Steve, Am 21.02.21 um 22:08 schrieb Stephen Casner:
Each ssh connect on my test module leaks 88 bytes of RAM in the NetMan task: I recall something like this from when I first implemented SSH. This may be the socket structure that LWIP creates. It keeps a pool of 10 of them, if I remember right, and doesn't reuse them until all 10 have been created.
Confirmed, no more leakage after 10 connects.
Second is, the Mongoose/wolfSSL version doesn't validate CA certs the mbedTLS version has no issues with:
I (340220) ovms-server-v2: Connection is ovms.dexters-web.de:6870 TEST1 E (340670) ovms-server-v2: mg_connect(ovms.dexters-web.de:6870) failed: Invalid SSL CA cert E (340670) ovms-server-v2: Status: Error: Connection failed What would I need to do to repeat this test?
As shown in my example, simply try to establish a V2 TLS connection to my server. As the TLS already fails you don't need a vehicle login, but you can of course create one. I'm using Let's Encrypt certificates, testing other servers is easiest with our Duktape HTTP.request() method. See… https://docs.openvehicles.com/en/latest/userguide/scripting.html#http
Is it possible there still are other components using mbedTLS? I saw in the configuration that libsodium uses mbedTLS. As I mentioned, I did not do anything at this point to trim the mbedTLS configuration.
libsodium is linked in, but I don't find any API usage, neither from our code nor from esp-idf components. Maybe wolfSSL really is less memory efficient than mbedTLS? Maybe we should try to adapt wolfSSH to mbedTLS then… ;-) Regards, Michael
-- Steve
-- Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal Fon 02333 / 833 5735 * Handy 0176 / 206 989 26