ESP32 Micromod cannot connect to SSL

davidgs commented 3 years ago

I've been chasing this around for a week now, and it looks like it's something in the ESP32 board's code.

I loaded the WiFiClientSecure.ino from the examples for ESP32MicroMod and it never is able to connect:

` rst:0x10 (RTCWDT_RTC_RESET),boot:0x13 (SPI_FAST_FLASH_BOOT) configsip: 0, SPIWP:0xee clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00 mode:DIO, clock div:1 load:0x3fff0018,len:4 load:0x3fff001c,len:1216 ho 0 tail 12 room 4 load:0x40078000,len:9720 ho 0 tail 12 room 4 load:0x40080400,len:6352 entry 0x400806b8 Attempting to connect to SSID: XXX [D][WiFiGeneric.cpp:337] _eventCallback(): Event: 0 - WIFI_READY [D][WiFiGeneric.cpp:337] _eventCallback(): Event: 2 - STA_START ..[D][WiFiGeneric.cpp:337] _eventCallback(): Event: 4 - STA_CONNECTED [D][WiFiGeneric.cpp:337] _eventCallback(): Event: 7 - STA_GOT_IP [D][WiFiGeneric.cpp:381] _eventCallback(): STA IP: 192.168.2.22, MASK: 255.255.255.0, GW: 192.168.2.1 Connected to XXX

Starting connection to server... [V][ssl_client.cpp:56] start_ssl_client(): Free internal heap before TLS 265168 [V][ssl_client.cpp:58] start_ssl_client(): Starting socket [V][ssl_client.cpp:66] start_ssl_client(): Socket started [E][ssl_client.cpp:90] start_ssl_client(): Connect to Server failed! [E][WiFiClientSecure.cpp:132] connect(): start_ssl_client: -1 [V][ssl_client.cpp:251] stop_ssl_socket(): Cleaning SSL connection. (yes, I turned onverbose` debugging.

awende commented 3 years ago

Our ESP32 board defintions used the same core as Espressif, including the examples. Our current 1.0.1 version is the same as their 1.0.5 core, so they would be much better at addressing any software related issues.

However, taking a look at the example I was able to replicate the issue you were having if I didn't change the certificate string. Once I replaced that with my own certificate though it appeared to be working.

If you're not sure how to get it, you can run the follow line of code into command promt or terminal: openssl s_client -showcerts -connect www.howsmyssl.com:443

From there you want to chose the certificate that contains the signature trust line, I think it's the second one. Once you replace the stock certificate with your own, you should be able to recompile and upload to have it working.

davidgs commented 3 years ago

Ok, so then

openssl s_client -showcerts -connect davidgs.com:8086
CONNECTED(00000005)
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = AlphaSSL CA - SHA256 - G2
verify return:1
depth=0 OU = Domain Control Validated, CN = *.davidgs.com
verify return:1
---
Certificate chain
 0 s:OU = Domain Control Validated, CN = *.davidgs.com
   i:C = BE, O = GlobalSign nv-sa, CN = AlphaSSL CA - SHA256 - G2
-----BEGIN CERTIFICATE-----
MIIGWzCCBUOgAwIBAgIMaYxOZdFxVXZJ85K+MA0GCSqGSIb3DQEBCwUAMEwxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIwIAYDVQQDExlB
bHBoYVNTTCBDQSAtIFNIQTI1NiAtIEcyMB4XDTIwMDEyMzEzMTMzM1oXDTIyMDEy
MzEzMTMzM1owOzEhMB8GA1UECxMYRG9tYWluIENvbnRyb2wgVmFsaWRhdGVkMRYw
FAYDVQQDDA0qLmRhdmlkZ3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAuXpWesQP5lT+LEjSAGjeUyXITdomFXtncg6KXYQ20D1bENl/J+DLtn0t
4tDQ4Kk4TwntvcV50S7O8/brB7m3cejkvYJS5z4Moos3CqO8JFwcDzTwb13G7nHa
2lXEnh2nFzwhL5WjjhntPfSz9l6NB7sPNELaWhqy38W2fBkXOsa2w7FqV2jHM9Jz
xvsqgT5shuGN6dPmpStRtE4kf0KTVJ/muIWd4lVX1z0egV6yaxe1SZ3hxquqsuH6
wKQHP7mFE6bURF2bQ3guaXgj10OnOfl53zdp7xzIaljsqUEOmaYY7Vso8TFbCC5S
p9avNKbzrGVy03bzrpiTq+SS5bEtUwIDAQABo4IDTDCCA0gwDgYDVR0PAQH/BAQD
AgWgMIGJBggrBgEFBQcBAQR9MHswQgYIKwYBBQUHMAKGNmh0dHA6Ly9zZWN1cmUy
LmFscGhhc3NsLmNvbS9jYWNlcnQvZ3NhbHBoYXNoYTJnMnIxLmNydDA1BggrBgEF
BQcwAYYpaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL2dzYWxwaGFzaGEyZzIw
VwYDVR0gBFAwTjBCBgorBgEEAaAyAQoKMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8v
d3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAgGBmeBDAECATAJBgNVHRME
AjAAMD4GA1UdHwQ3MDUwM6AxoC+GLWh0dHA6Ly9jcmwyLmFscGhhc3NsLmNvbS9n
cy9nc2FscGhhc2hhMmcyLmNybDAlBgNVHREEHjAcgg0qLmRhdmlkZ3MuY29tggtk
YXZpZGdzLmNvbTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0j
BBgwFoAU9c3VPAhQ+WpPOreX2laD5mnSaPcwHQYDVR0OBBYEFIElzs61JlSImuiw
L4VzFH3pRxomMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdgC72d+8H4pxtZOU
I5eqkntHOFeVCqtS6BqQlmQ2jh7RhQAAAW/SiWGhAAAEAwBHMEUCIQCbo02iNxQv
+A4Kty9j+rswWEo85KXGHcMGEsFlqllJPwIgfLFIf4RnKWlnpBHRkrxx6bUPsoVQ
xvZrtbxiBmro1lgAdgBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAA
AW/SiV5aAAAEAwBHMEUCIQCXjLoJmvKQ3BJpPaqDs2HYG0OncZpvbDhM+GFsjkSI
0AIgajnvv70ycEhtP3YVRlUNpMo7bMWgAmI718J4axxQz8UAdgBRo7D1/QF5nFZt
uDd4jwykeswbJ8v3nohCmg3+1IsF5QAAAW/SiWEwAAAEAwBHMEUCIEjRFPpbp1au
SvTKmkZN9VcJRGTb8OVMjgFEpPquxO1/AiEA6rneI/NLMCBUiUh/ddJrYM6enZRy
RCNoeqZ8O/d0rKwwDQYJKoZIhvcNAQELBQADggEBAMc+KtOEEQIAzhrPpCte4RZ4
+UxCfDv+iTEKVBN56gNy0N1Os0xhq9SpWi0IiUzI4VFSQGp18iOtH7wddhJhCHIb
7lMN6T7bgs/YFX1VrGFSxakh0bGPjgca06iaxUgbuw2Z285Gwan4uVp8w9NEq7lM
Onevr4DS4FcGFkzXB0vLHKpYJtDk/Zi8D1OhHFCCIJEVH/lrYruHwcZZ+c9jkgYY
D3pTuect59fs914Xn2iXPoZ2ftyNmQjO8oSVE1dL87MYea12DbVuUJAa1Iik/2ju
KPaOqjHUj7bh/fqQZqUT/GaPVAhW/VOc5itN6GrxwPYSSbIfEmPuJJrIHzpwIRU=
-----END CERTIFICATE-----
 1 s:C = BE, O = GlobalSign nv-sa, CN = AlphaSSL CA - SHA256 - G2
   i:C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
-----BEGIN CERTIFICATE-----
MIIETTCCAzWgAwIBAgILBAAAAAABRE7wNjEwDQYJKoZIhvcNAQELBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw
MDBaFw0yNDAyMjAxMDAwMDBaMEwxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMSIwIAYDVQQDExlBbHBoYVNTTCBDQSAtIFNIQTI1NiAtIEcy
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2gHs5OxzYPt+j2q3xhfj
kmQy1KwA2aIPue3ua4qGypJn2XTXXUcCPI9A1p5tFM3D2ik5pw8FCmiiZhoexLKL
dljlq10dj0CzOYvvHoN9ItDjqQAu7FPPYhmFRChMwCfLew7sEGQAEKQFzKByvkFs
MVtI5LHsuSPrVU3QfWJKpbSlpFmFxSWRpv6mCZ8GEG2PgQxkQF5zAJrgLmWYVBAA
cJjI4e00X9icxw3A1iNZRfz+VXqG7pRgIvGu0eZVRvaZxRsIdF+ssGSEj4k4HKGn
kCFPAm694GFn1PhChw8K98kEbSqpL+9Cpd/do1PbmB6B+Zpye1reTz5/olig4het
ZwIDAQABo4IBIzCCAR8wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
AQAwHQYDVR0OBBYEFPXN1TwIUPlqTzq3l9pWg+Zp0mj3MEUGA1UdIAQ+MDwwOgYE
VR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5hbHBoYXNzbC5jb20vcmVw
b3NpdG9yeS8wMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWdu
Lm5ldC9yb290LmNybDA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6
Ly9vY3NwLmdsb2JhbHNpZ24uY29tL3Jvb3RyMTAfBgNVHSMEGDAWgBRge2YaRQ2X
yolQL30EzTSo//z9SzANBgkqhkiG9w0BAQsFAAOCAQEAYEBoFkfnFo3bXKFWKsv0
XJuwHqJL9csCP/gLofKnQtS3TOvjZoDzJUN4LhsXVgdSGMvRqOzm+3M+pGKMgLTS
xRJzo9P6Aji+Yz2EuJnB8br3n8NA0VgYU8Fi3a8YQn80TsVD1XGwMADH45CuP1eG
l87qDBKOInDjZqdUfy4oy9RU0LMeYmcI+Sfhy+NmuCQbiWqJRGXy2UzSWByMTsCV
odTvZy84IOgu/5ZR8LrYPZJwR2UcnnNytGAMXOLRc3bgr07i5TelRS+KIz6HxzDm
MTh89N1SyvNTBCVXVmaU6Avu5gMUTu79bZRknl7OedSyps9AsUSoPocZXun4IRZZ
Uw==
-----END CERTIFICATE-----
---
Server certificate
subject=OU = Domain Control Validated, CN = *.davidgs.com
issuer=C = BE, O = GlobalSign nv-sa, CN = AlphaSSL CA - SHA256 - G2
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, P-521, 521 bits
---
SSL handshake has read 3475 bytes and written 791 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_128_GCM_SHA256
    Session-ID: E6DF7DEE6011CE46232824E82C7C32FECCF0447279CE53416FE882CE86BB214B
    Session-ID-ctx:
    Resumption PSK: 66A80827740979DB44088A59DA2B84C49A35743CB06CDCE48EFB635ED4211D76
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 604800 (seconds)
    TLS session ticket:
    0000 - 7e d1 b8 f5 b6 62 51 38-c1 d7 7f 0d 78 81 f3 9d   ~....bQ8....x...
    0010 - 6f f3 bd 80 95 b4 ab 81-e2 65 d0 00 50 15 50 bc   o........e..P.P.
    0020 - 07 aa 88 c8 d3 a5 e1 55-1f 6d 87 86 23 62 36 df   .......U.m..#b6.
    0030 - 16 07 04 71 8b d3 2e ae-7f e9 96 7e 66 71 37 d1   ...q.......~fq7.
    0040 - dd c0 d9 a6 c6 75 46 09-a3 95 43 f7 61 f0 92 8a   .....uF...C.a...
    0050 - 9c da b2 65 a2 21 52 98-04 2d 47 a0 d5 2d fc be   ...e.!R..-G..-..
    0060 - 4d 2b 94 ec 70 e0 4e 0e-4c b8 08 be 09 17 1b d2   M+..p.N.L.......
    0070 - 58                                                X

    Start Time: 1622043874
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
closed

I then should use

as my cert, right? Ok, then this code would work:

/**
   BasicHTTPSClient.ino
    Created on: 14.10.2018
*/

#include <Arduino.h>
#include <WiFi.h>
#include <HTTPClient.h>
#include <WiFiClientSecure.h>

const char AlphaSSLCA[] PROGMEM =  R"EOF( 
-----BEGIN CERTIFICATE-----
MIIETTCCAzWgAwIBAgILBAAAAAABRE7wNjEwDQYJKoZIhvcNAQELBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xNDAyMjAxMDAw
MDBaFw0yNDAyMjAxMDAwMDBaMEwxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMSIwIAYDVQQDExlBbHBoYVNTTCBDQSAtIFNIQTI1NiAtIEcy
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2gHs5OxzYPt+j2q3xhfj
kmQy1KwA2aIPue3ua4qGypJn2XTXXUcCPI9A1p5tFM3D2ik5pw8FCmiiZhoexLKL
dljlq10dj0CzOYvvHoN9ItDjqQAu7FPPYhmFRChMwCfLew7sEGQAEKQFzKByvkFs
MVtI5LHsuSPrVU3QfWJKpbSlpFmFxSWRpv6mCZ8GEG2PgQxkQF5zAJrgLmWYVBAA
cJjI4e00X9icxw3A1iNZRfz+VXqG7pRgIvGu0eZVRvaZxRsIdF+ssGSEj4k4HKGn
kCFPAm694GFn1PhChw8K98kEbSqpL+9Cpd/do1PbmB6B+Zpye1reTz5/olig4het
ZwIDAQABo4IBIzCCAR8wDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
AQAwHQYDVR0OBBYEFPXN1TwIUPlqTzq3l9pWg+Zp0mj3MEUGA1UdIAQ+MDwwOgYE
VR0gADAyMDAGCCsGAQUFBwIBFiRodHRwczovL3d3dy5hbHBoYXNzbC5jb20vcmVw
b3NpdG9yeS8wMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2NybC5nbG9iYWxzaWdu
Lm5ldC9yb290LmNybDA9BggrBgEFBQcBAQQxMC8wLQYIKwYBBQUHMAGGIWh0dHA6
Ly9vY3NwLmdsb2JhbHNpZ24uY29tL3Jvb3RyMTAfBgNVHSMEGDAWgBRge2YaRQ2X
yolQL30EzTSo//z9SzANBgkqhkiG9w0BAQsFAAOCAQEAYEBoFkfnFo3bXKFWKsv0
XJuwHqJL9csCP/gLofKnQtS3TOvjZoDzJUN4LhsXVgdSGMvRqOzm+3M+pGKMgLTS
xRJzo9P6Aji+Yz2EuJnB8br3n8NA0VgYU8Fi3a8YQn80TsVD1XGwMADH45CuP1eG
l87qDBKOInDjZqdUfy4oy9RU0LMeYmcI+Sfhy+NmuCQbiWqJRGXy2UzSWByMTsCV
odTvZy84IOgu/5ZR8LrYPZJwR2UcnnNytGAMXOLRc3bgr07i5TelRS+KIz6HxzDm
MTh89N1SyvNTBCVXVmaU6Avu5gMUTu79bZRknl7OedSyps9AsUSoPocZXun4IRZZ
Uw==
-----END CERTIFICATE-----
)EOF";

// Not sure if WiFiClientSecure checks the validity date of the certificate. 
// Setting clock just to be sure...
void setClock() {
  configTime(0, 0, "pool.ntp.org", "time.nist.gov");
  Serial.print(F("Waiting for NTP time sync: "));
  time_t nowSecs = time(nullptr);
  while (nowSecs < 8 * 3600 * 2) {
    delay(500);
    Serial.print(F("."));
    yield();
    nowSecs = time(nullptr);
  }
  Serial.println();
  struct tm timeinfo;
  gmtime_r(&nowSecs, &timeinfo);
  Serial.print(F("Current time: "));
  Serial.print(asctime(&timeinfo));
}
void setup() {
  Serial.begin(115200);
   Serial.setDebugOutput(true);
  Serial.println();
  WiFi.mode(WIFI_STA);
  WiFi.begin("MySSID", "SSIDPWD");
  // wait for WiFi connection
  Serial.print("Waiting for WiFi to connect...");
  int i=0;
  while (WiFi.status() != WL_CONNECTED && i<30) {
    Serial.print(".");
    delay(500);
    i++;
  }
  Serial.println();
  if(WiFi.status() != WL_CONNECTED) {
    Serial.println("WiFi failed");
    ESP.restart();  
  }
  setClock();  
}

void loop() {
  WiFiClientSecure *client = new WiFiClientSecure;
  if(client) {
    client -> setCACert(AlphaSSLCA);
    Serial.println(AlphaSSLCA);
   // client -> setInsecure();
    {
      // Add a scoping block for HTTPClient https to make sure it is destroyed before WiFiClientSecure *client is 
      HTTPClient https;  
      Serial.print("[HTTPS] begin...\n");
      if (https.begin(*client, "https://davidgs.com:8086/health")) {
        Serial.print("[HTTPS] GET...\n");
        // start connection and send HTTP header
        int httpCode = https.GET();  
        // httpCode will be negative on error
        if (httpCode > 0) {
          // HTTP header has been send and Server response header has been handled
          Serial.printf("[HTTPS] GET... code: %d\n", httpCode);  
          // file found at server
          if (httpCode == HTTP_CODE_OK || httpCode == HTTP_CODE_MOVED_PERMANENTLY) {
            String payload = https.getString();
            Serial.println(payload);
          }
        } else {
          Serial.printf("[HTTPS] GET... failed, error: %s\n", https.errorToString(httpCode).c_str());
        }  
        https.end();
      } else {
        Serial.printf("[HTTPS] Unable to connect\n");
      }
      // End extra scoping block
    }  
    delete client;
  } else {
    Serial.println("Unable to create client");
  }
  Serial.println();
  Serial.println("Waiting 10s before the next round...");
  delay(10000);
}

And yet:

[HTTPS] begin...
[V][HTTPClient.cpp:235] beginInternal(): url: https://davidgs.com:8086/health
[D][HTTPClient.cpp:276] beginInternal(): host: davidgs.com port: 8086 url: /health
[V][ssl_client.cpp:56] start_ssl_client(): Free internal heap before TLS 263392
[V][ssl_client.cpp:58] start_ssl_client(): Starting socket
[E][ssl_client.cpp:87] start_ssl_client(): Connect to Server failed!
[E][WiFiClientSecure.cpp:132] connect(): start_ssl_client: -1
[V][ssl_client.cpp:248] stop_ssl_socket(): Cleaning SSL connection.
[D][HTTPClient.cpp:1018] connect(): failed connect to davidgs.com:8086
[W][HTTPClient.cpp:1318] returnError(): error(-1): connection refused
[D][HTTPClient.cpp:383] disconnect(): tcp is closed
[V][ssl_client.cpp:248] stop_ssl_socket(): Cleaning SSL connection.
[V][ssl_client.cpp:248] stop_ssl_socket(): Cleaning SSL connection.

So am I getting the wrong cert?

awende commented 3 years ago

I also tried connecting to your server on the same port, and was able to generate the cert, and I used the second cert just like you did. After uploading your code using my cert I got the following:

[HTTPS] begin...
[V][HTTPClient.cpp:235] beginInternal(): url: https://davidgs.com:8086/health
[D][HTTPClient.cpp:276] beginInternal(): host: davidgs.com port: 8086 url: /health
[V][ssl_client.cpp:56] start_ssl_client(): Free internal heap before TLS 263824
[V][ssl_client.cpp:58] start_ssl_client(): Starting socket
[V][ssl_client.cpp:93] start_ssl_client(): Seeding the random number generator
[V][ssl_client.cpp:102] start_ssl_client(): Setting up the SSL/TLS structure...
[V][ssl_client.cpp:115] start_ssl_client(): Loading CA cert
[V][ssl_client.cpp:180] start_ssl_client(): Setting hostname for TLS session...
[V][ssl_client.cpp:195] start_ssl_client(): Performing the SSL/TLS handshake...
[V][ssl_client.cpp:216] start_ssl_client(): Verifying peer X.509 certificate...
[V][ssl_client.cpp:225] start_ssl_client(): Certificate verified.
[V][ssl_client.cpp:240] start_ssl_client(): Free internal heap after TLS 222908
[D][HTTPClient.cpp:1025] connect():  connected to davidgs.com:8086
[V][ssl_client.cpp:279] send_ssl_data(): Writing HTTP request...
[V][HTTPClient.cpp:1123] handleHeaderResponse(): RX: 'HTTP/1.1 200 OK'
[V][HTTPClient.cpp:1123] handleHeaderResponse(): RX: 'Content-Type: application/json; charset=utf-8'
[V][HTTPClient.cpp:1123] handleHeaderResponse(): RX: 'Date: Wed, 26 May 2021 16:43:38 GMT'
[V][HTTPClient.cpp:1123] handleHeaderResponse(): RX: 'Content-Length: 136'
[V][HTTPClient.cpp:1123] handleHeaderResponse(): RX: ''
[D][HTTPClient.cpp:1158] handleHeaderResponse(): code: 200
[D][HTTPClient.cpp:1161] handleHeaderResponse(): size: 136
[D][HTTPClient.cpp:1295] writeToStreamDataBlock(): connection closed or file end (written: 136).
[D][HTTPClient.cpp:368] disconnect(): tcp keep open for reuse

[D][HTTPClient.cpp:368] disconnect(): tcp keep open for reuse

[V][ssl_client.cpp:248] stop_ssl_socket(): Cleaning SSL connection.
[V][ssl_client.cpp:248] stop_ssl_socket(): Cleaning SSL connection.

Since you seem to be able to connect to your router, this does not seem to be a hardware issue with the MicroMod. And because I'm able to connect using the libraries within our board definitions, I don't believe those are the issue either.

I'm not much of an expert on SSL, so I think the people over on Espressif's GitHub would probably be of more help, or you can try their forum page as well. I'm going to close this issue out, but if it turns out to be an issue on our side you can open this back up and we can take a look at resolving it. Sorry I can't be of more help.

sparkfun / Arduino_Boards

ESP32 Micromod cannot connect to SSL #83