#include <ESP8266WiFi.h>
#include <WiFiClientSecure.h>
#ifndef STASSID
#define STASSID "ssid"
#define STAPSK "pwd"
#endif
WiFiClientSecure client;
const char* ssid = STASSID;
const char* password = STAPSK;
const char* host = "server ip";
const int httpsPort = 443;
// DigiCert High Assurance EV Root CA
static const char trustRoot[] PROGMEM = R"EOF(
-----BEGIN CERTIFICATE-----
MIIDZzCCAk8CFC6I3N+ayMvUYtM5fV3dgVter3/HMA0GCSqGSIb3DQEBCwUAMHAx
...
...
5yZi0b12t0nRhP9/nfqjrq18qQvuNpFMkEZoX55TU1j+6FTIHlcBSBEzAwRlcy6z
ayyQAen4YGq3fMk=
-----END CERTIFICATE-----
)EOF";
X509List cert(trustRoot);
const char client_cert[] PROGMEM = R"EOF(
-----BEGIN CERTIFICATE-----
MIIDZzCCAk8CFEHOqlzoEw8VZ9UyBUh+Pg9ZGT0cMA0GCSqGSIb3DQEBCwUAMHAx
...
...
K6VmXQciQQuk7V0i75CyxevY9GVDVHs0hpoG7kfXVUVnBo+wQII7p7tEbcJBiQrG
tmQix+1gLmYmsH4=
-----END CERTIFICATE-----
)EOF";
/*-----------------------------------------------------------------*/
const char client_private_key[] PROGMEM = R"KEY(
-----BEGIN PRIVATE KEY-----
MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC5UPJy4qfYeFzd
...
...
cajJThoAW7ihH96fZW7vK0ejSeAxwBgorwzbhWvEORt6be5j2eUycT5q6eOYGXCg
IbCUotZgJRw81XO0uNeYCFyClwM=
-----END PRIVATE KEY-----
)KEY";
void setup() {
Serial.begin(115200);
Serial.println();
Serial.print("Connecting to ");
Serial.println(ssid);
WiFi.mode(WIFI_STA);
WiFi.begin(ssid, password);
while (WiFi.status() != WL_CONNECTED) {
delay(500);
Serial.print(".");
}
Serial.println("");
Serial.println("WiFi connected");
Serial.println("IP address: ");
Serial.println(WiFi.localIP())
// Set time via NTP, as required for x.509 validation
configTime(3 * 3600, 0, "pool.ntp.org", "time.nist.gov");
Serial.print("Waiting for NTP time sync: ");
time_t now = time(nullptr);
while (now < 8 * 3600 * 2) {
delay(500);
Serial.print(".");
now = time(nullptr);
}
Serial.println("");
struct tm timeinfo;
gmtime_r(&now, &timeinfo);
Serial.print("Current time: ");
Serial.print(asctime(&timeinfo));
Serial.print("Connecting to ");
Serial.println(host);
client.setTrustAnchors(&cert);
X509List serverCertList(client_cert);
PrivateKey serverPrivKey(client_private_key);
client.setClientRSACert(&serverCertList,&serverPrivKey);
if (!client.connect(host, httpsPort)) {
Serial.println("Connection failed");
Serial.print(client.getLastSSLError());
//delay(1000);
} else {}
//client.connect(host, httpsPort);
//String url = "/repos/esp8266/Arduino/commits/master/status";
//Serial.print("Requesting URL: ");
//Serial.println(url);
//client.print("Hello from esp8266");
/*client.print(String("GET ") + url + " HTTP/1.1\r\n" +
"Host: " + host + "\r\n" +
"User-Agent: BuildFailureDetectorESP8266\r\n" +
"Connection: close\r\n\r\n");*/
//Serial.println("Request sent");
while (client.connected()) {
String line = client.readStringUntil('\n');
if (line == "\r") {
Serial.println("Headers received");
break;
}
}
String line = client.readStringUntil('\n');
/* if (line.startsWith("{\"state\":\"success\"")) {
Serial.println("esp8266/Arduino CI successfull!");
} else {
Serial.println("esp8266/Arduino CI has failed");
}*/
Serial.println("Reply was:");
Serial.println("==========");
Serial.println(line);
Serial.println("==========");
Serial.println("Closing connection");
}
void loop() {
}
I tried to load both server and client certificates and a private key to run, but it is not connecting to the server. I am also attaching the logs of BearSSL:
Wifi connected IP address:
192.168.34.12
Waiting for NTP time sync:
Current time: Tue Oct 27 04:06:24 2020
Connecting to 192.168.15.123(server ip)
Connection failed
Error code:56
You are passing an IP address as a const char* to client.connect(), but that function expects an array of 4 bytes for IP addresses; it now thinks it is getting a URL which it will try to resolve to an IP address (and it will fail).
If you declare either IPAddress host(192, 168, 15, 123); or const char* host = "hostname"; then client.connect(host, httpsPort); will work; it will not understand this:
const char* host = "192.168.15.123";