Closed sivar2311 closed 3 years ago
Hi,
the problem is that the ESP8266 has internally only one WiFiClientSecureCtx
where the CA and client certs are stored.
this WiFiClientSecureCtx
is shared for all SSL connections, so creating 2 connections with multiple settings is currently not impossible as fare I understand the code.
and every configuration of for e.g. of the CA or client cert is started with a cleanup of the WiFiClientSecureCtx
.
which makes clear why websockets or pubsub is working but not both.
Thank you Markus for the detailed answer!
I think that's the point where BearSSL::CertStore
comes into play - which I'm going to test now.
Danke nochmal's und Grüße aus Schleswig-Holstein :)
Hi Markus,
I have now worked intensively with the BearSSL::X509List. Since it is a list, I have added several certificates using assign().
It took a while but now the whole thing is clear to me.
The BearSSL::X509List can store multiple certificates, but there can only be one active SSL connection at a time.
Too bad, but that's the way it is. Thanks again for your help!
Hi Markus!
We have trouble with WSS (SSL) connection when other SSL clients (like PubSubClient) are running in the same sketch. For Websocket connection we use simply
webSocket.beginSSL()
(no cert's here).The MQTT SSL part is implemented like this:
I don't have much knowledge about SSL and what's happening in background here.
I tried
WebSocket.beginSSLwithCa(...)
(using with certificates) which worked on websocket side, but still blocking the pubsub client.Changing back to ws (without SSL) - pubsubclient started to work.
Do you have any idea how to run wss client and pubsubclient using SSL in the same sketch?
Kind regards Boris