Skip to content

Strange SSL connection failure: ssl->need_bytes=4621 > 3939 #1375

New issue
New issue
Closed
Closed
Strange SSL connection failure: ssl->need_bytes=4621 > 3939#1375
@cottsak

Description

@cottsak
cottsak
opened on Jan 6, 2016

tl;dr

What does ssl->need_bytes=4621 > 3939 mean? I'm told it's generated from https://github.com/igrr/axtls-8266/blob/514b6685c5a84232caeed72dc5720c652bbe9f73/ssl/tls1.c#L1286 (thanks @Links2004) but I'm not sure how to take this investigation further.

Can you reproduce it?

I'm using Arduino 1.6.7 on OS X 10.11.2 and the 2.1.0-rc1 libs.

To reproduce my issue, use this sketch with the Debug Level set to HTTPClient:

#include <ESP8266WiFi.h>
#include <ESP8266HTTPClient.h>

void setup() {

  Serial.begin(115200);

  Serial.print("Connecting to wifi");
  WiFi.begin("youknow", "whattodo");
  while (WiFi.status() != WL_CONNECTED) {
    delay(500);
    Serial.print(".");
  }
  Serial.println("\r\nWiFi connected.");
  Serial.println("access point:");
  Serial.println(WiFi.SSID());
  Serial.println("ip address:");
  Serial.println(WiFi.localIP());

}

void loop() {
    // wait for WiFi connection
    if(WiFi.status() == WL_CONNECTED) {

        HTTPClient http;

        //http.begin("https://api.twilio.com/", "79 E7 4F C0 02 71 C8 11 4A 30 7C 14 DA 09 AE 66 AB BB 50 1B");
        http.begin("https://api.github.com/", "CF 05 98 89 CA FF 8E D8 5E 5C E0 C2 E4 F7 E6 C3 C7 50 DD 5C");

        int result = http.POST("somedata=yo");
        // error: ssl->need_bytes=4621 > 3939

        Serial.println("status code: " + String(result));

        if(result > 0) {
          Serial.println("body:");
          Serial.println(http.getString());
        } else{
          Serial.print("FAILED. error:"); Serial.println(http.errorToString(result).c_str());
          Serial.println("body:");
          Serial.println(http.getString());
        }

        http.end();
    }

    delay(10000);
}

You'll notice that using https://api.github.com/ everything works ok. Sure the request returns a 404 but the point is that the certificate SHA1 fingerprint matches and a SSL connection is made.

[HTTP-Client][begin] url: https://api.github.com/
[HTTP-Client][begin] host: api.github.com port: 443 url: / https: 1 httpsFingerprint: CF 05 98 89 CA FF 8E D8 5E 5C E0 C2 E4 F7 E6 C3 C7 50 DD 5C
[HTTP-Client] connect https...
please start sntp first !
[HTTP-Client] connected to api.github.com:443
[HTTP-Client] https certificate matches
[HTTP-Client][handleHeaderResponse] RX: 'HTTP/1.1 404 Not Found'

However with Twilio I get this strange ssl->need_bytes=4621 > 3939 in the debug output and the connection fails. I know the fingerprint is correct so I don't know what is different. On further investigation the only difference between the two certs I can see is the key length: Twilio is 4096 and github is 2048.

Can someone please help me out with this?

[HTTP-Client][begin] url: https://api.twilio.com/
[HTTP-Client][begin] host: api.twilio.com port: 443 url: / https: 1 httpsFingerprint: 79 E7 4F C0 02 71 C8 11 4A 30 7C 14 DA 09 AE 66 AB BB 50 1B
[HTTP-Client] connect https...
please start sntp first !
ssl->need_bytes=4621 > 3939

[HTTP-Client] failed connect to api.twilio.com:443
[HTTP-Client][returnError] error(-1): connection refused
status code: -1
FAILED. error:connection refused
body:
[HTTP-Client][returnError] error(-4): not connected

[HTTP-Client][end] tcp is closed

Bear in mind regarding the please start sntp first !, I get this failure wether I include configTime(3 * 3600, 0, "pool.ntp.org", "time.nist.gov"); or not.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions