SSL failing to connect with MQTT_SSL_ENABLED=1 and WEB_SUPPORT=0 despite correct settings

[ghost]

I have created a custom board copying over the definition for the POW R2 build. I added the necessary elements to make it work:

• MQTT_USE_ASYNC=1
• ASYNC_TCP_SSL_ENABLED=1
• WEB_SUPPORT=0
• TELNET_SUPPORT=1
• MQTT_SSL_ENABLED=1

And then the predefined settings for WIFI and MQTT:

• MQTT_SERVER, MQTT_SSL_FINGERPRINT...
• Enabled also InfluxDB support

Unfortunately, while it is able to connect if I don't build SSL, with the settings above, no matter what I do in the telnet terminal, including mqtt.reset, etc, there is no outgoing connection happening.

I could supply a copy of the platform.ini board definition and my custom.h. I can confirm it works and properly links to the MQTT broker if I build without the above flags (with no SSL support).

Anything I am missing?

[ghost]

Also, in this current build with the following settings:

[env:itead-sonoff-pow-r2-custom-ssl-noweb]
platform = ${common.platform_160}
framework = ${common.framework}
board = ${common.board_1m}
board_build.flash_mode = ${common.flash_mode}
lib_deps = ${common.lib_deps}
lib_ignore = ${common.lib_ignore}
build_flags = ${common.build_flags_1m0m} -DITEAD_SONOFF_POW_R2 -DMQTT_ENABLED=1 -DSILENT_SENSOR_ERRORS=1 -DENABLE_SECURE_TRANSPORT=1 -DWEB_SUPPORT=0
-DASYNC_TCP_SSL_ENABLED=1 -DMQTT_SSL_ENABLED=1 -DTELNET_SUPPORT=1 -DTELNET_STA=1 -DUSE_CUSTOM_H=1 -DI2C_SDA_PIN=4 -DI2C_SCL_PIN=5 -DBH1750_ADDRESS=0x00
-DBMX280_ADDRESS=0x00 -DSHT3X_I2C_ADDRESS=0x00 -DSI7021_ADDRESS=0x00 -DINFLUXDB_SUPPORT=1 -DEVENTS_SUPPORT=1 -DI2C_SUPPORT=1 -DBMX280_SUPPORT
-DSHT3X_I2C_SUPPORT -DSI7021_SUPPORT
monitor_speed = ${common.monitor_speed}
extra_scripts = ${common.extra_scripts}

#ifdef ENABLE_SECURE_TRANSPORT
#warning ENABLED SECURE TRANSPORT!
#define ASYNC_TCP_SSL_ENABLED       1
#define MQTT_SSL_ENABLED            1
#define WEB_EMBEDDED                0
#endif

#define MQTT_SERVER                 "xxx"              // Default MQTT broker address
#define MQTT_SSL_FINGERPRINT        "xxx"              // SSL fingerprint of the server
#define MQTT_PORT                   8883
#define MQTT_USER                   "zzzzzz"              // Default MQTT broker usename
#define MQTT_PASS                   "yyyyyyy"              // Default MQTT broker password
#define TELNET_STA                      1
#define TELNET_SUPPORT              1
#define DEBUG_TELNET_SUPPORT        1

This is what the log says server-side:

537995200: Socket error on client ESPURNA-4AD772, disconnecting.
1537995203: Socket error on client <unknown>, disconnecting.
1537995205: New connection from X.X.X.X on port 8883.
1537995205: Client ESPURNA-4AD772 disconnected.
1537995205: New client connected from X.X.X.X as ESPURNA-4AD772 (c0, k300, u'esp-office').
1537995205: Socket error on client ESPURNA-4AD772, disconnecting.
1537995210: New connection from X.X.X.X on port 8883.
1537995220: New connection from X.X.X.X on port 8883.

With these settings, plaintext MQTT works fine, but as soon as I enable SSL, it fails to connect or sustain a connection for long.

[ghost]

I can also report another quirk: ha.config does not work in the terminal.