Page 1 of 1

Since uPython on the ESP doesn't verify SSL certificates

Posted: Sat Apr 22, 2017 1:20 pm
by BetterAutomations
I see that the ussl library does not verify SSL certificates. I need encryption but I don't strictly need SSL. What are my alternatives?

My device does HTTP (or could do MQTT?) GETs or POSTs to a server to receive orders and send status updates. I need to be able to allow or deny access to my service using a password and I want to avoid attackers sending spurious commands. My device is a chicken coop door opener with phone notifications. Is there another way to provide authentication and authorization?

Re: Since uPython on the ESP doesn't verify SSL certificates

Posted: Wed Apr 26, 2017 3:03 am
by BetterAutomations
Is SSL verified on the ESP32 port? I can't find documentation.

Re: Since uPython on the ESP doesn't verify SSL certificates

Posted: Sun Apr 30, 2017 3:35 pm
by BetterAutomations
So without this uPython on the 8266 is a toy. I'm moving toward WiPy or Pi Zero W instead.

Re: Since uPython on the ESP doesn't verify SSL certificates

Posted: Thu May 04, 2017 10:38 pm
by JNA
[quote="BetterAutomations"]So without this uPython on the 8266 is a toy. I'm moving toward WiPy or Pi Zero W instead.[/quote]

Hear, hear. For all the hoopla about the ESP8266-based boards, this is serious and valid complaint.

Re: Since uPython on the ESP doesn't verify SSL certificates

Posted: Fri May 05, 2017 12:16 am
by deshipu
Bye!

Re: Since uPython on the ESP doesn't verify SSL certificates

Posted: Sat May 06, 2017 8:57 am
by pfalcon
BetterAutomations wrote:So without this uPython on the 8266 is a toy. I'm moving toward WiPy or Pi Zero W instead.
That's valid, but not the only way to deal with it, another alternative:
  • Open a shop to resell WiPy or Pi Zero W. When you sell few tens of thousands of them, for the funds collected, hire someone to implement the support you need.
The list doesn't end here, there're many more choices, e.g.:
  • Get to sleep an hour later for few weeks or months and implement this support yourself.

Re: Since uPython on the ESP doesn't verify SSL certificates

Posted: Sat May 06, 2017 5:15 pm
by pythoncoder
pfalcon wrote:...
  • Get to sleep an hour later for few weeks or months and implement this support yourself.
Hear, hear!

Re: Since uPython on the ESP doesn't verify SSL certificates

Posted: Sun May 07, 2017 4:05 am
by BetterAutomations
I'm sorry guys I'm rushed to get the product done. For my project going to a Pi has several other benefits so I'm doing that instead.

For others who do still want to use the ESP and uPython, a suggestion: Wrap the C code (which does verify) in Python, extend it somehow. I thought I recalled reading about a way to wrap the native code into a module but I don't recall any more details at the moment.

Hoping this is viewed as a constructive suggestion; that's the way it is intended.