ESP32 Forum

Dear ESP Community,

I hope you're all doing well. I'm currently working on an ESP32 project where I'm trying to perform OTA updates from an AWS S3 bucket. However, I've encountered an issue that I'm having trouble resolving.

Problem Description:
I'm getting the following error message when attempting to perform OTA updates:

I (30132) advanced_https_ota_example: Starting Advanced OTA example
W (30192) wifi:<ba-add>idx:0 (ifx:0, 8a:e1:0b4a:85), tid:0, ssn:4, winSize:64
E (30362) esp-tls-mbedtls: mbedtls_ssl_handshake returned -0x2700
I (30362) esp-tls-mbedtls: Failed to verify peer certificate!
E (30362) esp-tls: Failed to open new connection
E (30372) TRANSPORT_BASE: Failed to open a new connection
E (30382) HTTP_CLIENT: Connection failed, sock < 0
E (30382) esp_https_ota: ESP HTTP client perform failed: 28674
E (30382) advanced_https_ota_example: ESP HTTPS OTA Begin failed
I (30602) example_connect: Got IPv6 event: Interface "example_connect: sta" address: fe80:0000:0000:0000:0a3a:f2ff:feaa:19f8, type: ESP_IP6_ADDR_IS_LINK_LOCAL

Code Snippet:
Here's the relevant portion of my code where I'm attempting the OTA update:

void advanced_ota_example_task(void *pvParameter)
{
ESP_LOGI(TAG, "Starting Advanced OTA example");
esp_err_t ota_finish_err = ESP_OK;

esp_http_client_config_t config = {
.url = CONFIG_EXAMPLE_FIRMWARE_UPGRADE_URL,
// .cert_pem = (char *)server_cert_pem_start,
.timeout_ms = CONFIG_EXAMPLE_OTA_RECV_TIMEOUT,
.keep_alive_enable = true,
};

#ifdef CONFIG_EXAMPLE_FIRMWARE_UPGRADE_URL_FROM_STDIN
char url_buf[OTA_URL_SIZE];
if (strcmp(config.url, "FROM_STDIN") == 0) {
example_configure_stdin_stdout();
fgets(url_buf, OTA_URL_SIZE, stdin);
int len = strlen(url_buf);
url_buf[len - 1] = '\0';
config.url = url_buf;
} else {
ESP_LOGE(TAG, "Configuration mismatch: wrong firmware upgrade image url");
abort();
}
#endif

#ifdef CONFIG_EXAMPLE_SKIP_COMMON_NAME_CHECK
config.skip_cert_common_name_check = true;
#endif

esp_https_ota_config_t ota_config = {
.http_config = &config,
.http_client_init_cb = _http_client_init_cb, // Register a callback to be invoked after esp_http_client is initialized
#ifdef CONFIG_EXAMPLE_ENABLE_PARTIAL_HTTP_DOWNLOAD
.partial_http_download = true,
.max_http_request_size = CONFIG_EXAMPLE_HTTP_REQUEST_SIZE,
#endif
};
// ESP_LOGI(TAG, "Testing HTTPS failed situations ");
esp_https_ota_handle_t https_ota_handle = NULL;
esp_err_t err = esp_https_ota_begin(&ota_config, &https_ota_handle);
if (err != ESP_OK) {
ESP_LOGE(TAG, "ESP HTTPS OTA Begin failed");
vTaskDelete(NULL);
}

esp_app_desc_t app_desc;
err = esp_https_ota_get_img_desc(https_ota_handle, &app_desc);
if (err != ESP_OK) {
ESP_LOGE(TAG, "esp_https_ota_read_img_desc failed");
goto ota_end;
}
err = validate_image_header(&app_desc);
if (err != ESP_OK) {
ESP_LOGE(TAG, "image header verification failed");
goto ota_end;
}

while (1) {
err = esp_https_ota_perform(https_ota_handle);
if (err != ESP_ERR_HTTPS_OTA_IN_PROGRESS) {
break;
}

ESP_LOGD(TAG, "Image bytes read: %d", esp_https_ota_get_image_len_read(https_ota_handle));
}

if (esp_https_ota_is_complete_data_received(https_ota_handle) != true) {

ESP_LOGE(TAG, "Complete data was not received.");
} else {
ota_finish_err = esp_https_ota_finish(https_ota_handle);
if ((err == ESP_OK) && (ota_finish_err == ESP_OK)) {
ESP_LOGI(TAG, "ESP_HTTPS_OTA upgrade successful. Rebooting ...");
vTaskDelay(1000 / portTICK_PERIOD_MS);
esp_restart();
} else {
if (ota_finish_err == ESP_ERR_OTA_VALIDATE_FAILED) {
ESP_LOGE(TAG, "Image validation failed, image is corrupted");
}
ESP_LOGE(TAG, "ESP_HTTPS_OTA upgrade failed 0x%x", ota_finish_err);
vTaskDelete(NULL);
}
}

ota_end:
esp_https_ota_abort(https_ota_handle);
ESP_LOGE(TAG, "ESP_HTTPS_OTA upgrade failed");
vTaskDelete(NULL);
}

Additional Information:

I'm using the ESP-IDF 4.4.3 framework.
My AWS S3 bucket is configured properly, and I've verified the URL and credentials. using thunder client it shows status https code 200 means ok
I've tried debugging the issue, but I'm unsure what might be causing the TLS handshake error and the failure to verify the peer certificate.

What I've Tried:

Ensured that the S3 bucket URL is correct.
Attempted the OTA update multiple times, but the issue persists.

Request for Assistance:
I would greatly appreciate any insights or guidance from the community on how to resolve this issue. If anyone has encountered a similar problem or has expertise in working with ESP32 OTA updates, your input would be invaluable.

Thank you very much for your time and assistance.

Warm regards,
Rahul B.

It looks like you are trying OTA before wifi connection is fully established.

Thank you for your input. While I understand the concern about ensuring the WiFi connection is fully established before initiating OTA, I've verified that the WiFi connection is indeed stable and operational. Despite this, I'm still encountering the "ESP HTTPS OTA Begin failed" error.

Are there any other potential reasons or troubleshooting steps I should consider to resolve this issue? Any additional insights would be greatly appreciated.

Are you commenting the Keys in your config client ?
All I see is one line and is commented in the code you posted .

This is how the config should be with mutual auth "which AWS uses"

rahulbari wrote: ↑

Fri Apr 05, 2024 8:22 am

Thank you for your input. While I understand the concern about ensuring the WiFi connection is fully established before initiating OTA, I've verified that the WiFi connection is indeed stable and operational. Despite this, I'm still encountering the "ESP HTTPS OTA Begin failed" error.

Are there any other potential reasons or troubleshooting steps I should consider to resolve this issue? Any additional insights would be greatly appreciated.

Again. Your logs tells the story:
- start wifi STA connection
- begin OTA and fail
- wifi connection is established and have access to internet


Try to call esp_https_ota_begin after getting IP event, not after wifi connect event.