Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WiFiClientSecure fails to connect #4

Open
LordParsley opened this issue Jan 2, 2021 · 5 comments
Open

WiFiClientSecure fails to connect #4

LordParsley opened this issue Jan 2, 2021 · 5 comments

Comments

@LordParsley
Copy link

Describe the bug

When doing the Reading Coronavirus COVID-19 Live Data using Wio Terminal tutorial, the connection to the server fails after client.connect(server, 443) reaches its timeout.

22:26:48.674 -> Starting connection to server...
22:28:49.784 -> Connection failed!

To Reproduce

Steps to reproduce the behaviour:

  1. Go to Reading Coronavirus COVID-19 Live Data using Wio Terminal.
  2. Download or copy the complete source code.
  3. Run on the Wio Terminal.
  4. Wait for the timeout & see "Total Confirmed 0", etc. on the display.

Expected behaviour

Data from https://api.covid19api.com/world/total should be returned as in the browser, for example:

{
  TotalConfirmed: 83951583,
  TotalDeaths: 1827430,
  TotalRecovered: 47278729
}

Additional context

  1. The Reading Github Repository Stats from Wio Terminal works as expected with the same version of the library d1ca0175 on dev.

  2. It is likely that the api.covid19api.com CA certificate is out of date because running

openssl s_client -showcerts -verify 5 -connect api.covid19api.com:443  -servername api.covid19api.com < /dev/null

returns

 1 s:/C=US/O=Let's Encrypt/CN=R3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow
MjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT
AlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs
jVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp
Tm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB
U840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7
gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel
/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R
oYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
BAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p
ZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE
p7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE
AYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu
Y3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0
LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf
r52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
AQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH
ejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8
S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL
qjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p
O5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw
UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==
-----END CERTIFICATE-----
  1. However, replacing the CA cert in the demo .ino file doesn't make any difference to the connection outcome – it fails anyway.

Feeling a bit stuck here so any help or other examples that are working would be much appreciated! 🙏
@Pillar1989 Pillar1989 mentioned this issue Jan 4, 2021
Closed
@Pillar1989
Copy link
Member

@LordParsley We are working hard to fix this issue, so if you are in a hurry to use it, you can use an earlier version.

@lakshanthad
Copy link
Contributor

The RTL8720 firmware has been updated to v2.1.1 and the SSL issue has been fixed:
https://github.com/Seeed-Studio/seeed-ambd-firmware/releases/tag/v2.1.1

Please use this firmware and test COVID-19 demo again

Best Regards,
Lakshantha

@LordParsley
Copy link
Author

That's exciting! Thank you for the effort. I will test on my side & confirm.

@LordParsley
Copy link
Author

@lakshanthad unfortunately, I'm still having trouble with this. I've tried the original MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA cert in the demo & the updated MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA on firmware v2.1.1 & get connection failed. (The Github demo is working as expected.)

I see the release notes for v2.1.1 mention fixing MBEDTLS_SSL_VERIFY_NONE behaviour but this demo isn't configured not to very the certificate. Should I try configure it to skip verification? I don't think this fork of mbedtls has setting the SSL mode exposed though. Could you help me with next steps?

Much appreciated!

@willdolezal
Copy link

Running into a similar issue using firmware v2.1.2. GitHub example works as expected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Pillar1989 @LordParsley @willdolezal @lakshanthad