feedc0de/esp-idf
1
0
Fork 0
forked from espressif/esp-idf
Code Pull Requests Activity

Merge branch 'feat/add_support_for_cert_bundle_for_advanced_ota_example' into 'master'

Browse Source 
fix(advanced_ota): Added support for cert bundle in advanced OTA

See merge request espressif/esp-idf!39219
This commit is contained in:
Hrushikesh Bhosale
2025-05-29 13:57:00 +08:00
parent e05390f338 2c5530528c
commit 4ffb3fb32d
4 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
examples/system/ota/advanced_https_ota/main/CMakeLists.txt
View File

@@ -3,6 +3,6 @@ idf_component_register(SRCS "advanced_https_ota_example.c" "ble_helper/bluedroid
INCLUDE_DIRS "." "./ble_helper/include/" INCLUDE_DIRS "." "./ble_helper/include/"
PRIV_REQUIRES esp_http_client app_update esp_https_ota PRIV_REQUIRES esp_http_client app_update esp_https_ota
nvs_flash esp_netif esp_wifi efuse bt nvs_flash esp_netif esp_wifi efuse bt
protocomm protocomm mbedtls
# Embed the server root certificate into the final binary # Embed the server root certificate into the final binary
EMBED_TXTFILES ${project_dir}/server_certs/ca_cert.pem) EMBED_TXTFILES ${project_dir}/server_certs/ca_cert.pem)

9
examples/system/ota/advanced_https_ota/main/Kconfig.projbuild
View File

@@ -53,4 +53,13 @@ menu "Example Configuration"
This option allows one to configure the OTA process to resume downloading the OTA image This option allows one to configure the OTA process to resume downloading the OTA image
from where it left off in case of an error or reboot. from where it left off in case of an error or reboot.
config EXAMPLE_USE_CERT_BUNDLE
bool "Enable certificate bundle"
default y
depends on MBEDTLS_CERTIFICATE_BUNDLE
help
Enable trusted root certificate bundle. This approach allows to have
OTA updates functional with any public server without requirement
to explicitly add its server certificate.
endmenu endmenu

9
examples/system/ota/advanced_https_ota/main/advanced_https_ota_example.c
View File

@@ -22,6 +22,11 @@
#include "nvs_flash.h" #include "nvs_flash.h"
#include "protocol_examples_common.h" #include "protocol_examples_common.h"
#ifdef CONFIG_EXAMPLE_USE_CERT_BUNDLE
#include "esp_crt_bundle.h"
#endif
#if CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK #if CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
#include "esp_efuse.h" #include "esp_efuse.h"
#endif #endif
@@ -221,7 +226,11 @@ void advanced_ota_example_task(void *pvParameter)
esp_err_t ota_finish_err = ESP_OK; esp_err_t ota_finish_err = ESP_OK;
esp_http_client_config_t config = { esp_http_client_config_t config = {
.url = CONFIG_EXAMPLE_FIRMWARE_UPGRADE_URL, .url = CONFIG_EXAMPLE_FIRMWARE_UPGRADE_URL,
#ifdef CONFIG_EXAMPLE_USE_CERT_BUNDLE
.crt_bundle_attach = esp_crt_bundle_attach,
#else
.cert_pem = (char *)server_cert_pem_start, .cert_pem = (char *)server_cert_pem_start,
#endif
.timeout_ms = CONFIG_EXAMPLE_OTA_RECV_TIMEOUT, .timeout_ms = CONFIG_EXAMPLE_OTA_RECV_TIMEOUT,
.keep_alive_enable = true, .keep_alive_enable = true,
#ifdef CONFIG_EXAMPLE_ENABLE_PARTIAL_HTTP_DOWNLOAD #ifdef CONFIG_EXAMPLE_ENABLE_PARTIAL_HTTP_DOWNLOAD

5
examples/system/ota/advanced_https_ota/sdkconfig.defaults
View File

@@ -2,3 +2,8 @@
# partition table layout, with a 4MB flash size # partition table layout, with a 4MB flash size
CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y
CONFIG_PARTITION_TABLE_TWO_OTA_LARGE=y CONFIG_PARTITION_TABLE_TWO_OTA_LARGE=y
# Certificate bundle configuration
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=y
CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE=y
CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH="server_certs/ca_cert.pem"