ESP32 HTTPS issue

csetera · April 29, 2022, 2:29pm

If there is a better place to ask this question (or a different community), I would appreciate a pointer. I’m struggling with an issue making an HTTPS call from my ESP32 application. I’m receiving an MBEDTLS_ERR_SSL_INVALID_RECORD error when attempting to make a connection to OpenWeatherMap, while another call succeeds. Based on all of my internet searches, it seems like MBEDTLS_ERR_SSL_INVALID_RECORD might be memory related. However, I have not figured out how to control the memory allocated to the buffer.

I’m running on:

framework = arduino
platform = espressif32
board = esp32doit-devkit-v1

Here is some output from the process that fails:

[V][HTTPClient.cpp:245] beginInternal(): url: http://api.openweathermap.org/data/2.5/weather?zip=55960&units=imperial&APPID=xxxxx
[D][HTTPClient.cpp:293] beginInternal(): protocol: http, host: api.openweathermap.org port: 80 url: /data/2.5/weather?zip=55960&units=imperial&APPID=xxxxx
Executing GET request
[D][HTTPClient.cpp:579] sendRequest(): request type: ‘GET’ redirCount: 0

[V][ssl_client.cpp:59] start_ssl_client(): Free internal heap before TLS 235864
[V][ssl_client.cpp:65] start_ssl_client(): Starting socket
[V][ssl_client.cpp:104] start_ssl_client(): Seeding the random number generator
[V][ssl_client.cpp:113] start_ssl_client(): Setting up the SSL/TLS structure…
[I][ssl_client.cpp:127] start_ssl_client(): WARNING: Skipping SSL Verification. INSECURE!
[V][ssl_client.cpp:197] start_ssl_client(): Setting hostname for TLS session…
[V][ssl_client.cpp:212] start_ssl_client(): Performing the SSL/TLS handshake…
[E][ssl_client.cpp:36] _handle_error(): [start_ssl_client():216]: (-29184) SSL - An invalid SSL record was received
[E][WiFiClientSecure.cpp:133] connect(): start_ssl_client: -29184
[V][ssl_client.cpp:265] stop_ssl_socket(): Cleaning SSL connection.
[D][HTTPClient.cpp:1118] connect(): failed connect to api.openweathermap.org:80
[W][HTTPClient.cpp:1417] returnError(): error(-1): connection refused
GET request result code: -1
[D][HTTPClient.cpp:400] disconnect(): tcp is closed

[V][ssl_client.cpp:265] stop_ssl_socket(): Cleaning SSL connection.
[V][ssl_client.cpp:265] stop_ssl_socket(): Cleaning SSL connection.

Can anyone suggest next steps?
Thanks!
Craig

maxgerhardt · April 29, 2022, 3:02pm

But how can TLS/SSL be involved here when this is going to HTTP port 80 and not HTTPS (port 443)? If you’re doing HTTP only calls, then no TLS is involved.

Can you show the full sketch?

Edit: Ah, it might do a HTTP redirect to the HTTPS port.

csetera · April 29, 2022, 3:08pm

Hmm… That is an interesting point. I honestly hadn’t noticed it was an http url and not https. I will look more closely at what is happening when I hit up that URL from laptop where I can see better what is happening. I was so focused on the memory aspect, I may have missed something much more obvious…

csetera · April 29, 2022, 3:28pm

@maxgerhardt - Thanks for spotting the http/https. I had not realized I had copied an http URL. It seems that WiFiClientSecure will always attempt to negotiate SSL regardless of whether the URL is http or https. However, the server in this case was not expecting SSL. That was why the “bad record” was occurring and it had nothing to do with memory.

Amazing what a second set of eyes will pick up on.
Thanks again!