Closed nliviu closed 3 years ago
Quote! Same for me.
ok, i found the problem. it has nothing to do with SSL as such, but rather with chromium's connection behavior when connecting to sites with untrusted certificates. it establishes two connections in rapid succession: first fails with alert 46 (unknown certificate), second is successful. it continues to behave this way even after user has clicked through the "yes, i want to connect" page. this looks like a minor bug in chromium - why create a connection, drop, then connect again? anyway, even that is not the root cause. the root cause is a race to close the connection between client and server: client sends fatal TLS error, so server marks connection as MG_F_CLOSE_IMMEDIATELY. meanwhile, client also aborts the connection, in a way that sends back RST and causes LWIP to raise error signal, that immediately deallocates everything associated with the connection. the bug was that mongoose was then trying to free it again, causing a double free and corrupting heap. i sent a fix out for review and it should land soon.
Configure http_server in empty application for esp32 with self-signed certificates.
https://IP
core dumps in Chrome and Opera for Windows and MacOS. It works with Firefox for Windows and MacOS, also with Internet Exlorer and Edge for Windows.Chrome
Firefox waits with "Warning: Potential Security Risk Ahead"
After accepting the exception