OTA simple example without certificate check

kluverp
Posts: 26
Joined: Mon Jun 18, 2018 7:08 am

OTA simple example without certificate check

Postby kluverp » Thu Jan 24, 2019 2:31 pm

Hi All,

I'm running the OTA "simple example" which is based on the esp_http_client library.

Now, the documentation says, that if you do not want to verify the host, you can omit the "config.cert_pem" entry. However, when I leave this out like so:

Code: Select all

esp_http_client_config_t config;
    config.url           = C_ota_url.txt;
   // config.cert_pem      = NULL;//(char *)server_cert_pem_start;
    config.event_handler = _http_event_handler;
    
    esp_err_t ret = esp_https_ota(&config);
    if (ret == ESP_OK) {
        esp_restart();
    } else {
        ESP_LOGE(TAG, "Firmware Upgrades Failed");
        ota_cancel();
    }
    while (1) {
        vTaskDelay(1000 / portTICK_PERIOD_MS);
    }
    
I get an mbedTLS error:

Code: Select all

E (12684) esp-tls: mbedtls_x509_crt_parse returned -0x2180
E (12684) esp-tls: Failed to open new connection
E (12684) TRANS_SSL: Failed to open a new connection
E (12694) HTTP_CLIENT: Connection failed, sock < 0
E (12694) esp_https_ota: Failed to open HTTP connection: ESP_ERR_HTTP_CONNECT
E (12704) simple_ota_example: Firmware Upgrades Failed


When I fill it in, it works. But I want to skip the SSL verification.

User avatar
fly135
Posts: 606
Joined: Wed Jan 03, 2018 8:33 pm
Location: Orlando, FL

Re: OTA simple example without certificate check

Postby fly135 » Fri Jan 25, 2019 5:47 pm

Seems that config.cert_pem has a random non-null value. Otherwise it would have failed and printed a message on this line in esp_https_ota....

if (!config->cert_pem) {
ESP_LOGE(TAG, "Server certificate not found in esp_http_client config");
return ESP_FAIL;
}


Now, if you set it to NULL, it will fail in that line. You need to modify esp_https_ota to remove the return ESP_FAIL. Then it will work.

You can also remove the return in this test if you want to use HTTP....

if (esp_http_client_get_transport_type(client) != HTTP_TRANSPORT_OVER_SSL) {
ESP_LOGE(TAG, "Transport is not over HTTPS");
return ESP_FAIL;
}


John A

Junior
Posts: 3
Joined: Sat Sep 07, 2019 7:23 am

Re: OTA simple example without certificate check

Postby Junior » Sun May 03, 2020 2:45 pm

I got the same error trying to call a web api directly after connecting. I then tried calling the api a few seconds later, and got the status code 200.

daonguyen_iot47
Posts: 3
Joined: Thu Jun 09, 2022 8:07 am

Re: OTA simple example without certificate check

Postby daonguyen_iot47 » Thu Jun 09, 2022 8:10 am

you just need to enable the "Allow HTTP for OTA" option in the sdk configure section and you're done :D :D :D

Who is online

Users browsing this forum: No registered users and 161 guests