Setup over HTTPS

andyjjones1 · June 21, 2019, 4:44am

Hi everyone,

Currently we have an ESP8266 device running Mongoose OS.
To set up the device, it turns itself into a SOFTAP and the user sends RPC setup calls over HTTP. This all works very well, but our customer wants us to start using HTTPS to reduce the risk of snooping.

Do any of the libraries (open or proprietary) support secure HTTPS for RPC? I took a dig through the libraries but was unable to find any hint of this functionality. We have purcahsed a license to access the proprietary mos-libs.

Thankyou!
Andrew

cpq · June 21, 2019, 2:44pm

github.com

mongoose-os-libs/http-server/blob/master/mos.yml#L15-L16


- ["http.ssl_cert", "s", {title: "Turn on SSL on the listener, use this cert"}]
- ["http.ssl_key", "s", {title: "SSL key to use"}]

andyjjones1 · June 26, 2019, 6:52am

Thanks Sergey for your earlier reply.
I have generated a self-signed cert as per the Mongoose OS security user guide:

openssl req  -nodes -new -x509  -keyout key.pem -out cert.pem
mos put cert.pem
mos put key.pem
mos config-set http.listen_addr=443 http.ssl_key=key.pem http.ssl_cert=cert.pem

When I connect to my device, It seems that no error comes out. It shows an incoming connection from 192.168.4.3:56854 (My PC), but after that, nothing happens. On my PC side it times out. I cannot make any RPC calls via HTTPS.

Thanks for your generous help and support!

[Jun 26 15:31:54.916] mgos_wifi_on_change_ a0:c5:89:87:b8:7e connected
[Jun 26 15:31:55.077] mongoose_poll        New heap free LWM: 35152
[Jun 26 15:31:55.269] mongoose_poll        New heap free LWM: 35144
[Jun 26 15:32:07.467] mongoose_poll        New heap free LWM: 35000
[Jun 26 15:32:07.674] mongoose_poll        New heap free LWM: 33456
[Jun 26 15:32:07.867] mongoose_poll        New heap free LWM: 33000
[Jun 26 15:32:16.292] mongoose_poll        New heap free LWM: 30424
[Jun 26 15:32:21.625] mgos_http_ev         0x3fff3174 HTTP connection from 192.168.4.3:56854
[Jun 26 15:32:21.625] mongoose_poll        New heap free LWM: 24752

andyjjones1 · June 27, 2019, 3:37am

It appears that the incoming connection is accepted, but the TLS handshake times out some how. Here is a pastebin; I’m not sure if it helps:

https://pastebin.com/jvUJiT3e

andyjjones1 · July 5, 2019, 6:40am

Our issue is still unresolved.
If I could get some input from the community (anybody at all!) for ideas to try, or just any ideas at all, I would be very grateful! We have sort of hit a wall here.

Andrew

NIHAL_KULKARNI · November 22, 2019, 10:05pm

When you call from pc side use --rpc-creds user: password