HTTPClient with TLS : Exception 29

[olileger]

Basic Infos

I got Fatal exception 29(StoreProhibitedCause) when trying to connect to secured public endpoint over HTTPS.
The public endpoint is an Azure IoT Hub URI.

I don't have any error when connecting to my local secured endpoint (self-signed certificate) through HTTPS.
Unforetunately the ESP Exception decoder tool doesn't recognize my stack trace (file is not recognize, I don't know why) so I'm not able to understand the issue and fix it.
Is anyone able to decode it for me please ? Very appreciated :)

Is there any guidelines & FAQ related to the TLS support ? Something like cipher suite limitation, TLS version supported or any other limits.

Hardware

Hardware: ESP8266 (WeMos D1 Mini)
Core Version: 2.3.0

Settings in IDE

Module: WeMos D1 Mini
Flash Size: 4MB
CPU Frequency: 80Mhz

Sketch

HTTPClient client;
client.begin(/* fullpath URL */,  /* TLS Fingerprint */);
client.POST(/* payload str */);
/* exception happening here */

Debug Messages & Stack trace

Fatal exception 29(StoreProhibitedCause):
epc1=0x4000e1b2, epc2=0x00000000, epc3=0x00000000, excvaddr=0x00000000, depc=0x00000000

Exception (29):
epc1=0x4000e1b2 epc2=0x00000000 epc3=0x00000000 excvaddr=0x00000000 depc=0x00000000

ctx: cont 
sp: 3fff4a50 end: 3fff5150 offset: 01a0

>>>stack>>>
3fff4bf0:  00000040 00000082 3fffae2c 40240c59  
3fff4c00:  3fff9c74 3fff708c 00000000 00000041  
3fff4c10:  00000040 0000003f 00000000 00000041  
3fff4c20:  3fffbd24 00000000 3fffae44 3fff7584  
3fff4c30:  3fffbe20 3fffae5c 3fff708c 3fff708c  
3fff4c40:  00000040 3fff708c 3fffae2c 3fff708c  
3fff4c50:  00000040 3fff708c 3fffae2c 4024178e  
3fff4c60:  3fff728c 0000003f 5be1fe63 00000020  
3fff4c70:  3fff9c6c 3fff708c 3fff75b4 00000020  
3fff4c80:  3fff9c6c 3fff708c 00000010 40241a74  
3fff4c90:  3fffadfc 3fff72bc 3fff75b4 00000001  
3fff4ca0:  00000001 3fff75b4 3fff7899 4024084c  
3fff4cb0:  00000100 3fff725c 3fff7897 00000000  
3fff4cc0:  00000100 3fff725c 3fff7897 40242a75  
3fff4cd0:  3fff4d00 00000000 000000d0 00000030  
3fff4ce0:  89b5fbab dfcb6a89 dd2b7e3a 00000004  
3fff4cf0:  00000004 3fff6e4c 3fff7891 4023eb80  
3fff4d00:  05f80203 cb1a7b3f feecd66d 1586188f  
3fff4d10:  936c5130 e6ddd4fd 54943175 fcca7ed8  
3fff4d20:  71f06a7a 82eb5f06 8320193c fbab7d1a  
3fff4d30:  00000004 3fff84e8 3fff6e4c 4023ef81  
3fff4d40:  c2109d2c 564cf7ff 59ce65ab f7932814  
3fff4d50:  dbb4ac6f 52b8a48f c423f09b 99632428  
3fff4d60:  c13fadcf 3fff84e8 3fff745c 00000b80  
3fff4d70:  00000c11 3fff84ca 0000001d 00000004  
3fff4d80:  3fff6e4c 3fff84e8 00000004 00000004  
3fff4d90:  00000004 3fff84e8 3fff6e4c 4023e978  
3fff4da0:  00000000 3fff7891 3fff6e4c 4023ed20  
3fff4db0:  0000000c 3fff6d24 0000000d 401004d8  
3fff4dc0:  3fff4e10 0000000e 00000010 00000000  
3fff4dd0:  3fff72d4 3fff6d24 3fff6e4c 01000000  
3fff4de0:  3fff4e10 3fff6de4 3fff6e4c 4023ead0  
3fff4df0:  4021a154 00000000 3fff4130 00001387  
3fff4e00:  0000c2e8 3fff6de4 3fff6d3c 4021a7e5  
3fff4e10:  000001bb 3fff6f54 3fff6de4 40219b7e  
3fff4e20:  2bac4f0d 00000000 3fff4e60 3fff5bf4  
3fff4e30:  000001bb 3fff6de4 3fff6d24 4021ab39  
3fff4e40:  3ffeaa80 2bac4f0d 3ffeaa80 2bac4f0d  
3fff4e50:  3fff4fa0 00000000 3fff4f30 4021b754  
3fff4e60:  00000000 3fff4ef0 00000000 4010053d  
3fff4e70:  00000014 00000039 3fff4f30 4021bc34  
3fff4e80:  3fff25ac 00000018 3fff4068 3fff5030  
3fff4e90:  00000040 3fff4ef0 3fff4ef0 40221548  
3fff4ea0:  3ffe9048 00000039 3fff4ef0 40221597  
3fff4eb0:  3fff4040 00000260 3fff4ef0 3fff5030  
3fff4ec0:  3fff4fa0 3fff4f30 00000001 4021bce4  
3fff4ed0:  3fff4fa0 3fff4f30 00000001 4021bd02  
3fff4ee0:  00000001 3fff5030 3fff4efc 4020cb85  
3fff4ef0:  3fff5bf4 0000003f 00000039 00000000  
3fff4f00:  00000000 00000000 00000000 00000000  
3fff4f10:  00000000 3fff5b5c 0000000f 00000004  
3fff4f20:  00000001 41880000 00000000 4020cc52  
3fff4f30:  3fff70f4 3fff6de4 3fff6d24 0000000f  
3fff4f40:  0000000c 410001bb 3f001388 3fff6e04  
3fff4f50:  0000003f 0000003b 3fff5b44 0000000f  
3fff4f60:  00000005 3fff77a4 000000df 000000d1  
3fff4f70:  3fff631c 0000001f 00000011 3fff6f3c  
3fff4f80:  0000000f 00000000 00000000 00000000  
3fff4f90:  00000000 ffffffff 00000000 00000000  
3fff4fa0:  3fff6d54 0000003f 00000039 40203451  
3fff4fb0:  3fff2038 00000003 00000001 3fff25ac  
3fff4fc0:  0000c259 3fff1c70 3fff5030 4020cdec  
3fff4fd0:  3ffeb458 00000000 3fff5058 3fff25ac  
3fff4fe0:  3fff1c0c 3fff1968 3fff5030 4020f9c9  
3fff4ff0:  00000000 3fff5030 3fff5058 4022161a  
3fff5000:  3ffeb458 00000000 0000001f 3fff25ac  
3fff5010:  00000004 00000000 3ffeb458 3fff25ac  
3fff5020:  3fff24c2 3fff1c70 00000010 4020fb34  
3fff5030:  00000000 00000001 00000002 fffffffe  
3fff5040:  ffffffff 3fffc6fc 00000001 3fff63dc  
3fff5050:  0000000f 00000000 3fff6304 0000000f  
3fff5060:  00000000 00000000 00000000 00000000  
3fff5070:  00000000 00000000 0000010b 4010020c  
3fff5080:  3fff3c0c 3fff1c08 3fff50b0 4010068c  
3fff5090:  3fff4040 00000104 00000104 4010020c  
3fff50a0:  3fffdad0 00000000 3fff510c 4010068c  
3fff50b0:  3fff264c 00000000 3fff31f0 4021ad36  
3fff50c0:  3fffdad0 00000000 00000000 00000001  
3fff50d0:  3fff2a34 3fff1c20 00000000 4020fc3c  
3fff50e0:  6c696146 00000000 3fff4130 00000000  
3fff50f0:  3fffdad0 3fff4124 4022236c 3fff4124  
3fff5100:  3fffdad0 00000000 3fff1964 40212d44  
3fff5110:  3fffdad0 00000000 00000000 3fff4124  
3fff5120:  3fffdad0 00000000 3fff1964 40213258  
3fff5130:  3fffdad0 00000000 3fff411e 402223b8  
3fff5140:  feefeffe feefeffe 3fff4130 40100718  
<<<stack<<<

[yaohaizh]

@olileger
For ESP8266 work with Azure IoT Hub library(V1.0.7), there is a fix available(Azure/azure-iot-arduino@32af3b6) but not published yet.

You can use this change to make the code work at this time. I'm also working on self-signed CA to azure iot hub but also failed.

[olileger]

Hi :)

Of course I could rely on the Azure IoT Hub library but I would like to only rely on the ESP8266 lib.
Since I'm using only HTTP it should be pretty easy : HTTP POST with the right headers (Content-Type & Authorization) + the body.
I built a simulated device that works very well through PowerApps & Azure Functions but now I'd like to use my real devices.

By the way I also got an exception when trying to connect to a mockable.io endpoint so I guess it's not related to the endpoint itself but more on the type of certificate.

Olivier.

[olileger]

I finally got my answer :)
Regarding this thread https://github.com/esp8266/Arduino/issues/2075#issuecomment-222881980 where I could read from @igrr

Having ESP8266WebServer and HTTPS client and the same time likely means you are going to run out of memory.

This is the case on my configuration : a local webserver to setup my MCU and also trying to connect to an HTTPS endpoint.

@igrr : is there any way to have insight about how much RAM is used by the WiFiClientSecure library ?

[pieman64]

@olileger from what I have seen if you turn on all ESP debugging in the IDE and select debug port of Serial it will show you all manner of things including RAM being used by the WiFiClientSecure library etc.

[olileger]

@pieman64 interesting, do you have any pointers to article about that please ?

[pieman64]

@olileger presumably you are using the Arduino IDE as this GitHub specifically relates to that.
I have just started to get my ESP to update Google Sheets and I was struggling with fingerprint mismatches.
Setting up debugging in the IDE gave me the details I required and I noticed the RAM data was also provided. It shows how much is available and how much is need for cert approval etc.

It's accessed from Tools menu in the IDE.

[olileger]

@pieman64 I guess you are talking about the ESP Exception Decoder tool ?
Unfortunately it doesn't work on my station :(

[SummerSun]

Met the same error here when trying to use HTTPClient to make https request while having already a WiFiClientSecure client for azure iot hub.
Searching a lot but got no accurate cause of exception, most likely the lacking of memory.

It would be totally ok for http reqeusts. Not sure how much memory needed to make a https call, but check the heap size left, ~34K, well, seems not enough.

Adafruit HUZZAH ESP8266
Flash Size: 4MB

Stack trace from Exception Decode:

Fatal exception 29(StoreProhibitedCause):
epc1=0x4000e1b2, epc2=0x00000000, epc3=0x00000000, excvaddr=0x00000000, depc=0x00000000

Exception (29):
epc1=0x4000e1b2 epc2=0x00000000 epc3=0x00000000 excvaddr=0x00000000 depc=0x00000000

Decoding 61 results
0x4022e50e: bi_divide at /Users/igrokhotkov/e/axtls/e1/crypto/bigint.c line 411
0x4010020c: _umm_free at C:\Users\qisun\AppData\Local\Arduino15\packages\esp8266\hardware\esp8266\2.3.0\cores\esp8266\umm_malloc/umm_malloc.c line 1287
0x4020d244: ax_port_realloc at C:\Users\qisun\AppData\Local\Arduino15\packages\esp8266\hardware\esp8266\2.3.0\libraries\ESP8266WiFi\src/WiFiClientSecure.cpp line 605
0x4022e819: bi_set_mod at /Users/igrokhotkov/e/axtls/e1/crypto/bigint.c line 774
0x4022d960: trim at /Users/igrokhotkov/e/axtls/e1/crypto/bigint.c line 1197
0x4022f884: RSA_pub_key_new at /Users/igrokhotkov/e/axtls/e1/crypto/rsa.c line 95
0x40233534: asn1_get_int at /Users/igrokhotkov/e/axtls/e1/ssl/asn1.c line 158
0x40233a32: asn1_public_key at /Users/igrokhotkov/e/axtls/e1/ssl/asn1.c line 461
0x402338c4: asn1_get_printable_str at /Users/igrokhotkov/e/axtls/e1/ssl/asn1.c line 375
:  (inlined by) asn1_name at /Users/igrokhotkov/e/axtls/e1/ssl/asn1.c line 407
0x4023375c: asn1_validity at /Users/igrokhotkov/e/axtls/e1/ssl/asn1.c line 315
0x4022c730: x509_new at /Users/igrokhotkov/e/axtls/e1/ssl/x509.c line 114
0x40212e57: pp_attach at ?? line ?
0x40212eaa: pp_attach at ?? line ?
0x40212fb6: pp_attach at ?? line ?
0x40101fc6: pp_post at ?? line ?
0x402122fb: ppTxPkt at ?? line ?
0x4021a05c: ieee80211_output_pbuf at ?? line ?
0x40101fc6: pp_post at ?? line ?
0x4023c214: etharp_send_ip at /Users/igrokhotkov/espressif/arduino/tools/sdk/lwip/src/netif/etharp.c line 435
0x40101fc6: pp_post at ?? line ?
0x401052a3: lmacRxDone at ?? line ?
0x4023c4f9: etharp_output_to_arp_index at /Users/igrokhotkov/espressif/arduino/tools/sdk/lwip/src/netif/etharp.c line 890
0x40102e68: trc_NeedRTS at ?? line ?
0x4022adde: process_certificate at /Users/igrokhotkov/e/axtls/e1/ssl/tls1.c line 1942
0x4022c015: do_clnt_handshake at /Users/igrokhotkov/e/axtls/e1/ssl/tls1_clnt.c line 93
0x4022ba8c: do_handshake at /Users/igrokhotkov/e/axtls/e1/ssl/tls1.c line 1481
:  (inlined by) basic_read at /Users/igrokhotkov/e/axtls/e1/ssl/tls1.c line 1357
0x4022be34: do_client_connect at /Users/igrokhotkov/e/axtls/e1/ssl/tls1_clnt.c line 154
0x4022a7c2: ssl_new at /Users/igrokhotkov/e/axtls/e1/ssl/tls1.c line 583
0x4022bbe4: ssl_read at /Users/igrokhotkov/e/axtls/e1/ssl/tls1.c line 265
0x4020c910: WiFiClient::_s_connected(void*, void*, signed char) at C:\Users\qisun\AppData\Local\Arduino15\packages\esp8266\hardware\esp8266\2.3.0\libraries\ESP8266WiFi\src/WiFiClient.cpp line 149
0x4020cfa1: SSLContext::connect(ClientContext*, char const*, unsigned int) at C:\Users\qisun\AppData\Local\Arduino15\packages\esp8266\hardware\esp8266\2.3.0\libraries\ESP8266WiFi\src/WiFiClientSecure.cpp line 517
:  (inlined by) WiFiClientSecure::_connectSSL(char const*) at C:\Users\qisun\AppData\Local\Arduino15\packages\esp8266\hardware\esp8266\2.3.0\libraries\ESP8266WiFi\src/WiFiClientSecure.cpp line 279
0x4020c392: WiFiClient::connect(IPAddress, unsigned short) at C:\Users\qisun\AppData\Local\Arduino15\packages\esp8266\hardware\esp8266\2.3.0\libraries\ESP8266WiFi\src/WiFiClient.cpp line 149
0x4020a648: on_io_open_complete at C:\Users\qisun\Documents\Arduino\libraries\AzureIoTProtocol_HTTP\src\azure_uhttp_c/httpapi_compact.c line 42
0x4020d2a0: WiFiClientSecure::connect(IPAddress, unsigned short) at C:\Users\qisun\AppData\Local\Arduino15\packages\esp8266\hardware\esp8266\2.3.0\libraries\ESP8266WiFi\src/WiFiClientSecure.cpp line 258
0x4023896c: dns_check_entry at /Users/igrokhotkov/espressif/arduino/tools/sdk/lwip/src/core/dns.c line 690
0x40238b20: dns_enqueue at /Users/igrokhotkov/espressif/arduino/tools/sdk/lwip/src/core/dns.c line 917
:  (inlined by) dns_gethostbyname at /Users/igrokhotkov/espressif/arduino/tools/sdk/lwip/src/core/dns.c line 977
0x4020d432: sslClient_connect at C:\Users\qisun\Documents\Arduino\libraries\AzureIoTUtility\src\adapters/sslClient_arduino.cpp line 62
0x40204208: tlsio_arduino_create at C:\Users\qisun\Documents\Arduino\libraries\AzureIoTUtility\src\adapters/tlsio_arduino.c line 112
0x402082e4: on_io_error at C:\Users\qisun\Documents\Arduino\libraries\AzureIoTProtocol_HTTP\src\azure_uhttp_c/httpapi_compact.c line 42
0x40204479: tlsio_arduino_open at C:\Users\qisun\Documents\Arduino\libraries\AzureIoTUtility\src\adapters/tlsio_arduino.c line 254
0x4020bfc7: ESP8266WiFiGenericClass::hostByName(char const*, IPAddress&) at c:\users\qisun\appdata\local\arduino15\packages\esp8266\tools\xtensa-lx106-elf-gcc\1.20.0-26-gb404fb9-2\xtensa-lx106-elf\include\c++\4.8.2/functional line 2439
0x4020a5ca: xio_open at C:\Users\qisun\Documents\Arduino\libraries\AzureIoTUtility\src\azure_c_shared_utility/xio.c line 93
0x401004d8: malloc at C:\Users\qisun\AppData\Local\Arduino15\packages\esp8266\hardware\esp8266\2.3.0\cores\esp8266\umm_malloc/umm_malloc.c line 1664
0x40204208: tlsio_arduino_create at C:\Users\qisun\Documents\Arduino\libraries\AzureIoTUtility\src\adapters/tlsio_arduino.c line 112
0x40208efc: OpenXIOConnection at C:\Users\qisun\Documents\Arduino\libraries\AzureIoTProtocol_HTTP\src\azure_uhttp_c/httpapi_compact.c line 42
:  (inlined by) HTTPAPI_ExecuteRequest at C:\Users\qisun\Documents\Arduino\libraries\AzureIoTProtocol_HTTP\src\azure_uhttp_c/httpapi_compact.c line 1199
0x40208292: xio_create at C:\Users\qisun\Documents\Arduino\libraries\AzureIoTUtility\src\azure_c_shared_utility/xio.c line 48
0x402053ed: HTTPAPIEX_ExecuteRequest at C:\Users\qisun\Documents\Arduino\libraries\AzureIoTUtility\src\azure_c_shared_utility/httpapiex.c line 414
0x4010068c: free at C:\Users\qisun\AppData\Local\Arduino15\packages\esp8266\hardware\esp8266\2.3.0\cores\esp8266\umm_malloc/umm_malloc.c line 1733
0x402058a0: HTTPAPIEX_SAS_ExecuteRequest at C:\Users\qisun\Documents\Arduino\libraries\AzureIoTUtility\src\azure_c_shared_utility/httpapiexsas.c line 145
0x40203260: DoEvent at C:\Users\qisun\Documents\Arduino\libraries\AzureIoTHub\src\sdk/iothubtransporthttp.c line 1610
:  (inlined by) IoTHubTransportHttp_DoWork at C:\Users\qisun\Documents\Arduino\libraries\AzureIoTHub\src\sdk/iothubtransporthttp.c line 2093
0x4010632e: os_printf_plus at ?? line ?
0x4020811e: VECTOR_push_back at C:\Users\qisun\Documents\Arduino\libraries\AzureIoTUtility\src\azure_c_shared_utility/vector.c line 156
0x4020ad2c: sendCallback at D:\iot-hub-feather-huzzah-client-app\app/iothubClient.ino line 24
0x4020135c: IoTHubClient_LL_DoWork at C:\Users\qisun\Documents\Arduino\libraries\AzureIoTHub\src\sdk/iothub_client_ll.c line 1277
0x4010020c: _umm_free at C:\Users\qisun\AppData\Local\Arduino15\packages\esp8266\hardware\esp8266\2.3.0\cores\esp8266\umm_malloc/umm_malloc.c line 1287
0x4010068c: free at C:\Users\qisun\AppData\Local\Arduino15\packages\esp8266\hardware\esp8266\2.3.0\cores\esp8266\umm_malloc/umm_malloc.c line 1733
0x4020b61b: loop at D:\iot-hub-feather-huzzah-client-app\app/app.ino line 138
0x40202836: IoTHubTransportHttp_Subscribe at C:\Users\qisun\Documents\Arduino\libraries\AzureIoTHub\src\sdk/iothubtransporthttp.c line 872
0x4020b351: setup at D:\iot-hub-feather-huzzah-client-app\app/app.ino line 113
0x4020faf0: loop_wrapper at C:\Users\qisun\AppData\Local\Arduino15\packages\esp8266\hardware\esp8266\2.3.0\cores\esp8266/core_esp8266_main.cpp line 56
0x40100718: cont_norm at C:\Users\qisun\AppData\Local\Arduino15\packages\esp8266\hardware\esp8266\2.3.0\cores\esp8266/cont.S line 109

[SummerSun]

Print heap size when set up and after send a https request, turns out it takes about ~18K to make a https request.

[devyte]

@olileger is this issue still valid with latest git?

[supersjimmie]

So I guess I am running into the same issue.
I have a small setup working to fetch calendar items from Google calendar, using the WiFiClientSecureRedirect client. Free heap about 30k before the client starts and 12k afterwards. Works fine until now.

But when I add this same working code to my complete setup, which also contains several other components like a small webserver, I get a Exception (29) between client.connect() and waiting for it to become connected(). Free heap about 11k before the client starts. :(

EDIT: Sadly, even when I remove the webserver, the client starts with about 24k heap and still fails with an Exception (29).
EDIT 2: It only works when I remove the webserver plus OTA plus one of my own "large" consuming functions. Adding either one of those fails.

[devyte]

BearSSL is merged in #4273 , with alternate BearSSL::WiFi* classes. Although axtls-based classes are still available and even the default, they are planned for deprecation and then retirement, hence won't be fixed. Any issues with BearSSL-based classes should be reported in new issues.
Closing.