espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-07-30 18:57:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(advanced_ota): Added support for cert bundle in advanced OTA

Browse Source 
1. Added support for cert bundle in advanced OTA
2. This allows to easily test example with different public servers
This commit is contained in:
hrushikesh.bhosale
2025-05-16 22:42:27 +05:30
parent 1637e27ae3
commit 2c5530528c
4 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
examples/system/ota/advanced_https_ota/main/CMakeLists.txt
View File

@ -3,6 +3,6 @@ idf_component_register(SRCS "advanced_https_ota_example.c" "ble_helper/bluedroid
INCLUDE_DIRS "." "./ble_helper/include/" INCLUDE_DIRS "." "./ble_helper/include/"
PRIV_REQUIRES esp_http_client app_update esp_https_ota PRIV_REQUIRES esp_http_client app_update esp_https_ota
nvs_flash esp_netif esp_wifi efuse bt nvs_flash esp_netif esp_wifi efuse bt
protocomm protocomm mbedtls
# Embed the server root certificate into the final binary # Embed the server root certificate into the final binary
EMBED_TXTFILES ${project_dir}/server_certs/ca_cert.pem) EMBED_TXTFILES ${project_dir}/server_certs/ca_cert.pem)

9
examples/system/ota/advanced_https_ota/main/Kconfig.projbuild
View File

@ -53,4 +53,13 @@ menu "Example Configuration"
This option allows one to configure the OTA process to resume downloading the OTA image This option allows one to configure the OTA process to resume downloading the OTA image
from where it left off in case of an error or reboot. from where it left off in case of an error or reboot.
config EXAMPLE_USE_CERT_BUNDLE
bool "Enable certificate bundle"
default y
depends on MBEDTLS_CERTIFICATE_BUNDLE
help
Enable trusted root certificate bundle. This approach allows to have
OTA updates functional with any public server without requirement
to explicitly add its server certificate.
endmenu endmenu

9
examples/system/ota/advanced_https_ota/main/advanced_https_ota_example.c
View File

@ -22,6 +22,11 @@
#include "nvs_flash.h" #include "nvs_flash.h"
#include "protocol_examples_common.h" #include "protocol_examples_common.h"
#ifdef CONFIG_EXAMPLE_USE_CERT_BUNDLE
#include "esp_crt_bundle.h"
#endif
#if CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK #if CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
#include "esp_efuse.h" #include "esp_efuse.h"
#endif #endif
@ -221,7 +226,11 @@ void advanced_ota_example_task(void *pvParameter)
esp_err_t ota_finish_err = ESP_OK; esp_err_t ota_finish_err = ESP_OK;
esp_http_client_config_t config = { esp_http_client_config_t config = {
.url = CONFIG_EXAMPLE_FIRMWARE_UPGRADE_URL, .url = CONFIG_EXAMPLE_FIRMWARE_UPGRADE_URL,
#ifdef CONFIG_EXAMPLE_USE_CERT_BUNDLE
.crt_bundle_attach = esp_crt_bundle_attach,
#else
.cert_pem = (char *)server_cert_pem_start, .cert_pem = (char *)server_cert_pem_start,
#endif
.timeout_ms = CONFIG_EXAMPLE_OTA_RECV_TIMEOUT, .timeout_ms = CONFIG_EXAMPLE_OTA_RECV_TIMEOUT,
.keep_alive_enable = true, .keep_alive_enable = true,
#ifdef CONFIG_EXAMPLE_ENABLE_PARTIAL_HTTP_DOWNLOAD #ifdef CONFIG_EXAMPLE_ENABLE_PARTIAL_HTTP_DOWNLOAD

5
examples/system/ota/advanced_https_ota/sdkconfig.defaults
View File

@ -2,3 +2,8 @@
# partition table layout, with a 4MB flash size # partition table layout, with a 4MB flash size
CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y
CONFIG_PARTITION_TABLE_TWO_OTA_LARGE=y CONFIG_PARTITION_TABLE_TWO_OTA_LARGE=y
# Certificate bundle configuration
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=y
CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE=y
CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH="server_certs/ca_cert.pem"