examples/simple_ota: use certificate bundle in default configuration

- This allows to easily test example with different public servers
- Flash footprint impact is limited due to selection of only most common
certs from bundle.

examples/system/ota/simple_ota_example/main/Kconfig.projbuild

@@ -7,6 +7,14 @@ menu "Example Configuration"
             URL of server which hosts the firmware
             image.
 
+    config EXAMPLE_USE_CERT_BUNDLE
+        bool "Enable certificate bundle"
+        default y
+        help
+            Enable trusted root certificate bundle. This approach allows to have
+            OTA updates functional with any public server without requirement
+            to explicitly add its server certificate.
+
     config EXAMPLE_FIRMWARE_UPGRADE_URL_FROM_STDIN
         bool
         default y if EXAMPLE_FIRMWARE_UPGRADE_URL = "FROM_STDIN"

examples/system/ota/simple_ota_example/main/simple_ota_example.c

@@ -16,6 +16,9 @@
 #include "esp_https_ota.h"
 #include "protocol_examples_common.h"
 #include "string.h"
+#ifdef CONFIG_EXAMPLE_USE_CERT_BUNDLE
+#include "esp_crt_bundle.h"
+#endif
 
 #include "nvs.h"
 #include "nvs_flash.h"
@@ -88,7 +91,11 @@ void simple_ota_example_task(void *pvParameter)
 #endif
     esp_http_client_config_t config = {
         .url = CONFIG_EXAMPLE_FIRMWARE_UPGRADE_URL,
+#ifdef CONFIG_EXAMPLE_USE_CERT_BUNDLE
+        .crt_bundle_attach = esp_crt_bundle_attach,
+#else
         .cert_pem = (char *)server_cert_pem_start,
+#endif /* CONFIG_EXAMPLE_USE_CERT_BUNDLE */
         .event_handler = _http_event_handler,
         .keep_alive_enable = true,
 #ifdef CONFIG_EXAMPLE_FIRMWARE_UPGRADE_BIND_IF

examples/system/ota/simple_ota_example/sdkconfig.defaults

@@ -2,3 +2,8 @@
 # partition table layout, with a 4MB flash size
 CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y
 CONFIG_PARTITION_TABLE_TWO_OTA=y
+
+# Certificate bundle configuration
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=y
+CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE=y
+CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH="server_certs/ca_cert.pem"