Download
Browse source Changelog
Documentation
Project   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Report a bug Mail Etiquette
Development
Autobuilds Code Style Contribute Internals Release Notes Release Procedure Roadmap Run Tests Security Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: HTTPS hangs

From: Greg Stewart via curl-library <curl-library_at_cool.haxx.se>
Date: Fri, 5 May 2017 10:23:24 -0600

I just disabled the HTTPS for a test to confirm that we had connection from
the ESP32 to the server.

I confirmed the date and time are correct. I gave it 5 minutes to run, but
no progress. When I enabled verbose, I got back

> * timeout on name lookup is not supported
>
> * Trying 192.168.1.20...
>
> * TCP_NODELAY set
>
> * Connected to 192.168.1.20 (192.168.1.20) port 443 (#0)
>
> * Error reading ca cert file /etc/ssl/certs/ca-certificates.crt -
> mbedTLS: (-0x3E00) PK - Read/write of file failed
>
> * mbedTLS: Connecting to 192.168.1.20:443
>
> * mbedTLS: Set min SSL version to TLS 1.0
>

When I run it on my mac, I get

> * Trying 192.168.1.20...
>
> * Connected to 192.168.1.20 (192.168.1.20) port 443 (#0)
>
> * TLS 1.2 connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
>
> * Server certificate: UBNT-68:72:51:60:4D:4F
>

If the library is looking for "/etc/ssl/certs/ca-certificates.crt" on the
esp32, it won't find it since the esp32 does not have that kind of file
structure. Not sure where to go from here.

On Fri, May 5, 2017 at 9:45 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:

> On Fri, 5 May 2017, Greg Stewart via curl-library wrote:
>
> When I move it to the ESP32, it hangs at "curl_easy_perform". I disabled
>> https on the server and removed the CURLOPT_SSL_VERIFYPEER and
>> CURLOPT_SSL_VERIFYHOST tokens from the code, and it worked great on the
>> ESP32.
>>
>
> That tells us close to nothing. You stopped using HTTPS so of course HTTPS
> caused you no further problems.
>
> But believe it or not, HTTPS is not meant to hang and it is not something
> that it usually does for people or users of libcurl. That sounds like a
> problem/bug/issue/mystery to solve. And since it isn't working as intended,
> you need to start by enabling verbose and then dig deeper into the
> functionality to figure out where it hangs and why and then what possibly
> can be done about it.
>
> What TLS library does this use? Do you have the correct time/date on the
> thing? The ESP32 is a fairly low end performing device, isn't it? Are you
> sure you gave it enough time to handle the encryption stuff?
>
> --
>
> / daniel.haxx.se
>

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-05-05