kopia lustrzana https://github.com/espressif/esp-idf
examples/simple_ota: use certificate bundle in default configuration
- This allows to easily test example with different public servers - Flash footprint impact is limited due to selection of only most common certs from bundle.pull/8430/head
rodzic
fbe4457a71
commit
8400ff8607
|
@ -7,6 +7,14 @@ menu "Example Configuration"
|
|||
URL of server which hosts the firmware
|
||||
image.
|
||||
|
||||
config EXAMPLE_USE_CERT_BUNDLE
|
||||
bool "Enable certificate bundle"
|
||||
default y
|
||||
help
|
||||
Enable trusted root certificate bundle. This approach allows to have
|
||||
OTA updates functional with any public server without requirement
|
||||
to explicitly add its server certificate.
|
||||
|
||||
config EXAMPLE_FIRMWARE_UPGRADE_URL_FROM_STDIN
|
||||
bool
|
||||
default y if EXAMPLE_FIRMWARE_UPGRADE_URL = "FROM_STDIN"
|
||||
|
|
|
@ -16,6 +16,9 @@
|
|||
#include "esp_https_ota.h"
|
||||
#include "protocol_examples_common.h"
|
||||
#include "string.h"
|
||||
#ifdef CONFIG_EXAMPLE_USE_CERT_BUNDLE
|
||||
#include "esp_crt_bundle.h"
|
||||
#endif
|
||||
|
||||
#include "nvs.h"
|
||||
#include "nvs_flash.h"
|
||||
|
@ -88,7 +91,11 @@ void simple_ota_example_task(void *pvParameter)
|
|||
#endif
|
||||
esp_http_client_config_t config = {
|
||||
.url = CONFIG_EXAMPLE_FIRMWARE_UPGRADE_URL,
|
||||
#ifdef CONFIG_EXAMPLE_USE_CERT_BUNDLE
|
||||
.crt_bundle_attach = esp_crt_bundle_attach,
|
||||
#else
|
||||
.cert_pem = (char *)server_cert_pem_start,
|
||||
#endif /* CONFIG_EXAMPLE_USE_CERT_BUNDLE */
|
||||
.event_handler = _http_event_handler,
|
||||
.keep_alive_enable = true,
|
||||
#ifdef CONFIG_EXAMPLE_FIRMWARE_UPGRADE_BIND_IF
|
||||
|
|
|
@ -2,3 +2,8 @@
|
|||
# partition table layout, with a 4MB flash size
|
||||
CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y
|
||||
CONFIG_PARTITION_TABLE_TWO_OTA=y
|
||||
|
||||
# Certificate bundle configuration
|
||||
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=y
|
||||
CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE=y
|
||||
CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH="server_certs/ca_cert.pem"
|
||||
|
|
Ładowanie…
Reference in New Issue