Looking for details on OTA handshake

User avatar
mbratch
Posts: 303
Joined: Fri Jun 11, 2021 1:51 pm

Looking for details on OTA handshake

Postby mbratch » Wed Nov 08, 2023 2:51 pm

I used to have my website URL configured using a simple dynamic DNS service. I have my device's firmware files on my server, and I was able to use the ESP-IDF OTA functions to do a firmware update by accessing the firmware file at a URL pointing to my website.

I recently changed internet services and they don't allow my to use dynamic DNS. So I am using Cloudflare(.com) tunneling service to enable access to my web server via the URL I have defined. However, the OTA function `esp_https_ota_begin` fails with an error code indicating it cannot access the URL.

I suspect that Cloudflare might be blocking it based upon the user agent setting but that's just a guess.

My question is: is there a detailed description somewhere, or message diagram, showing the details of the OTA protocol with the server? I need something to help debug the issue.

Thank you!

MicroController
Posts: 1708
Joined: Mon Oct 17, 2022 7:38 pm
Location: Europe, Germany

Re: Looking for details on OTA handshake

Postby MicroController » Wed Nov 08, 2023 9:58 pm

I don't think there's any special protocol involved. It should be a "plain" HTTPS GET. The S in HTTPS would be my suspect #1 when using some sort of intermediary server which may not match the TLS certificate in use/expected, or may not use a recognized root CA.

User avatar
mbratch
Posts: 303
Joined: Fri Jun 11, 2021 1:51 pm

Re: Looking for details on OTA handshake

Postby mbratch » Wed Nov 08, 2023 11:34 pm

MicroController wrote:
Wed Nov 08, 2023 9:58 pm
I don't think there's any special protocol involved. It should be a "plain" HTTPS GET. The S in HTTPS would be my suspect #1 when using some sort of intermediary server which may not match the TLS certificate in use/expected, or may not use a recognized root CA.
Thanks! I rather thought that was the case. After more debugging I found a security option I needed to set. I had just upgraded from ESP-IDF 5.0 to 5.1.1 and the latter is more strict on security options.

Who is online

Users browsing this forum: No registered users and 88 guests