Merge branch 'feature/optionally_disable_https_from_ota_component' into 'master'

esp_https_ota: few feature enhancements See merge request idf/esp-idf!4057
2025-08-03 20:54:32 +02:00 · 2019-01-31 09:11:35 +08:00
parent a0416e9351 b912d0fa9d
commit 4b2feb316a
4 changed files with 29 additions and 10 deletions
--- a/components/esp_https_ota/Kconfig
+++ b/components/esp_https_ota/Kconfig
@@ -0,0 +1,12 @@
+menu "ESP HTTPS OTA"
+
+    config OTA_ALLOW_HTTP
+        bool "Allow HTTP for OTA (WARNING: ONLY FOR TESTING PURPOSE, READ HELP)"
+        default n
+        help
+            It is highly recommended to keep HTTPS (along with server certificate validation) enabled.
+            Enabling this option comes with potential risk of:
+            - Non-encrypted communication channel with server
+            - Accepting firmware upgrade image from server with fake identity
+
+endmenu
--- a/components/esp_https_ota/include/esp_https_ota.h
+++ b/components/esp_https_ota/include/esp_https_ota.h
@@ -33,6 +33,7 @@ extern "C" {
 * @return
 *    - ESP_OK: OTA data updated, next reboot will use specified partition.
 *    - ESP_FAIL: For generic failure.
+ *    - ESP_ERR_INVALID_ARG: Invalid argument
 *    - ESP_ERR_OTA_VALIDATE_FAILED: Invalid app image
 *    - ESP_ERR_NO_MEM: Cannot allocate memory for OTA operation.
 *    - ESP_ERR_FLASH_OP_TIMEOUT or ESP_ERR_FLASH_OP_FAIL: Flash write failed.
--- a/components/esp_https_ota/src/esp_https_ota.c
+++ b/components/esp_https_ota/src/esp_https_ota.c
@@ -19,7 +19,7 @@
 #include <esp_ota_ops.h>
 #include <esp_log.h>

-#define OTA_BUF_SIZE 256
+#define DEFAULT_OTA_BUF_SIZE 256
 static const char *TAG = "esp_https_ota";

 static void http_cleanup(esp_http_client_handle_t client)
@@ -35,10 +35,12 @@ esp_err_t esp_https_ota(const esp_http_client_config_t *config)
        return ESP_ERR_INVALID_ARG;
    }

+#if !CONFIG_OTA_ALLOW_HTTP
    if (!config->cert_pem) {
        ESP_LOGE(TAG, "Server certificate not found in esp_http_client config");
-        return ESP_FAIL;
+        return ESP_ERR_INVALID_ARG;
    }
+#endif

    esp_http_client_handle_t client = esp_http_client_init(config);
    if (client == NULL) {
@@ -46,10 +48,12 @@ esp_err_t esp_https_ota(const esp_http_client_config_t *config)
        return ESP_FAIL;
    }

+#if !CONFIG_OTA_ALLOW_HTTP
    if (esp_http_client_get_transport_type(client) != HTTP_TRANSPORT_OVER_SSL) {
        ESP_LOGE(TAG, "Transport is not over HTTPS");
        return ESP_FAIL;
    }
+#endif

    esp_err_t err = esp_http_client_open(client, 0);
    if (err != ESP_OK) {
@@ -81,14 +85,16 @@ esp_err_t esp_https_ota(const esp_http_client_config_t *config)
    ESP_LOGI(TAG, "Please Wait. This may take time");

    esp_err_t ota_write_err = ESP_OK;
-    char *upgrade_data_buf = (char *)malloc(OTA_BUF_SIZE);
+    const int alloc_size = (config->buffer_size > 0) ? config->buffer_size : DEFAULT_OTA_BUF_SIZE;
+    char *upgrade_data_buf = (char *)malloc(alloc_size);
    if (!upgrade_data_buf) {
        ESP_LOGE(TAG, "Couldn't allocate memory to upgrade data buffer");
        return ESP_ERR_NO_MEM;
    }
+
    int binary_file_len = 0;
    while (1) {
-        int data_read = esp_http_client_read(client, upgrade_data_buf, OTA_BUF_SIZE);
+        int data_read = esp_http_client_read(client, upgrade_data_buf, alloc_size);
        if (data_read == 0) {
            ESP_LOGI(TAG, "Connection closed, all data received");
            break;
--- a/examples/system/ota/simple_ota_example/main/simple_ota_example.c
+++ b/examples/system/ota/simple_ota_example/main/simple_ota_example.c
@@ -96,7 +96,7 @@ static void initialise_wifi(void)
            .password = CONFIG_WIFI_PASSWORD,
        },
    };
-    ESP_LOGI(TAG, "Setting WiFi configuration SSID %s...", wifi_config.sta.ssid);
+    ESP_LOGI(TAG, "Setting WiFi configuration SSID %s", wifi_config.sta.ssid);
    ESP_ERROR_CHECK( esp_wifi_set_mode(WIFI_MODE_STA) );
    ESP_ERROR_CHECK( esp_wifi_set_config(ESP_IF_WIFI_STA, &wifi_config) );
    ESP_ERROR_CHECK( esp_wifi_start() );
@@ -104,14 +104,14 @@ static void initialise_wifi(void)

 void simple_ota_example_task(void * pvParameter)
 {
-    ESP_LOGI(TAG, "Starting OTA example...");
+    ESP_LOGI(TAG, "Starting OTA example");

    /* Wait for the callback to set the CONNECTED_BIT in the
       event group.
    */
    xEventGroupWaitBits(wifi_event_group, CONNECTED_BIT,
                        false, true, portMAX_DELAY);
-    ESP_LOGI(TAG, "Connect to Wifi ! Start to Connect to Server....");
+    ESP_LOGI(TAG, "Connected to WiFi network! Attempting to connect to server...");
    
    esp_http_client_config_t config = {
        .url = CONFIG_FIRMWARE_UPGRADE_URL,
@@ -122,7 +122,7 @@ void simple_ota_example_task(void * pvParameter)
    if (ret == ESP_OK) {
        esp_restart();
    } else {
-        ESP_LOGE(TAG, "Firmware Upgrades Failed");
+        ESP_LOGE(TAG, "Firmware upgrade failed");
    }
    while (1) {
        vTaskDelay(1000 / portTICK_PERIOD_MS);