Crash_Override/OVMS3-idf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

esp_http_client: add support for using certs from global ca store

Browse source 
Closes https://github.com/espressif/esp-idf/issues/3062

(cherry picked from commit 27e00cf7aa)
This commit is contained in:
Mahavir Jain 2019-02-20 12:48:45 +05:30
parent 225bc0f80a
commit 2549951498
5 changed files with 22 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
components/esp_http_client/esp_http_client.c
View file

@ -490,7 +490,9 @@ esp_http_client_handle_t esp_http_client_init(const esp_http_client_config_t *co
return NULL; return NULL;
} }
if (config->cert_pem) { if (config->use_global_ca_store == true) {
esp_transport_ssl_enable_global_ca_store(ssl);
} else if (config->cert_pem) {
esp_transport_ssl_set_cert_data(ssl, config->cert_pem, strlen(config->cert_pem)); esp_transport_ssl_set_cert_data(ssl, config->cert_pem, strlen(config->cert_pem));
} }
#endif #endif

1
components/esp_http_client/include/esp_http_client.h
View file

@ -115,6 +115,7 @@ typedef struct {
int buffer_size; /*!< HTTP buffer size (both send and receive) */ int buffer_size; /*!< HTTP buffer size (both send and receive) */
void *user_data; /*!< HTTP user_data context */ void *user_data; /*!< HTTP user_data context */
bool is_async; /*!< Set asynchronous mode, only supported with HTTPS for now */ bool is_async; /*!< Set asynchronous mode, only supported with HTTPS for now */
bool use_global_ca_store; /*!< Use a global ca_store for all the connections in which this bool is set. */
} esp_http_client_config_t; } esp_http_client_config_t;

6
components/esp_https_ota/src/esp_https_ota.c
View file

@ -35,9 +35,9 @@ esp_err_t esp_https_ota(const esp_http_client_config_t *config)
return ESP_ERR_INVALID_ARG; return ESP_ERR_INVALID_ARG;
} }
if (!config->cert_pem) { if (!config->cert_pem && !config->use_global_ca_store) {
ESP_LOGE(TAG, "Server certificate not found in esp_http_client config"); ESP_LOGE(TAG, "Server certificate not found, either through configuration or global CA store");
return ESP_FAIL; return ESP_ERR_INVALID_ARG;
} }
esp_http_client_handle_t client = esp_http_client_init(config); esp_http_client_handle_t client = esp_http_client_init(config);

7
components/tcp_transport/include/esp_transport_ssl.h
View file

@ -40,6 +40,13 @@ esp_transport_handle_t esp_transport_ssl_init();
*/ */
void esp_transport_ssl_set_cert_data(esp_transport_handle_t t, const char *data, int len); void esp_transport_ssl_set_cert_data(esp_transport_handle_t t, const char *data, int len);
/**
* @brief Enable global CA store for SSL connection
*
* @param t ssl transport
*/
void esp_transport_ssl_enable_global_ca_store(esp_transport_handle_t t);
/** /**
* @brief Set SSL client certificate data for mutual authentication (as PEM format). * @brief Set SSL client certificate data for mutual authentication (as PEM format).
* Note that, this function stores the pointer to data, rather than making a copy. * Note that, this function stores the pointer to data, rather than making a copy.

8
components/tcp_transport/transport_ssl.c
View file

@ -152,6 +152,14 @@ static int ssl_destroy(esp_transport_handle_t t)
return 0; return 0;
} }
void esp_transport_ssl_enable_global_ca_store(esp_transport_handle_t t)
{
transport_ssl_t *ssl = esp_transport_get_context_data(t);
if (t && ssl) {
ssl->cfg.use_global_ca_store = true;
}
}
void esp_transport_ssl_set_cert_data(esp_transport_handle_t t, const char *data, int len) void esp_transport_ssl_set_cert_data(esp_transport_handle_t t, const char *data, int len)
{ {
transport_ssl_t *ssl = esp_transport_get_context_data(t); transport_ssl_t *ssl = esp_transport_get_context_data(t);