WifiClientSecure throws cert error when attempting to access api.github.com
Posted: Sun Jan 14, 2018 12:54 am
Attempting to hit github api for OTA process, but getting consistent certificate mismatch errors as follows:
Tested working with howsmyssl.com and their root cert, but api.github.com and their root cert give the above error - tried half a dozen different ways (all certs I could find on github) and a dozen searches but nothing seems to work.
Does anyone know why this might be happening?
Thanks
Code:
Code: Select all
Attempting SSL/HTTPS connect to port 443 of api.github.com
[E][ssl_client.cpp:28] handle_error(): X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
[E][ssl_client.cpp:30] handle_error(): MbedTLS message code: -9984
[E][WiFiClientSecure.cpp:107] connect(): lwip_connect_r: 11
Connection failed
Does anyone know why this might be happening?
Thanks
Code:
Code: Select all
const char* ssid = "";
const char* wifi_pw = "";
const char* server = "api.github.com";
const char* ca_cert=\
"-----BEGIN CERTIFICATE-----\n" \
"MIIDZjCCAk6gAwIBAgIJAPGfoB4EtQnsMA0GCSqGSIb3DQEBBQUAMGAxLTArBgNV\n" \
"BAMMJEJpdGRlZmVuZGVyIFBlcnNvbmFsIENBLk5ldC1EZWZlbmRlcjEMMAoGA1UE\n" \
"CwwDSURTMRQwEgYDVQQKDAtCaXRkZWZlbmRlcjELMAkGA1UEBhMCVVMwHhcNMTAw\n" \
"MTAxMDgwMDAwWhcNMjcxMTAzMTkwMzA1WjBgMS0wKwYDVQQDDCRCaXRkZWZlbmRl\n" \
"ciBQZXJzb25hbCBDQS5OZXQtRGVmZW5kZXIxDDAKBgNVBAsMA0lEUzEUMBIGA1UE\n" \
"CgwLQml0ZGVmZW5kZXIxCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOC\n" \
"AQ8AMIIBCgKCAQEAu+HgAaLiT6kLwwahUTzFFvCBKOjoRFqFvBTFUZ1Ytt7z5vml\n" \
"6mcSW5yLyMFqbvVp37Nb25iCUJSuVeqA4nePY2pN86Hv/HeolQtrBy72Vc1g6pKV\n" \
"0KlOdb0Uzsx2X6YNSg4KT8Wde/1mz8MZb2sYmKgZNeZ4RjOot3SoGmu13aC6EaOL\n" \
"U3/QZvhpBMI6BLx3skk3AyPRD/Rdq4mYjROKQTnEMWgydYBSSBV3jjXc9dAc6kz7\n" \
"ayVA2WRoX7wBgOG6lc13f0Ni7msOR1iX20WbAw3jJmJjdS1YrIefyAOfdh4nYIM4\n" \
"GdjcgecVAtKDozCZT20OYIw2rV/usqlDJTg+AwIDAQABoyMwITAPBgNVHRMBAf8E\n" \
"BTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAmw3YH43K\n" \
"/EDYuVNfdYfhP9CfC+IG328V0LMbkyQ+1l+npzc3rHqQ+saigCP4jdYyDj/tfh/G\n" \
"JCv0U4mCyoZXou+QRqu1h5027cdSDj823f9jhhzh2eChHaL/oUZ1GHP4fI9gcN0Y\n" \
"VRkhQ8Ythc1HrHmlQSEIY9JO6KTq9ZvkCgJlcvb6jaJmRZwY2rJdXGmG0fCEsjkb\n" \
"goKkSJt28t68ojjT/kihTGeLiSAFMGQvkPacQpAZqU3kI9FW8+ldmFwF+v5hF3BJ\n" \
"Ymsx/t/HpkdFLwaAcu9ANWYzcAJJ3r5vl7zFW5l5oF2k0DJFzoXNgzXuLxgzwTLD\n" \
"+3BFHnpeuRMoQQ==\n" \
"-----END CERTIFICATE-----\n";
int ledPin = 2;
int updateEverySecs = 60;
WiFiClientSecure updateClient;
void checkForUpdates() {
Serial.print("Attempting SSL/HTTPS connect to port 443 of ");
Serial.println(server);
if (!updateClient.connect(server,443)) {
Serial.println("Connection failed :(");
}
else {
Serial.println("Successful connect to server on 443!");
updateClient.println("GET https:/api.github.com HTTP/1.0");
updateClient.println("Host: api.github.com");
updateClient.println("Connection: close");
updateClient.println();
Serial.println("Request dispatched, awaiting response from server.");
while (!updateClient.available()) {
delay(50);
Serial.print(".");
}
while(updateClient.available()) {
char c = updateClient.read();
Serial.write(c);
}
if (!updateClient.connected()) {
Serial.println();
Serial.println("!! SERVER DISCONNECTED !!");
updateClient.stop();
}
}
}
void setup()
{
Serial.begin(115200);
Serial.print("Attempting wifi connection...");
WiFi.begin(ssid,wifi_pw);
while (WiFi.status() != WL_CONNECTED) {
Serial.println(".");
delay(100);
}
Serial.print("Connected to ");
Serial.print(ssid);
Serial.println("!");
updateClient.setCACert(ca_cert);
checkForUpdates();
}
void loop()
{
digitalWrite(ledPin, HIGH);
delay(200);
digitalWrite(ledPin, LOW);
delay(100);
}