These are chat archives for SmingHub/Sming

22nd
Nov 2016
slaff
@slaff
Nov 22 2016 09:45

@/all We are in the processes of adding SSL support in Sming (NONOS). Before we do this we would like to test it on multiple platforms. With your help hopefully we can spot all possible issues before merging the code. If you want to help here are the commands that need to be executed:

git clone -b feature/axtls-dev https://github.com/slaff/Sming.git 
cd Sming
export SMING_HOME=`pwd`/Sming
cd samples/Basic_Ssl
make 
make flash

Give it a try and tell us if it is working for you.

laurentppol
@laurentppol
Nov 22 2016 11:30
OK, I removed ANY external call in my HARD 10ms Timer int, added IRAM_ATTR, code work for 13+h w/o crash. But I'd like to use DigitalWrite inside this. (blocked them with #if defined(), but it limits functionality). Can I re-add this safely, or have I to add IRAM_ATTR in library routines (and recompile Sming)?
ONE bizare thing: if I declare Timer as Hardware, it woks OK, BUT if I declare it as "regular / SOFT" it (looks) fires 2x LESS -> "1sec" in program takes 2sec realtime...
in code there is ONLY difference in DECLARATION, not in Initialize() / Start()
laurentppol
@laurentppol
Nov 22 2016 12:24
@slaff used Your instructions (except that I renamed git-clone-resulting dir "Sming" to "Sming-tls.test"), got THIS error (RBOOT)
[laurent@localhost Basic_Ssl]$ make
Recompiling Sming with SSL support. This may take some time
make[1]: Entering directory `/opt/Sming-tls.test/Sming'
make[2]: Entering directory `/opt/Sming-tls.test/Sming/third-party/axtls-8266'
make[2]: *** No rule to make target `clean'.  Stop.
make[2]: Leaving directory `/opt/Sming-tls.test/Sming/third-party/axtls-8266'
make[1]: [clean] Error 2 (ignored)
make[1]: Leaving directory `/opt/Sming-tls.test/Sming'
make[1]: Entering directory `/opt/Sming-tls.test/Sming'
Fetching third-party/rboot/ ...
You need to run this command from the toplevel of the working tree.
make[1]: *** [third-party/rboot/Makefile] Error 1
make[1]: Leaving directory `/opt/Sming-tls.test/Sming'
make: *** [/opt/Sming-tls.test/Sming/compiler/lib//libsmingssl.a] Error 2
[laurent@localhost Basic_Ssl]$
same RBOOT error if I try to "simply" compile Sming
slaff
@slaff
Nov 22 2016 12:29
@laurentppol What is the OS and git version that you have used?
laurentppol
@laurentppol
Nov 22 2016 12:32
@slaff Linux, Fedora16/23/24 "mix"
laurent@localhost Incoming]$ git --version
git version 1.7.7.6
[laurent@localhost Incoming]$ uname -a
Linux localhost 4.8.6-201.fc24.i686 #1 SMP Thu Nov 3 15:13:15 UTC 2016 i686 i686 i386 GNU/Linux
[laurent@localhost Incoming]$
SDK 1.4.0 I think
slaff
@slaff
Nov 22 2016 12:44
@laurentppol Can you upgrade git to version 1.9.* and try again?
laurentppol
@laurentppol
Nov 22 2016 12:51
trying 2.7.4 (F24), if it does not try to update my whole system :), looks problem is related to building rBoot, manually disabled rBoot in (top) Makefile, compiling starts, fails at "no rboot-api.h"
slaff
@slaff
Nov 22 2016 12:52
Check you gitter private message ...
laurentppol
@laurentppol
Nov 22 2016 13:01
got 2.7.4, will try as I'll be back (~2h)
laurentppol
@laurentppol
Nov 22 2016 16:22
@slaff OK, compile "bare Sming" and "Basic_Ssl: OK, so You were right about git version issue :)
will try to flash it later
laurentppol
@laurentppol
Nov 22 2016 16:36
does it provide only CLIENT (https) or SERVER functionality too?
Alexander V. Ribchansky
@avr39-ripe
Nov 22 2016 16:39
/@all Please welcome longwaiting #809 Websocket client implementation for Sming :)
slaff
@slaff
Nov 22 2016 16:43
@laurentppol axTLS provides both. In sming for now we use only this for the clients. And ESP8266 has RAM for max 2 SSL connections at the same time. So the SSL server should have very limited use.
laurentppol
@laurentppol
Nov 22 2016 16:47
:|... but imagine, for IOT sensor, (as in my project, reporting over ONE TCP connection -> ONE client [at a time]) adding security would be nice :) Ex enable access over "hostly Internet".
IMO having net w/o security limits IOT usage to local network.
for sensor maybe it is not "a must", but if You imagine some "effector"...
slaff
@slaff
Nov 22 2016 16:51
SSL for Server(s) can be added too. Once we are sure that the SSL clients in Sming are working we can add that as "step 2".
Alexander V. Ribchansky
@avr39-ripe
Nov 22 2016 16:52
@slaff whilt trying to test SSL
> gmake rebuild
C+ app/application.cpp
AR out/build/app_app.a
LD out/build/app.out
/usr/home/shurik/src/esp8266/Sming/Sming/compiler/lib//libaxtls.a(loader.o):(.irom0.literal+0x1c): undefined reference to `ax_port_free'
/usr/home/shurik/src/esp8266/Sming/Sming/compiler/lib//libaxtls.a(loader.o):(.irom0.literal+0x3c): undefined reference to `ax_port_calloc'
/usr/home/shurik/src/esp8266/Sming/Sming/compiler/lib//libaxtls.a(loader.o):(.irom0.literal+0x40): undefined reference to `ax_port_realloc'
/usr/home/shurik/src/esp8266/Sming/Sming/compiler/lib//libaxtls.a(loader.o):(.irom0.literal+0x44): undefined reference to `ax_port_malloc'
@slaff build is OK, but linking fails
laurentppol
@laurentppol
Nov 22 2016 16:56
@avr39-ripe did You rebuild Sming lib? [before rebuilding app]
Alexander V. Ribchansky
@avr39-ripe
Nov 22 2016 16:59
@laurentppol yes, with gmake ENABLE_SSL=1 :(
laurentppol
@laurentppol
Nov 22 2016 17:03
@slaff "Basic-Ssl" test output:
scandone
state: 0 -> 2 (b0)
state: 2 -> 3 (0)
state: 3 -> 5 (10)
add 0
aid 2
cnt 

connected with adelin3, channel 1
dhcp client start...
chg_B1:-40
ip:192.168.2.201,mask:255.255.255.0,gw:192.168.2.45
Connected. Got IP: 192.168.2.201
Download: https://www.google.com:443/
connect to: www.google.com
Storing 38 bytes in stream
realloc 38 -> 169
Storing 2 bytes in stream
Storing 0 bytes in stream
DNS record found: www.google.com = 216.58.209.36
TcpConnection::connect result:, 0
OnConnected
staticOnConnected: useSSL: 1, Error: 0
SSL: Starting connection...
SSL: Switching to 160 MHz
SSL: handshake start (22783 ms)
please start sntp first !
SSL: handshake is in progress...
TCP sent: 101
please start sntp first !
TCP sent: 342
SSL: Handshake done (26034 ms).
SSL: Switching back to 80 MHz
cert FP: 93 00 A7 77 BF 33 43 DE B1 26 B2 47 15 8A E3 5B 97 CD B8 B1 
test FP: 0A CD 80 3A EE E4 66 FF 22 13 B2 C2 EF 83 E4 0A 9B 94 B5 F8 
SSL: Certificate fingerprint does not match!
Got response code: 0
Got content starting with: 
Success: 0
Common Name:                    www.google.com

CIPHER is AES128-SHA
-----BEGIN SSL SESSION PARAMETERS-----
ed3483efce5b966ec11c7a62de075963f20e0458e23349d19b83a268f9450779
-----END SSL SESSION PARAMETERS-----
SSL: closing ...
done

TCP connection closing
-TCP connection
pm open phy_2,type:2 0 0
slaff
@slaff
Nov 22 2016 17:04
Cool :)
And I can see that google changed their certificate which means that we have now new certificate fingerprint.
laurentppol
@laurentppol
Nov 22 2016 17:05
it works? ("please start sntp first!")
slaff
@slaff
Nov 22 2016 17:05
Yes, it works.
laurentppol
@laurentppol
Nov 22 2016 17:05
nice :)
slaff
@slaff
Nov 22 2016 17:06
SNTP is needed when we want to provide more "robust" verification. For that case we need to have the exact date to compare the validity of the certificate.
laurentppol
@laurentppol
Nov 22 2016 17:06
BTW, ESP "internal RTC" is based on hardware clocking? Can we assume it is accurate?
slaff
@slaff
Nov 22 2016 17:08
RTC is time units since the device started working. This is not comparable with the exact date that we need to validate the certificates
@/all Feedback is needed: Test the Websocket PR #809 and tell us if it is working for you.
laurentppol
@laurentppol
Nov 22 2016 17:11
@slaff ok, seems logical, RTC on ESP has no backup battery ;p... but my question is about precision, as with SOFT ints I got ~20% timing error