From 156ffa412eb104becf7d40e646ee687aec2f0e85 Mon Sep 17 00:00:00 2001
From: Jitin George <jitin@espressif.com>
Date: Wed, 12 Jun 2019 14:15:06 +0530
Subject: [PATCH] example/simple_ota_example: Add support for skipping OTA
 server certificate CN field

---
 .../ota/simple_ota_example/main/Kconfig.projbuild      | 10 ++++++++--
 .../ota/simple_ota_example/main/simple_ota_example.c   |  4 ++++
 examples/system/ota/simple_ota_example/sdkconfig.ci    |  1 +
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/examples/system/ota/simple_ota_example/main/Kconfig.projbuild b/examples/system/ota/simple_ota_example/main/Kconfig.projbuild
index 53a86531c..0f19b04ac 100644
--- a/examples/system/ota/simple_ota_example/main/Kconfig.projbuild
+++ b/examples/system/ota/simple_ota_example/main/Kconfig.projbuild
@@ -12,15 +12,21 @@ menu "Example Configuration"
         help
             WiFi password (WPA or WPA2) for the example to use.
 
-    config FIRMWARE_UPGRADE_URL
+    config EXAMPLE_FIRMWARE_UPGRADE_URL
         string "firmware upgrade url endpoint"
         default "https://192.168.0.3:8070/hello-world.bin"
         help
             URL of server which hosts the firmware
             image.
 
-    config FIRMWARE_UPGRADE_URL_FROM_STDIN
+    config EXAMPLE_FIRMWARE_UPGRADE_URL_FROM_STDIN
         bool
         default y if FIRMWARE_UPGRADE_URL = "FROM_STDIN"
 
+    config EXAMPLE_SKIP_COMMON_NAME_CHECK
+        bool "Skip server certificate CN fieldcheck"
+        default n
+        help
+            This allows you to skip the validation of OTA server certificate CN field.
+
 endmenu
diff --git a/examples/system/ota/simple_ota_example/main/simple_ota_example.c b/examples/system/ota/simple_ota_example/main/simple_ota_example.c
index 860457a3d..666c5ed3b 100644
--- a/examples/system/ota/simple_ota_example/main/simple_ota_example.c
+++ b/examples/system/ota/simple_ota_example/main/simple_ota_example.c
@@ -158,6 +158,10 @@ void simple_ota_example_task(void * pvParameter)
     }
 #endif
 
+#ifdef CONFIG_SKIP_COMMON_NAME_CHECK
+    config.skip_cert_common_name_check = true;
+#endif
+
     esp_err_t ret = esp_https_ota(&config);
     if (ret == ESP_OK) {
         esp_restart();
diff --git a/examples/system/ota/simple_ota_example/sdkconfig.ci b/examples/system/ota/simple_ota_example/sdkconfig.ci
index 813b3adac..6d493cbf1 100644
--- a/examples/system/ota/simple_ota_example/sdkconfig.ci
+++ b/examples/system/ota/simple_ota_example/sdkconfig.ci
@@ -1 +1,2 @@
 CONFIG_FIRMWARE_UPGRADE_URL="FROM_STDIN"
+CONFIG_SKIP_COMMON_NAME_CHECK=y