MQTT TLS Verify Fingerprint Fail with Core 2.5.0

[majherek]

Describe the bug
Using the same configuration in my_user_config.h Tasmota 6.4.1.9 on Core 2.4.2 can verify MQTT TLS Cert and work well. The same tasmota compiled with Core 2.5.0 (https://github.com/Jason2866/platform-espressif8266.git#Tasmota) can't verify cert.

It is weird, because in core 2.5.0 much more RAM is available compared to 2.4.2 (taken from Tasmota WIKI) - so I think IT IS NOT RAM ISSUE!!!

Also, make sure these boxes are checked [x] before submitting your issue - Thank you!

• Searched the problem in issues and in the wiki
• Hardware used : sonoff basic with 4MB flash
• If a pre-compiled release or development binary was used, which one? :
• Development/Compiler/Upload tools used : Visual Studio Code with PlatformIO
• You have tried latest release or development binaries? : 6.4.1.9
• Provide the output of commandstatus 0 :
  Working STATUS 0 (core 2.4.2):

20:50:32 CMD: STATUS 0
20:50:32 MQT: stat/sonoff/STATUS = {"Status":{"Module":1,"FriendlyName":["Sonoff 12"],"Topic":"sonoff","ButtonTopic":"0","Power":0,"PowerOnState":3,"LedState":1,"SaveData":1,"SaveState":1,"SwitchTopic":"0","SwitchMode":[0,0,0,0,0,0,0,0],"ButtonRetain":0,"SwitchRetain":0,"SensorRetain":0,"PowerRetain":0}}
20:50:32 MQT: stat/sonoff/STATUS1 = {"StatusPRM":{"Baudrate":115200,"GroupTopic":"sonoffs","OtaUrl":"http://sonoff-ota.majchrowski.waw.pl:8888/api/arduino/sonoff12.ino.bin","RestartReason":"Software/System restart","Uptime":"0T00:18:31","StartupUTC":"2019-01-16T19:32:01","Sleep":50,"BootCount":3,"SaveCount":5,"SaveAddress":"3F7000"}}
20:50:32 MQT: stat/sonoff/STATUS2 = {"StatusFWR":{"Version":"6.4.1.9(sonoff)","BuildDateTime":"2019-01-16T20:29:19","Boot":31,"Core":"2_4_2","SDK":"2.2.1(cfd48f3)"}}
20:50:32 MQT: stat/sonoff/STATUS3 = {"StatusLOG":{"SerialLog":2,"WebLog":0,"SysLog":2,"LogHost":"192.168.199.251","LogPort":514,"SSId":["atomix","MAJCOMNET HTC"],"TelePeriod":60,"SetOption":["00008009","558180C0","00000000"]}}
20:50:32 MQT: stat/sonoff/STATUS4 = {"StatusMEM":{"ProgramSize":413,"Free":2656,"Heap":16,"ProgramFlashSize":4096,"FlashSize":4096,"FlashChipId":"1640EF","FlashMode":3,"Features":["00000809","06082744","140003A0","000004C6","000000C0"]}}
20:50:32 MQT: stat/sonoff/STATUS5 = {"StatusNET":{"Hostname":"sonoff-0476","IPAddress":"192.168.20.12","Gateway":"192.168.20.254","Subnetmask":"255.255.255.0","DNSServer":"192.168.199.251","Mac":"EC:FA:BC:14:81:DC","Webserver":0,"WifiConfig":4}}
20:50:32 MQT: stat/sonoff/STATUS6 = {"StatusMQT":{"MqttHost":"mqtt.majchrowski.waw.pl","MqttPort":8883,"MqttClientMask":"sonoff12","MqttClient":"sonoff12","MqttUser":"sonoff","MqttType":1,"MAX_PACKET_SIZE":1000,"KEEPALIVE":15}}
20:50:32 MQT: stat/sonoff/STATUS7 = {"StatusTIM":{"UTC":"Wed Jan 16 19:50:32 2019","Local":"Wed Jan 16 20:50:32 2019","StartDST":"Sun Mar 31 02:00:00 2019","EndDST":"Sun Oct 27 03:00:00 2019","Timezone":99}}
20:50:32 MQT: stat/sonoff/STATUS10 = {"StatusSNS":{"Time":"2019-01-16T20:50:32"}}
20:50:32 MQT: stat/sonoff/STATUS11 = {"StatusSTS":{"Time":"2019-01-16T20:50:32","Uptime":"0T00:18:31","Vcc":3.363,"SleepMode":"Dynamic","Sleep":50,"LoadAvg":19,"POWER":"OFF","Wifi":{"AP":1,"SSId":"atomix","BSSId":"06:8D:DB:DB:97:47","Channel":11,"RSSI":72}}}

Not working Status 0 (core 2.5.0)

21:10:51 CMD: STATUS 0
21:10:51 RSL: stat/sonoff/STATUS = {"Status":{"Module":1,"FriendlyName":["Sonoff 12"],"Topic":"sonoff","ButtonTopic":"0","Power":0,"PowerOnState":3,"LedState":1,"SaveData":1,"SaveState":1,"SwitchTopic":"0","SwitchMode":[0,0,0,0,0,0,0,0],"ButtonRetain":0,"SwitchRetain":0,"SensorRetain":0,"PowerRetain":0}}
21:10:51 RSL: stat/sonoff/STATUS1 = {"StatusPRM":{"Baudrate":115200,"GroupTopic":"sonoffs","OtaUrl":"http://sonoff-ota.majchrowski.waw.pl:8888/api/arduino/sonoff12.ino.bin","RestartReason":"Exception","Uptime":"0T00:00:13","StartupUTC":"2019-01-16T20:10:38","Sleep":50,"BootCount":7,"SaveCount":9,"SaveAddress":"3FB000"}}
21:10:51 RSL: stat/sonoff/STATUS2 = {"StatusFWR":{"Version":"6.4.1.9(sonoff)","BuildDateTime":"2019-01-16T21:06:53","Boot":31,"Core":"STAGE","SDK":"3.0.0-dev(c0f7b44)"}}
21:10:51 RSL: stat/sonoff/STATUS3 = {"StatusLOG":{"SerialLog":2,"WebLog":0,"SysLog":2,"LogHost":"192.168.199.251","LogPort":514,"SSId":["atomix","MAJCOMNET HTC"],"TelePeriod":60,"SetOption":["00008009","558180C0","00000000"]}}
21:10:51 RSL: stat/sonoff/STATUS4 = {"StatusMEM":{"ProgramSize":466,"Free":2604,"Heap":27,"ProgramFlashSize":4096,"FlashSize":4096,"FlashChipId":"1640EF","FlashMode":3,"Features":["00000809","06082744","040003A0","000004C6","000000C0"]}}
21:10:51 RSL: stat/sonoff/STATUS5 = {"StatusNET":{"Hostname":"sonoff-0476","IPAddress":"192.168.20.12","Gateway":"192.168.20.254","Subnetmask":"255.255.255.0","DNSServer":"192.168.199.251","Mac":"EC:FA:BC:14:81:DC","Webserver":0,"WifiConfig":4}}
21:10:51 RSL: stat/sonoff/STATUS6 = {"StatusMQT":{"MqttHost":"mqtt.majchrowski.waw.pl","MqttPort":8883,"MqttClientMask":"sonoff12","MqttClient":"sonoff12","MqttUser":"sonoff","MqttType":1,"MAX_PACKET_SIZE":1000,"KEEPALIVE":15}}
21:10:51 RSL: stat/sonoff/STATUS7 = {"StatusTIM":{"UTC":"Wed Jan 16 20:10:51 2019","Local":"Wed Jan 16 21:10:51 2019","StartDST":"Sun Mar 31 02:00:00 2019","EndDST":"Sun Oct 27 03:00:00 2019","Timezone":99}}
21:10:51 RSL: stat/sonoff/STATUS10 = {"StatusSNS":{"Time":"2019-01-16T21:10:51"}}
21:10:51 RSL: stat/sonoff/STATUS11 = {"StatusSTS":{"Time":"2019-01-16T21:10:51","Uptime":"0T00:00:13","Vcc":3.360,"SleepMode":"Dynamic","Sleep":50,"LoadAvg":19,"POWER":"OFF","Wifi":{"AP":1,"SSId":"atomix","BSSId":"06:8D:DB:DB:97:47","Channel":11,"RSSI":66}}}
21:10:55 MQT: Attempting connection...

To Reproduce
Compilte Tasmota with MQTT TLS with commented out almost everything in config (I use only BMP and DS18b20). I can provide my_user_config.h.
Core 2.4.2:

0:00:00 Project sonoff Sonoff 12 Version 6.4.1.9(sonoff)-2_4_2
00:00:00 WIF: Connecting to AP1 atomix in mode 11N as sonoff-0476...
00:00:04 WIF: Connected
20:32:07 MQT: Attempting connection...
20:32:07 MQT: Verify TLS fingerprint...
20:32:07 MQT: Verified using FingerprintCA
20:32:07 MQT: Connected
20:32:07 MQT: tele/sonoff/LWT = Online (retained)
20:32:08 MQT: cmnd/sonoff/POWER =
20:32:08 MQT: tele/sonoff/INFO1 = {"Module":"Sonoff Basic","Version":"6.4.1.9(sonoff)","FallbackTopic":"cmnd/sonoff12_fb/","GroupTopic":"sonoffs"}
20:32:08 MQT: tele/sonoff/INFO3 = {"RestartReason":"Software/System restart"}
20:32:08 MQT: stat/sonoff/RESULT = {"POWER":"OFF"}
20:32:08 MQT: stat/sonoff/POWER = OFF
20:32:16 MQT: tele/sonoff/STATE = {"Time":"2019-01-16T20:32:16","Uptime":"0T00:00:15","Vcc":3.538,"SleepMode":"Dynamic","Sleep":50,"LoadAvg":19,"POWER":"OFF","Wifi":{"AP":1,"SSId":"atomix","BSSId":"06:8D:DB:DB:97:47","Channel":11,"RSSI":92}}
20:32:24 CMD: mqttfingerprint1
20:32:24 MQT: stat/sonoff/RESULT = {"MqttFingerprint1":"69 93 F5 A6 EE A5 AD DA 2D DC 3C E7 DE 72 AB 3B DC CA 81 4D"}

Core 2.5.0

00:00:00 Project sonoff Sonoff 12 Version 6.4.1.9(sonoff)-STAGE
00:00:00 WIF: Connecting to AP1 atomix in mode 11N as sonoff-0476...
00:00:04 WIF: Connected
21:09:31 MQT: Attempting connection...
21:09:31 MQT: Verify TLS fingerprint...
21:09:31 MQT: Failed
21:09:42 MQT: Attempting connection...
21:09:42 MQT: Verify TLS fingerprint...
21:09:42 MQT: Failed
21:09:53 MQT: Attempting connection...
21:09:53 MQT: Verify TLS fingerprint...
21:09:54 MQT: Failed
21:10:04 MQT: Attempting connection...
21:10:04 MQT: Verify TLS fingerprint...
21:10:05 MQT: Failed
21:10:16 MQT: Attempting connection...
21:10:16 MQT: Verify TLS fingerprint...

PlatformIO.ini file:

[core_2_4_2]
; *** Esp8266 core for Arduino version 2.4.2
platform                  = espressif8266@1.8.0
build_flags               = ${esp82xx_defaults.build_flags}
                            -Wl,-Teagle.flash.4m1m.ld
                            -lstdc++ -lsupc++
; lwIP 1.4 (Default)
;                            -DPIO_FRAMEWORK_ARDUINO_LWIP_HIGHER_BANDWIDTH
; lwIP 2 - Low Memory
                            -DPIO_FRAMEWORK_ARDUINO_LWIP2_LOW_MEMORY
; lwIP 2 - Higher Bandwidth (Tasmota default)
;                            -DPIO_FRAMEWORK_ARDUINO_LWIP2_HIGHER_BANDWIDTH
                            -DVTABLES_IN_FLASH

[core_2_5_0]
; *** Esp8266 core for Arduino version Core 2.5.0 beta tested for Tasmota
platform                  = https://github.com/Jason2866/platform-espressif8266.git#Tasmota
build_flags               = ${esp82xx_defaults.build_flags}
                            -Wl,-Teagle.flash.4m1m.ld
; lwIP 1.4 (Default)
;                            -DPIO_FRAMEWORK_ARDUINO_LWIP_HIGHER_BANDWIDTH
; lwIP 2 - Low Memory
;                            -DPIO_FRAMEWORK_ARDUINO_LWIP2_LOW_MEMORY
; lwIP 2 - Higher Bandwidth
;                            -DPIO_FRAMEWORK_ARDUINO_LWIP2_HIGHER_BANDWIDTH
; lwIP 2 - Higher Bandwidth Low Memory no Features
                            -DPIO_FRAMEWORK_ARDUINO_LWIP2_LOW_MEMORY_LOW_FLASH
; lwIP 2 - Higher Bandwidth no Features (Tasmota default)
                            ;-DPIO_FRAMEWORK_ARDUINO_LWIP2_HIGHER_BANDWIDTH_LOW_FLASH
                            -DVTABLES_IN_FLASH
                            -fno-exceptions
                            -lstdc++-nox

[core_active]
; Select one core set for platform and build_flags
;platform                  = ${core_2_3_0.platform}
;build_flags               = ${core_2_3_0.build_flags}
;platform                  = ${core_2_4_2.platform}
;build_flags               = ${core_2_4_2.build_flags}
platform                  = ${core_2_5_0.platform}
build_flags               = ${core_2_5_0.build_flags}
;platform                  = ${core_stage.platform}
;build_flags               = ${core_stage.build_flags}

[common]
framework                 = arduino
board                     = esp01_1m
board_build.flash_mode    = dout

platform                  = ${core_active.platform}
build_flags               = ${core_active.build_flags}
;                            -DUSE_CLASSIC
;                            -DBE_MINIMAL
;                            -DUSE_SENSORS
;                            -DUSE_BASIC
;                            -DUSE_KNX_NO_EMULATION
;                            -DUSE_DISPLAYS
;                            -DUSE_CONFIG_OVERRIDE

I found other closed issue with same problem. But why it is not working on Core 2.5.0?

[ascillato2]

Are you using latest version from today of the core 2.5.0?

The core 2.5.0 is in beta. It is not released yet and it is in constant updating.

[ascillato2]

Please, try the latest core. Remember that platform.io don't sync with the files from the repository. So, you have to manually copy and paste the files. (this is due to the core is still in development) You are testing the edge versions of everything, so it can fail.

[Jason2866]

For latest stage core (many issues fixed since beta2) change
In beta2 4M size is wrong in template and doesnt work correct at all!

;platform                  = ${core_2_5_0.platform}
;build_flags               = ${core_2_5_0.build_flags}
platform                  = ${core_stage.platform}
build_flags               = ${core_stage.build_flags}

[andrethomas]

I think PR #4703 may bear reference

[majherek]

@ascillato2: I have core 2.5.0 from few days ago. Visual Studio Code download if using git. I will try today to remove core and download it again. Should I take it from: https://github.com/Jason2866/platform-espressif8266.git#Tasmota?

@Jason2866: I will change to stage and also remove it before, to download new one. Also, should I take it from: https://github.com/platformio/platform-espressif8266.git#feature/stage?
Should I linked it using 1M? -Wl,-Teagle.flash.1m.ld?

[ascillato2]

You should take the core directly from the source in arduino repository (https://github.com/esp8266/Arduino). There, is the latest version and also the install instructions. The other 2 repositories you say are old copies and may not work as they don't have latest fixes.

[ascillato2]

Should I linked it using 1M? -Wl,-Teagle.flash.1m.ld?

That only depends on the device you are using. The default works fine.

[majherek]

I follow the instrucion Using Arduino Framework with Staging version. Updated the Core to newest version.

And it still not working.

00:00:00 Project sonoff Sonoff 12 Version 6.4.1.9(sonoff)-STAGE
00:00:00 WIF: Connecting to AP1 atomix in mode 11N as sonoff-0476...
00:00:04 WIF: Connected
22:10:03 MQT: Attempting connection...
22:10:03 MQT: Verify TLS fingerprint...
22:10:03 MQT: Failed
22:10:06 CMD: STATUS 0
22:10:06 RSL: stat/sonoff/STATUS = {"Status":{"Module":1,"FriendlyName":["Sonoff 12"],"Topic":"sonoff","ButtonTopic":"0","Power":0,"PowerOnState":3,"LedState":1,"SaveData":1,"SaveState":1,"SwitchTopic":"0","SwitchMode":[0,0,0,0,0,0,0,0],"ButtonRetain":0,"SwitchRetain":0,"SensorRetain":0,"PowerRetain":0}}
22:10:06 RSL: stat/sonoff/STATUS1 = {"StatusPRM":{"Baudrate":115200,"GroupTopic":"sonoffs","OtaUrl":"http://sonoff-ota.majchrowski.waw.pl:8888/api/arduino/sonoff12.ino.bin","RestartReason":"Software/System restart","Uptime":"0T00:00:09","StartupUTC":"2019-01-17T21:09:57","Sleep":50,"BootCount":14,"SaveCount":16,"SaveAddress":"3F4000"}}
22:10:06 RSL: stat/sonoff/STATUS2 = {"StatusFWR":{"Version":"6.4.1.9(sonoff)","BuildDateTime":"2019-01-17T22:08:10","Boot":31,"Core":"STAGE","SDK":"3.0.0-dev(c0f7b44)"}}
22:10:06 RSL: stat/sonoff/STATUS3 = {"StatusLOG":{"SerialLog":2,"WebLog":0,"SysLog":2,"LogHost":"192.168.199.251","LogPort":514,"SSId":["atomix","MAJCOMNET HTC"],"TelePeriod":60,"SetOption":["00008009","558180C0","00000000"]}}
22:10:06 RSL: stat/sonoff/STATUS4 = {"StatusMEM":{"ProgramSize":466,"Free":2604,"Heap":27,"ProgramFlashSize":4096,"FlashSize":4096,"FlashChipId":"1640EF","FlashMode":3,"Features":["00000809","06082744","040003A0","000004C6","000000C0"]}}
22:10:06 RSL: stat/sonoff/STATUS5 = {"StatusNET":{"Hostname":"sonoff-0476","IPAddress":"192.168.20.12","Gateway":"192.168.20.254","Subnetmask":"255.255.255.0","DNSServer":"192.168.199.251","Mac":"EC:FA:BC:14:81:DC","Webserver":0,"WifiConfig":4}}
22:10:06 RSL: stat/sonoff/STATUS6 = {"StatusMQT":{"MqttHost":"mqtt.majchrowski.waw.pl","MqttPort":8883,"MqttClientMask":"sonoff12","MqttClient":"sonoff12","MqttUser":"sonoff","MqttType":1,"MAX_PACKET_SIZE":1000,"KEEPALIVE":15}}
22:10:06 RSL: stat/sonoff/STATUS7 = {"StatusTIM":{"UTC":"Thu Jan 17 21:10:06 2019","Local":"Thu Jan 17 22:10:06 2019","StartDST":"Sun Mar 31 02:00:00 2019","EndDST":"Sun Oct 27 03:00:00 2019","Timezone":99}}
22:10:06 RSL: stat/sonoff/STATUS10 = {"StatusSNS":{"Time":"2019-01-17T22:10:06"}}
22:10:06 RSL: stat/sonoff/STATUS11 = {"StatusSTS":{"Time":"2019-01-17T22:10:06","Uptime":"0T00:00:09","Vcc":3.362,"SleepMode":"Dynamic","Sleep":50,"LoadAvg":19,"POWER":"OFF","Wifi":{"AP":1,"SSId":"atomix","BSSId":"06:8D:DB:DB:97:47","Channel":11,"RSSI":94}}}



[core_stage]
; *** Esp8266 core for Arduino version latest beta
platform                  = https://github.com/platformio/platform-espressif8266.git#feature/stage
build_flags               = ${esp82xx_defaults.build_flags}
                            -Wl,-Teagle.flash.4m1m.ld
; lwIP 1.4 (Default)
;                            -DPIO_FRAMEWORK_ARDUINO_LWIP_HIGHER_BANDWIDTH
; lwIP 2 - Low Memory
;                            -DPIO_FRAMEWORK_ARDUINO_LWIP2_LOW_MEMORY
; lwIP 2 - Higher Bandwidth
;                            -DPIO_FRAMEWORK_ARDUINO_LWIP2_HIGHER_BANDWIDTH
; lwIP 2 - Higher Bandwitdh Low Memory no Features
                            -DPIO_FRAMEWORK_ARDUINO_LWIP2_LOW_MEMORY_LOW_FLASH
; lwIP 2 - Higher Bandwitdh no Features
;                            -DPIO_FRAMEWORK_ARDUINO_LWIP2_HIGHER_BANDWIDTH_LOW_FLASH
; VTABLES in Flash (default)
                            -DVTABLES_IN_FLASH
; VTABLES in Heap
;                            -DVTABLES_IN_DRAM
; VTABLES in IRAM
;                            -DVTABLES_IN_IRAM
; enable one option set -> No exception recommended
; No exception code in firmware
                            -fno-exceptions
                            -lstdc++
; Exception code in firmware /needs much space! 90k
;                           -fexceptions
;                           -lstdc++-exc

[core_active]
; Select one core set for platform and build_flags
;platform                  = ${core_2_3_0.platform}
;build_flags               = ${core_2_3_0.build_flags}
;platform                  = ${core_2_4_2.platform}
;build_flags               = ${core_2_4_2.build_flags}
;platform                  = ${core_2_5_0.platform}
;build_flags               = ${core_2_5_0.build_flags}
platform                  = ${core_stage.platform}
build_flags               = ${core_stage.build_flags}

[ascillato]

Ok, thanks for testing and reporting 👍

[Jason2866]

Could this today merged PR maybe fix it?
#4967

[majherek]

Could this today merged PR maybe fix it?
#4967

I will check it today.