search

turgu1 / ESP-IDF-InkPlate

A porting effort to the ESP-IDF framework for the e-Radionica InkPlate software.
15 stars 9 forks source link

Inkplate_net_test does not work correctly on ESP-IDF v4.4.1 #11

Closed tajnymag closed 2 years ago

tajnymag commented 2 years ago

After some minimal modifications to make the program run on idf (the building process, not source files themselves), the program fails at runtime on an incorrect esp_tls config.

The issue seems to come from IDF v4.3, when IDF enabled certificate verification by default. (https://github.com/zonmen/IndoorSolution-esp32/issues/1)

To mitigate this, I see two options:

  1. disable TLS verification completely through sdkconfig
  2. use a certificate bundle

For n. 2 I don't know how to implement the certificate bundling yet.

Log with the error message

I (24243) NetworkClient: STA Event, Base: 3f40fac4, Event: 4.
I (24313) wifi:AP's beacon interval = 102400 us, DTIM period = 2
I (24953) esp_netif_handlers: sta ip: REDACTED, mask: 255.255.255.0, gw: REDACTED
I (24953) NetworkClient: STA Event, Base: 3f40ed74, Event: 0.
I (24953) NetworkClient: got ip:REDACTED
I (24963) NetworkClient: connected to ap SSID: REDACTED password: REDACTED
I (24983) NetworkClient: Downloading file from URL: https://api.varipass.org/?action=sgraph&id=kbg3eQfA&width=400&height=300&eink=true
W (25013) wifi:<ba-add>idx:0 (ifx:0, REDACTED), tid:0, ssn:1, winSize:64
E (25313) esp-tls-mbedtls: No server verification option set in esp_tls_cfg_t structure. Check esp_tls API reference
E (25313) esp-tls-mbedtls: Failed to set client configurations, returned [0x8017] (ESP_ERR_MBEDTLS_SSL_SETUP_FAILED)
E (25323) esp-tls: create_ssl_handle failed
E (25323) esp-tls: Failed to open new connection
E (25333) TRANSPORT_BASE: Failed to open a new connection
E (25353) HTTP_CLIENT: Connection failed, sock < 0
I (25353) NetworkClient: HTTP_EVENT_ERROR
I (25353) NetworkClient: HTTP_EVENT_DISCONNECTED
I (25353) Main: Completed...
turgu1 commented 2 years ago

Hello tajnymag,

I didn't consider at first implementing TLS support in the applications I've built using this port of the Inkplate libraries. I will not be in a context to try something before the September timeframe (don't have access to my ESP32 hardware). If you want to implement it, no problem as long as the recipe would be selectable, such that the current application(s) will not suffer from the lack of certificate-related stuff.

Thanks for your help!

tajnymag commented 2 years ago

Should be fixed by https://github.com/turgu1/ESP-IDF-InkPlate/pull/10