From f66bdf1233203d6edb7b7208c6fb898321654931 Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Sun, 4 Apr 2021 13:11:07 +0530 Subject: [PATCH] esp_http_client: Enable support of crt_bundle in esp_http_client --- components/esp_http_client/esp_http_client.c | 8 +++++++- components/esp_http_client/include/esp_http_client.h | 2 ++ examples/protocols/esp_http_client/main/component.mk | 2 +- .../esp_http_client/main/esp_http_client_example.c | 3 ++- 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/components/esp_http_client/esp_http_client.c b/components/esp_http_client/esp_http_client.c index 8363638196..5f1154cccf 100644 --- a/components/esp_http_client/esp_http_client.c +++ b/components/esp_http_client/esp_http_client.c @@ -608,7 +608,13 @@ esp_http_client_handle_t esp_http_client_init(const esp_http_client_config_t *co goto error; } - if (config->use_global_ca_store == true) { + if (config->crt_bundle_attach != NULL) { +#ifdef CONFIG_MBEDTLS_CERTIFICATE_BUNDLE + esp_transport_ssl_crt_bundle_attach(ssl, config->crt_bundle_attach); +#else //CONFIG_MBEDTLS_CERTIFICATE_BUNDLE + ESP_LOGE(TAG, "use_crt_bundle configured but not enabled in menuconfig: Please enable MBEDTLS_CERTIFICATE_BUNDLE option"); +#endif + } else if (config->use_global_ca_store == true) { esp_transport_ssl_enable_global_ca_store(ssl); } else if (config->cert_pem) { if (!config->cert_len) { diff --git a/components/esp_http_client/include/esp_http_client.h b/components/esp_http_client/include/esp_http_client.h index ee19f70cd7..249eb217ba 100644 --- a/components/esp_http_client/include/esp_http_client.h +++ b/components/esp_http_client/include/esp_http_client.h @@ -135,6 +135,8 @@ typedef struct { bool is_async; /*!< Set asynchronous mode, only supported with HTTPS for now */ bool use_global_ca_store; /*!< Use a global ca_store for all the connections in which this bool is set. */ bool skip_cert_common_name_check; /*!< Skip any validation of server certificate CN field */ + esp_err_t (*crt_bundle_attach)(void *conf); /*!< Function pointer to esp_crt_bundle_attach. Enables the use of certification + bundle for server verification, must be enabled in menuconfig */ bool keep_alive_enable; /*!< Enable keep-alive timeout */ int keep_alive_idle; /*!< Keep-alive idle time. Default is 5 (second) */ int keep_alive_interval; /*!< Keep-alive interval time. Default is 5 (second) */ diff --git a/examples/protocols/esp_http_client/main/component.mk b/examples/protocols/esp_http_client/main/component.mk index cb97ca08ee..c1f04b76bc 100644 --- a/examples/protocols/esp_http_client/main/component.mk +++ b/examples/protocols/esp_http_client/main/component.mk @@ -5,4 +5,4 @@ # embed files from the "certs" directory as binary data symbols # in the app -COMPONENT_EMBED_TXTFILES := howsmyssl_com_root_cert.pem +COMPONENT_EMBED_TXTFILES := howsmyssl_com_root_cert.pem postman_root_cert.pem diff --git a/examples/protocols/esp_http_client/main/esp_http_client_example.c b/examples/protocols/esp_http_client/main/esp_http_client_example.c index d99b28148a..d4e573b2ca 100644 --- a/examples/protocols/esp_http_client/main/esp_http_client_example.c +++ b/examples/protocols/esp_http_client/main/esp_http_client_example.c @@ -18,6 +18,7 @@ #include "esp_netif.h" #include "protocol_examples_common.h" #include "esp_tls.h" +#include "esp_crt_bundle.h" #include "esp_http_client.h" @@ -371,7 +372,7 @@ static void https_with_url(void) esp_http_client_config_t config = { .url = "https://www.howsmyssl.com", .event_handler = _http_event_handler, - .cert_pem = howsmyssl_com_root_cert_pem_start, + .crt_bundle_attach = esp_crt_bundle_attach, }; esp_http_client_handle_t client = esp_http_client_init(&config); esp_err_t err = esp_http_client_perform(client);