ESP32 Forum

版本idf-3.2,example/protocols/mqtt/ssl_mutual_aut例程，客户端认证正常，加人服务器认证后报-0x2700错误。
错误信息：
E (1193558) esp-tls: mbedtls_ssl_handshake returned -0x2700
I (1193558) esp-tls: Failed to verify peer certificate!
I (1193558) esp-tls: verification info: ! The certificate is signed with an unacceptable key (eg bad curve, RSA too short).

E (1193578) esp-tls: Failed to open new connection
E (1193578) TRANS_SSL: Failed to open a new connection
E (1193588) MQTT_CLIENT: Error transport connect

证书定义：
extern const uint8_t client_cert_pem_start[] asm("_binary_client_crt_start");
extern const uint8_t client_cert_pem_end[] asm("_binary_client_crt_end");
extern const uint8_t client_key_pem_start[] asm("_binary_client_key_start");
extern const uint8_t client_key_pem_end[] asm("_binary_client_key_end");
extern const uint8_t server_cert_pem_start[] asm("_binary_mosquitto_org_crt_start");
extern const uint8_t server_cert_pem_end[] asm("_binary_mosquitto_org_crt_end")
mqtt配置：
const esp_mqtt_client_config_t mqtt_cfg = {
.uri = "mqtts://test.mosquitto.org:8884",
.event_handle = mqtt_event_handler,
.cert_pem = (const char *)server_cert_pem_start,
.client_cert_pem = (const char *)client_cert_pem_start,
.client_key_pem = (const char *)client_key_pem_start,
};

证书地址：
https://test.mosquitto.org/ssl/mosquitto.org.crt
mk文件：
COMPONENT_EMBED_TXTFILES := client.crt client.key mosquitto.org.crt

Moderator's note: edit the topic title for issue tracking, thanks for reporting.

Hi suifan.

Please check this comment: https://github.com/espressif/esp-idf/is ... -458254140
AFAICT this is still true, the actual https://test.mosquitto.org/ssl/mosquitto.org.crt 's signature algorithm is sha1WithRSAEncryption

感谢回答，既然是证书的问题，我自建个mqtt broker测试下。例程写的是互相认证，程序实现的只有客户端的认证，建议题目改成客户端认证或者程序实现双认证，以免让人产生歧义。