Espruino Wifi & TLS

I'm having some issues with TLS. I want to establish a client to request HTTPS uris.
However, after creating and signing and validating the keys I get an error as follows.

Wifi Connected
Connecting with TLS...
Loading the CA root certificate...
Loading the Client certificate...
Loading the Client Key...
Performing the SSL/TLS handshake...
Connecting with TLS...
ERROR: Unable to create socket
ERROR: Failed! mbedtls_ssl_handshake returned -0x1
Uncaught Error: CIPSTART failed (0,CLOSED)
 at line 1 col 52
throw Error("CIPSTART failed ("+(a?a:"Timeout")+")");
                                                   ^
in function called from system
 at line 1 col 52
throw Error("CIPSTART failed ("+(a?a:"Timeout")+")");
                                                   ^
in function called from system

I looked up the error -0x1 and I can't find anything specific for that error only codes with addtional alphanumeric chars appended.

Firmware is the bundled 1.87 that the Espruino Wifi came with. I'm inferring the Espruino Wifi does support TLS and HTTPs as the Pico does.

It seems it is a problem with one or more of my keys/certs, despite them validating. I grabbed the ones from the google docs tutorial and I have the response I expected

Double checked my keys, add them back and I get the same error. As before. I followed the instructions here to generate, and sign.

https://engineering.circle.com/https-aut­horized-certs-with-node-js-315e548354a2#­.5kba2pm9j

I'm on Mac OSX El Capitan. Is there something else I need to be doing?

Regenerated all the keys, signed them, verified them, and still get the error. I think I'll just use the ones from the tutorial :/

Hmm. Strange! I'll see if I can figure out exactly what commands I used to generate the key. Also, I might be able to come up with a better error message than -1 - it's possible it's 'host rejected'.

Actually with the socket disconnect error, it's saying that the remote server disconnected before it'd managed to complete the handshake. I wonder whether the remote server would have an error logged somewhere?

I tried a number of servers. Always the same with my keys, all worked with the keys provided in the example. I did notice that my client1-key.pem was much larger than the one from the example. Possible timeouts?

Maybe. It could be the key size I guess? Maybe try 2048 instead of 4096 in the command when making the key

get details from a server with openssl and curl

openssl s_client -connect <hostname>:<port> -showcerts

bad: Verify return code: 21 (unable to verify the first certificate)
ok: Verify return code: 0 (ok)

curl  https://<hostname>:<port>
curl  -k https://<hostname>:<port>

2048 key generated using same process and works fine.

Great, thanks! I'll update the docs, but will also make an issue to remind me to come up with some kind of HTTPS tutorial

Hi @Gordon

From here:
http://www.espruino.com/Internet

HTTPS

The only board currently supporting this is the Espruino Pico. To use HTTPS simply use it in the URL of any normal HTTP request:

require("http").get("https://www.google.­com", function(res) {
  res.on('data', function(data) { /* ... */ });
});

To specify keys and certificates, you can use an options object - see require('tls').connect(...)

Does the get with https work without loading keys as implied above?

It used to - and, as of 30 seconds ago, it does again.

If you wait an hour, use the latest build and try again then it should be fine. Obviously it works on Espruino WiFi too - I'll update the docs.

Thanks.

Noting the change so I can add to my build.
https://github.com/espruino/Espruino/com­mit/fc381569987389625054bf57368a4df99d98­90b8

I have some issues sending consecutive https requests.
In my case a request is send after a short timeout after the previous request is finished.
This goes well for some time, but after a few cycles there is an error:

.
.
.
.
.
Connecting with TLS...
Loading the CA root certificate...
Loading the Client certificate...
Loading the Client Key...
Performing the SSL/TLS handshake...
Verifying peer X.509 certificate...
Connecting with TLS...
Loading the CA root certificate...
Loading the Client certificate...
Loading the Client Key...
Performing the SSL/TLS handshake...
Verifying peer X.509 certificate...
Connecting with TLS...
Loading the CA root certificate...
Loading the Client certificate...
Loading the Client Key...
ERROR: Failed! mbedtls_ssl_setup: Not enough memory
ERROR: Unable to create socket

Are you scheduling the new request on the res.on('close', event? It might be worth printing something when the socket closes, just so you can be sure that you don't have two connections going at the same time.

You could also try printing process.memory().usage before each request to get an idea of memory usage. It's possible that your code is actually allocating memory each time it runs, so eventually there just isn't enough memory to make the HTTPS connection.

Yes I scheduled it on the res on close event.
Oddly the memory usage did not vary at all.
And even stranger is the fact that this time around the error did not occur at all, even after many cycles...
Maybe it had something to do with the WiFi connection...

Anyways thank for the fast reply.