Mutual Authentication OTA - what's going on? (IDFGH-1120)

[kifantidis]

Hello,
I would like to ask if there is a way to use a TLS connection with mutual authentication in order to achieve OTA updates. I've read #2688 from Anders Kaloer, in the past, had written but I can not find anything that works or anything that is implemented in the newer ESP-IDFs.
The structure "esp_http_client_config_t" of esp_http_client.h file does not contain client certification and key variables.

Also after implemented the code from Kaloer's post I did get error related to "esp_transport_ssl_set_client_cert_data" and "esp_transport_ssl_set_client_key_data" functions.

I'm using ESP-IDF v3.1.2-99-gcf5dbadf4 atm and I'm thinking to upgrade to v3.2.

Any help or guidance would be appreciated.
Best regards, Kostas.

[mahavirj]

@kifantidis

• Definitely recommend upgrading to IDF v3.2 release
• In addition, looks like mutual authentication related commit is not backported to release/v3.2 yet. Can you please try following steps and see if this can meet you requirement:

git checkout -b release/v3.2 origin/release/v3.2
git cherry-pick 8b72dc9fb063d770623508bd4bd7f2a7dd192729

If this works then we will ensure that commit is backported to release/v3.2 soon.

[kifantidis]

Good morning.

Thank you for the reply mahavirj. I'll let you know about it when I'll have the results.

Regards, Kostas.

[mahavirj]

@kifantidis Do you have any update here?

[kifantidis]

Hello @mahavirj ,
sadly I don't have time this month due to other projects have to be finished before I get to work with ESP32 again. I'll let you know in this post when I get something new.

Regards, Kostas.

[mahavirj]

@kifantidis Fixed with d81c79d. In case problem persists, please feel free to raise new issue.