Closed kjav closed 6 years ago
Please enable debug output (in tools menu, set Debug Level: SSL, Debug Port: Serial, and also add Serial.setDebugOutput(true);
after Serial.begin), and attach the log you get when connecting.
Also you say that Core Version: unknown
. Please check what the version is. If you have installed it using boards manager, go there and check the installed version number. If you have installed it using git, run git describe
in the core directory.
@kjav In the mode you're using, axtls isn't looking at the cert at all, but do be aware that
...which was generated using OpenSSL to have a 100 year lifespan...
The certificate end date will be subject to overflow and should you try and validate it (not its sha1 fingerprint) it'll not work. Certs past 2038 have the UNIX signed 32-bit time overflow problem.
Closing due to lack of feedback, and merge of bearssl.
Basic Info
Hi, I have been trying to make an https request using ESP8266WiFi, on a subdomain of my website.
Hardware
Hardware: ESP-12 Core Version: unknown
Description
Note: Real domains replaced with example domains.
I have created a subdomain,
sub.domain.com
, of my root websitedomain.com
. The root website has a security certificate with sha1 hash17 59 29 DF BF 6D 2D 7F 8D 3B 58 D8 45 87 32 C8 05 3D E6 E5
, which is generated using letsencrypt, and the subdomain has a security certificate with a sha1 hash88 E6 9D D0 7D A4 D0 E2 8B B5 11 A0 60 1F 4F 02 83 47 9E 51
which was generated using OpenSSL to have a 100 year lifespan. These certificate fingerprints were obtained from inspecting the certificates in the browser.When I run my code (below), the logs show that it is testing the sha1 hash of the wrong certificate - the root certificate, and not the subdomain certificate. Why is this?
Thanks for your help!
Settings in IDE
Module: ESPino Flash Size: 4MB/1MB CPU Frequency: 80Mhz Flash Mode: DIO Flash Frequency: 921600 baud Reset Method: ck
Sketch
Debug Messages