WiFiClientSecure fingerprint check failed

[AntonWert]

In String CTBot::sendCommand(String command, String parameters) The WiFiClientSecure object is created. Some lines later, a connection attempt is done. It will fail on ESP 2.5.0-beta2 because no fingerprint of the connection is set. Solution: add fingerprint of server with telegramServer.setFingerprint("xx xx..."); Maybe you can also add BearSSL support as an option

[shurillu]

Hello AntonWert, thank you for using the library. Actually the latest stable/official release of the ESP8266 toolchain/library is the v. 2.4.2. The v. 2.5.0 is on beta stage (as you mention) and supporting the beta release tipically is not on my plans (the betas can change before becoming an official release making a continuous maintenance loop until a stable/official version is released). Anyway, if you managed to work with the CTBot library and the 2.5.0-beta2, you could share here the snippet and if it can work with the two release (the 2.4.2 and the beta) I'll add. It's a deal?

Thanks, regards

Stefano

[AntonWert]

Sorry for the late Response, bussy week….

Of Course Stefano, here is the item I added to get it work:

In the file CTBot.cpp I added in the method CTBot::sendCommand:

WiFiClientSecure telegramServer;

// Tell TLS Library to acept uncecked Server fingerprints
telegramServer.setInsecure();

// check for an already established connection
if (m_useDNS) {

I hopeti will help you, Anton

[Salomon-MH]

@AntonWert I've created a pull request with your changes. 😄

[shurillu]

Hello AntonWert, hello Salomon, sadly the setInsecure() method of the WiFiClientSecure class is not implemented in the 2.4.2 version of the ESP8266 library, so it isn't so easy to add (if I merge your pull request, the library stop to work with the 2.4.2 version of the ESP8266 library). I have to check which version of the ESP8266 library in istalled (maybe with the ESP.getCoreVersion()) but I have to do it in a "general way" so that it will work for the past and future releases (here the "thoughts" about beta releases and so on). Let me think about it a bit. Suggestions are welcome!

Stefano

[Salomon-MH]

Oh, I see. I did not think about that, sorry. I'll think about a solution too and will come back to you if I got something. But at least it's a good thing to see it's possible to fix it for the newer versions, just support for lower versions has to be maintained. 😊

[shurillu]

Ok, now should work with 2.4.2 and 2.5.0 versions of the ESP8266 toolchain. Long way short: I added the fingerprint check (as @AntonWert said) and all work fine. I pushed all the changes in the master branch so you can download it and check it. Please let me know if all work fine as I can release a new version with the changes (I already checked, but more feedbacks is better!)

Stefano

[shurillu]

The new release that fix this issue is online. @AntonWert: if you find other issues with the 2.5.0 version of ESP8266 library, please reopen this one.

Stefano