Local HTTPS Server for OTA using OpenSSL Version 3.x not working

chadpham75
Posts: 48
Joined: Thu Sep 12, 2019 11:39 am

Local HTTPS Server for OTA using OpenSSL Version 3.x not working

Postby chadpham75 » Tue May 14, 2024 4:46 am

I always get the OTA implementation working with OpenSSL Version 1.0.x, but when I tried Windows 10/11 with OpenSSL Version 3.x.x, I always got the invalid image error after the first segment downloaded.
Is there anyone successfully implemented the local HTTPS Server as this example using OpenSSL version 3.x?https://github.com/espressif/esp-idf/tr ... _https_ota
Many thanks

chadpham75
Posts: 48
Joined: Thu Sep 12, 2019 11:39 am

Re: Local HTTPS Server for OTA using OpenSSL Version 3.x not working

Postby chadpham75 » Fri May 17, 2024 6:07 am

Anyone knows or have any pointers?
Is there any book or online school teaching about this?

esp_nilesh_kale
Posts: 4
Joined: Wed May 22, 2024 6:17 am

Re: Local HTTPS Server for OTA using OpenSSL Version 3.x not working

Postby esp_nilesh_kale » Wed May 22, 2024 6:33 am

Could you please upload debug logs for this issue?

Alternatively, you can try starting the Python-based server by following the instructions provided at https://github.com/espressif/esp-idf/tr ... sed-server

chadpham75
Posts: 48
Joined: Thu Sep 12, 2019 11:39 am

Re: Local HTTPS Server for OTA using OpenSSL Version 3.x not working

Postby chadpham75 » Fri May 24, 2024 5:58 am

This is my partition table

# Espressif ESP32 Partition Table
# Name, Type, SubType, Offset, Size, Flags
nvs, data, nvs, 0x9000, 0x4000,
otadata, data, ota, 0xd000, 0x2000,
phy_init, data, phy, 0xf000, 0x1000,
ota_0, app, ota_0, 0x10000, 0x180000,
ota_1, app, ota_1, 0x190000, 0x180000,



This is the log from the ESP32. I downgrade from OpenSSL 3.x to OpenSSL1.1.0, and I only got 1 segment program. The OpenSSL 3.x won't event get the 1st segment complete.

I (5702) advanced_https_ota_example: Starting Advanced OTA example
I (5712) advanced_https_ota_example: OTA started
I (5712) main_task: Returned from app_main()
I (6352) advanced_https_ota_example: Connected to server
I (6362) esp_https_ota: Starting OTA...
I (6362) esp_https_ota: Writing to partition subtype 17 at offset 0x190000
I (6362) advanced_https_ota_example: Reading Image Description
I (6372) advanced_https_ota_example: Running firmware version: v5.1.2-dirty
I (6382) advanced_https_ota_example: Verifying chip id of new image: 0
I (7082) esp_image: segment 0: paddr=00190020 vaddr=3f400020 size=092e8h ( 37608) map
E (7092) esp_image: invalid segment length 0xc0e4242
I (7102) advanced_https_ota_example: OTA finish
E (7102) advanced_https_ota_example: Image validation failed, image is corrupted
E (7102) advanced_https_ota_example: ESP_HTTPS_OTA upgrade failed 0x1503



This is the log from local server.

C:\Users\one>openssl s_server -WWW -key ca_key.pem -cert ca_cert.pem -port 8070
Using default temp DH parameters
ACCEPT
FILE:hello_world.bin


Again, I am so familiar with the creation of the http local server from the instruction, and I always success with Windows 7 or Windows 10 32-bit.
I have problem with Windows 11 64-bit or Windows 10 64-bits.

I also tried to build the Python server base but I got problems getting the python project launch due to the lack of knowledge of the Python's library. From the fresh ESP-IDF installation, I kept installed Python's library from the error message until I stuck and I don't know there to go next after the Python's script fail for very generic descriptor that I couldn't find what library I am missing. So I gave up on python base server.
Just run the Python server from the instructions is always generated issues due to the missing Python's library.

esp_nilesh_kale
Posts: 4
Joined: Wed May 22, 2024 6:17 am

Re: Local HTTPS Server for OTA using OpenSSL Version 3.x not working

Postby esp_nilesh_kale » Mon Jun 03, 2024 8:25 am

Could you please try the following steps:

1. Start a server on Windows 11 using a Python-based command, and check if the file can be downloaded using a browser or curl from the same system & different systems on the same network as well.
2. Upload the image to the GitHub channel and provide the corresponding URL for download.

Additionally, could you please share your observations from these tests?

Thank you.

chadpham75
Posts: 48
Joined: Thu Sep 12, 2019 11:39 am

Re: Local HTTPS Server for OTA using OpenSSL Version 3.x not working

Postby chadpham75 » Mon Jun 17, 2024 6:35 am

@esp_nilesh_kale, thank you for your suggestion.
As I stated before I also tried python method but the more I run, one error after another that my system didn't support the python method started to unfold and asking me to install and the additional libraries till the error too generic that I couldn't search for the solution online anymore; hence I have to give up using python method.
I guess either no one has the same issue as I am seeing or no one using the local htpps usiung OpenSSL anymore so I hit the dead end here.

hmalpani
Posts: 11
Joined: Tue May 02, 2023 9:22 am

Re: Local HTTPS Server for OTA using OpenSSL Version 3.x not working

Postby hmalpani » Mon Jun 17, 2024 8:47 am

Hello @chadpham75
I think for the python script to work properly, you need to install the following dependencies:
pexpect, pytest, pytest_embedded
I think you can install all these dependencies together by running the command ./install.sh --enable_pytest.

If you still face issues while installing these dependencies, you can share the exact error you are facing which will be helpful for us to solve the problem.
You can also start the python based server in the following way:

Code: Select all

import os
import socket
import http.server
import ssl
httpd = http.server.HTTPServer(("0.0.0.0", 8070), http.server.SimpleHTTPRequestHandler)
server_file = os.path.join("server_cert.pem")
key_file = os.path.join("server_key.pem")
httpd.socket = ssl.wrap_socket(httpd.socket, keyfile=key_file, certfile=server_file, server_side=True)
httpd.serve_forever()
I hope this will help you in starting the python based server for OTA. Let me know if you need more assistance.

mjgciltd
Posts: 2
Joined: Tue Jul 02, 2024 4:03 pm

Re: Local HTTPS Server for OTA using OpenSSL Version 3.x not working

Postby mjgciltd » Fri Aug 30, 2024 12:43 pm

@chadpham75
@hmalpani

I tried the same method for "native_ota_example".

HTTPS doesn't work. I tried with the HTTP Python based-server and the example works fine.

With the python dependencies, there is loop around missing ones to the point it cannot find 'common_test_methods' and it doesn't install using the general commands of "pip". Name: pytest_native_ota.py within the "native_ota_example".

Openssl (for local https) also doesn't work in my case at all as it returns ESP_ERR_HTTP_EAGAIN over the last chunk.

Who is online

Users browsing this forum: No registered users and 382 guests