Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

could not use esp_https_ota with certificate bundle (IDFGH-3555) #5504

Closed
JakubRakus opened this issue Jun 26, 2020 · 3 comments
Closed

could not use esp_https_ota with certificate bundle (IDFGH-3555) #5504

JakubRakus opened this issue Jun 26, 2020 · 3 comments
Labels
Status: Done Issue is done internally

Comments

@JakubRakus
Copy link

Environment

  • Module or chip used: ESP32-WROOM-32D
  • IDF version v4.2-dev-1126-gd85d3d969
  • Build System: idf.py
  • Compiler version xtensa-esp32-elf-gcc (crosstool-NG esp-2020r1) 8.2.0
  • Operating System: Linux

Problem Description

There is no way to use crt bundle (enabled via menuconfig) with esp_https_ota.

If I try to attach the bundle with esp_crt_bundle_attach and then set ota config.use_global_ca_store = true the ota process stops with error Server certificate not found in esp_http_client config because function esp_https_ota_begin wants config.cert_pem. Trying to set config.cert_pem to some dummy cert but it also does not work - esp_https_ota_begin couldn't use certs from global store.

Also I've tried to pass x509_crt_imported_bundle_bin_start to config.cert_pem but it lloks like cert bundle format is not valid pem. Function esp_crt_bundle_init loads certs from bin to static struct crt_bundle_t and makes some magic with cert headers and numbers.

Expected Behavior

esp_https_ota_begin should check if use_global_ca_store is set to true and then try to use certificates from previously attached crt bundle

and/or

there should be a function in esp_crt_bunlde that gives a pointer to certs in pem file format which can be passed to ota config.cert_pem
@github-actions github-actions bot changed the title could not use esp_https_ota with certificate bundle could not use esp_https_ota with certificate bundle (IDFGH-3555) Jun 26, 2020
@ESP-Marius
Copy link
Collaborator

Hi, thanks for reporting this.

Yes, right now it's not possible. I'll look into it and push an update.

@JakubRakus
Copy link
Author

JakubRakus commented Aug 24, 2020
edited
Loading

@ESP-Marius Any progress on this?

@ESP-Marius
Copy link
Collaborator

@JakubRakus Sorry, for the slow turn-around. It's still on my to-do list. I'll try to prioritize it.

@JakubRakus JakubRakus mentioned this issue Sep 30, 2020
Closed
@espressif-bot espressif-bot added Status: In Progress Work is in progress Status: Done Issue is done internally and removed Status: In Progress Work is in progress labels Apr 8, 2021
@mahavirj mahavirj mentioned this issue May 27, 2022
Closed
espressif-bot pushed a commit that referenced this issue Jun 10, 2022
@AdityaHPatwardhan @hmalpani
esp_https_ota: Enable option of using global_ca_store and x509_crt_bu…
f496742 
…ndle

Closes #5504
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Done Issue is done internally
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JakubRakus @ESP-Marius @espressif-bot