Page 1 of 1

Https Certificate Check does not fail

Posted: Wed Jan 31, 2024 3:29 pm
by chruge
Dear all

I connect to my https ota server, using the certificate chain. The chain consists of three certificates. When I impair my server certificat, but leave the root certificate alone, I get the following message.

W (6997) esp-tls-mbedtls: mbedtls_x509_crt_parse was partly successful. No. of failed certificates: 1

What setting do I need to make, in order to get a connection error like

E (12523) esp-tls-mbedtls: mbedtls_x509_crt_parse of CA cert returned -0x2180
E (12523) esp-tls-mbedtls: Failed to set client configurations, returned [0x8015] (ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED)
E (12533) esp-tls: create_ssl_handle failed
E (12543) esp-tls: Failed to open new connection
E (12543) transport_base: Failed to open a new connection
E (12553) HTTP_CLIENT: Connection failed, sock < 0
E (12553) esp_https_ota: Failed to open HTTP connection: ESP_ERR_HTTP_CONNECT

I use
- esp_https_ota_perform(https_ota_handle)
- esp_https_ota_begin(&ota_config, &https_ota_handle)

The following is unchecked
[ ] Allow potentially insecure options

I need to abort the OTA, if the not all certificates in the chain are correct.

Any help appreciated

Chris