Https Certificate Check does not fail
Posted: Wed Jan 31, 2024 3:29 pm
Dear all
I connect to my https ota server, using the certificate chain. The chain consists of three certificates. When I impair my server certificat, but leave the root certificate alone, I get the following message.
W (6997) esp-tls-mbedtls: mbedtls_x509_crt_parse was partly successful. No. of failed certificates: 1
What setting do I need to make, in order to get a connection error like
E (12523) esp-tls-mbedtls: mbedtls_x509_crt_parse of CA cert returned -0x2180
E (12523) esp-tls-mbedtls: Failed to set client configurations, returned [0x8015] (ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED)
E (12533) esp-tls: create_ssl_handle failed
E (12543) esp-tls: Failed to open new connection
E (12543) transport_base: Failed to open a new connection
E (12553) HTTP_CLIENT: Connection failed, sock < 0
E (12553) esp_https_ota: Failed to open HTTP connection: ESP_ERR_HTTP_CONNECT
I use
- esp_https_ota_perform(https_ota_handle)
- esp_https_ota_begin(&ota_config, &https_ota_handle)
The following is unchecked
[ ] Allow potentially insecure options
I need to abort the OTA, if the not all certificates in the chain are correct.
Any help appreciated
Chris
I connect to my https ota server, using the certificate chain. The chain consists of three certificates. When I impair my server certificat, but leave the root certificate alone, I get the following message.
W (6997) esp-tls-mbedtls: mbedtls_x509_crt_parse was partly successful. No. of failed certificates: 1
What setting do I need to make, in order to get a connection error like
E (12523) esp-tls-mbedtls: mbedtls_x509_crt_parse of CA cert returned -0x2180
E (12523) esp-tls-mbedtls: Failed to set client configurations, returned [0x8015] (ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED)
E (12533) esp-tls: create_ssl_handle failed
E (12543) esp-tls: Failed to open new connection
E (12543) transport_base: Failed to open a new connection
E (12553) HTTP_CLIENT: Connection failed, sock < 0
E (12553) esp_https_ota: Failed to open HTTP connection: ESP_ERR_HTTP_CONNECT
I use
- esp_https_ota_perform(https_ota_handle)
- esp_https_ota_begin(&ota_config, &https_ota_handle)
The following is unchecked
[ ] Allow potentially insecure options
I need to abort the OTA, if the not all certificates in the chain are correct.
Any help appreciated
Chris