diff --git a/components/lwip/Kconfig b/components/lwip/Kconfig index 1904ba5b70..40ca819e37 100644 --- a/components/lwip/Kconfig +++ b/components/lwip/Kconfig @@ -1124,6 +1124,16 @@ menu "LWIP" help This option allows you to config dns fallback server address. + config LWIP_DNS_DYNAMIC_SORT + bool "Dynamically sort DNS results" + default n + help + Dynamically sorts DNS results by available source addresses (based on RFC 6724). + This allows a device to return results based on the current network + and work across IPv4-only, IPv6-only, and dual-stack networks. + If this option is disabled, DNS results have a static preference for IPv4, + which will work in most cases but fails for some network configurations + endmenu # DNS config LWIP_BRIDGEIF_MAX_PORTS diff --git a/components/lwip/lwip b/components/lwip/lwip index f79221431f..fd387d8f27 160000 --- a/components/lwip/lwip +++ b/components/lwip/lwip @@ -1 +1 @@ -Subproject commit f79221431fa9042b3572d271d687de66da7560c4 +Subproject commit fd387d8f279c0c845b0011335ce7ddbe0d27591d diff --git a/components/lwip/port/include/lwipopts.h b/components/lwip/port/include/lwipopts.h index 51e3c3c3d0..6a031b82cd 100644 --- a/components/lwip/port/include/lwipopts.h +++ b/components/lwip/port/include/lwipopts.h @@ -499,6 +499,16 @@ static inline uint32_t timeout_from_offered(uint32_t lease, uint32_t min) #define LWIP_DNS_SUPPORT_MDNS_QUERIES 0 #endif +/** + * LWIP_DNS_DYNAMIC_SORT==1: Dynamically sorts DNS results by available source addresses. + * This option is set via menuconfig. + */ +#ifdef CONFIG_LWIP_DNS_DYNAMIC_SORT +#define LWIP_DNS_DYNAMIC_SORT 1 +#else +#define LWIP_DNS_DYNAMIC_SORT 0 +#endif + /* --------------------------------- ---------- UDP options ---------- diff --git a/examples/protocols/https_request/README.md b/examples/protocols/https_request/README.md index 3e2cc244c0..273e9b6dc6 100644 --- a/examples/protocols/https_request/README.md +++ b/examples/protocols/https_request/README.md @@ -27,8 +27,14 @@ Before project configuration and build, be sure to set the correct chip target u ``` idf.py menuconfig ``` + Open the project configuration menu (`idf.py menuconfig`) to configure Wi-Fi or Ethernet. See "Establishing Wi-Fi or Ethernet Connection" section in [examples/protocols/README.md](../../README.md) for more details. +For additional logging of TLS and DNS, in project configuration: + +* `Component config` -> `Log output` -> `Maximum log verbosity`, select `Debug` +* `Component config` -> `LWIP` -> `Enable LWIP Debug` -> `Enable DNS debug messages`, enable + #### Configuring Client Session Tickets Note: This example has client session tickets enabled by default. @@ -54,36 +60,139 @@ See the Getting Started Guide for full steps to configure and use ESP-IDF to bui ## Example Output +Run on a dual-stack network with DNS64/NAT64 available, and with DNS logging turned on. + +At the time of the first check the device has an IPv4 global address, but only link-local IPv6, so even though DNS64 returns both IPv4 and IPv6 addresses, the IPv4 address is used as it has a matching scope. + +By the time of the second check, the device has received IPv6 RA (router advertisement) prefixes and configured IPv6 addresses. Both addresses have matching scopes and labels, so DNS precedence rules use the IPv6 NAT64 address. + ``` -I (5634) example_connect: - IPv4 address: 192.168.194.219 -I (5634) example_connect: - IPv6 address: fe80:0000:0000:0000:266f:28ff:fe80:2c74, type: ESP_IP6_ADDR_IS_LINK_LOCAL -I (5644) example: Start https_request example -I (5654) example: https_request using crt bundle -W (6514) wifi:idx:1 (ifx:0, ee:6d:19:60:f6:0e), tid:4, ssn:0, winSize:64 -I (7074) esp-x509-crt-bundle: Certificate validated -I (9384) example: Connection established... -I (9384) example: 107 bytes written -I (9384) example: Reading HTTP response... +I (843) example_connect: Connecting to Astral... +I (843) example_connect: Waiting for IP(s) +I (3263) wifi:new:<1,0>, old:<1,0>, ap:<255,255>, sta:<1,0>, prof:1 +I (3513) wifi:state: init -> auth (b0) +I (3523) wifi:state: auth -> assoc (0) +I (3543) wifi:state: assoc -> run (10) +I (3553) wifi:connected with Astral, aid = 7, channel 1, BW20, bssid = c0:56:27:73:4b:14 +I (3553) wifi:security: WPA2-PSK, phy: bgn, rssi: -58 +I (3553) wifi:pm start, type: 1 + +I (3553) wifi:dp: 1, bi: 102400, li: 3, scale listen interval from 307200 us to 307200 us +I (3583) wifi:dp: 2, bi: 102400, li: 4, scale listen interval from 307200 us to 409600 us +I (3583) wifi:AP's beacon interval = 102400 us, DTIM period = 2 +I (4633) example_connect: Got IPv6 event: Interface "example_netif_sta" address: fe80:0000:0000:0000:0a3a:f2ff:fe65:db28, type: ESP_IP6_ADDR_IS_LINK_LOCAL +I (5063) esp_netif_handlers: example_netif_sta ip: 192.168.1.146, mask: 255.255.255.0, gw: 192.168.1.1 +I (5063) example_connect: Got IPv4 event: Interface "example_netif_sta" address: 192.168.1.146 +I (5073) example_common: Connected to example_netif_sta +I (5073) example_common: - IPv4 address: 192.168.1.146, +I (5083) example_common: - IPv6 address: fe80:0000:0000:0000:0a3a:f2ff:fe65:db28, type: ESP_IP6_ADDR_IS_LINK_LOCAL +I (5093) example: Updating time from NVS +I (5103) example: Start https_request example +I (5103) example: https_request using crt bundle +D (5103) esp-tls: host:www.howsmyssl.com: strlen 17 +dns_enqueue: "www.howsmyssl.com": use DNS entry 0 +dns_enqueue: "www.howsmyssl.com": use DNS pcb 0 +I (5123) main_task: Returned from app_main() +dns_send: dns_servers[0] "www.howsmyssl.com": request +sending DNS request ID 22389 for name "www.howsmyssl.com" to server 0 +dns_recv: "www.howsmyssl.com": response = 64:ff9b:0:0:0:0:2247:2dc8 +dns_enqueue: "www.howsmyssl.com": use DNS entry 1 +dns_enqueue: "www.howsmyssl.com": use DNS pcb 0 +dns_send: dns_servers[0] "www.howsmyssl.com": request +sending DNS request ID 50477 for name "www.howsmyssl.com" to server 0 +dns_recv: "www.howsmyssl.com": response = 34.71.45.200 +dns_select: selecting from 2 candidates +dns_select: precedence labels flags 0x0013, ipv6 scopes flags 0x0004, ipv4 scopes flags 0x4004 +dns_select: rule 2, cand_0 scope (14) match 0, cand_1 scope (14) match 1 +D (5233) esp-tls: [sock=54] Resolved IPv4 address: 34.71.45.200 +D (5243) esp-tls: [sock=54] Connecting to server. HOST: www.howsmyssl.com/a/check, Port: 443 +D (5643) esp-tls: handshake in progress... +I (6103) esp-x509-crt-bundle: Certificate validated +dns_tmr: dns_check_entries +dns_tmr: dns_check_entries +I (7383) example: Connection established... +I (7393) example: 106 bytes written +I (7393) example: Reading HTTP response... +I (7633) example_connect: Got IPv6 event: Interface "example_netif_sta" address: 2407:8800:bc61:1340:0a3a:f2ff:fe65:db28, type: ESP_IP6_ADDR_IS_GLOBAL +I (7633) example_connect: Got IPv6 event: Interface "example_netif_sta" address: fd7c:e25e:67e8:0040:0a3a:f2ff:fe65:db28, type: ESP_IP6_ADDR_IS_UNIQUE_LOCAL +dns_tmr: dns_check_entries HTTP/1.1 200 OK -Content-Length: 2091 Access-Control-Allow-Origin: * Connection: close +Content-Length: 2545 Content-Type: application/json -Date: Tue, 07 Sep 2021 08:30:00 GMT Strict-Transport-Security: max-age=631138519; includeSubdomains; preload +Vary: Accept-Encoding +Date: Tue, 27 Feb 2024 22:11:22 GMT -{"given_cipher_suites":["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_DHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_CCM","TLS_DHE_RSA_WITH_AES_256_CCM","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_AES_ -256_CBC_SHA384","TLS_DHE_RSA_WITH_AES_256_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_DHE_RSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8","TLS_DHE_RSA_WITH_AES_256_CCM_8","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_DHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CCM","TLS_DHE_RSA_WITH_AES_128_CCM","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_DHE -_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","TLS_DHE_RSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_ECDSA -_WITH_AES_128_CCM_8","TLS_DHE_RSA_WITH_AES_128_CCM_8","TLS_RSA_WITH_AES_256_GCM_SHA384","TLS_RSA_WITH_AES_256_CCM","TLS_RSA_WITH_AES_256_CBC_SHA256","TLS_RSA_WITH_AES_256_CBC_SHA","TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA","TLS_RSA_WITH_AES_256_CCM_8","TLS_RSA_WITH_AES_128_GCM_SHA256","TLS_RSA_WITH_AES_128_CCM","TLS_RS -A_WITH_AES_128_CBC_SHA256","TLS_RSA_WITH_AES_128_CBC_SHA","TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_AES_128_CCM_8","TLS_EMPTY_RENEGOTIATION_INFO_SCSV"],"ephemeral_keys_supported":true,"session_ticket_supported":true,"tls_compression_supported":false,"unknown_cipher_suite_supported":false,"beast_vuln":fal -se,"able_to_detect_n_minus_one_splitting":false,"insecure_cipher_suites":{},"tls_version":"TLS 1.2","rating":"Probably Okay"} -I (10204) example: connection closed -I (10204) example: 10... -I (11204) example: 9... -I (12204) example: 8... -I (13204) example: 7... -I (14204) example: 6... -I (15204) example: 5... -I (16204) example: 4... +{"given_cipher_suites":["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_CCM","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_ +CBC_SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8","TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CCM","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_RSA_WITH_AE +S_128_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8","TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH +dns_tmr: dns_check_entries +_ARIA_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256","TLS_RSA_WITH_AES_256_GCM_SHA384","TLS_RSA_WITH_AES_256_CCM","TLS_RSA_WITH_AES_256_CBC_SHA256","TLS_RSA_WITH_AES_256_CBC_SHA","TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA","TLS_RSA_WITH_AES_256_CCM_8","TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384","TLS_ECDH_RSA_WIT +H_ARIA_256_GCM_SHA384","TLS_RSA_WITH_ARIA_256_GCM_SHA384","TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384","TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384","TLS_RSA_WITH_ARIA_256_CBC_SHA384","TLS_RSA_WITH_AES_128_GCM_SHA256","TLS_RSA_WITH_AES_128_CCM","TLS_RSA_WITH_AES_128_CBC_SHA256","TLS_RSA_WITH_AES_128_CBC_SHA","TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_ECDS +A_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_AES_128_CCM_8","TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256","TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256","TLS_RSA_WITH_ARIA_128_GCM_SHA256","TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256","TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256","TLS_RSA_WITH_ARIA_128_CBC_SHA256","TLS_EMPTY_RENEGOTIATION_INFO_SCSV"],"ephemeral_keys_supported":true,"session_ticket_supported":true,"tls_compression_supported":false,"unknown_cipher_suite_supported":false,"beast_vuln":false,"able_to_detect_n_minus_one_spl +itting":false,"insecure_cipher_suites":{},"tls_version":"TLS 1.2","rating":"Probably Okay"} +I (9463) example: connection closed +I (9473) example: 10... +dns_tmr: dns_check_entries +I (10473) example: 9... +dns_tmr: dns_check_entries +I (11473) example: 8... +dns_tmr: dns_check_entries +I (12473) example: 7... +dns_tmr: dns_check_entries +I (13473) example: 6... +dns_tmr: dns_check_entries +I (14473) example: 5... +dns_tmr: dns_check_entries +I (15473) example: 4... +dns_tmr: dns_check_entries +I (16473) example: 3... +dns_tmr: dns_check_entries +I (17473) example: 2... +dns_tmr: dns_check_entries +I (18473) example: 1... +dns_tmr: dns_check_entries +I (19473) example: 0... +dns_tmr: dns_check_entries +I (20473) example: Minimum free heap size: 181364 bytes +I (20473) example: https_request using cacert_buf +D (20473) esp-tls: host:www.howsmyssl.com: strlen 17 +dns_lookup: "www.howsmyssl.com": found = 64:ff9b:0:0:0:0:2247:2dc8 +dns_lookup: "www.howsmyssl.com": found = 34.71.45.200 +dns_select: selecting from 2 candidates +dns_select: precedence labels flags 0x2013, ipv6 scopes flags 0x4004, ipv4 scopes flags 0x4004 +dns_select: rule 2, cand_0 scope (14) match 1, cand_1 scope (14) match 1 +dns_select: rule 5, cand_0 label (1) match 1, cand_1 label (4) match 1 +dns_select: rule 6, cand_0 precedence 40, cand_1 precedence 35 +D (20513) esp-tls: [sock=54] Resolved IPv6 address: 64:FF9B::2247:2DC8 +D (20523) esp-tls: [sock=54] Connecting to server. HOST: www.howsmyssl.com/a/check, Port: 443 +D (20903) esp-tls: handshake in progress... +dns_tmr: dns_check_entries +dns_tmr: dns_check_entries +I (22753) example: Connection established... +I (22753) example: 106 bytes written +I (22753) example: Reading HTTP response... +dns_tmr: dns_check_entries +HTTP/1.1 200 OK +Access-Control-Allow-Origin: * +Connection: close +Content-Length: 2545 +Content-Type: application/json +Strict-Transport-Security: max-age=631138519; includeSubdomains; preload +Vary: Accept-Encoding +Date: Tue, 27 Feb 2024 22:11:37 GMT + +{"given_cipher_suites":["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_CCM","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_ +CBC_SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8","TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384","TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CCM","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA","TLS_ECDHE_RSA_WITH_AE +S_128_CBC_SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8","TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256","TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256","TLS_ECDHE_ECDSA_WITH +_ARIA_128_CBC_SHA256","TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256","TLS_RSA_WITH_AES_256_GCM_SHA384","TLS_RSA_WITH_AES_256_CCM","TLS_RSA_WITH_AES_256_CBC_SHA256","TLS_RSA_WITH_AES_256_CBC_SHA","TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA","TLS_RSA_WITH_AES_256_CCM_8","TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384","TLS_ECDH_RSA_WIT +H_ARIA_256_GCM_SHA384","TLS_RSA_WITH_ARIA_256_GCM_SHA384","TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384","TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384","TLS_RSA_WITH_ARIA_256_CBC_SHA384","TLS_RSA_WITH_AES_128_GCM_SHA256","TLS_RSA_WITH_AES_128_CCM","TLS_RSA_WITH_AES_128_CBC_SHA256","TLS_RSA_WITH_AES_128_CBC_SHA","TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA","TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256","TLS_ECDH_ECDS +A_WITH_AES_128_CBC_SHA","TLS_RSA_WITH_AES_128_CCM_8","TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256","TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256","TLS_RSA_WITH_ARIA_128_GCM_SHA256","TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256","TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256","TLS_RSA_WITH_ARIA_128_CBC_SHA256","TLS_EMPTY_RENEGOTIATION_INFO_SCSV"],"ephemeral_keys_supported":true,"session_ticket_supported":true,"tls_compression_supported":false,"unknown_cipher_suite_supported":false,"beast_vuln":false,"able_to_detect_n_minus_one_spl +itting":false,"insecure_cipher_suites":{},"tls_version":"TLS 1.2","rating":"Probably Okay"} +I (23393) example: connection closed +I (23393) example: 10... +dns_tmr: dns_check_entries +I (24393) example: 9... ``` diff --git a/examples/protocols/https_request/main/https_request_example_main.c b/examples/protocols/https_request/main/https_request_example_main.c index 774aa62fbe..9331cbe7c7 100644 --- a/examples/protocols/https_request/main/https_request_example_main.c +++ b/examples/protocols/https_request/main/https_request_example_main.c @@ -298,6 +298,9 @@ static void https_request_task(void *pvparameters) void app_main(void) { + // Enable debug logging for esp-tls (if Maximum log verbosity is set in menuconfig) + esp_log_level_set("esp-tls", ESP_LOG_DEBUG); + ESP_ERROR_CHECK(nvs_flash_init()); ESP_ERROR_CHECK(esp_netif_init()); ESP_ERROR_CHECK(esp_event_loop_create_default()); diff --git a/examples/protocols/https_request/sdkconfig.defaults b/examples/protocols/https_request/sdkconfig.defaults index ec3edfc8b9..d64f2fb281 100644 --- a/examples/protocols/https_request/sdkconfig.defaults +++ b/examples/protocols/https_request/sdkconfig.defaults @@ -1,3 +1,7 @@ CONFIG_MBEDTLS_HAVE_TIME_DATE=y +CONFIG_LWIP_DNS_DYNAMIC_SORT=y +CONFIG_LWIP_IPV6_AUTOCONFIG=y +CONFIG_LWIP_IPV6_DHCP6=y +CONFIG_LWIP_IPV6_RDNSS_MAX_DNS_SERVERS=2 CONFIG_LWIP_SNTP_MAX_SERVERS=2 CONFIG_PARTITION_TABLE_SINGLE_APP_LARGE=y