1

I use GPIO 5 to trigger a relay. My code also connects with a secure MQTT connection for which I have to use the BearSSL certificate definitions.

Without the BearSSL certificates, when the ESP restarts it does not re-trigger the relay, and the GPIO maintains its state between reboots, but when I use the bearSSL certificates the behavior changes, and GPIO 5 goes low on restart. Any explanation why and how to mitigate it?

I am 100% sure it is because of the import, because I removed components from my code until I could find the piece of code that caused this, and it was because of the declarations.

#include <WiFiClientSecure.h> 
static const char AWS_CERT_CA[] PROGMEM = R"EOF(aws root)EOF"; 
static const char AWS_CERT_CRT[] PROGMEM = R"KEY(device cert)KEY";
static const char AWS_CERT_KEY[] PROGMEM = R"KEY(device key)KEY";
 
BearSSL::X509List cert(AWS_CERT_CA);
BearSSL::X509List client_crt(AWS_CERT_CRT);
BearSSL::PrivateKey key(AWS_CERT_KEY);
 
WiFiClientSecure espClient;
void setup() {
 pinMode(5, OUTPUT);
 delay(2000);
 digitalWrite(5, HIGH);
 delay(2000);
 ESP.restart();
}
 
void loop() {}

Without the following three lines the LED on GPIO 5 does not flicker on restarts, but adding these lines makes them flicker:

BearSSL::X509List cert(AWS_CERT_CA); 
BearSSL::X509List client_crt(AWS_CERT_CRT); 
BearSSL::PrivateKey key(AWS_CERT_KEY);

Any solution or suggestion towards a solution for this problem will be really helpful.

ocrdu
1,7953 gold badges12 silver badges24 bronze badges
asked Aug 29, 2023 at 4:46

1 Answer 1

1

What worked for me was to move the BearSSL declaration and usage after the pinMode setting of the GPIO.

I had to make the certificate and keys local variables and wrap the entire setting up of WiFi, connecting to it, setting up and connecting to the AWS core in a single function after setting up the GPIO pins.

void setupWiFiAndConnectAWS() {
 BearSSL::X509List cert(AWS_CERT_CA);
 BearSSL::X509List client_crt(AWS_CERT_CRT);
 BearSSL::PrivateKey key(AWS_CERT_KEY);
 WiFi.persistent(false);
 DEBUG_MSG("[setupWiFi] Setting host name\n");
 WiFi.hostname(deviceId);
 DEBUG_MSG("[setupWiFi] Setting station mode\n");
 WiFi.mode(WIFI_STA);
 if (WiFi.getMode() & WIFI_AP) {
 WiFi.softAPdisconnect(true);
 }
 WiFi.persistent(false);
 DEBUG_MSG("[setupWiFi] Loading certificates\n");
 net.setTrustAnchors(&cert);
 net.setClientRSACert(&client_crt, &key);
 loadCredentials();
 connectWiFi();
 attachInputInterrupts(false);
 setupNTP();
 connectAWS();
}

Although this is a workaround, I still don't understand the core problem and would like to understand it.

ocrdu
1,7953 gold badges12 silver badges24 bronze badges
answered Aug 29, 2023 at 8:09

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.