esp32 ssl certificate verification error

shurillu / CTBot

A simple (and easy to use) Arduino Telegram BOT Library for ESP8266/ESP32

MIT License

147 stars 34 forks source link

esp32 ssl certificate verification error #81

Closed DmitryBorisenko33 closed 3 years ago

DmitryBorisenko33 commented 3 years ago

00:00:03 [I] [Telegram] Telegram Token
00:00:03 [I] [Telegram] UTF8 Encoding
[E][ssl_client.cpp:36] _handle_error(): [start_ssl_client():216]: (-9984) X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
[E][WiFiClientSecure.cpp:127] connect(): start_ssl_client: -9984
00:00:06 [E] [Telegram] Not connected

Im using esp32. From one moment telegram bot sopped working, but worked before all the time. I checked log and found that when i use myBot->testConnection() i got an error: ssl Certificate verification failed. But same code working properly on esp8266. Please check this issue.

Just for you information we using your lib in big project IoTmanager esp8266 esp32 firmware. This is link to our github

shurillu commented 3 years ago

Hello Dimitry,

Quick question: have you set useDNS(true) before calling any Telegram server connection method (like, for example, testConnection)? The useDNS(true) method should be called once (at least for ESP32 platform). Another quick question: are you using the last release? I made a fix for that issue some weeks ago, even in the v3.0.0 version. Finally in the CTBotDefines.h there is a define called

CTBOT_USE_FINGERPRINT

If you set it to zero, the library do not any certificate authentication.

So please let me know if you can fix the issue.

Cheers

Stefano

DmitryBorisenko33 commented 3 years ago

Good Day Thank you for quick reply.

Im not using useDNS(true)

I trying it now and all working for me! No any errors. Sould i use this method for esp8266 too?

I see in yor git repository only 2.1.5 latest lib version. Were can i get 3.0.0 version?

Thank you for this greet lib and job!

shurillu commented 3 years ago

Hello Dmitry, useDNS(true) is mandatory only for the ESP32 Platform in order to check the certificate. The ESP8266 use a different method (fingerprint) so you can disable it without issues. As I said, it you must use the Telegram Server IP for connecting to the Telegram Server (so useDNS(false)), you have to disable this define in CTBotDefines.h

CTBOT_USE_FINGERPRINT 0

For your second question, you can find the v3.0.0 in the v3.0.0 branch. There are several new functionalities, for example you can send binary data (as images, photos - if you have a connected camera - files etc). It is almost ready to publish, I have to write more examples.

Cheers

Stefano

DmitryBorisenko33 commented 3 years ago

Thank you for this greet job and good support! We using your library in our home athomation system IoTmanager long time. And all working very well. We have already formed a fairly large audience of users of our firmware. I am constantly in contact with my users and have never heard of any problems with the delivery of messages in telegrams. This is the undoubted merit of your library.