ESP32 Forum

Posted: **Tue Sep 04, 2018 9:47 am**

Hi there everyone.

I am having some trouble running the simple_ota_example provided in the idf (https://github.com/espressif/esp-idf/tr ... system/ota

I seem to be running into issues with the SSL certificates, even when following the instructions provided. The initial debug output from the ESP32 is pasted below

Code: Select all

I (3293) event: sta ip: 192.168.1.218, mask: 255.255.255.0, gw: 192.168.1.1
I (3293) simple_ota_example: Connect to Wifi ! Start to Connect to Server....
E (3483) esp-tls: mbedtls_ssl_handshake returned -0x2700
I (3483) esp-tls: Failed to verify peer certificate!
I (3483) esp-tls: verification info:   ! The certificate is signed with an unacceptable hash.

E (3503) TRANS_SSL: Failed to open a new connection
E (3503) HTTP_CLIENT: Connection failed
E (3503) esp_https_ota: Failed to open HTTP connection: ESP_ERR_HTTP_CONNECT
E (3513) simple_ota_example: Firmware Upgrades Failed

I resolved this issue by setting the certificate digest to SHA256 by adding the -sha256 flash to the openssl command when creating the certificates. Upon connecting with the new certificates, the new debug output is

Code: Select all

I (3293) event: sta ip: 192.168.1.218, mask: 255.255.255.0, gw: 192.168.1.1
I (3293) simple_ota_example: Connect to Wifi ! Start to Connect to Server....
E (3913) esp-tls: mbedtls_ssl_handshake returned -0x7b00
I (3913) esp-tls: Certificate verified.
E (3923) TRANS_SSL: Failed to open a new connection
E (3923) HTTP_CLIENT: Connection failed
E (3923) esp_https_ota: Failed to open HTTP connection: ESP_ERR_HTTP_CONNECT
E (3933) simple_ota_example: Firmware Upgrades Failed

Which seems to indicate that the certificate was verified, but the handshake still failed for some unknown reason. The only info I can dig up on this error is

Processing of the ServerKeyExchange handshake message failed.

Has anyone ran into these problems when running the OTA example? With my limited knowledge of the https protocol I have been unable to make much progress.

Posted: **Tue Sep 04, 2018 10:18 am**

E (3913) esp-tls: mbedtls_ssl_handshake returned -0x7b00

If i remember this error means that you are out of ram/heap and handshake cant be performed.

Did you try this example:
https://github.com/espressif/esp-idf/tr ... ta_example
Its based on esp_http_client which is very easy to use with https, but remember to turn on esp_https in menuconfig.

Posted: **Fri Sep 14, 2018 10:31 am**

Hey, can you clean up your existing certificates and set up everything again, as described in

`examples/system/ota/README.md`?
This issue reported on GitHub may be similar to the problems that you are facing: https://github.com/espressif/esp-idf/issues/2296. So this might help you as well. Also, don't forget to enable HTTPS under

make menuconfig > Component config > ESP HTTP client > Enable https. Let us know if it still doesn't work.

Posted: **Tue Mar 05, 2019 6:16 am**

hello ESP Geeks

I am getting
I (14339) esp-tls: Failed to verify peer certificate!
I (14339) esp-tls: verification info: ! The certificate Common Name (CN) does not match with the expected CN

please guide

ESP32 Forum

Running Simple OTA Example.

Running Simple OTA Example.

Re: Running Simple OTA Example.

Re: Running Simple OTA Example.

Re: Running Simple OTA Example.