You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Compiler version xtensa-esp32-elf-gcc (crosstool-NG esp-2020r1) 8.2.0
Operating System: Linux
Problem Description
There is no way to use crt bundle (enabled via menuconfig) with esp_https_ota.
If I try to attach the bundle with esp_crt_bundle_attach and then set ota config.use_global_ca_store = true the ota process stops with error Server certificate not found in esp_http_client config because function esp_https_ota_begin wants config.cert_pem. Trying to set config.cert_pem to some dummy cert but it also does not work - esp_https_ota_begin couldn't use certs from global store.
Also I've tried to pass x509_crt_imported_bundle_bin_start to config.cert_pem but it lloks like cert bundle format is not valid pem. Function esp_crt_bundle_init loads certs from bin to static struct crt_bundle_t and makes some magic with cert headers and numbers.
Expected Behavior
esp_https_ota_begin should check if use_global_ca_store is set to true and then try to use certificates from previously attached crt bundle
and/or
there should be a function in esp_crt_bunlde that gives a pointer to certs in pem file format which can be passed to ota config.cert_pem
The text was updated successfully, but these errors were encountered:
github-actionsbot
changed the title
could not use esp_https_ota with certificate bundle
could not use esp_https_ota with certificate bundle (IDFGH-3555)
Jun 26, 2020
Environment
Problem Description
There is no way to use crt bundle (enabled via menuconfig) with
esp_https_ota
.If I try to attach the bundle with
esp_crt_bundle_attach
and then setota config.use_global_ca_store = true
the ota process stops with errorServer certificate not found in esp_http_client config
because functionesp_https_ota_begin
wantsconfig.cert_pem
. Trying to setconfig.cert_pem
to some dummy cert but it also does not work -esp_https_ota_begin
couldn't use certs from global store.Also I've tried to pass
x509_crt_imported_bundle_bin_start
toconfig.cert_pem
but it lloks like cert bundle format is not valid pem. Functionesp_crt_bundle_init
loads certs from bin tostatic struct crt_bundle_t
and makes some magic with cert headers and numbers.Expected Behavior
esp_https_ota_begin
should check ifuse_global_ca_store
is set to true and then try to use certificates from previously attached crt bundleand/or
there should be a function in
esp_crt_bunlde
that gives a pointer to certs in pem file format which can be passed toota config.cert_pem
The text was updated successfully, but these errors were encountered: