esp_http_client: add support for using certs from global ca store

Closes https://github.com/espressif/esp-idf/issues/3062
2019-02-20 12:48:45 +05:30 · 2019-02-20 12:48:45 +05:30 · 27e00cf7aa
parent 42f64e9a93
commit 27e00cf7aa
5 changed files with 21 additions and 3 deletions
--- a/components/esp_http_client/esp_http_client.c
+++ b/components/esp_http_client/esp_http_client.c
@ -487,7 +487,9 @@ esp_http_client_handle_t esp_http_client_init(const esp_http_client_config_t *co
        goto error;
    }

-    if (config->cert_pem) {
+    if (config->use_global_ca_store == true) {
+        esp_transport_ssl_enable_global_ca_store(ssl);
+    } else if (config->cert_pem) {
        esp_transport_ssl_set_cert_data(ssl, config->cert_pem, strlen(config->cert_pem));
    }

--- a/components/esp_http_client/include/esp_http_client.h
+++ b/components/esp_http_client/include/esp_http_client.h
@ -117,6 +117,7 @@ typedef struct {
    int                         buffer_size;              /*!< HTTP buffer size (both send and receive) */
    void                        *user_data;               /*!< HTTP user_data context */
    bool                        is_async;                 /*!< Set asynchronous mode, only supported with HTTPS for now */
+    bool                        use_global_ca_store;      /*!< Use a global ca_store for all the connections in which this bool is set. */
 } esp_http_client_config_t;


--- a/components/esp_https_ota/src/esp_https_ota.c
+++ b/components/esp_https_ota/src/esp_https_ota.c
@ -36,8 +36,8 @@ esp_err_t esp_https_ota(const esp_http_client_config_t *config)
    }

 #if !CONFIG_OTA_ALLOW_HTTP
-    if (!config->cert_pem) {
-        ESP_LOGE(TAG, "Server certificate not found in esp_http_client config");
+    if (!config->cert_pem && !config->use_global_ca_store) {
+        ESP_LOGE(TAG, "Server certificate not found, either through configuration or global CA store");
        return ESP_ERR_INVALID_ARG;
    }
 #endif
--- a/components/tcp_transport/include/esp_transport_ssl.h
+++ b/components/tcp_transport/include/esp_transport_ssl.h
@ -40,6 +40,13 @@ esp_transport_handle_t esp_transport_ssl_init();
 */
 void esp_transport_ssl_set_cert_data(esp_transport_handle_t t, const char *data, int len);

+/**
+ * @brief      Enable global CA store for SSL connection
+ *
+ * @param      t    ssl transport
+ */
+void esp_transport_ssl_enable_global_ca_store(esp_transport_handle_t t);
+
 /**
 * @brief      Set SSL client certificate data for mutual authentication (as PEM format).
 *             Note that, this function stores the pointer to data, rather than making a copy.
--- a/components/tcp_transport/transport_ssl.c
+++ b/components/tcp_transport/transport_ssl.c
@ -155,6 +155,14 @@ static int ssl_destroy(esp_transport_handle_t t)
    return 0;
 }

+void esp_transport_ssl_enable_global_ca_store(esp_transport_handle_t t)
+{
+    transport_ssl_t *ssl = esp_transport_get_context_data(t);
+    if (t && ssl) {
+        ssl->cfg.use_global_ca_store = true;
+    }
+}
+
 void esp_transport_ssl_set_cert_data(esp_transport_handle_t t, const char *data, int len)
 {
    transport_ssl_t *ssl = esp_transport_get_context_data(t);