PlatformIO Community

Problems building with ESP-IDF latest version (4.3.0)

Hello,
I’m trying to build a project that uses esp-idf in Platformio and I could still not compile it.
There seems to be a problem with the mbedtls certificates:

Reading CMake configuration...
Generating assembly for certificate bundle...
CMake Error at /home/martin/.platformio/packages/framework-espidf/tools/cmake/scripts/data_file_embed_asm.cmake:26 (file):
file failed to open for reading (No such file or directory):

/home/martin/esp/projects/diy-esp32-epub-reader/.pio/build/lilygo_t5_47/x509_crt_bundle

*** Error 1
/home/martin/.platformio/penv/bin/python /home/martin/.platformio/packages/framework-espidf/components/mbedtls/esp_crt_bundle/gen_crt_bundle.py --input /home/martin/.platformio/packages/framework-espidf/components/mbedtls/esp_crt_bundle/cacrt_all.pem
gen_crt_bundle.py: Parsing certificates from /home/martin/.platformio/packages/framework-espidf/components/mbedtls/esp_crt_bundle/cacrt_all.pem
gen_crt_bundle.py: Invalid certificate in /home/martin/.platformio/packages/framework-espidf/components/mbedtls/esp_crt_bundle/cacrt_all.pem
Invalid certificate

I’m using Ubuntu 20. Tried also to delete the esp-idf framework and build again:

~/.platformio/packages$ rm -fr framework-espidf

But that didn’t solved the problem either. Anyone has any hint how to solve this?
I researched and only found this related github issue but it didn’t helped so far:

I see you have it solved in https://github.com/atomic14/diy-esp32-epub-reader/issues/11#issuecomment-932801747? Is there anything needed from the PlatformIO side?

Hi Max,
Yes but the solution was to disable the:
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE

Which is actually not an option if you need to use SSL. So yes what I would like to have from PlatformIO side is a solution to build this also including the mbedtls certificate just as as is possible to build it using idf.py in command line.

Can you please open an issue in https://github.com/platformio/platform-espressif32/issues with the exact platformio.ini and configuration switches the reproduces the error? The developers should take care of this.

This is an ESP-IDF problem. Several issues have been opened in Espressif’s GitHub. It might only affect newer Python version that check certificates more thoroughly.

I don’t think PlatformIO can fix it. But a fix in ESP-IDF seems to be on it’s way:

Thanks for the info Manuel. Let’s see if it gets merged soon and we can try it again. For those having this problem and are not using https I recommend simply removing this from sdkconfig:

CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL=y

Thanks Max also, it seems the problem is being already addressed, let’s mark this as solved when it’s tested.
Just temporary solution till it’s fixed.

And if you need https, you can edit ~/.platformio/packages/framework-espidf/components/mbedtls/esp_crt_bundle/cacrt_all.pem and remove the EC-ACC certificate.

4 Likes

In the mean time, Espressif has realized that this is a very ugly bug and has pinned the issue at the top of their issue list.

It turns out that the bug affects everybody who installs the Espressif tools after September 30, independent of the ESP-IDF release. At the heart, it was triggered by a new release of the Python cryptography package.

The official Espressif answer with possible workarounds can be found here:

It looks like esp has rolled a fix:

any chance we can get the version bump to 4.3.1 included in the next platformio release?

1 Like