ESP32 Forum

Hello,

We are working with a esp32-c3 module (devkit-m1) and are using the Digital Signature module to establish mTLS.

We are using the esp-tls component for https operations, since it supports the DS module.

The issue we are facing is that the esp_https_ota component used for ota updates doesn't seem to support esp-tls configurations, but rather it wants an esp_http_client config. This configuration seems to offer support for secure element, but not DS module.
Is DS supported by esp_https_ota? Or are there any other ways to perform ota updates using DS that we are missing?

Many thanks,
Alex

Hi Alex,
Yes you are right, the DS support is not present in the client configuration structure.
I will soon share a patch with you that shall enable you to use DS peripheral for establishing the TLS connection at the time of OTA.

That's great, thanks @ESP_flying_raijin

ESP_flying_raijin wrote: ↑

Mon Aug 21, 2023 5:13 am

Hi Alex,
Yes you are right, the DS support is not present in the client configuration structure.
I will soon share a patch with you that shall enable you to use DS peripheral for establishing the TLS connection at the time of OTA.

Hello,
I was wondering if there were any updates on the patch mentioned?

Hi Alex,

Sorry for the delayed reply.

Please find the patch at this link https://gist.github.com/AdityaHPatwardh ... eral-patch
With this you would have to provide the DS context to the esp_http_client configuration structure.
Just for reference - The ds_context would act as a private key hence you only need to provide the DS context and no private key needs to be provided. Other configurations remain the same.
To generate the ds context and store it on the device in a standard manner you can make use of the https://github.com/espressif/esp_secure_cert_mgr library.

Please find the instructions at https://github.com/espressif/esp_secure ... -partition

Thanks,
Aditya

Hi Aditya,

Works like a charm, thank you very much!

Any plans on adding this to future release of esp-idf?