Skip to content

Weird Behaviour with BearSSL on GPIO #8976

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
shrynshjn opened this issue Aug 22, 2023 · 2 comments
Open

Weird Behaviour with BearSSL on GPIO #8976

shrynshjn opened this issue Aug 22, 2023 · 2 comments

Comments

@shrynshjn
Copy link

shrynshjn commented Aug 22, 2023
edited
Loading

I use GPIO 5 to trigger a relay, my code also connects with a secure MQTT connection for which I have to use the BearSSL certificate definitions.
Without the BearSSL certificates, when the esp restarts it does not re-trigger the relay, and the GPIO maintains its' state between reboots, but when I use the bearSSL certificates the behavior changes, and GPIO 5 goes low on restart. Any explanation why and how to mitigate it?
I am 100% sure it is because of the import, cause I removed components of my code until I could find the piece of code that causes this, and it was because of the declarations.

#include <WiFiClientSecure.h> 
static const char AWS_CERT_CA[] PROGMEM = R"EOF( 
aws root)EOF"; 
 
static const char AWS_CERT_CRT[] PROGMEM = R"KEY(
device cert)KEY";
 
static const char AWS_CERT_KEY[] PROGMEM = R"KEY(
device key )KEY";
 
BearSSL::X509List cert(AWS_CERT_CA);
BearSSL::X509List client_crt(AWS_CERT_CRT);
BearSSL::PrivateKey key(AWS_CERT_KEY);
 
WiFiClientSecure espClient;
void setup() {
  pinMode(5, OUTPUT);
  delay(2000);
  digitalWrite(5, HIGH);
  delay(2000);
  ESP.restart();
 }

void loop() {}

Without the following three lines

BearSSL::X509List cert(AWS_CERT_CA); 
BearSSL::X509List client_crt(AWS_CERT_CRT); 
BearSSL::PrivateKey key(AWS_CERT_KEY);

The LED on GPIO 5 does not flicker on restarts but adding these lines makes them flicker. Any solution or suggestion towards a solution for this problem will be really helpful.
@shrynshjn
Copy link
Author

What worked for me was to move the BearSSL declaration and usage after the pinMode setting of the GPIO. So I had to make the certificate and keys local variables and wrap the entire setting up of wifi, conneting to it, setting up and connecting to the AWS core in a single function.

void setupWiFiAndConnectAWS() {
  BearSSL::X509List cert(AWS_CERT_CA);
  BearSSL::X509List client_crt(AWS_CERT_CRT);
  BearSSL::PrivateKey key(AWS_CERT_KEY);
  WiFi.persistent(false);
  DEBUG_MSG("[setupWiFi] Setting host name\n");
  WiFi.hostname(deviceId);
  DEBUG_MSG("[setupWiFi] Setting station mode\n");
  WiFi.mode(WIFI_STA);
  if (WiFi.getMode() & WIFI_AP) {
    WiFi.softAPdisconnect(true);
  }
  WiFi.persistent(false);
  DEBUG_MSG("[setupWiFi] Loading certificates\n");
  net.setTrustAnchors(&cert);
  net.setClientRSACert(&client_crt, &key);
  loadCredentials();
  connectWiFi();
  attachInputInterrupts(false);
  setupNTP();
  connectAWS();
}

after setting up the GPIO pins.
Although this is a work around, i still don't understand the core problem, and would like to understand it, that is why I am keeping the issue open for now

@d-a-v
Copy link
Collaborator

d-a-v commented Nov 4, 2023

Nice that you found a workaround.
You can also try and override the default initializer at boot time:
extern "C" void resetPins ()

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@d-a-v @shrynshjn