can not open WiFiClientSecure to one particular site #2856
Comments
|
Hi, me again. In case it sheds any light on this, I tried retrieving the file I want from this site using curl -v. I've pasted the -v output here in case it helps. Thanks again. `csiimac: curl -v 'https://sdo.gsfc.nasa.gov/assets/img/latest/f_211_193_171_170.jpg' > x.jpg
< HTTP/1.1 200 OK
|
|
for ssl support (https website) , you need to include websites ssl certificate code , i.e. fingerprint. https://sdo.gsfc.nasa.gov fingerprint is 8D:6B:9B:BD:AC:E4:55:A8:D1:CA:54:67:6F:22:FE:9D:1A:F1:2E:70 I would suggest you to use <ESP8266HTTPClient.h> library and see their examples . |
|
Thanks thorburn1. I was unaware of the HTTPClient class. But still no joy: `#include <Arduino.h> static char ssid[] = "clearskyinstitute"; // your network SSID (name) void setup() { } void loop() { Output: heap 1: 41416 |
|
#include <Arduino.h> static char ssid[] = "clearskyinstitute"; // your network SSID (name) void setup() { Serial.print ("heap 1: "); Serial.println (ESP.getFreeHeap()); if (WiFi.status() == WL_NO_SHIELD) { // we only want station mode, not access too Serial.println ("connecting to WiFi"); Serial.print ("heap 2: "); Serial.println (ESP.getFreeHeap()); Serial.println ("trying connection"); int get_status = sdo_http.GET(); WiFiClient sdo_client = sdo_http.getStream(); Serial.print ("heap 4: "); Serial.println (ESP.getFreeHeap()); void loop() { |
|
Initial problem of yours was error connection failed ; Now |
|
I looks like the only change in your version is changing the colons in the fingerprints to blanks. Sorry but it makes no difference. Regarding debug, I would try it if I knew how, can you elaborate? I found this page https://github.com/esp8266/Arduino/blob/master/doc/Troubleshooting/debugging.md but my IDE does not have these options (even in English :-). I am running Arduino IDE 1.8.1 on macOS. I tried several other https sites and they all work fine once I learned how to get and use their fingerprints. Evidently there's something strange about sdo.gsfc.nasa.gov. This is an important site for my application, I hope you can help me figure out what the problem is. A few more questions along the way please?
Here is my latest version of the toy sketch which works fine fetching wired.com's home page (output at the bottom): `#include <Arduino.h> static char ssid[] = "clearskyinstitute"; // your network SSID (name) void setup() { } void loop() { Output: heap 1: 41248 |
|
I don't have an esp right now to check and don't have a mac , but in windows, under the tools menu, there are settings to change debug options. can you try the below code and tell me the output you getting? #include <Arduino.h> #include <ESP8266WiFi.h> #include <ESP8266HTTPClient.h> #define USE_SERIAL Serial ESP8266WiFiMulti WiFiMulti; void setup() { // USE_SERIAL.setDebugOutput(true); } void loop() { } |
|
also, run this code and tell me, once tomorrow I get my esp I can tell you your exact problem in your code I think. #include <ESP8266WiFi.h> const char* ssid = "clearskyinstitute"; const char* host = "sdo.gsfc.nasa.gov"; // Use web browser to view and copy void setup() { // Use WiFiClientSecure class to create TLS connection if (client.verify(fingerprint, host)) { String url = "/assets/img/latest/f_211_193_171_170.jpg"; client.print(String("GET ") + url + " HTTP/1.1\r\n" + Serial.println("request sent"); void loop() { |
|
Output from Multi version: WAIT 4... |
|
Output from WiFiClientSecure version doesn't get far: connecting to clearskyinstitute |
|
Ok, I will look into it once I come back tomorrow.Working out these from mobile sucks. |
|
Copy that. Thanks thorburn1. |
|
I found I can get more debug output by calling Serial.setDebugOutput(true). Here is the output. All the numbers make sense for my network. But I am surprised it mentions SNTP. ` connected with clearskyinstitute, channel 2 |
|
Note the sketch works fine with wired.com using its fingerprint. I tried to paste the output here but the wiki messes up the formatting bad. |
|
I think the error is due to the certificate size , it can't handle it.Runs out of memory probably. |
|
He says he posted a fix to 2.3.0 but that's what I'm already using so I guess it's still too large. FYI, here is what I am working on : http://clearskyinstitute.com/ham/HamClock . The solar image in the upper right no longer works because the sdo site changed from http to https on Jan 1 2017. Good for them I suppose but bad for IoT. I think I'm out of luck. Many thanks for your time and efforts thorburn1. |
|
Its okay , I will see it now.
…On 16 January 2017 at 10:11, pidloop ***@***.***> wrote:
He says he posted a fix to 2.3.0 but that's what I'm already using so I
guess it's still too large.
FYI, here is what I am working on : http://clearskyinstitute.com/
ham/HamClock . The solar image in the upper right no longer works because
the sdo site changed from http to https on Jan 1 2017. Good for them I
suppose but bad for IoT.
I think I'm out of luck. Many thanks for your time and efforts thorburn1.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#2856 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AS3BTr1hK85mcxODAMTQNM9COVGwB6DBks5rSvT7gaJpZM4LjgcO>
.
|
|
@thorburn1 Same error as it is not connecting. Also attached code and debug message as well for your reference. Please advise. Error without Debug Code Debug Output |
|
It appears that connection fails during TLS handshake. as per @igrr Two cipher suites supported by axTLS library on the ESP side (TLS_RSA_WITH_AES_128_CBC_SHA and TLS_RSA_WITH_AES_256_CBC_SHA) are not among the list of cipher suites supported by your server. This causes handshake failure, because if the server and client have no cipher suites in common, they can't talk to each other. You may want to check your server configuration to enable one of these suites. Alternatively, if you can not or do not want to change TLS config for the whole server, you may set up a TLS proxy which will handle talking to ESPs only. The rest of your site will run with same TLS settings, but only the endpoints needed by ESP will be passed through a proxy. In this case the proxy should be configured to support these two mentioned cipher suites. |
|
@thorburn1 Perfect. I have now configured as you advised and all fine now. Thanks again for your support. |
|
BearSSL is merged in #4273 , with alternate BearSSL::WiFi* classes. Although axtls-based classes are still available and even the default, they are planned for deprecation and then retirement, hence won't be fixed. Any issues with BearSSL-based classes should be reported in new issues. |
Basic Infos
Hardware
Hardware: Adafruit HUZZAH ?ESP-12?
Core Version: ?2.3.0
Description
Hello. I can not connect to sdo.gsfc.nasa.gov with https. Many other sites such as google.com work fine. How can I figure out more what is going on with this one site? Thanks much.
Settings in IDE
Module: ?Adafruit HUZZAH ESP8266?
Flash Size: ?4MB/1MB?
CPU Frequency: ?80Mhz?
Flash Mode: ?qio?
Flash Frequency: ?40Mhz?
Upload Using: ?OTA / SERIAL?
Reset Method: ?ck / nodemcu?
Sketch
``
#include <Arduino.h>
#include <SPI.h>
#include <ESP8266WiFi.h>
#include <WiFiServer.h>
#include <WiFiClientSecure.h>
#include <WiFiClient.h>
static char ssid[] = "clearskyinstitute"; // your network SSID (name)
static char pass[] = "from651plan"; // your network password
void setup() {
Serial.begin (115200);
}
void loop() {
ESP.wdtFeed();
}
``
messages here
The text was updated successfully, but these errors were encountered: