Get data from an https site without using SSL while keeping server verification active

esp32person
Posts: 17
Joined: Mon Feb 27, 2023 6:47 pm

Get data from an https site without using SSL while keeping server verification active

Postby esp32person » Thu Jan 25, 2024 7:28 pm

Hi ,

I am trying to connect and read an https url without using SSL. Need to keep the server verification on though.
I can read the data ok using .transport_type = HTTP_TRANSPORT_OVER_TCP or HTTP_TRANSPORT_OVER_SSL.

However, when I look at wireshark data, I can see both using TLS1.2 and see TLS Hello....

So I am not sure if the .transport_type selection matters or not for this goal.

I see same result with ESP-TLS -Allow potentially insecure option enabled and Server verification enabled.

If CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS menuconfig option is disabled, I get tls error warning and cannot open at the url.

Any suggestions on how I can get data from an https site without using SSL while keeping server verification active ?


esp_http_client_config_t config = {
.url = "https://www.howsmyssl.com",
.cert_pem = (char *)root_ca_start,
.transport_type = HTTP_TRANSPORT_OVER_TCP, // _SSL
.skip_cert_common_name_check = true,
.keep_alive_enable = true,
.timeout_ms = 5000,
};

esp_http_client_handle_t client = esp_http_client_init(&config);
esp_http_client_set_method(client, HTTP_METHOD_GET);

esp_err_t err = esp_http_client_open(client, 0);
.....


Thanks

MicroController
Posts: 1695
Joined: Mon Oct 17, 2022 7:38 pm
Location: Europe, Germany

Re: Get data from an https site without using SSL while keeping server verification active

Postby MicroController » Thu Jan 25, 2024 10:40 pm

how I can get data from an https site without using SSL
Not sure what you mean or what you're actually trying to do. But you won't be able to connect to an HTTPS server without employing a TLS/SSL connection.

esp32person
Posts: 17
Joined: Mon Feb 27, 2023 6:47 pm

Re: Get data from an https site without using SSL while keeping server verification active

Postby esp32person » Fri Feb 02, 2024 1:47 pm

I want to read(download) a file from a https site.
I want to be able to do this even when the certificate has expired as a backup plan. I am open to getting a TLS enabled download or a plain text read.

There is not much documentation on what transport_type actually does .transport_type = HTTP_TRANSPORT_OVER_TCP or HTTP_TRANSPORT_OVER_SSL. I can download the file with either option, but not without a cert_pem in both cases. Wireshark data looks similar in both cases.

Who is online

Users browsing this forum: Bing [Bot] and 163 guests