Closed AnthonyGrondin closed 1 year ago
I tested this on ESP32-C3 with debug output (we are not able to get debug output on Xtensa currently because there is a problem with variadic args)
Start tls connect
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3939 => handshake
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2124 => flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2133 <= flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3859 client state: MBEDTLS_SSL_HELLO_REQUEST
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2124 => flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2133 <= flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3859 client state: MBEDTLS_SSL_CLIENT_HELLO
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_client.c:906 => write client hello
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_generic.c:1471 Perform PSA-based ECDH computation.
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_client.c:258 got supported group(1d)
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_client.c:258 got supported group(17)
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_client.c:258 got supported group(18)
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_client.c:258 got supported group(1e)
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_client.c:258 got supported group(19)
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_client.c:258 got supported group(1a)
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_client.c:258 got supported group(1b)
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_client.c:258 got supported group(1c)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2554 => write handshake message
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2714 => write record
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2851 <= write record
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2675 <= write handshake message
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_client.c:994 <= write client hello
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2124 => flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2138 message length: 221, out_left: 221
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2145 ssl->f_send() returned 221 (-0xffffff23)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2172 <= flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3859 client state: MBEDTLS_SSL_SERVER_HELLO
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_client.c:2039 => ssl_tls13_process_server_hello
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:3887 => read record
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 0, nb_want: 5
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 0, nb_want: 5
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_client.c:2086 <= ssl_tls13_process_server_hello ( ServerHello )
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3950 <= handshake
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3939 => handshake
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2124 => flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2133 <= flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3859 client state: MBEDTLS_SSL_SERVER_HELLO
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_client.c:2039 => ssl_tls13_process_server_hello
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:3887 => read record
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 0, nb_want: 5
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 0, nb_want: 5
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2089 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2111 <= fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 5, nb_want: 127
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 5, nb_want: 127
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2089 ssl->f_recv(_timeout)() returned 122 (-0xffffff86)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2111 <= fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:3959 <= read record
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_client.c:1520 received ServerHello message
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_client.c:491 ECDH curve: x25519
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_keys.c:1339 => ssl_tls13_generate_handshake_keys
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_keys.c:1425 <= ssl_tls13_generate_handshake_keys
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_client.c:1991 Switch to handshake keys for inbound traffic
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_client.c:2086 <= ssl_tls13_process_server_hello ( ServerHello )
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2124 => flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2133 <= flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3859 client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_client.c:2220 => parse encrypted extensions
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:3887 => read record
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 0, nb_want: 5
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 0, nb_want: 5
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2089 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2111 <= fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 5, nb_want: 6
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 5, nb_want: 6
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2089 ssl->f_recv(_timeout)() returned 1 (-0xffffffff)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2111 <= fetch input
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:4770 Ignore ChangeCipherSpec in TLS 1.3 compatibility mode
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 0, nb_want: 5
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 0, nb_want: 5
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2089 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2111 <= fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 5, nb_want: 32
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 5, nb_want: 32
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2089 ssl->f_recv(_timeout)() returned 27 (-0xffffffe5)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2111 <= fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1291 => decrypt buf
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1892 <= decrypt buf
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:3959 <= read record
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_client.c:2254 <= parse encrypted extensions
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2124 => flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2133 <= flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3859 client state: MBEDTLS_SSL_CERTIFICATE_REQUEST
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_client.c:2467 => parse certificate request
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:3887 => read record
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 0, nb_want: 5
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 0, nb_want: 5
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2089 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2111 <= fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 5, nb_want: 67
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 5, nb_want: 67
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2089 ssl->f_recv(_timeout)() returned 62 (-0xffffffc2)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2111 <= fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1291 => decrypt buf
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1892 <= decrypt buf
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:3959 <= read record
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:3887 => read record
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:3955 reuse previously read message
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:3959 <= read record
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_client.c:2497 <= parse certificate request
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2124 => flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2133 <= flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3859 client state: MBEDTLS_SSL_SERVER_CERTIFICATE
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_generic.c:747 => parse certificate
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:3887 => read record
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 0, nb_want: 5
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 0, nb_want: 5
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2089 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2111 <= fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 5, nb_want: 4321
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 5, nb_want: 4321
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2089 ssl->f_recv(_timeout)() returned 500 (-0xfffffe0c)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 505, nb_want: 4321
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_generic.c:770 <= parse certificate
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3950 <= handshake
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3939 => handshake
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2124 => flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2133 <= flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3859 client state: MBEDTLS_SSL_SERVER_CERTIFICATE
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_generic.c:747 => parse certificate
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:3887 => read record
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 505, nb_want: 5
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2111 <= fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 505, nb_want: 4321
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 505, nb_want: 4321
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2089 ssl->f_recv(_timeout)() returned 737 (-0xfffffd1f)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 1242, nb_want: 4321
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_generic.c:770 <= parse certificate
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3950 <= handshake
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3939 => handshake
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2124 => flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2133 <= flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3859 client state: MBEDTLS_SSL_SERVER_CERTIFICATE
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_generic.c:747 => parse certificate
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:3887 => read record
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 1242, nb_want: 5
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2111 <= fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 1242, nb_want: 4321
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 1242, nb_want: 4321
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2089 ssl->f_recv(_timeout)() returned 1474 (-0xfffffa3e)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 2716, nb_want: 4321
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_generic.c:770 <= parse certificate
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3950 <= handshake
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3939 => handshake
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2124 => flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2133 <= flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3859 client state: MBEDTLS_SSL_SERVER_CERTIFICATE
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_generic.c:747 => parse certificate
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:3887 => read record
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 2716, nb_want: 5
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2111 <= fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 2716, nb_want: 4321
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 2716, nb_want: 4321
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2089 ssl->f_recv(_timeout)() returned 1474 (-0xfffffa3e)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 4190, nb_want: 4321
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_generic.c:770 <= parse certificate
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3950 <= handshake
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3939 => handshake
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2124 => flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2133 <= flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3859 client state: MBEDTLS_SSL_SERVER_CERTIFICATE
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_generic.c:747 => parse certificate
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:3887 => read record
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 4190, nb_want: 5
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2111 <= fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 4190, nb_want: 4321
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 4190, nb_want: 4321
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2089 ssl->f_recv(_timeout)() returned 131 (-0xffffff7d)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2111 <= fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1291 => decrypt buf
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1892 <= decrypt buf
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:3959 <= read record
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_generic.c:770 <= parse certificate
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2124 => flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2133 <= flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3859 client state: MBEDTLS_SSL_CERTIFICATE_VERIFY
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_generic.c:295 => parse certificate verify
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:3887 => read record
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 0, nb_want: 5
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 0, nb_want: 5
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2089 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2111 <= fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1926 => fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2066 in_left: 5, nb_want: 542
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2086 in_left: 5, nb_want: 542
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2089 ssl->f_recv(_timeout)() returned 537 (-0xfffffde7)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2111 <= fetch input
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1291 => decrypt buf
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:1892 <= decrypt buf
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:3959 <= read record
WARN - Unable to allocate 1036 bytes
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_generic.c:268 mbedtls_pk_verify_ext() returned -17040 (-0x4290)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_generic.c:338 <= parse certificate verify
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_generic.c:339 mbedtls_ssl_tls13_process_certificate_verify() returned -28160 (-0x6e00)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:4868 => send alert message
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2714 => write record
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2124 => flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2138 message length: 7, out_left: 7
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2145 ssl->f_send() returned 7 (-0xfffffff9)
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2172 <= flush output
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:2851 <= write record
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:4880 <= send alert message
INFO - 2 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls.c:3950 <= handshake
-0x4290 is likely MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
I made some progress.
First thing was increasing the heap ( https://github.com/esp-rs/esp-wifi/blob/cce6738220f4f12ab4db92f74295e762f5425e99/esp-wifi/src/lib.rs#L96 ) to 110k
Then I was able to get through the handshake on ESP32-C3 but I wasn't able to receive data afterwards. Since there might be problems with the async IO I basically did the same things you did for async for the sync API.
Now on ESP32-C3 I get this with a sync_client.rs
example
Call wifi_connect
Wait to get connected
Wait to get an ip address
Got ip Ok(IpInfo { ip: 192.168.137.131, subnet: Subnet { gateway: 192.168.137.1, mask: Mask(24) }, dns: Some(192.168.137.1), secondary_dns: None })
We are connected!
Making HTTP request
Start tls connect
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_generic.c:1471 Perform PSA-based ECDH computation.
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_client.c:258 got supported group(1d)
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_client.c:258 got supported group(17)
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_client.c:258 got supported group(18)
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_client.c:258 got supported group(1e)
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_client.c:258 got supported group(19)
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_client.c:258 got supported group(1a)
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_client.c:258 got supported group(1b)
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_client.c:258 got supported group(1c)
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_client.c:1991 Switch to handshake keys for inbound traffic
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:4770 Ignore ChangeCipherSpec in TLS 1.3 compatibility mode
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_generic.c:339 mbedtls_ssl_tls13_process_certificate_verify() returned 0 (-0x00)
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_client.c:2584 Switch to handshake traffic keys for outbound traffic
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_generic.c:1278 Switch to application keys for inbound traffic
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_tls13_generic.c:1281 Switch to application keys for outbound traffic
Write to connection
Read from connection
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:5483 mbedtls_ssl_handshake() returned -31488 (-0x7b00)
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:5483 mbedtls_ssl_handshake() returned -31488 (-0x7b00)
HTTP/1.1 200 OK
Date: Fri, 14 Apr 2023 12:50:28 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Length: 2051
Connection: close
Content-Type: application/json
{"HTTPS":"on","SSL_SERVER_S_DN_CN":"certauth.cryptomix.com","SSL_SERVER_I_DN_C":"US","SSL_SERVER_I_DN_O":"Let's Encrypt","SSL_SERVER_I_DN_CN":"R3","SSL_CLIENT_S_DN_CN":"esp-mbedtls","SSL_CLIENT_I_DN_CN":"esp-mbedtls.local","SSL_CLIENT_I_DN_O":"Server Certificate","SSL_SERVER_SAN_DNS_0":"certauth.cryptomix.com","SSL_VERSION_INTERFACE":"mod_ssl\/2.4.41","SSL_VERSION_LIBRARY":"OpenSSL\/1.1.1f","SSL_PROTOCOL":"TLSv1.3","SSL_SECURE_RENEG":"true","SSL_COMPRESS_METHOD":"NULL","SSL_CIPHER":"TLS_AES_256_GCM_SHA384","SSL_CIPHER_EXPORT":"false","SSL_CIPHER_USEKEYSIZE":"256","SSL_CIPHER_ALGKEYSIZE":"256","SSL_CLIENT_VERIFY":"FAILED:unable to verify the first certificate","SSL_CLIENT_M_VERSION":"1","SSL_CLIENT_M_SERIAL":"01","SSL_CLIENT_V_START":"Apr 13 21:46:56 2023 GMT","SSL_CLIENT_V_END":"Apr 12 21:46:56 2024 GMT","SSL_CLIENT_V_REMAIN":"365","SSL_CLIENT_S_DN":"CN=esp-mbedtls","SSL_CLIENT_I_DN":"O=Server Certificate,CN=esp-mbedtls.local","SSL_CLIENT_A_KEY":"rsaEncryption","SSL_CLIENT_A_SIG":"sha256WithRSAEncryption","SSL_CLIENT_CERT_RFC4523_CEA":"{ serialNumber 1, issuer rdnSequence:\"O=Server Certificate,CN=esp-mbedtls.local\" }","SSL_SERVER_M_VERSION":"3","SSL_SERVER_M_SERIAL":"0320F49350E2EB81C9F8EA4820C2021F2BFC","SSL_SERVER_V_START":"Mar 8 02:07:24 2023 GMT","SSL_SERVER_V_END":"Jun 6 02:07:23 2023 GMT","SSL_SERVER_S_DN":"CN=certauth.cryptomix.com","SSL_SERVER_I_DN":"CN=R3,O=Let's Encrypt,C=US","SSL_SERVER_A_KEY":"rsaEncryption","SSL_SERVER_A_SIG":"sha256WithRSAEncryption","SSL_SESSION_ID":"91fc101a9672056fbd0cca993423d9261310be6196378f43f486c7146060153d","SSL_SESSION_RESUMED":"Initial","HTTP_HOST":"certauth.cryptomix.com","SERVER_SIGNATURE":"","SERVER_SOFTWARE":"Apache","SERVER_NAME":"certauth.cryptomix.com","SERVER_ADDR":"62.210.201.125","SERVER_PORT":"443","REMOTE_ADDR":"84.59.185.27","REQUEST_SCHEME":"https","REMOTE_PORT":"63030","GATEWAY_INTERFACE":"CGI\/1.1","SERVER_PROTOCOL":"HTTP\/1.0","REQUEST_METHOD":"GET","QUERY_STRING":"","REQUEST_URI":"\/json\/","REQUEST_TIME_FLOAT":1681476628.903,"REQUEST_TIME":1681476628}
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:3942 mbedtls_ssl_handle_message_type() returned -30848 (-0x7880)
INFO - 1 /mnt/c/projects/esp/esp-mbedtls/build_mbedtls/tmpsrc/mbedtls/library/ssl_msg.c:5501 mbedtls_ssl_read_record() returned -30848 (-0x7880)
Done
However, no luck so far with ESP32-S3 and ESP32. Maybe this is a good hint: https://github.com/espressif/esp-idf/commit/dc34d4986adb58e4a4b3f3074738e2a114eacb47
Seems there is really some mis-compilation / mis-optimization. Building mbedtls in debug mode made it kind of work on ESP32-S3
I (43) boot: ESP-IDF v5.0-beta1-764-gdbcf640261 2nd stage bootloader
I (43) boot: compile time 11:32:39
I (43) boot: chip revision: V001
I (47) boot_comm: chip revision: 1, min. bootloader chip revision: 0
I (54) boot.esp32s3: Boot SPI Speed : 80MHz
I (59) boot.esp32s3: SPI Mode : DIO
I (63) boot.esp32s3: SPI Flash Size : 8MB
I (68) boot: Enabling RNG early entropy source...
I (73) boot: Partition Table:
I (77) boot: ## Label Usage Type ST Offset Length
I (84) boot: 0 nvs WiFi data 01 02 00009000 00006000
I (92) boot: 1 phy_init RF data 01 01 0000f000 00001000
I (99) boot: 2 factory factory app 00 00 00010000 007f0000
I (107) boot: End of partition table
I (111) boot_comm: chip revision: 1, min. application chip revision: 0
I (118) esp_image: segment 0: paddr=00010020 vaddr=3c0c0020 size=2e970h (190832) map
I (161) esp_image: segment 1: paddr=0003e998 vaddr=3fc8d310 size=0128ch ( 4748) load
I (162) esp_image: segment 2: paddr=0003fc2c vaddr=3fcb5214 size=00168h ( 360) load
I (167) esp_image: segment 3: paddr=0003fd9c vaddr=40378000 size=0027ch ( 636) load
I (175) esp_image: segment 4: paddr=00040020 vaddr=42000020 size=b755ch (750940) map
I (318) esp_image: segment 5: paddr=000f7584 vaddr=4037827c size=05094h ( 20628) load
I (325) boot: Loaded app from partition at offset 0x10000
I (326) boot: Disabling RNG early entropy source...
Call wifi_connect
Wait to get connected
Wait to get an ip address
Got ip Ok(IpInfo { ip: 192.168.137.59, subnet: Subnet { gateway: 192.168.137.1, mask: Mask(24) }, dns: Some(192.168.137.1), secondary_dns: None })
We are connected!
Making HTTP request
Start tls connect
Write to connection
Read from connection
HTTP/1.1 200 OK
Date: Fri, 14 Apr 2023 14:04:31 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Length: 2051
Connection: close
Content-Type: application/json
{"HTTPS":"on","SSL_SERVER_S_DN_CN":"certauth.cryptomix.com","SSL_SERVER_I_DN_C":"US","SSL_SERVER_I_DN_O":"Let's Encrypt","SSL_SERVER_I_DN_CN":"R3","SSL_CLIENT_S_DN_CN":"esp-mbedtls","SSL_CLIENT_I_DN_CN":"esp-mbedtls.local","SSL_CLIENT_I_DN_O":"Server Certificate","SSL_SERVER_SAN_DNS_0":"certauth.cryptomix.com","SSL_VERSION_INTERFACE":"mod_ssl\/2.4.41","SSL_VERSION_LIBRARY":"OpenSSL\/1.1.1f","SSL_PROTOCOL":"TLSv1.3","SSL_SECURE_RENEG":"true","SSL_COMPRESS_METHOD":"NULL","SSL_CIPHER":"TLS_AES_256_GCM_SHA384","SSL_CIPHER_EXPORT":"false","SSL_CIPHER_USEKEYSIZE":"256","SSL_CIPHER_ALGKEYSIZE":"256","SSL_CLIENT_VERIFY":"FAILED:unable to verify the first certificate","SSL_CLIENT_M_VERSION":"1","SSL_CLIENT_M_SERIAL":"01","SSL_CLIENT_V_START":"Apr 13 21:46:56 2023 GMT","SSL_CLIENT_V_END":"Apr 12 21:46:56 2024 GMT","SSL_CLIENT_V_REMAIN":"365","SSL_CLIENT_S_DN":"CN=esp-mbedtls","SSL_CLIENT_I_DN":"O=Server Certificate,CN=esp-mbedtls.local","SSL_CLIENT_A_KEY":"rsaEncryption","SSL_CLIENT_A_SIG":"sha256WithRSAEncryption","SSL_CLIENT_CERT_RFC4523_CEA":"{ serialNumber 1, issuer rdnSequence:\"O=Server Certificate,CN=esp-mbedtls.local\" }","SSL_SERVER_M_VERSION":"3","SSL_SERVER_M_SERIAL":"0320F49350E2EB81C9F8EA4820C2021F2BFC","SSL_SERVER_V_START":"Mar 8 02:07:24 2023 GMT","SSL_SERVER_V_END":"Jun 6 02:07:23 2023 GMT","SSL_SERVER_S_DN":"CN=certauth.cryptomix.com","SSL_SERVER_I_DN":"CN=R3,O=Let's Encrypt,C=US","SSL_SERVER_A_KEY":"rsaEncryption","SSL_SERVER_A_SIG":"sha256WithRSAEncryption","SSL_SESSION_ID":"326a2f70d4d95eb8d72c128739c16a11f5712892a9e4b4a572615c36af7db666","SSL_SESSION_RESUMED":"Initial","HTTP_HOST":"certauth.cryptomix.com","SERVER_SIGNATURE":"","SERVER_SOFTWARE":"Apache","SERVER_NAME":"certauth.cryptomix.com","SERVER_ADDR":"62.210.201.125","SERVER_PORT":"443","REMOTE_ADDR":"84.59.185.27","REQUEST_SCHEME":"https","REMOTE_PORT":"63039","GATEWAY_INTERFACE":"CGI\/1.1","SERVER_PROTOCOL":"HTTP\/1.0","REQUEST_METHOD":"GET","QUERY_STRING":"","REQUEST_URI":"\/json\/","REQUEST_TIME_FLOAT":1681481071.264,"REQUEST_TIME":1681481071}
Done
But the handshake takes forever to complete - also on ESP32 it still doesn't seem to work
Some interesting observations - probably more as a note to self:
After rebasing this should work now
Great! I'm gonna test it on my side and finish this PR. Thanks for the bugfix
Oops didn't mean to do that.
Everything seems to work for now. I'm waiting for a first review before doing the other examples.
Not sure if it's related to this PR, but it seems like the closing of connection isn't done properly.
This can be viewed by either resetting the chip many times, or by flashing the chip multiple times in a row, after a connection is done.
The given error is:
WARN - esp_wifi_internal_tx 12290
start connection task
Device capabilities: Ok(EnumSet(Client | AccessPoint))
Starting wifi
Wifi started!
About to connect...
Wifi connected!
Waiting to get IP address...
Got IP: 192.168.69.163/24
connecting...
connect error: ConnectionReset
I'm wondering if we should unify it under a single function to reduce duplication. Most of the body for Session::new()
in blocking (sync) and async is essentially the same.
I'm wondering if we should unify it under a single function to reduce duplication. Most of the body for
Session::new()
in blocking (sync) and async is essentially the same.
Agreed - I think I wanted to do it like that in the beginning but when the problems with the pre-compiled binaries kicked in I just went that way
The new examples seem to work fine for me on ESP32-S3 - the other examples need adjustments because of the changes to the constructor
Great work!
Nice! Seems like the new examples for ESP32 and ESP32-C3 are missing an `use esp_mbedtls::Certificates;´ - I probably should setup CI in this repo
@MabezDev works fine with our Rust 1.68 but with Rust 1.69 I see it gets stuck at the connection to the access point on ESP32-S3, again 😢 I tried tinkering with opt-level and lto etc. without success
I added the imports that I missed. I've only tested on esp32s3, as it's the only device I have on hand.
I think some optimizations could be made, by not allocating memory for certificates, if we don't use them. This would be especially useful when not using client certificates, but I'm not sure about the behavior of freeing memory that hasn't been allocated, when dropping the Session struct.
I tested on ESP32 and ESP32-C3 - everything fine now.
I'd say this is fine to get merged now. The suggested optimization totally makes sense - if some memory isn't allocated there would be a null-pointer which should get checked in drop
before the call to free
Would be perfectly fine to do the optimization in a follow-up PR and we merge this - not sure what option you'd prefer. Just let me know and I'll approve and merge this
I think we should merge this, then do the optimizations in another PR.
I've implemented the functionnalities that I needed, and I would leave you with the optimization part.
Enable the ability to pass a client certificate for client authentication.
Testing:
cargo run --release --example async_client --features=async
Testing the certs with curl:
curl https://certauth.cryptomix.com/json/ --key <PRIVATE_KEY>.pem --cert <Certificate>.pem -v
~Currently, this returns an error,
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE
, and I don't know why it happens, withMBEDTLS_SSL_VERIFY_OPTIONAL
the error changes forMBEDTLS_ERR_SSL_BAD_CONFIG
.~ FIXEDTODOs:
struct
. This would make breaking changes less frequents in the future, and reduce the number of arguments The functions about certificates could also be moved there to reduce complexitystruct
to handle certs.