gpt4 book ai didi

ssl - 为什么 nodeMCU tls mbed 库从 Pushbullet API 服务器收到错误 40(握手失败)?

转载 作者:太空宇宙 更新时间:2023-11-03 13:59:18 25 4
gpt4 key购买 nike

我想用 Pushbullet 做一个 nodeMCU 物联网项目推送服务。我正在尝试制作很多相同的项目示例。

我的项目与下面的示例几乎相同。
nodemcu-pushbullet-notification

看似很简单,却遇到了意想不到的困难。

HTTPS 握手失败并出现错误 40。错误 40 表示收到警告消息。为什么 nodeMCU 从 Pushbullet API 收到警报消息? 是 mbed tls 库的限制吗?还是我被滥用了?

请问有没有人解释下tls的日志?

WiFi connection established, IP address: 192.168.43.246
HTTP client: hostname=api.pushbullet.com
HTTP client: port=443
HTTP client: method=POST
HTTP client: path=/v2/pushes
HTTP client: DNS request
HTTP client: DNS pending
HTTP client: DNS found api.pushbullet.com 172.217.31.147
client handshake start.
espconn_mbedtls.c 667, type[certificate],length[846]
TLS<2> (heap=19408): ssl_tls.c:6850 => handshake
TLS<2> (heap=19408): ssl_cli.c:3400 client state: 0
TLS<2> (heap=19408): ssl_tls.c:2574 => flush output
TLS<2> (heap=19408): ssl_tls.c:2586 <= flush output
TLS<2> (heap=19408): ssl_cli.c:3400 client state: 1
TLS<2> (heap=19408): ssl_tls.c:2574 => flush output
TLS<2> (heap=19408): ssl_tls.c:2586 <= flush output
TLS<2> (heap=19408): ssl_cli.c:777 => write client hello
TLS<3> (heap=19408): ssl_cli.c:815 client hello, max version: [3:3]
TLS<3> (heap=19408): ssl_cli.c:824 dumping 'client hello, random bytes' (32 bytes)
TLS<3> (heap=19408): ssl_cli.c:824 0000: 4d 19 c2 f3 ab 90 2f 31 19 16 4d 45 ff 45 af cb M...../1..ME.E..
TLS<3> (heap=19408): ssl_cli.c:824 0010: 38 eb cc 0d c3 2a 1d 4c 2a b5 eb df 10 6e d1 4d 8....*.L*....n.M
TLS<3> (heap=19408): ssl_cli.c:877 client hello, session id len.: 0
TLS<3> (heap=19408): ssl_cli.c:878 dumping 'client hello, session id' (0 bytes)
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c02c
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c030
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: 009f
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c0ad
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c09f
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c024
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c028
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: 006b
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c00a
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c014
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: 0039
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c0af
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c0a3
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c087
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c08b
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c07d
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c073
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c077
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: 00c4
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: 0088
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c02b
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c02f
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: 009e
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c0ac
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c09e
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c023
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c027
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: 0067
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c009
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c013
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: 0033
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c0ae
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c0a2
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c086
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c08a
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c07c
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c072
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: c076
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: 00be
TLS<3> (heap=19408): ssl_cli.c:925 client hello, add ciphersuite: 0045
TLS<3> (heap=19408): ssl_cli.c:937 client hello, got 40 ciphersuites (excluding SCSVs)
TLS<3> (heap=19408): ssl_cli.c:946 adding EMPTY_RENEGOTIATION_INFO_SCSV
TLS<3> (heap=19408): ssl_cli.c:995 client hello, compress len.: 1
TLS<3> (heap=19408): ssl_cli.c:997 client hello, compress alg.: 0
TLS<3> (heap=19408): ssl_cli.c:189 client hello, adding signature_algorithms extension
TLS<3> (heap=19408): ssl_cli.c:274 client hello, adding supported_elliptic_curves extension
TLS<3> (heap=19408): ssl_cli.c:339 client hello, adding supported_point_formats extension
TLS<3> (heap=19408): ssl_cli.c:453 client hello, adding max_fragment_length extension
TLS<3> (heap=19408): ssl_cli.c:521 client hello, adding encrypt_then_mac extension
TLS<3> (heap=19408): ssl_cli.c:555 client hello, adding extended_master_secret extension
TLS<3> (heap=19408): ssl_cli.c:588 client hello, adding session ticket extension
TLS<3> (heap=19408): ssl_cli.c:1074 client hello, total extension length: 65
TLS<2> (heap=19408): ssl_tls.c:2867 => write record
TLS<3> (heap=19408): ssl_tls.c:3013 output record: msgtype = 22, version = [3:2], msglen = 192
TLS<4> (heap=19408): ssl_tls.c:3016 dumping 'output record sent to network' (197 bytes)
TLS<4> (heap=19408): ssl_tls.c:3016 0000: 16 03 02 00 c0 01 00 00 bc 03 03 4d 19 c2 f3 ab ...........M....
TLS<4> (heap=19408): ssl_tls.c:3016 0010: 90 2f 31 19 16 4d 45 ff 45 af cb 38 eb cc 0d c3 ./1..ME.E..8....
TLS<4> (heap=19408): ssl_tls.c:3016 0020: 2a 1d 4c 2a b5 eb df 10 6e d1 4d 00 00 52 c0 2c *.L*....n.M..R.,
TLS<4> (heap=19408): ssl_tls.c:3016 0030: c0 30 00 9f c0 ad c0 9f c0 24 c0 28 00 6b c0 0a .0.......$.(.k..
TLS<4> (heap=19408): ssl_tls.c:3016 0040: c0 14 00 39 c0 af c0 a3 c0 87 c0 8b c0 7d c0 73 ...9.........}.s
TLS<4> (heap=19408): ssl_tls.c:3016 0050: c0 77 00 c4 00 88 c0 2b c0 2f 00 9e c0 ac c0 9e .w.....+./......
TLS<4> (heap=19408): ssl_tls.c:3016 0060: c0 23 c0 27 00 67 c0 09 c0 13 00 33 c0 ae c0 a2 .#.'.g.....3....
TLS<4> (heap=19408): ssl_tls.c:3016 0070: c0 86 c0 8a c0 7c c0 72 c0 76 00 be 00 45 00 ff .....|.r.v...E..
TLS<4> (heap=19408): ssl_tls.c:3016 0080: 01 00 00 41 00 0d 00 16 00 14 06 03 06 01 05 03 ...A............
TLS<4> (heap=19408): ssl_tls.c:3016 0090: 05 01 04 03 04 01 03 03 03 01 02 03 02 01 00 0a ................
TLS<4> (heap=19408): ssl_tls.c:3016 00a0: 00 0c 00 0a 00 18 00 1b 00 17 00 16 00 1a 00 0b ................
TLS<4> (heap=19408): ssl_tls.c:3016 00b0: 00 02 01 00 00 01 00 01 04 00 16 00 00 00 17 00 ................
TLS<4> (heap=19408): ssl_tls.c:3016 00c0: 00 00 23 00 00 ..#..
TLS<2> (heap=19408): ssl_tls.c:2574 => flush output
TLS<2> (heap=19408): ssl_tls.c:2593 message length: 197, out_left: 197
TLS<2> (heap=17864): ssl_tls.c:2599 ssl->f_send() returned 197 (-0xffffff3b)
TLS<2> (heap=17864): ssl_tls.c:2626 <= flush output
TLS<2> (heap=17864): ssl_tls.c:3025 <= write record
TLS<2> (heap=17864): ssl_cli.c:1100 <= write client hello
TLS<2> (heap=17864): ssl_cli.c:3400 client state: 2
TLS<2> (heap=17864): ssl_tls.c:2574 => flush output
TLS<2> (heap=17864): ssl_tls.c:2586 <= flush output
TLS<2> (heap=17864): ssl_cli.c:1493 => parse server hello
TLS<2> (heap=17864): ssl_tls.c:3904 => read record
TLS<2> (heap=17864): ssl_tls.c:2358 => fetch input
TLS<2> (heap=17864): ssl_tls.c:2516 in_left: 0, nb_want: 5
TLS<2> (heap=17864): ssl_tls.c:2540 in_left: 0, nb_want: 5
TLS<2> (heap=17864): ssl_tls.c:6860 <= handshake
TLS<2> (heap=19408): ssl_tls.c:6850 => handshake
TLS<2> (heap=19408): ssl_cli.c:3400 client state: 2
TLS<2> (heap=19408): ssl_tls.c:2574 => flush output
TLS<2> (heap=19408): ssl_tls.c:2586 <= flush output
TLS<2> (heap=19408): ssl_cli.c:1493 => parse server hello
TLS<2> (heap=19408): ssl_tls.c:3904 => read record
TLS<2> (heap=19408): ssl_tls.c:2358 => fetch input
TLS<2> (heap=19408): ssl_tls.c:2516 in_left: 0, nb_want: 5
TLS<2> (heap=19408): ssl_tls.c:2540 in_left: 0, nb_want: 5
TLS<2> (heap=19408): ssl_tls.c:2541 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
TLS<2> (heap=19408): ssl_tls.c:2561 <= fetch input
TLS<4> (heap=19408): ssl_tls.c:3654 dumping 'input record header' (5 bytes)
TLS<4> (heap=19408): ssl_tls.c:3654 0000: 15 03 01 00 02 .....
TLS<3> (heap=19408): ssl_tls.c:3663 input record: msgtype = 21, version = [3:1], msglen = 2
TLS<2> (heap=19408): ssl_tls.c:2358 => fetch input
TLS<2> (heap=19408): ssl_tls.c:2516 in_left: 5, nb_want: 7
TLS<2> (heap=19408): ssl_tls.c:2540 in_left: 5, nb_want: 7
TLS<2> (heap=19408): ssl_tls.c:2541 ssl->f_recv(_timeout)() returned 2 (-0xfffffffe)
TLS<2> (heap=19408): ssl_tls.c:2561 <= fetch input
TLS<4> (heap=19408): ssl_tls.c:3833 dumping 'input record from network' (7 bytes)
TLS<4> (heap=19408): ssl_tls.c:3833 0000: 15 03 01 00 02 02 28 ......(
TLS<2> (heap=19408): ssl_tls.c:4246 got an alert message, type: [2:40]
TLS<1> (heap=19408): ssl_tls.c:4254 is a fatal alert message (msg 40)
TLS<1> (heap=19408): ssl_tls.c:3922 mbedtls_ssl_read_record_layer() returned -30592 (-0x7780)
TLS<1> (heap=19408): ssl_cli.c:1500 mbedtls_ssl_read_record() returned -30592 (-0x7780)
TLS<2> (heap=19408): ssl_tls.c:6860 <= handshake
client handshake failed!
Reason:[-0x7780]

最佳答案

Pushbullet 使用 SSL 证书 SNI . https://www.ssllabs.com/ssltest/analyze.html?d=api.pushbullet.com 提供证书分析.

根据 NodeMCU TLS documentation Espressif SDK 不支持 SNI。

The TLS glue provided by Espressif provides no interface to TLS SNI. As such, NodeMCU TLS should not be expected to function with endpoints requiring the use of SNI, which is a growing fraction of the Internet...

关于ssl - 为什么 nodeMCU tls mbed 库从 Pushbullet API 服务器收到错误 40(握手失败)?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55723511/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com