Arduino-esp32: HTTPClient returns error send header failed when using HTTPS

Created on 15 Sep 2019  路  13Comments  路  Source: espressif/arduino-esp32

Hardware:

Board: M5Stack Core
Core Installation version: 1.0.3
IDE name: Arduino IDE
Flash Frequency: 80Mhz
PSRAM enabled: no
Upload Speed: 921600
Computer OS: Windows 10

Description:

HTTPClient fails with error "send header failed" when using HTTPS. It was working ok with ES32 1.0.2, but after update to ESP32 1.0.3 it fails. Even the simple standard sample HTTPClient/BasicHttpsClient fails. When I go back to 1.0.2, it works. Included code is just a pure BasicHttpsClient sample with changed SSID a wifi pass.

Sketch: (leave the backquotes for code formatting)

//Change the code below by your sketch
/**
   BasicHTTPSClient.ino

    Created on: 14.10.2018

*/

#include <Arduino.h>

#include <WiFi.h>
#include <WiFiMulti.h>

#include <HTTPClient.h>

#include <WiFiClientSecure.h>

// This is GandiStandardSSLCA2.pem, the root Certificate Authority that signed 
// the server certifcate for the demo server https://jigsaw.w3.org in this
// example. This certificate is valid until Sep 11 23:59:59 2024 GMT
const char* rootCACertificate = \
"-----BEGIN CERTIFICATE-----\n" \
"MIIF6TCCA9GgAwIBAgIQBeTcO5Q4qzuFl8umoZhQ4zANBgkqhkiG9w0BAQwFADCB\n" \
"iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\n" \
"cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV\n" \
"BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQw\n" \
"OTEyMDAwMDAwWhcNMjQwOTExMjM1OTU5WjBfMQswCQYDVQQGEwJGUjEOMAwGA1UE\n" \
"CBMFUGFyaXMxDjAMBgNVBAcTBVBhcmlzMQ4wDAYDVQQKEwVHYW5kaTEgMB4GA1UE\n" \
"AxMXR2FuZGkgU3RhbmRhcmQgU1NMIENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IB\n" \
"DwAwggEKAoIBAQCUBC2meZV0/9UAPPWu2JSxKXzAjwsLibmCg5duNyj1ohrP0pIL\n" \
"m6jTh5RzhBCf3DXLwi2SrCG5yzv8QMHBgyHwv/j2nPqcghDA0I5O5Q1MsJFckLSk\n" \
"QFEW2uSEEi0FXKEfFxkkUap66uEHG4aNAXLy59SDIzme4OFMH2sio7QQZrDtgpbX\n" \
"bmq08j+1QvzdirWrui0dOnWbMdw+naxb00ENbLAb9Tr1eeohovj0M1JLJC0epJmx\n" \
"bUi8uBL+cnB89/sCdfSN3tbawKAyGlLfOGsuRTg/PwSWAP2h9KK71RfWJ3wbWFmV\n" \
"XooS/ZyrgT5SKEhRhWvzkbKGPym1bgNi7tYFAgMBAAGjggF1MIIBcTAfBgNVHSME\n" \
"GDAWgBRTeb9aqitKz1SA4dibwJ3ysgNmyzAdBgNVHQ4EFgQUs5Cn2MmvTs1hPJ98\n" \
"rV1/Qf1pMOowDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYD\n" \
"VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMCIGA1UdIAQbMBkwDQYLKwYBBAGy\n" \
"MQECAhowCAYGZ4EMAQIBMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNl\n" \
"cnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNy\n" \
"bDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRy\n" \
"dXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZ\n" \
"aHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAWGf9\n" \
"crJq13xhlhl+2UNG0SZ9yFP6ZrBrLafTqlb3OojQO3LJUP33WbKqaPWMcwO7lWUX\n" \
"zi8c3ZgTopHJ7qFAbjyY1lzzsiI8Le4bpOHeICQW8owRc5E69vrOJAKHypPstLbI\n" \
"FhfFcvwnQPYT/pOmnVHvPCvYd1ebjGU6NSU2t7WKY28HJ5OxYI2A25bUeo8tqxyI\n" \
"yW5+1mUfr13KFj8oRtygNeX56eXVlogMT8a3d2dIhCe2H7Bo26y/d7CQuKLJHDJd\n" \
"ArolQ4FCR7vY4Y8MDEZf7kYzawMUgtN+zY+vkNaOJH1AQrRqahfGlZfh8jjNp+20\n" \
"J0CT33KpuMZmYzc4ZCIwojvxuch7yPspOqsactIGEk72gtQjbz7Dk+XYtsDe3CMW\n" \
"1hMwt6CaDixVBgBwAc/qOR2A24j3pSC4W/0xJmmPLQphgzpHphNULB7j7UTKvGof\n" \
"KA5R2d4On3XNDgOVyvnFqSot/kGkoUeuDcL5OWYzSlvhhChZbH2UF3bkRYKtcCD9\n" \
"0m9jqNf6oDP6N8v3smWe2lBvP+Sn845dWDKXcCMu5/3EFZucJ48y7RetWIExKREa\n" \
"m9T8bJUox04FB6b9HbwZ4ui3uRGKLXASUoWNjDNKD/yZkuBjcNqllEdjB+dYxzFf\n" \
"BT02Vf6Dsuimrdfp5gJ0iHRc2jTbkNJtUQoj1iM=\n" \
"-----END CERTIFICATE-----\n";

// Not sure if WiFiClientSecure checks the validity date of the certificate. 
// Setting clock just to be sure...
void setClock() {
  configTime(0, 0, "pool.ntp.org", "time.nist.gov");

  Serial.print(F("Waiting for NTP time sync: "));
  time_t nowSecs = time(nullptr);
  while (nowSecs < 8 * 3600 * 2) {
    delay(500);
    Serial.print(F("."));
    yield();
    nowSecs = time(nullptr);
  }

  Serial.println();
  struct tm timeinfo;
  gmtime_r(&nowSecs, &timeinfo);
  Serial.print(F("Current time: "));
  Serial.print(asctime(&timeinfo));
}


WiFiMulti WiFiMulti;

void setup() {

  Serial.begin(115200);
  // Serial.setDebugOutput(true);

  Serial.println();
  Serial.println();
  Serial.println();

  WiFi.mode(WIFI_STA);
  WiFiMulti.addAP("mySSID", "myPASSWD");

  // wait for WiFi connection
  Serial.print("Waiting for WiFi to connect...");
  while ((WiFiMulti.run() != WL_CONNECTED)) {
    Serial.print(".");
  }
  Serial.println(" connected");

  setClock();  
}

void loop() {
  WiFiClientSecure *client = new WiFiClientSecure;
  if(client) {
    client -> setCACert(rootCACertificate);

    {
      // Add a scoping block for HTTPClient https to make sure it is destroyed before WiFiClientSecure *client is 
      HTTPClient https;

      Serial.print("[HTTPS] begin...\n");
      if (https.begin(*client, "https://jigsaw.w3.org/HTTP/connection.html")) {  // HTTPS
        Serial.print("[HTTPS] GET...\n");
        // start connection and send HTTP header
        int httpCode = https.GET();

        // httpCode will be negative on error
        if (httpCode > 0) {
          // HTTP header has been send and Server response header has been handled
          Serial.printf("[HTTPS] GET... code: %d\n", httpCode);

          // file found at server
          if (httpCode == HTTP_CODE_OK || httpCode == HTTP_CODE_MOVED_PERMANENTLY) {
            String payload = https.getString();
            Serial.println(payload);
          }
        } else {
          Serial.printf("[HTTPS] GET... failed, error: %s\n", https.errorToString(httpCode).c_str());
        }

        https.end();
      } else {
        Serial.printf("[HTTPS] Unable to connect\n");
      }

      // End extra scoping block
    }

    delete client;
  } else {
    Serial.println("Unable to create client");
  }

  Serial.println();
  Serial.println("Waiting 10s before the next round...");
  delay(10000);
}

Debug Messages:

[D][WiFiGeneric.cpp:337] _eventCallback(): Event: 0 - WIFI_READY
[D][WiFiGeneric.cpp:337] _eventCallback(): Event: 2 - STA_START
[I][WiFiMulti.cpp:84] addAP(): [WIFI][APlistAdd] add SSID: Skr1474
[D][WiFiGeneric.cpp:337] _eventCallback(): Event: 1 - SCAN_DONE
[I][WiFiMulti.cpp:114] run(): [WIFI] scan done
[I][WiFiMulti.cpp:119] run(): [WIFI] 3 networks found
[D][WiFiMulti.cpp:149] run():  --->   0: [10][30:5A:3A:6D:4B:08] Skr1474 (-51) *
[D][WiFiMulti.cpp:149] run():  --->   1: [13][04:D4:C4:0B:A3:58] Skr1474 (-77) *
[D][WiFiMulti.cpp:149] run():  --->   2: [6][BC:AE:C5:C3:E8:E7] Skr1474 (-84) *
[I][WiFiMulti.cpp:160] run(): [WIFI] Connecting BSSID: 30:5A:3A:6D:4B:08 SSID: Skr1474 Channal: 10 (-51)
[D][WiFiGeneric.cpp:337] _eventCallback(): Event: 4 - STA_CONNECTED
[D][WiFiGeneric.cpp:337] _eventCallback(): Event: 7 - STA_GOT_IP
[D][WiFiGeneric.cpp:381] _eventCallback(): STA IP: 192.168.1.173, MASK: 255.255.255.0, GW: 192.168.1.1
[I][WiFiMulti.cpp:174] run(): [WIFI] Connecting done.
[D][WiFiMulti.cpp:175] run(): [WIFI] SSID: Skr1474
[D][WiFiMulti.cpp:176] run(): [WIFI] IP: 192.168.1.173
[D][WiFiMulti.cpp:177] run(): [WIFI] MAC: 30:5A:3A:6D:4B:08
[D][WiFiMulti.cpp:178] run(): [WIFI] Channel: 10
Waiting for NTP time sync: .
Current time: Sun Sep 15 10:26:14 2019
[HTTPS] begin...
[D][HTTPClient.cpp:276] beginInternal(): host: jigsaw.w3.org port: 443 url: /HTTP/connection.html
[D][HTTPClient.cpp:1025] connect():  connected to jigsaw.w3.org:443
[E][ssl_client.cpp:33] handle_error(): SSL - Bad input parameters to function
[E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -28928
[E][ssl_client.cpp:33] handle_error(): SSL - Bad input parameters to function
[E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -28928
[E][ssl_client.cpp:33] handle_error(): SSL - Bad input parameters to function
[E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -28928
[E][ssl_client.cpp:33] handle_error(): SSL - Bad input parameters to function
[E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -28928
[E][ssl_client.cpp:33] handle_error(): SSL - Bad input parameters to function
[E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -28928
[W][HTTPClient.cpp:1318] returnError(): error(-2): send header failed
[E][ssl_client.cpp:33] handle_error(): SSL - Bad input parameters to function
[E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -28928
[E][ssl_client.cpp:33] handle_error(): SSL - Bad input parameters to function
[E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -28928
[D][HTTPClient.cpp:1320] returnError(): tcp stop
[E][ssl_client.cpp:33] handle_error(): SSL - Bad input parameters to function
[E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -28928
[E][ssl_client.cpp:33] handle_error(): SSL - Bad input parameters to function
[E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -28928
[E][ssl_client.cpp:33] handle_error(): SSL - Bad input parameters to function
[E][ssl_client.cpp:35] handle_error(): MbedTLS message code: -28928
[D][HTTPClient.cpp:370] disconnect(): tcp stop

Waiting 10s before the next round...
picture mlukasek
👍5

Most helpful comment

nice :)

picture me-no-dev on 2 Oct 2019
👍2

All 13 comments

The same for me. No TLS communication works. After downgrade to 1.0.2 it works again.

vlastahajek picture vlastahajek on 15 Sep 2019
👍1

Same here, check out #2670 for a workaround

meltdown03 picture meltdown03 on 15 Sep 2019

Maybe calling HTTPClient::setConnectTimeout() with some decent value helps? Looking at the code the timeout is in ms, so something in the 5000 to 15000 range might work?

Jeroen88 picture Jeroen88 on 15 Sep 2019

Maybe calling HTTPClient::setConnectTimeout() with some decent value helps? Looking at the code the timeout is in ms, so something in the 5000 to 15000 range might work?

No luck with setting timeouts for me.

meltdown03 picture meltdown03 on 16 Sep 2019

should be fixed in current master

me-no-dev picture me-no-dev on 16 Sep 2019
👍2

if you can confirm, I can release it :)

me-no-dev picture me-no-dev on 16 Sep 2019
👍1

Yes, I can confirm it works for me. Thank you!

meltdown03 picture meltdown03 on 16 Sep 2019

It works great, thank you!

mlukasek picture mlukasek on 17 Sep 2019

I can also confirm the fix works. Thanks.

vlastahajek picture vlastahajek on 18 Sep 2019

New finding. It hangs when issuing HTTPS post:

Checking db..
[D][HTTPClient.cpp:276] beginInternal(): host: <edited>
[D][HTTPClient.cpp:1025] connect():  connected to <edited>
[D][HTTPClient.cpp:1158] handleHeaderResponse(): code: 200
[D][HTTPClient.cpp:1165] handleHeaderResponse(): Transfer-Encoding: chunked
[D][HTTPClient.cpp:797] writeToStream():  read chunk len: 243
[D][HTTPClient.cpp:1295] writeToStreamDataBlock(): connection closed or file end (written: 243).
[D][HTTPClient.cpp:797] writeToStream():  read chunk len: 0
[D][HTTPClient.cpp:361] disconnect(): still data in buffer (2), clean up.

[D][HTTPClient.cpp:368] disconnect(): tcp keep open for reuse

[D][HTTPClient.cpp:383] disconnect(): tcp is closed

Writing to db
[D][HTTPClient.cpp:276] beginInternal(): <edited>
[I][ssl_client.cpp:156] start_ssl_client(): WARNING: Use certificates for a more secure communication!
[D][HTTPClient.cpp:1025] connect():  connected to <edited>
[D][HTTPClient.cpp:1158] handleHeaderResponse(): code: 204
vlastahajek picture vlastahajek on 25 Sep 2019

same here, see
https://github.com/espressif/arduino-esp32/issues/3273

I also can confirm the fix works.

cyberman54 picture cyberman54 on 30 Sep 2019

@me-no-dev It is working OK in 1.0.4 RC1, so you can close this. Thank you.

mlukasek picture mlukasek on 2 Oct 2019

nice :)

me-no-dev picture me-no-dev on 2 Oct 2019
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Darkhub picture Darkhub  路  3Comments
mpatafio picture mpatafio  路  4Comments
OAXP picture OAXP  路  4Comments
zuqualla picture zuqualla  路  4Comments
maxgerhardt picture maxgerhardt  路  3Comments