diff --git a/components/esp_websocket_client/examples/target/main/CMakeLists.txt b/components/esp_websocket_client/examples/target/main/CMakeLists.txt index a3ed7674b..480f122d4 100644 --- a/components/esp_websocket_client/examples/target/main/CMakeLists.txt +++ b/components/esp_websocket_client/examples/target/main/CMakeLists.txt @@ -10,12 +10,6 @@ set(EMBED_FILES "") # Initialize an empty list for files to embed "certs/client_key.pem") #endif() -# For testing purpose we are using CA of wss://echo.websocket.events -#if(CONFIG_WS_OVER_TLS_SERVER_AUTH) - list(APPEND EMBED_FILES - "certs/ca_certificate_public_domain.pem") -#endif() - # Register the component with source files, include dirs, and any conditionally added embedded files idf_component_register(SRCS "${SRC_FILES}" INCLUDE_DIRS "${INCLUDE_DIRS}" diff --git a/components/esp_websocket_client/examples/target/main/certs/ca_certificate_public_domain.pem b/components/esp_websocket_client/examples/target/main/certs/ca_certificate_public_domain.pem deleted file mode 100644 index 43b222a60..000000000 --- a/components/esp_websocket_client/examples/target/main/certs/ca_certificate_public_domain.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw -TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh -cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw -WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg -RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP -R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx -sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm -NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg -Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG -/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC -AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB -Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA -FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw -AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw -Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB -gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W -PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl -ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz -CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm -lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4 -avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2 -yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O -yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids -hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ -HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv -MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX -nLRbwHOoq7hHwg== ------END CERTIFICATE----- diff --git a/components/esp_websocket_client/examples/target/main/certs/server_cert.pem b/components/esp_websocket_client/examples/target/main/certs/server/server_cert.pem similarity index 100% rename from components/esp_websocket_client/examples/target/main/certs/server_cert.pem rename to components/esp_websocket_client/examples/target/main/certs/server/server_cert.pem diff --git a/components/esp_websocket_client/examples/target/main/certs/server_key.pem b/components/esp_websocket_client/examples/target/main/certs/server/server_key.pem similarity index 100% rename from components/esp_websocket_client/examples/target/main/certs/server_key.pem rename to components/esp_websocket_client/examples/target/main/certs/server/server_key.pem diff --git a/components/esp_websocket_client/examples/target/main/websocket_example.c b/components/esp_websocket_client/examples/target/main/websocket_example.c index 112e9285c..d02dcaa6c 100644 --- a/components/esp_websocket_client/examples/target/main/websocket_example.c +++ b/components/esp_websocket_client/examples/target/main/websocket_example.c @@ -19,6 +19,7 @@ #include "nvs_flash.h" #include "esp_event.h" #include "protocol_examples_common.h" +#include "esp_crt_bundle.h" #include "freertos/FreeRTOS.h" #include "freertos/task.h" @@ -159,8 +160,12 @@ static void websocket_app_start(void) websocket_cfg.client_key = key_start; websocket_cfg.client_key_len = key_end - key_start; #elif CONFIG_WS_OVER_TLS_SERVER_AUTH - extern const char cacert_start[] asm("_binary_ca_certificate_public_domain_pem_start"); // CA cert of wss://echo.websocket.event, modify it if using another server - websocket_cfg.cert_pem = cacert_start; + // Using certificate bundle as default server certificate source + websocket_cfg.crt_bundle_attach = esp_crt_bundle_attach; + // If using a custom certificate it could be added to certificate bundle, added to the build similar to client certificates in this examples, + // or read from NVS. + /* extern const char cacert_start[] asm("ADDED_CERTIFICATE"); */ + /* websocket_cfg.cert_pem = cacert_start; */ #endif #if CONFIG_WS_OVER_TLS_SKIP_COMMON_NAME_CHECK diff --git a/components/esp_websocket_client/examples/target/pytest_websocket.py b/components/esp_websocket_client/examples/target/pytest_websocket.py index ac4c7fbdd..8e23b1b9d 100644 --- a/components/esp_websocket_client/examples/target/pytest_websocket.py +++ b/components/esp_websocket_client/examples/target/pytest_websocket.py @@ -52,7 +52,7 @@ class Websocket(object): def run(self): if self.use_tls is True: ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) - ssl_context.load_cert_chain(certfile='main/certs/server_cert.pem', keyfile='main/certs/server_key.pem') + ssl_context.load_cert_chain(certfile='main/certs/server/server_cert.pem', keyfile='main/certs/server/server_key.pem') if self.client_verify is True: ssl_context.load_verify_locations(cafile='main/certs/ca_cert.pem') ssl_context.verify = ssl.CERT_REQUIRED