search

esp8266 / Arduino

ESP8266 core for Arduino
GNU Lesser General Public License v2.1
16.09k stars 13.33k forks source link

HTTPClient fails with https but WiFiClientSecure works #2783

Closed torntrousers closed 6 years ago

torntrousers commented 7 years ago

Trying to use HTTPClient to do an HTTP POST with TLS 1.2 fails but it works ok when using WiFiClientSecure.

This is with the latest github code as at 21st Dec 2016.

This sketch demostrates:

`

include

include

const char ssid = ""; const char password = "";

String urlHost = "quickstart.messaging.internetofthings.ibmcloud.com"; String urlPath = "/api/v0002/device/types/typeId/devices/myDevice1/events/eventId"; int urlPort = 8883; // or 1883 for non-secure

void setup() { Serial.begin(115200); Serial.println(); initWifi(); }

void loop() { doPost1(); doPost2(); delay(10000); }

void doPost1() { Serial.println(" HTTPClient "); HTTPClient http; String url = (urlPort == 8883 ? "https://" : "http://") + urlHost + ":" + urlPort + urlPath; Serial.println(url); String payload = String("{ \"d\": {\"aMessage\": \"") + millis()/1000 + "\"} }"; Serial.print("POST payload: "); Serial.println(payload); http.begin(url, payload); http.addHeader("Content-Type", "application/json"); int httpCode = http.POST(payload); Serial.print("HTTP POST Response: "); Serial.println(httpCode); }

void doPost2() { Serial.println(" WiFiClientSecure "); WiFiClientSecure client;

Serial.print("connect: "); Serial.println(urlHost); while (!client.connect(urlHost.c_str(), 8883)) { Serial.print("."); } Serial.println("Connected");

String postData = String("{ \"d\": {\"aMessage\": \"") + millis()/1000 + "\"} }";

String msg = "POST " + urlPath + " HTTP/1.1\r\n" "Host: " + urlHost + "\r\n" "Content-Type: application/json\r\n" "Content-Length: " + postData.length() + "\r\n" "\r\n" + postData;

client.print(msg); Serial.print(msg);

Serial.print("\n*** Request sent, receiving response..."); while (!!!client.available()) { delay(50); Serial.print("."); } Serial.println(); Serial.println("Got response");

// Read all the lines of the reply from server and print them to Serial while(client.available()){ Serial.write(client.read()); }

Serial.println(); Serial.println("closing connection"); client.stop(); }

void initWifi() { Serial.print("Connecting to: "); Serial.print(WiFi.SSID()); WiFi.mode(WIFI_STA);
WiFi.begin(ssid, password);

while (WiFi.status() != WL_CONNECTED) { delay(250); Serial.print("."); } Serial.println(""); Serial.print("WiFi connected, IP address: "); Serial.println(WiFi.localIP()); } `

devyte commented 7 years ago

@torntrousers is this issue still valid with latest git?

igrr commented 7 years ago

I think the line

http.begin(url, payload);

is the problem here.

Please have a look at the overloads of begin method:

    bool begin(String url);
    bool begin(String url, String httpsFingerprint);
    bool begin(String host, uint16_t port, String uri = "/");
    bool begin(String host, uint16_t port, String uri, String httpsFingerprint);

Note that the overload which takes two strings has 'httpsFingerprint' as the second argument, not 'payload'.

The connection fails when HTTPClient is trying to verify certificate fingerprint. It compares the real fingerprint to the contents of your 'payload' and obviously finds no match, hence terminates the connection.

devyte commented 6 years ago

Per previous comment, closing as user error. Also, BearSSL is merged in #4273 , with alternate BearSSL::WiFi* classes. Although axtls-based classes are still available and even the default, they are planned for deprecation and then retirement, hence won't be fixed. Any issues with BearSSL-based classes should be reported in new issues.