how to disable server validation (CA)
Posted: Tue Jan 26, 2021 9:37 pm
Hello guys,
I'm testing the HTTPs module with esp_http_client but I've gotten a bit stuck.
I want to make a request using HTTPS and without validating the server's CA, using the CA's validation works fine, but when I want it not to check the CA (using .skip_cert_common_name_check = true), the program returns the following error. (It seems that it continues to validate the ca ).
esp-idf: v4.3-dev-2586-g526f68239
=================== ERROR ===========================
E (5001) esp-tls-mbedtls: No server verification option set in esp_tls_cfg_t structure. Check esp_tls API reference
E (5001) esp-tls-mbedtls: Failed to set client configurations
E (5011) esp-tls: create_ssl_handle failed
E (5021) esp-tls: Failed to open new connection
E (5021) TRANS_SSL: Failed to open a new connection
E (5031) HTTP_CLIENT: Connection failed, sock < 0
E (5031) HTTP_CLIENT: Error perform http request ESP_ERR_HTTP_CONNECT
=================================================================
The configuration of the request that I am making is the following. Could you please help me?
I'm testing the HTTPs module with esp_http_client but I've gotten a bit stuck.
I want to make a request using HTTPS and without validating the server's CA, using the CA's validation works fine, but when I want it not to check the CA (using .skip_cert_common_name_check = true), the program returns the following error. (It seems that it continues to validate the ca ).
esp-idf: v4.3-dev-2586-g526f68239
=================== ERROR ===========================
E (5001) esp-tls-mbedtls: No server verification option set in esp_tls_cfg_t structure. Check esp_tls API reference
E (5001) esp-tls-mbedtls: Failed to set client configurations
E (5011) esp-tls: create_ssl_handle failed
E (5021) esp-tls: Failed to open new connection
E (5021) TRANS_SSL: Failed to open a new connection
E (5031) HTTP_CLIENT: Connection failed, sock < 0
E (5031) HTTP_CLIENT: Error perform http request ESP_ERR_HTTP_CONNECT
=================================================================
The configuration of the request that I am making is the following. Could you please help me?
- static void https_with_hostname_path(void)
- {
- ESP_LOGI(TAG, "Test HTTPs skip CA");
- esp_http_client_config_t config = {
- .host = "www.howsmyssl.com",
- .path = "/",
- .transport_type = HTTP_TRANSPORT_OVER_SSL,
- .event_handler = _http_event_handler,
- .skip_cert_common_name_check = true
- };
- esp_http_client_handle_t client = esp_http_client_init(&config);
- esp_err_t err = esp_http_client_perform(client);
- if (err == ESP_OK) {
- ESP_LOGI(TAG, "HTTPS Status = %d, content_length = %d",
- esp_http_client_get_status_code(client),
- esp_http_client_get_content_length(client));
- } else {
- ESP_LOGE(TAG, "Error perform http request %s", esp_err_to_name(err));
- }
- esp_http_client_cleanup(client);
- }