mqtt ssl example certificate error

[ESP-Marius]

What do you mean? Did you get the same error?

Code: Select all

failed to verify peer certificate
verification info: ! the certificate is not correctly signed by the trusted CA

No, connecting to mqtts://test.mosquitto.org:8883, with the certificate from https://test.mosquitto.org/ssl/mosquitto.org.crt I get

Code: Select all

verification info:   ! The certificate is signed with an unacceptable key (eg bad curve, RSA too short).

, after applying the fix for this mentioned in the github issue I linked to earlier I can connect without errors.

Are you sure you have replaced the old certificate? If you are still trying to connect with that then it would explain the error you get.

[DEsp3286]

I copied / paste only the certificate without renaming any item in the mqtt/ssl example and now I got the same error:

Code: Select all

verification info:   ! The certificate is signed with an unacceptable key (eg bad curve, RSA too short).

So probably I did something wrong before this.

How did you fix this? Did you modify something on MBED library?

[ESP-Marius]

I set

Code: Select all

rsa_min_bitlen

in mbedtls_x509_crt_profile_default in x509_crt.c line 110 to 1024 and enabled

Code: Select all

#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES

in mbedtls/config.h line 3273.

I only recommend doing this for testing though, as these are considered weak/insecure configurations.

[DEsp3286]

Thanks for help!