Issue with WSS and ESP 32

[Titus002]

I have an Issue with WSS.
I am Trying to connect to an API for robotic lawn Mowers with an ESP 32. For that I made a get Request to an authentication API which provides me an authentication token. (His part works fine)

Now I need to use this Token to connect to the Websocket Sever via Websocket Secure, but this doesn't work.
Here is the Documentation of the API:

I added Headers which are Requestet from the API and set the SSL certificate which I got with: openssl s_client -showcerts -connect wss://ws.openapi.husqvarna.dev/v1
Iam not getting an SSL ERROR the Websocket just doesn't connects, and getCloseReason gives me 1002.
Maybe someone could help me, that would be awesome.

Here ist my Code:
`#include <Arduino.h>
#include <WiFi.h>
#include <HTTPClient.h>
#include <WiFiClientSecure.h>
#include <config.h>
#include <ArduinoJson.h>
#include <authentificationApi.h>
#include
#include
#include <connectApi.h>
#include <ArduinoWebsockets.h>

String provider;
String token_type;
String access_token;

AuthentificationApi authentificationApi(urlAuthentificationServer, rootCACertificateAuthentificationServer, applicationKey, applicationSecret);

using namespace websockets;
WebsocketsClient client;

//Time set for HTTP
void setClock(){
configTime(0, 0, "pool.ntp.org");
Serial.print(F("Waiting for NTP time sync: "));
time_t nowSecs = time(nullptr);
while (nowSecs < 8 * 3600 * 2) {
delay(500);
Serial.print(F("."));
yield();
nowSecs = time(nullptr);
}
Serial.println();
struct tm timeinfo;
gmtime_r(&nowSecs, &timeinfo);
Serial.print(F("Current time: "));
Serial.print(asctime(&timeinfo));
}

// WiFi Connection
void setup() {
Serial.begin(115200);
WiFi.begin(ssid, password);
Serial.println("Connecting to WIFI: " + String(ssid));
while (WiFi.status() != WL_CONNECTED) {
delay(500);
Serial.print(".");
}
Serial.println();
Serial.println("WiFi connected");
}

void loop() {
// get Data from Authentification API
std::map<String, String> authentificationList = authentificationApi.getAuthentification();
Serial.println(authentificationList["accessToken"]);
Serial.println(authentificationList["scope"]);
Serial.println(authentificationList["expires_in"]);
Serial.println(authentificationList["provider"]);
Serial.println(authentificationList["user_id"]);
Serial.println(authentificationList["token_type"]);

provider = authentificationList["provider"];
token_type =authentificationList["token_type"];
access_token = authentificationList["accessToken"];

client.setCACert(ssl_cert0); //set SSL certificate
client.addHeader("Authorization: Bearer ", access_token); //set Headers so the API allows Connection
client.addHeader("Authorization-Provider: ", "husqvarna");
client.addHeader("X-Api-Key: ", "xxxxx-xxx-xxxxxx");
bool connected = client.connect("wss://ws.openapi.husqvarna.dev/v1");
Serial.println(client.getCloseReason()); //get Close reason gives me 1002
if(client.available()){
Serial.println("Client is avalable");
}

if (connected) {
Serial.println("Connected");
} else {
Serial.println("Connection failed.");
}

client.poll();

Serial.println("Waiting 1000000s before the next round...");
delay(1000000);
}

`

[mkrasselt1]

could you check that pull request #142 ?

[JpEncausse]

Hello, I got the same issue here :

[ 11748][E][WiFiClientSecure.cpp:144] connect(): start_ssl_client: -1
[ 11749][E][WiFiClient.cpp:313] setSocketOption(): fail on 0, errno: 9, "Bad file number"

#include <ArduinoWebsockets.h>
const char* websockets_server_string = "wss://path/to/server"; 

using namespace websockets;
WebsocketsClient client_ws;

unsigned long ws_t1 = 0;
void loopWebSocket(){

  if (client_ws.available()) { client_ws.poll(); }

  unsigned long ws_t0 = millis();
  if (ws_t0 - ws_t1 >= 3000) {
    ws_t1 = ws_t0;
    client_ws.send("Hello, world!");
  } 
}

void onMessageCallback(WebsocketsMessage message) {
    Serial.print("Got Message: ");
    Serial.println(message.data());
}

void onEventsCallback(WebsocketsEvent event, String data) {
    if(event == WebsocketsEvent::ConnectionOpened) {
        Serial.println("Connnection Opened");
    } else if(event == WebsocketsEvent::ConnectionClosed) {
        Serial.println("Connnection Closed");
    } else if(event == WebsocketsEvent::GotPing) {
        Serial.println("Got a Ping!");
    } else if(event == WebsocketsEvent::GotPong) {
        Serial.println("Got a Pong!");
    }
}


const char ssl_ca_cert[] PROGMEM = \
"-----BEGIN CERTIFICATE-----\n" \
"The real certificate"
"-----END CERTIFICATE-----\n";

void Helper::setupWebSocket(){
  delay(2000);

  // run callback when messages are received
  client_ws.onMessage(onMessageCallback);
    
  // run callback when events are occuring
  client_ws.onEvent(onEventsCallback);

  // Before connecting, set the ssl fingerprint of the server
  client_ws.setCACert(ssl_ca_cert);
  client_ws.setInsecure(); // Usefull ?

  bool connected = client_ws.connect(websockets_server_string);
  if (connected) {
      Serial.println("Connected!");
      client_ws.send("Hello Server");
  } else {
      Serial.println("Not Connected!");
  }
}

I don't know what to do ? I almost copy the code sample here.
I also tested my server with another client and it works.

[JpEncausse]

If I remove the setInsecure() I got another error :

[  7620][E][ssl_client.cpp:37] _handle_error(): [start_ssl_client():273]: (-9984) X509 - Certificate verification failed, e.g. CRL, CA or signature check failed
[  7623][E][WiFiClientSecure.cpp:144] connect(): start_ssl_client: -9984
[  7630][E][WiFiClient.cpp:313] setSocketOption(): fail on 0, errno: 9, "Bad file number"

I validated my certificate online and it seems ok

-----BEGIN CERTIFICATE-----
MIIELzCCAxegAwIBAgISBKAmUFp/5WC2dl4lllvLlMzCMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yNDAzMjAxMDMwMjdaFw0yNDA2MTgxMDMwMjZaMCExHzAdBgNVBAMT
Fm92ZXJ3YXRjaC5lbmNhdXNzZS5uZXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
AARrmNadPiJ/a0bL+jaH+i1H+vjpGhIo/WZsLJZseh1OGy6WvdFDqBVlk1b0eFgs
NcPYvrAJFJhx0lT/fVanVd9io4ICGTCCAhUwDgYDVR0PAQH/BAQDAgeAMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
BBQrrQP44KE+DZQh73mHOw0+Cm0u0TAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDm
H6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5v
LmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAh
BgNVHREEGjAYghZvdmVyd2F0Y2guZW5jYXVzc2UubmV0MBMGA1UdIAQMMAowCAYG
Z4EMAQIBMIIBBQYKKwYBBAHWeQIEAgSB9gSB8wDxAHYAO1N3dT4tuYBOizBbBv5A
O2fYT8P0x70ADS1yb+H61BcAAAGOW6B5cQAABAMARzBFAiEAqAftZT6S78W2ahO/
JRUprCZQg7euGai3hqCfZ2p8jp8CIBzNaK/2GcPiNvgpT0XMxMgMKZWgtxsinmi4
nyLpuf3FAHcA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGOW6B6
GwAABAMASDBGAiEAi58d46WuwWK4anmmLyDzRLAnbm2Juw/VnLPL52qoMz8CIQDk
0KkbW/bn5p1vzKGJ2tj4RfZ6hGvawr4WfqN3D+tTNzANBgkqhkiG9w0BAQsFAAOC
AQEAkxKol0ev7MQdrsQf9F1oA13GgxjC6eQ1SjCFvThMvYJjwz9KRdLiYyqxZoIH
Oh55+YF9HtzwsSzGBDtTn9a9HOClwRIL+TRzlJWE3mZadQDzDdYRsRQ7HEq+kpYi
C/FhHyMSE0OTy1IGkmqum1l0lN4fG3a1950ekH/ght7sLIfqhSUHuPRH/a1RPUQ8
QGkl58Fx07O+vv+qGYnxIuUh5r4kusQhYAD73wJZQayyF8mtNWAwdrb8tl1IWLND
pziPju+tW3QFOP0lW+fxWbaAQEOt2AvU1rNSb0USOUoDJdqveNwZZ1GkvroXiRda
CriNjth9OJS7lTgwKINsxlW6Wg==
-----END CERTIFICATE-----

[JpEncausse]

Find the answer !!!!! YES !!!! (months I got the issue)
Here is the explanation : https://www.esp32.com/viewtopic.php?t=12083
And the Issue : espressif/arduino-esp32#3155

In a nutshell the Certificate Generated by Let's Encrypt suck but it's parent works