Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit b4db703

Browse filesBrowse files
shahpiyushvshahpiyushv
committed
Merge branch 'task/led_light_server_crt' into 'master'
ssl_server_cert: Use mbedtls certificate bundle for server authentication See merge request app-frameworks/esp-rainmaker!298
2 parents f2a1500 + 93a2b36 commit b4db703
Copy full SHA for b4db703

File tree

Expand file treeCollapse file tree

14 files changed

+56
-34
lines changed
Filter options
Expand file treeCollapse file tree

14 files changed

+56
-34
lines changed

‎components/esp_rainmaker/Kconfig.projbuild

Copy file name to clipboardExpand all lines: components/esp_rainmaker/Kconfig.projbuild
+9Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,15 @@ menu "ESP RainMaker Config"
132132
default 0 if ESP_RMAKER_CONSOLE_UART_NUM_0
133133
default 1 if ESP_RMAKER_CONSOLE_UART_NUM_1
134134

135+
config ESP_RMAKER_USE_CERT_BUNDLE
136+
bool "Use Certificate Bundle"
137+
default y
138+
select ESP_RMAKER_MQTT_USE_CERT_BUNDLE
139+
help
140+
Use Certificate Bundle for server authentication. Enabling this is recommended to safeguard
141+
against any changes in the server certificates in future. This has an impact on the binary
142+
size as well as heap requirement.
143+
135144
menu "ESP RainMaker OTA Config"
136145

137146
config ESP_RMAKER_OTA_AUTOFETCH

‎components/esp_rainmaker/src/core/esp_rmaker_claim.c

Copy file name to clipboardExpand all lines: components/esp_rainmaker/src/core/esp_rmaker_claim.c
+19Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,21 @@
5454
#include "esp_rmaker_client_data.h"
5555
#include "esp_rmaker_claim.h"
5656

57+
#if ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(4, 4, 0)
58+
// Features supported in 4.4+
59+
60+
#ifdef CONFIG_ESP_RMAKER_USE_CERT_BUNDLE
61+
#define ESP_RMAKER_USE_CERT_BUNDLE
62+
#include <esp_crt_bundle.h>
63+
#endif
64+
65+
#else
66+
67+
#ifdef CONFIG_ESP_RMAKER_USE_CERT_BUNDLE
68+
#warning "Certificate Bundle not supported below IDF v4.4. Using provided certificate instead."
69+
#endif
70+
71+
#endif /* !IDF4.4 */
5772

5873
static const char *TAG = "esp_claim";
5974

@@ -370,7 +385,11 @@ static esp_err_t esp_rmaker_claim_perform_common(esp_rmaker_claim_data_t *claim_
370385
.url = url,
371386
.transport_type = HTTP_TRANSPORT_OVER_SSL,
372387
.buffer_size = 1024,
388+
#ifdef ESP_RMAKER_USE_CERT_BUNDLE
389+
.crt_bundle_attach = esp_crt_bundle_attach,
390+
#else
373391
.cert_pem = (const char *)claim_service_server_root_ca_pem_start,
392+
#endif
374393
.skip_cert_common_name_check = false
375394
};
376395
esp_http_client_handle_t client = esp_http_client_init(&config);

‎components/esp_rainmaker/src/ota/esp_rmaker_ota.c

Copy file name to clipboardExpand all lines: components/esp_rainmaker/src/ota/esp_rmaker_ota.c
+19Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,21 @@
2828
#include <esp_rmaker_utils.h>
2929
#include "esp_rmaker_ota_internal.h"
3030

31+
#if ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(4, 4, 0)
32+
// Features supported in 4.4+
33+
34+
#ifdef CONFIG_ESP_RMAKER_USE_CERT_BUNDLE
35+
#define ESP_RMAKER_USE_CERT_BUNDLE
36+
#include <esp_crt_bundle.h>
37+
#endif
38+
39+
#else
40+
41+
#ifdef CONFIG_ESP_RMAKER_USE_CERT_BUNDLE
42+
#warning "Certificate Bundle not supported below IDF v4.4. Using provided certificate instead."
43+
#endif
44+
45+
#endif /* !IDF4.4 */
3146
static const char *TAG = "esp_rmaker_ota";
3247

3348
#define OTA_REBOOT_TIMER_SEC 10
@@ -146,7 +161,11 @@ esp_err_t esp_rmaker_ota_default_cb(esp_rmaker_ota_handle_t ota_handle, esp_rmak
146161
esp_err_t ota_finish_err = ESP_OK;
147162
esp_http_client_config_t config = {
148163
.url = ota_data->url,
164+
#ifdef CONFIG_ESP_RMAKER_USE_CERT_BUNDLE
165+
.crt_bundle_attach = esp_crt_bundle_attach,
166+
#else
149167
.cert_pem = ota_data->server_cert,
168+
#endif
150169
.timeout_ms = 5000,
151170
.buffer_size = DEF_HTTP_RX_BUFFER_SIZE,
152171
.buffer_size_tx = buffer_size_tx,

‎components/rmaker_common

Copy file name to clipboard

‎examples/fan/sdkconfig.defaults

Copy file name to clipboardExpand all lines: examples/fan/sdkconfig.defaults
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ CONFIG_PARTITION_TABLE_MD5=y
1111
CONFIG_MBEDTLS_DYNAMIC_BUFFER=y
1212
CONFIG_MBEDTLS_DYNAMIC_FREE_PEER_CERT=y
1313
CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA=y
14+
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=y
1415

1516
# For BLE Provisioning using NimBLE stack (Not applicable for ESP32-S2)
1617
CONFIG_BT_ENABLED=y

‎examples/gpio/sdkconfig.defaults

Copy file name to clipboardExpand all lines: examples/gpio/sdkconfig.defaults
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ CONFIG_PARTITION_TABLE_MD5=y
1111
CONFIG_MBEDTLS_DYNAMIC_BUFFER=y
1212
CONFIG_MBEDTLS_DYNAMIC_FREE_PEER_CERT=y
1313
CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA=y
14+
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=y
1415

1516
# For BLE Provisioning using NimBLE stack (Not applicable for ESP32-S2)
1617
CONFIG_BT_ENABLED=y

‎examples/homekit_switch/sdkconfig.defaults

Copy file name to clipboardExpand all lines: examples/homekit_switch/sdkconfig.defaults
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ CONFIG_MBEDTLS_DYNAMIC_BUFFER=y
1212
CONFIG_MBEDTLS_DYNAMIC_FREE_PEER_CERT=y
1313
CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA=y
1414
CONFIG_MBEDTLS_HARDWARE_MPI=y
15+
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=y
1516

1617
#LWIP
1718
CONFIG_LWIP_MAX_SOCKETS=16

‎examples/led_light/main/CMakeLists.txt

Copy file name to clipboard
-2Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,2 @@
11
idf_component_register(SRCS ./app_driver.c ./app_main.c
22
INCLUDE_DIRS ".")
3-
4-
target_add_binary_data(${COMPONENT_TARGET} "server.crt" TEXT)

‎examples/led_light/main/app_main.c

Copy file name to clipboardExpand all lines: examples/led_light/main/app_main.c
+1-3Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -29,8 +29,6 @@ static const char *TAG = "app_main";
2929

3030
esp_rmaker_device_t *light_device;
3131

32-
extern const char ota_server_cert[] asm("_binary_server_crt_start");
33-
3432
/* Callback to handle commands received from the RainMaker cloud */
3533
static esp_err_t write_cb(const esp_rmaker_device_t *device, const esp_rmaker_param_t *param,
3634
const esp_rmaker_param_val_t val, void *priv_data, esp_rmaker_write_ctx_t *ctx)
@@ -108,7 +106,7 @@ void app_main()
108106

109107
/* Enable OTA */
110108
esp_rmaker_ota_config_t ota_config = {
111-
.server_cert = ota_server_cert,
109+
.server_cert = ESP_RMAKER_OTA_DEFAULT_SERVER_CERT,
112110
};
113111
esp_rmaker_ota_enable(&ota_config, OTA_USING_PARAMS);
114112

‎examples/led_light/main/server.crt

Copy file name to clipboardExpand all lines: examples/led_light/main/server.crt
-28Lines changed: 0 additions & 28 deletions
This file was deleted.

‎examples/led_light/sdkconfig.defaults

Copy file name to clipboardExpand all lines: examples/led_light/sdkconfig.defaults
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ CONFIG_PARTITION_TABLE_MD5=y
1111
CONFIG_MBEDTLS_DYNAMIC_BUFFER=y
1212
CONFIG_MBEDTLS_DYNAMIC_FREE_PEER_CERT=y
1313
CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA=y
14+
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=y
1415

1516
# For BLE Provisioning using NimBLE stack (Not applicable for ESP32-S2)
1617
CONFIG_BT_ENABLED=y

‎examples/multi_device/sdkconfig.defaults

Copy file name to clipboardExpand all lines: examples/multi_device/sdkconfig.defaults
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ CONFIG_PARTITION_TABLE_MD5=y
1111
CONFIG_MBEDTLS_DYNAMIC_BUFFER=y
1212
CONFIG_MBEDTLS_DYNAMIC_FREE_PEER_CERT=y
1313
CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA=y
14+
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=y
1415

1516
# For BLE Provisioning using NimBLE stack (Not applicable for ESP32-S2)
1617
CONFIG_BT_ENABLED=y

‎examples/switch/sdkconfig.defaults

Copy file name to clipboardExpand all lines: examples/switch/sdkconfig.defaults
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ CONFIG_PARTITION_TABLE_MD5=y
1111
CONFIG_MBEDTLS_DYNAMIC_BUFFER=y
1212
CONFIG_MBEDTLS_DYNAMIC_FREE_PEER_CERT=y
1313
CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA=y
14+
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=y
1415

1516
# For BLE Provisioning using NimBLE stack (Not applicable for ESP32-S2)
1617
CONFIG_BT_ENABLED=y

‎examples/temperature_sensor/sdkconfig.defaults

Copy file name to clipboardExpand all lines: examples/temperature_sensor/sdkconfig.defaults
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ CONFIG_PARTITION_TABLE_MD5=y
1111
CONFIG_MBEDTLS_DYNAMIC_BUFFER=y
1212
CONFIG_MBEDTLS_DYNAMIC_FREE_PEER_CERT=y
1313
CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA=y
14+
CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=y
1415

1516
# For BLE Provisioning using NimBLE stack (Not applicable for ESP32-S2)
1617
CONFIG_BT_ENABLED=y

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.