][ssl_client.cpp:59] start_ssl_client(): Free internal heap before TLS 280140
[V][ssl_client.cpp:65] start_ssl_client(): Starting socket
[V][ssl_client.cpp:104] start_ssl_client(): Seeding the random number generator
[V][ssl_client.cpp:113] start_ssl_client(): Setting up the SSL/TLS structure...
[V][ssl_client.cpp:129] start_ssl_client(): Loading CA cert
[V][ssl_client.cpp:197] start_ssl_client(): Setting hostname for TLS session...
[V][ssl_client.cpp:212] start_ssl_client(): Performing the SSL/TLS handshake...
[V][ssl_client.cpp:233] start_ssl_client(): Verifying peer X.509 certificate...
[V][ssl_client.cpp:242] start_ssl_client(): Certificate verified.
[V][ssl_client.cpp:257] start_ssl_client(): Free internal heap after TLS 238796
[D][HTTPClient.cpp:1119] connect():  connected to api.track.toggl.com:443
[V][ssl_client.cpp:295] send_ssl_data(): Writing HTTP request with 237 bytes...
[V][HTTPClient.cpp:1210] handleHeaderResponse(): RX: 'HTTP/1.1 200 OK'
[V][HTTPClient.cpp:1210] handleHeaderResponse(): RX: 'Server: nginx'
[V][HTTPClient.cpp:1210] handleHeaderResponse(): RX: 'Date: Mon, 15 Mar 2021 18:46:56 GMT'
[V][HTTPClient.cpp:1210] handleHeaderResponse(): RX: 'Content-Type: application/json; charset=utf-8'
[V][HTTPClient.cpp:1210] handleHeaderResponse(): RX: 'Content-Length: 1762'
[V][HTTPClient.cpp:1210] handleHeaderResponse(): RX: 'Cache-Control: no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0'
[V][HTTPClient.cpp:1210] handleHeaderResponse(): RX: 'X-Toggl-Request-Id: <hidden>'
[V][HTTPClient.cpp:1210] handleHeaderResponse(): RX: 'Instance: time-public-api2'
[V][HTTPClient.cpp:1210] handleHeaderResponse(): RX: 'Strict-Transport-Security: max-age=15552000; includeSubDomains'
[V][HTTPClient.cpp:1210] handleHeaderResponse(): RX: 'X-Content-Type-Options: nosniff'
[V][HTTPClient.cpp:1210] handleHeaderResponse(): RX: 'X-We-are-hiring: https://toggl.com/jobs/'
[V][HTTPClient.cpp:1210] handleHeaderResponse(): RX: 'X-Request-ID: <hidden>'
[V][HTTPClient.cpp:1210] handleHeaderResponse(): RX: 'Via: 1.1 google'
[V][HTTPClient.cpp:1210] handleHeaderResponse(): RX: 'Alt-Svc: clear'
[V][HTTPClient.cpp:1210] handleHeaderResponse(): RX: ''
[D][HTTPClient.cpp:1251] handleHeaderResponse(): code: 200
[D][HTTPClient.cpp:1254] handleHeaderResponse(): size: 1762
[D][HTTPClient.cpp:597] sendRequest(): sendRequest code=200

[D][HTTPClient.cpp:1388] writeToStreamDataBlock(): connection closed or file end (written: 1762).
[D][HTTPClient.cpp:379] disconnect(): tcp keep open for reuse

[D][HTTPClient.cpp:379] disconnect(): tcp keep open for reuse

[V][ssl_client.cpp:265] stop_ssl_socket(): Cleaning SSL connection.
[V][ssl_client.cpp:265] stop_ssl_socket(): Cleaning SSL connection.
Keegan Crankshaw

As you can see, my name successfully prints out at the end.

I've also run the new getWorkSpaces and that returns my workspaces correctly.

Additional Notes There are many ways to implement a HTTPS connection, one of which which is promising is WifiClientSecure. I've never used it (it's been years since I've worked in the Arduino ecosystem), but a cursory browse suggests this implementation might allow a single cpp file for both the ESP32 and ESP8266 (and hopefully any other boards using WiFi). This feels like a "V2 fix" though, probably implemented alongside the async calls functionality mentioned as point 3 in https://github.com/JoeyStrandnes/Arduino-Toggl-API/issues/8.

I also wonder if the ESP8266 method is also a bit of a chance implementation. Switching over to a method universal to both boards will hopefully mean longer and more consistent support from those library maintainers. But like I say, more of a V2.

JoeyStrandnes commented 3 years ago

Thanks!

I tested your code and it seems to work without a problem, ran all functions and they returned data as they should. Merged PR #10 and drafted a new release. The library manager should be updated in a few hours.

Using one implementation file for both processors would be nice. Its barely any difference between the two versions, it just creates problems. Il look into it along side async TCP.

Like you said, it more of a version 2!

Il close this issue since it is resolved. Unless you have anything to add!

Thanks again, its kind of annoying that the only time I've had community engagement is when I have finals week :P

PS:

You can highlight code by writing the code style after the three ``` symbols. Makes it a bit easier to se what's going on :)

Example: ```c++

void test(){

}
kcranky commented 3 years ago

Great! I'm glad it works! Glad to be of assistance.

Thanks for the tip on syntax highlighting! I never knew that about markdown.

I'm sorry about bugging you in the lead-up to finals. Please don't feel pressured to engage or respond until you're done. I'll carry on working on things as I see them, and you can get to them whenever you're ready.