What worked for me was to move the BearSSL declaration and usage after the pinMode setting of the GPIO.
I had to make the certificate and keys local variables and wrap the entire setting up of WiFi, connecting to it, setting up and connecting to the AWS core in a single function after setting up the GPIO pins.
void setupWiFiAndConnectAWS() {
BearSSL::X509List cert(AWS_CERT_CA);
BearSSL::X509List client_crt(AWS_CERT_CRT);
BearSSL::PrivateKey key(AWS_CERT_KEY);
WiFi.persistent(false);
DEBUG_MSG("[setupWiFi] Setting host name\n");
WiFi.hostname(deviceId);
DEBUG_MSG("[setupWiFi] Setting station mode\n");
WiFi.mode(WIFI_STA);
if (WiFi.getMode() & WIFI_AP) {
WiFi.softAPdisconnect(true);
}
WiFi.persistent(false);
DEBUG_MSG("[setupWiFi] Loading certificates\n");
net.setTrustAnchors(&cert);
net.setClientRSACert(&client_crt, &key);
loadCredentials();
connectWiFi();
attachInputInterrupts(false);
setupNTP();
connectAWS();
}
Although this is a workaround, I still don't understand the core problem and would like to understand it.
