HTTPS support on Pico!

Posted on
Page
of 6
  • I did get the WIZ running now. When going to POST I'm getting......

    ERROR: Failed! mbedtls_ssl_handshake returned -0x7
    ERROR: Failed! mbedtls_ssl_handshake returned -0x7
    

    And I think I got this thing working. And maybe I'm doing this wrong. I would upload the code and then save() which would always end up throwing an ERROR. I just tried after uploading the code instead of save() I ran onInit(). It works but then it either throws an "Execution Interrupted" which goes crazy eating up the screen or just freezes...... so for whatever reason it appears save() is causing issues with this... This is all with the WIZ and still can't get the ESP to work.

  • "Execution Interrupted" which goes crazy eating up the screen

    Does it say anything else?

    Sounds a bit strange - I wonder if the code has failed to upload properly. I changed the Google Sheets example a bit last week to use setTimeout when writing code to flash - are you using that, or the old code?

    The new one should hopefully be a little more reliable from that point of view.

    It's strange though - I'm not sure I've come across the -7 error before!

  • Actually - just so we know, what was the problem with WIZnet? Was it the CS pin?

  • First off the WIZnet problem. That was me reading what I wanted to read (Dyslexia?). Or use DHCP I read getIP() instead of setIP() for the DHCP transaction and it took me reading the WIZ550io documentation to figure out that wasn't its natural state Or what the module doc said. Ooops.... I did however set the IP, DNS manually and was still not getting connected and that's something I'll figure out if and when I need it.

    Execution Interrupted
    Execution Interrupted
    Execution Interrupted
    

    Doesn't say anything else. Just goes straight down the screen. Tried to reset() and disconnect the WEBIDE and reconnect. Nothing stops it but powering down the PICO. The setTimeout() I actually even tried setting the timeout with an additional 500 milliseconds each.....

  • I still can not get this to work on the pico with the esp8266. Pulling hair out. It gets to loading the last certificate and then just freezes. I have to unplug the pico to get it working again......??

  • Have you tried it with a lower strength key? Maybe use 2048 bit. This worked for me using Espruino Wifi. Maybe it is same issue. See this thread: http://forum.espruino.com/conversations/293351/#comment13233636

  • @Ollie I actually looked that thread over and did try that key. I also have the 47uF capacitor. I even put the E.enableWatchdog() to help with unplugging it every time. Not sure what to do now.....

  • Update. The problem must exist in the recent update of espruino. I am using an older version and can get a little bit farther but still not all of the way. Im getting codes -0x256a and -0x6d00

  • Are you able to post up the exact code that you're using so we can give it a try? Also, which espruino version worked, and which didn't?

  • I jumped back to "VERSION": "1v86", "BUILD_DATE": "Jul 6 2016" and it gets the error codes as on post #108. On version "VERSION": "1v89", "BUILD_DATE": "Nov 15 2016" it just freezes up. As far as the code please reference Logging to Google sheets. I have tried my own 2048 bits keys as @Ollie stated. Nothing has changed from previous posts of 9 months ago. This is a project that I was working on then and decided that I might just wait a while for things to come around.

  • So even the bare google sheets example isn't working for you with 1v89?

    Are you getting it halting at:

    Connecting with TLS...
    Loading the CA root certificate...
    Loading the Client certificate...
    Loading the Client Key...
    

    Like I did when I just tried it, or is it breaking somewhere else?

    With 1v86, does it work when using the example as-is? I have no idea what error 0x256a is (it doesn't seem to be a valid error code from the Pico's SSL library), however 0x6D00 is:

    Public key type mismatch (eg, asked for RSA key exchange and presented EC key)

    Which implies that the public key might be of the wrong type (like DSA instead of RSA). I just tried here on a Pico + ESP8266 and the example still works perfectly on 1v86.

    Having said that there's virtually no free space on the Pico at all when using HTTPS with ESP8266. The Espruino WiFi board will be a better bet there as it's got an extra 32k of RAM - I just tried it and 1v89 works fine (so the crash on the Pico would appear to be some kind of out of memory issue).

    At some point when things calm down after Puck.js I'm going to move to a compiled implementation of the ESP8266 driver. That should cut down on the RAM usage significantly and will make the Pico a lot better at HTTPS with ESP8266 - but I'm afraid it's likely to be a month or two off.

  • Quick update: The latest build for Espruino Pico has fixed the issue that was causing the Google sheets example to crash.

    Turns out it was to do with available memory. For some reason newer versions of GCC started allocating a 1kB buffer for the standard libraries. By moving back to the old rand() implementation I managed to stop the libraries allocating that buffer while also saving ~3kB of flash.

    Sadly I believe the crash was in the TLS libraries - because it was overflowing stack (not allocated memory) it's far more difficult to catch and handle correctly (hence the crash).

    Also: I've made another change to module loading. It'll require some changes to the IDE to take full advantage of it, but when that's done you'll be able to turn on the 'save on send' option in the IDE on and it'll drastically reduce RAM usage.

  • Update #2: If you:

    • Use the latest build of Espruino
    • Install the Web IDE straight from GitHub
    • Turn on Modules uploaded as functions (BETA) in settings
    • Turn on Save on send in settings

    Use the Google sheets example, but remove the timeouts:

      flash.erasePage(addr);
      console.log("Saving key");
      okey = fwrite( atob("MIIEog.....
      console.log("Saving cert");
      ocert = fwrite( atob("MIIFijCC....
      console.log("Saving ca");
      oca = fwrite( atob("MIIFgDC...
      console.log("Done!");
    

    You'll end up with loads of free memory (~450 vars used as opposed to ~850), as then any functions stored in modules stay defined in flash - so that actually makes HTTPS on the Pico + ESP8266 a whole lot more usable.

  • It crashed just the same. I don't know why I keep getting the key mismatch. I have tried the same keys in the tutorial to no avail. I have been able to make it work fine when espruino runs in Ubuntu with the keys/certs I have.

  • Im getting

    Uncaught Error: Both arguments to addCached must be strings
    at line 5 col 360
    ...urn void 0!==d}};return h}});
    
  • You need the latest version of Espruino from here: http://www.espruino.com/binaries/git/commits/master (so not just 1v89 from the website)

    (give it an hour or two - looks like there are some problems with the build I need to fix)

    I have been able to make it work fine when espruino runs in Ubuntu with the keys/certs I have.

    So when you compile Espruino yourself to run natively in Linux it works? The really odd thing there is that the HTTPS code is identical in the Pico and Linux builds, so it should be doing exactly the same stuff.

    Can you run the version checking code that's on http://www.espruino.com/ESP8266?

    I guess it might be that your ESP8266's firmware is out of date, and it's somehow corrupting the data it sends to the server.

  • Ok, it's up there now.

  • Linux: Yeah I've never had a problem with it.....
    Latest Version: Ok Sorry about that I thought I downloaded the right version..... anyways downloaded from the link and.......
    ESP8266 version check is

    AT version:0.25.0.0(Jun 12 2015 20:26:28)\r\nSDK version:1.1.2\r\ncompile time:Jun 17 2015 22:11:51
    

    now we have:

    Connecting to Google
    Connecting with TLS...
    Loading the CA root certificate...
    Loading the Client certificate...
    Loading the Client Key...
    Performing the SSL/TLS handshake...
    ERROR: Failed! mbedtls_ssl_handshake returned -0x4290
    ERROR: Failed! mbedtls_ssl_handshake returned -0x4290
    

    and

    ERROR: Failed! mbedtls_ssl_handshake returned Not enough memory
    ERROR: Failed! mbedtls_ssl_handshake returned -0x4290
    

    Right now I am really busy trying to understand exactly how this communication works. Do we really need the cert and key? I have a test client through NodeJs and it is sending fine with one of their known "root" CAs. I think these are them.

    Much thanks for your help @Gordon. This is really going to do well for me once we get this figured out.

  • ESP8266 version seems ok - it's what I'm using here. And that's using the google sheets example code exactly as-is, without any changes?

    It's frustrating because 0x4290 doesn't even seem to be a valid mbedtls error code :(

    I guess the lack of memory could potentially be causing an issue if it's having trouble allocating something during the handshake. I'll be releasing that new Web IDE soon which might help out with the low memory.

  • I recopied everything exactly from the example:

    Connecting to Google
    Connecting with TLS...
    Loading the CA root certificate...
    Loading the Client certificate...
    Loading the Client Key...
    Performing the SSL/TLS handshake...
    ERROR: Failed! mbedtls_ssl_handshake returned -0x3b10
    ERROR: Failed! mbedtls_ssl_handshake returned -0x4290
    

    I'll also put together a push through node app to get me going in the mean time and I'll keep trying to figure this out from my end. Let me know if you can think of anything else I can try on the Pico.

  • Ok, so I do the following:

    • Copy/paste example to right-hand side of IDE
    • change Wifi credentials
    • upload. It says:

      Saving key
      Saving cert
      Saving ca
      Done!
      
    • type 'onInit()'. It says:

      >onInit()
      =undefined
      Connecting to WiFi
      192.168.1.117
      

    Wait a minute, and it says:

    Connecting to Google
    Connecting with TLS...
    Loading the CA root certificate...
    Loading the Client certificate...
    Loading the Client Key...
    ERROR: Failed! mbedtls_ssl_setup: Not enough memory
    ERROR: Unable to create socket
    Connecting with TLS...
    Loading the CA root certificate...
    Loading the Client certificate...
    Loading the Client Key...
    Performing the SSL/TLS handshake...
    

    (so it fails)

    • wait another minute, and I get:

      Connecting to Google
      Connecting with TLS...
      Loading the CA root certificate...
      Loading the Client certificate...
      Loading the Client Key...
      Performing the SSL/TLS handshake...
      >Verifying peer X.509 certificate...
      Connected to Google
      Google connection closed, 6294 bytes received
      

    So it works - but it's properly tight on memory.

    What's happening is the first time it's got the command history and other stuff in memory, and it tries to allocate everything it needs but it can't find enough continuous space, even after it's freed everything.

    Next time the history's already been freed so it's able to 'fill the gaps' while executing, leaving a much larger contiguous amount of memory.

    I just modified onInit as follows, and it works first time:

    function onInit() {
      clearInterval();
      // initialise the ESP8266, after a delay
      setTimeout(function() {
        // try and free some memory
        delete fwrite;
        delete onInit;
        global["\xff"].history=[];    
        // original code.....
        digitalWrite(B9,1); // enable on Pico Shim V2
    

    However I've just pushed the new version of the Web IDE (0.65.2) with the send module as function enhancement, so you could give that a try too.

  • fight for the bytes!

  • A minute after gaining wifi connection this all happens right in a row...... no time gap.

    Connecting to Google
    Connecting with TLS...
    Loading the CA root certificate...
    Loading the Client certificate...
    Loading the Client Key...
    ERROR: Failed! mbedtls_ssl_setup: Not enough memory
    ERROR: Unable to create socket
    Connecting with TLS...
    Loading the CA root certificate...
    Loading the Client certificate...
    Loading the Client Key...
    Performing the SSL/TLS handshake...
    

    Then after another minute:

    Connecting to Google
    Connecting with TLS...
    Loading the CA root certificate...
    Loading the Client certificate...
    Loading the Client Key...
    Performing the SSL/TLS handshake...
    ERROR: Failed! mbedtls_ssl_handshake returned Not enough memory
    ERROR: Failed! mbedtls_ssl_handshake returned Public key type mismatch
    
  • I set up my own pass through server app that is getting the information where it needs to go. Sorry @Gordon I just do not know what else to do with this. I wonder if this is something to do with my location and country? I did at one time get it to work on the wiznet, but my application would be much nicer with esp8266. I'll keep plugging at it every now and then. Thanks again.

  • I just don't understand how you're getting 'not enough memory' if you're using the exact same code and firmware that I had - I left it running all yesterday and it was going without problems :(

    Also, with the suggestions in #113 I had loads of free memory available.

    Glad you got something else sorted - it's just a shame you didn't get the Pico working directly. It could be your location I guess, but the fact you had it going on WIZnet and PC, and that it always complains 'out of memory', makes me think it probably is just a problem with the Pico running out of memory.

    TLS uses loads of memory if you're trying to do it in a spec compliant way (which I am), and when the Pico's got to communicate with the ESP8266 using JS as well there's not a great deal of memory left over.

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview
About

HTTPS support on Pico!

Posted by Avatar for Gordon @Gordon

Actions