Page 1 of 1

SSL connection fails

Posted: Wed Apr 10, 2019 7:18 am
by asmaalekar
Hello Everyone,

I am trying to use open ssl client example from esp-idf. with some changes in host and target name. Here they are

Code: Select all

#define OPENSSL_EXAMPLE_TARGET_NAME        "messaging2.mel.cloudeftpos.com"
#define OPENSSL_EXAMPLE_TARGET_TCP_PORT    80

#define OPENSSL_EXAMPLE_REQUEST            "POST http://messaging2.mel.cloudeftpos.com/WebTrans/Cloud.aspx HTTP/1.0\r\nHost: messaging2.mel.cloudeftpos.com \r\nContent-Type: text/xml \r\nUser-Agent: DPT/1.0 \r\nConnection: close \r\nContent-Length: %d \r\n\r\n%s \r\n\r\n "

#define OPENSSL_EXAMPLE_TASK_NAME        "openssl_example"
#define OPENSSL_EXAMPLE_TASK_STACK_WORDS 10240
#define OPENSSL_EXAMPLE_TASK_PRIORITY    8

#define OPENSSL_EXAMPLE_RECV_BUF_LEN       1024

#define OPENSSL_EXAMPLE_LOCAL_TCP_PORT     80


my code changes in task are also minor

Code: Select all

const char *tx_data =
    "<?xml version=\"1.0\" encoding=\"utf-8\"?>"
    "<eCloud1>"
      "<CloudMsg>"
        "<PingRequest>"
          "<SrcCloudID>10002-001234-001-1</SrcCloudID>"
          "<MsgSeq>FC6BB8E0-7300-4116-866A-2D3CA5151F23</MsgSeq>"
          "<ClientTimeStamp>20190410165401</ClientTimeStamp>"
        "</PingRequest>"
      "</CloudMsg>"
    "</eCloud1>";

static void openssl_example_task(void *p)
{
    int ret;
    SSL_CTX *ctx;
    SSL *ssl;
    int sockfd;
    struct sockaddr_in sock_addr;
    struct hostent *hp;
    struct ip4_addr *ip4_addr;
    
    int recv_bytes = 0;
    char recv_buf[OPENSSL_EXAMPLE_RECV_BUF_LEN];
    

    char send_data[OPENSSL_EXAMPLE_RECV_BUF_LEN];

    sprintf(send_data,OPENSSL_EXAMPLE_REQUEST,strlen(tx_data), tx_data);
    ESP_LOGI(TAG, "Full header request = %s", send_data);
    const int send_bytes = sizeof(send_data);

    ESP_LOGI(TAG, "OpenSSL demo thread start OK");

    ESP_LOGI(TAG, "get target IP address");
    hp = gethostbyname(OPENSSL_EXAMPLE_TARGET_NAME);
    if (!hp) {
        ESP_LOGI(TAG, "failed");
        goto failed1;
    }
    ESP_LOGI(TAG, "OK");

    ip4_addr = (struct ip4_addr *)hp->h_addr;
    ESP_LOGI(TAG, IPSTR, IP2STR(ip4_addr));

    ESP_LOGI(TAG, "create SSL context ......");
    ctx = SSL_CTX_new(TLSv1_2_client_method());
    if (!ctx) {
        ESP_LOGI(TAG, "failed");
        goto failed1;
    }
    ESP_LOGI(TAG, "OK");

    ESP_LOGI(TAG, "create socket ......");
    sockfd = socket(AF_INET, SOCK_STREAM, 0);
    if (sockfd < 0) {
        ESP_LOGI(TAG, "failed");
        goto failed2;
    }
    ESP_LOGI(TAG, "OK");

    ESP_LOGI(TAG, "bind socket ......");
    memset(&sock_addr, 0, sizeof(sock_addr));
    sock_addr.sin_family = AF_INET;
    sock_addr.sin_addr.s_addr = 0;
    sock_addr.sin_port = htons(OPENSSL_EXAMPLE_LOCAL_TCP_PORT);
    ret = bind(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
    if (ret) {
        ESP_LOGI(TAG, "failed");
        goto failed3;
    }
    ESP_LOGI(TAG, "OK");

    ESP_LOGI(TAG, "socket connect to remote %s ......", OPENSSL_EXAMPLE_TARGET_NAME);
    memset(&sock_addr, 0, sizeof(sock_addr));
    sock_addr.sin_family = AF_INET;
    sock_addr.sin_addr.s_addr = ip4_addr->addr;
    sock_addr.sin_port = htons(OPENSSL_EXAMPLE_TARGET_TCP_PORT);
    ret = connect(sockfd, (struct sockaddr*)&sock_addr, sizeof(sock_addr));
    if (ret) {
        ESP_LOGI(TAG, "failed");
        goto failed3;
    }
    ESP_LOGI(TAG, "OK");

    ESP_LOGI(TAG, "create SSL ......");
    ssl = SSL_new(ctx);
    if (!ssl) {
        ESP_LOGI(TAG, "failed");
        goto failed3;
    }
    ESP_LOGI(TAG, "OK");

    SSL_set_fd(ssl, sockfd);

    ESP_LOGI(TAG, "SSL connected to %s port %d ......",
        OPENSSL_EXAMPLE_TARGET_NAME, OPENSSL_EXAMPLE_TARGET_TCP_PORT);
    ret = SSL_connect(ssl);
    if (!ret) {
        ESP_LOGI(TAG, "failed " );
        goto failed4;
    }
    ESP_LOGI(TAG, "OK");

    ESP_LOGI(TAG, "send https request to %s port %d ......",
        OPENSSL_EXAMPLE_TARGET_NAME, OPENSSL_EXAMPLE_TARGET_TCP_PORT);
    ret = SSL_write(ssl, send_data, send_bytes);
    if (ret <= 0) {
        ESP_LOGI(TAG, "failed");
        goto failed5;
    }
    ESP_LOGI(TAG, "OK");

    do {
        ret = SSL_read(ssl, recv_buf, OPENSSL_EXAMPLE_RECV_BUF_LEN - 1);
        if (ret <= 0) {
            break;
        }
        recv_buf[ret] = '\0';
        recv_bytes += ret;
        ESP_LOGI(TAG, "%s", recv_buf);
    } while (1);
    
    ESP_LOGI(TAG, "totaly read %d bytes data from %s ......", recv_bytes, OPENSSL_EXAMPLE_TARGET_NAME);

failed5:
    SSL_shutdown(ssl);
failed4:
    SSL_free(ssl);
    ssl = NULL;
failed3:
    close(sockfd);
    sockfd = -1;
failed2:
    SSL_CTX_free(ctx);
    ctx = NULL;
failed1:
    vTaskDelete(NULL);
    return ;
}
Log output

Code: Select all

I (2216) event: sta ip: 192.168.30.142, mask: 255.255.255.0, gw: 192.168.30.254
I (2216) openssl_example: Full header request = POST http://messaging2.mel.cloudeftpos.com/WebTrans/Cloud.aspx HTTP/1.0
Host: messaging2.mel.cloudeftpos.com
Content-Type: text/xml
User-Agent: DPT/1.0
Connection: close
Content-Length: 250

<?xml version="1.0" encoding="utf-8"?><eCloud1><CloudMsg><PingRequest><SrcCloudID>10002-001234-001-1</SrcCloudID><MsgSeq>FC6BB8E0-7300-4116-866A-2D3CA5151F23</MsgSeq><Clien
tTimeStamp>20190410165401</ClientTimeStamp></PingRequest></CloudMsg></eCloud1>


I (2256) openssl_example: OpenSSL demo thread start OK
I (2266) openssl_example: get target IP address
I (2336) openssl_example: OK
I (2336) openssl_example: 13.54.102.57
I (2336) openssl_example: create SSL context ......
I (2336) openssl_example: OK
I (2346) openssl_example: create socket ......
I (2346) openssl_example: OK
I (2346) openssl_example: bind socket ......
I (2356) openssl_example: OK
I (2356) openssl_example: socket connect to remote messaging2.mel.cloudeftpos.com ......
I (2386) openssl_example: OK
I (2386) openssl_example: create SSL ......
I (2386) openssl_example: OK
I (2396) openssl_example: SSL connected to messaging2.mel.cloudeftpos.com port 80 ......
I (2426) openssl_example: failed
connection is getting fail. Is there anything wrong in my changes? Is there any need of certificates, I am not sure?

I need your help. Thanks Asma.