-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Workarounds to make SSL/TLS work #899
Comments
Can it work with esp32 using AsyncTCP? |
@tom-ch1 Thank you for your work here in navigating the issues and then giving us all this leg up. It has really saved me a lot of time. Much appreciated. One additional item that had me scratching my head for a few min was that once you have the files in place and the call to onSSLFileRequest you also need to add in the SPIFFS.Begin() call before you start the server. |
@zekageri : I don't know, but I have come across some sites which state that the esp32 doesn't have enough resources for SSL. @jcassel : Thanks for pointing that out. In fact, my version is using LittleFS. For a complete sketch see my example at https://gitlab.users.ch.eu.org/smarthome/eaws-ssl-updater |
[STALE_SET] This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions. |
[STALE_DEL] This stale issue has been automatically closed. Thank you for your contributions. |
Just as Note: In the the SDK 3.X don't work because the openssl libs was removed. |
unfortunately that site went away - any replacement location? |
@mhaberler I made one example WebServer sketch for ESP8266 using TLS. Check it out at: https://gitlab.com/artonworkstm/asyncwebservertls The only thing I miss is session cache which would fasten up a bit the requests. I'll dig myself into it in the next days. |
thanks, appreciated! |
Yes, I put my Gitlab site behind a reverse proxy, so it's easier to find: https://gitlab.users.ch.eu.org/smarthome/eaws-ssl-updater |
that doesn't even make sense ... the ESP32 has a built-in SSL webserver header from espressif, it has an on-board crypto cell chip and has oodles more resources than the ESP8266. So, that's definitely not true. |
I confirm it works running HTTPS server on an ESP8266 with this patch. |
Any way this can be used for the ESP32 using AsyncTCP library? |
I join to question, SSL in ESP32 with library ESPAsyncWebServer is possible? |
Unfortunately no |
Setting-up an SSL/TLS enabled Server using the ESPAsyncWebServer library is not yet fully documented and straight-forward. I spent a lot of time and finally got it to work. I'd like to share what I have learned, so you can make it work, too.
My setup and basic requirements
Here's an account of the caveats and how to work around them
#define ASYNC_TCP_SSL_ENABLED 1
before#include <ESPAsyncTCP.h>
no matching function for call to AsyncClient::_recv(tcp_pcb*&, pbuf*&, int)
or similarundefined reference to AsyncWebServer::onSslFileRequest(std::function<int (void*, char const*, unsigned char**)>, void*)
or similar#define ASYNC_TCP_SSL_ENABLED 1
to the top oflibraries/ESPAsyncTCP/src/async_config.h
(Arduino IDE)Error: Feature not supported
after callingserver.beginSecure()
openssl genrsa -out Key.pem 1024
openssl req -x509 -out Cert.pem -key Key.pem -new -sha256 -subj /CN=your.domain -addext "keyUsage=digitalSignature,keyEncipherment" -addext extendedKeyUsage=serverAuth
I hope I could help somebody trying to set up an SSL-protected update-server
The text was updated successfully, but these errors were encountered: