Get data from an https site without using SSL while keeping server verification active

[esp32person]

Hi ,

I am trying to connect and read an https url without using SSL. Need to keep the server verification on though.
I can read the data ok using .transport_type = HTTP_TRANSPORT_OVER_TCP or HTTP_TRANSPORT_OVER_SSL.

However, when I look at wireshark data, I can see both using TLS1.2 and see TLS Hello....

So I am not sure if the .transport_type selection matters or not for this goal.

I see same result with ESP-TLS -Allow potentially insecure option enabled and Server verification enabled.

If CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS menuconfig option is disabled, I get tls error warning and cannot open at the url.

Any suggestions on how I can get data from an https site without using SSL while keeping server verification active ?


esp_http_client_config_t config = {
.url = "https://www.howsmyssl.com",
.cert_pem = (char *)root_ca_start,
.transport_type = HTTP_TRANSPORT_OVER_TCP, // _SSL
.skip_cert_common_name_check = true,
.keep_alive_enable = true,
.timeout_ms = 5000,
};

esp_http_client_handle_t client = esp_http_client_init(&config);
esp_http_client_set_method(client, HTTP_METHOD_GET);

esp_err_t err = esp_http_client_open(client, 0);
.....


Thanks

[MicroController]

how I can get data from an https site without using SSL

Not sure what you mean or what you're actually trying to do. But you won't be able to connect to an HTTPS server without employing a TLS/SSL connection.

[esp32person]

I want to read(download) a file from a https site.
I want to be able to do this even when the certificate has expired as a backup plan. I am open to getting a TLS enabled download or a plain text read.

There is not much documentation on what transport_type actually does .transport_type = HTTP_TRANSPORT_OVER_TCP or HTTP_TRANSPORT_OVER_SSL. I can download the file with either option, but not without a cert_pem in both cases. Wireshark data looks similar in both cases.