esp-idf/examples/protocols/https_request/main/https_request_example_main.c

/* HTTPS GET Example using plain mbedTLS sockets
 *
 * Contacts the howsmyssl.com API via TLS v1.2 and reads a JSON
 * response.
 *
 * Adapted from the ssl_client1 example in mbedtls.
 *
 * SPDX-FileCopyrightText: 2006-2016 ARM Limited, All Rights Reserved
 *
 * SPDX-License-Identifier: Apache-2.0
 *
 * SPDX-FileContributor: 2015-2022 Espressif Systems (Shanghai) CO LTD
 */

#include <string.h>
#include <stdlib.h>
#include "freertos/FreeRTOS.h"
#include "freertos/task.h"
#include "freertos/event_groups.h"
#include "esp_wifi.h"
#include "esp_event.h"
#include "esp_log.h"
#include "esp_system.h"
#include "nvs_flash.h"
#include "protocol_examples_common.h"
#include "esp_netif.h"

#include "lwip/err.h"
#include "lwip/sockets.h"
#include "lwip/sys.h"
#include "lwip/netdb.h"
#include "lwip/dns.h"

#include "esp_tls.h"
#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
#include "esp_crt_bundle.h"
#endif

/* Constants that aren't configurable in menuconfig */
#define WEB_SERVER "www.howsmyssl.com"
#define WEB_PORT "443"
#define WEB_URL "https://www.howsmyssl.com/a/check"

static const char *TAG = "example";

static const char REQUEST[] = "GET " WEB_URL " HTTP/1.1\r\n"
                             "Host: "WEB_SERVER"\r\n"
                             "User-Agent: esp-idf/1.0 esp32\r\n"
                             "\r\n";

/* Root cert for howsmyssl.com, taken from server_root_cert.pem

   The PEM file was extracted from the output of this command:
   openssl s_client -showcerts -connect www.howsmyssl.com:443 </dev/null

   The CA root cert is the last cert given in the chain of certs.

   To embed it in the app binary, the PEM file is named
   in the component.mk COMPONENT_EMBED_TXTFILES variable.
*/
extern const uint8_t server_root_cert_pem_start[] asm("_binary_server_root_cert_pem_start");
extern const uint8_t server_root_cert_pem_end[]   asm("_binary_server_root_cert_pem_end");

static void https_get_request(esp_tls_cfg_t cfg)
{
    char buf[512];
    int ret, len;

    struct esp_tls *tls = esp_tls_conn_http_new(WEB_URL, &cfg);

    if (tls != NULL) {
        ESP_LOGI(TAG, "Connection established...");
    } else {
        ESP_LOGE(TAG, "Connection failed...");
        goto exit;
    }

    size_t written_bytes = 0;
    do {
        ret = esp_tls_conn_write(tls,
                                 REQUEST + written_bytes,
                                 sizeof(REQUEST) - written_bytes);
        if (ret >= 0) {
            ESP_LOGI(TAG, "%d bytes written", ret);
            written_bytes += ret;
        } else if (ret != ESP_TLS_ERR_SSL_WANT_READ  && ret != ESP_TLS_ERR_SSL_WANT_WRITE) {
            ESP_LOGE(TAG, "esp_tls_conn_write  returned: [0x%02X](%s)", ret, esp_err_to_name(ret));
            goto exit;
        }
    } while (written_bytes < sizeof(REQUEST));

    ESP_LOGI(TAG, "Reading HTTP response...");

    do {
        len = sizeof(buf) - 1;
        bzero(buf, sizeof(buf));
        ret = esp_tls_conn_read(tls, (char *)buf, len);

        if (ret == ESP_TLS_ERR_SSL_WANT_WRITE  || ret == ESP_TLS_ERR_SSL_WANT_READ) {
            continue;
        }

        if (ret < 0) {
            ESP_LOGE(TAG, "esp_tls_conn_read  returned [-0x%02X](%s)", -ret, esp_err_to_name(ret));
            break;
        }

        if (ret == 0) {
            ESP_LOGI(TAG, "connection closed");
            break;
        }

        len = ret;
        ESP_LOGD(TAG, "%d bytes read", len);
        /* Print response directly to stdout as it is read */
        for (int i = 0; i < len; i++) {
            putchar(buf[i]);
        }
        putchar('\n'); // JSON output doesn't have a newline at end
    } while (1);

exit:
    esp_tls_conn_delete(tls);
    for (int countdown = 10; countdown >= 0; countdown--) {
        ESP_LOGI(TAG, "%d...", countdown);
        vTaskDelay(1000 / portTICK_PERIOD_MS);
    }
}

#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
static void https_get_request_using_crt_bundle(void)
{
    ESP_LOGI(TAG, "https_request using crt bundle");
    esp_tls_cfg_t cfg = {
        .crt_bundle_attach = esp_crt_bundle_attach,
    };
    https_get_request(cfg);
}
#endif // CONFIG_MBEDTLS_CERTIFICATE_BUNDLE

static void https_get_request_using_cacert_buf(void)
{
    ESP_LOGI(TAG, "https_request using cacert_buf");
    esp_tls_cfg_t cfg = {
        .cacert_buf = (const unsigned char *) server_root_cert_pem_start,
        .cacert_bytes = server_root_cert_pem_end - server_root_cert_pem_start,
    };
    https_get_request(cfg);
}

static void https_get_request_using_global_ca_store(void)
{
    esp_err_t esp_ret = ESP_FAIL;
    ESP_LOGI(TAG, "https_request using global ca_store");
    esp_ret = esp_tls_set_global_ca_store(server_root_cert_pem_start, server_root_cert_pem_end - server_root_cert_pem_start);
    if (esp_ret != ESP_OK) {
        ESP_LOGE(TAG, "Error in setting the global ca store: [%02X] (%s),could not complete the https_request using global_ca_store", esp_ret, esp_err_to_name(esp_ret));
        return;
    }
    esp_tls_cfg_t cfg = {
        .use_global_ca_store = true,
    };
    https_get_request(cfg);
    esp_tls_free_global_ca_store();
}

static void https_request_task(void *pvparameters)
{
    ESP_LOGI(TAG, "Start https_request example");

#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE
    https_get_request_using_crt_bundle();
#endif
    https_get_request_using_cacert_buf();
    https_get_request_using_global_ca_store();

    ESP_LOGI(TAG, "Finish https_request example");
    vTaskDelete(NULL);
}

void app_main(void)
{
    ESP_ERROR_CHECK( nvs_flash_init() );
    ESP_ERROR_CHECK(esp_netif_init());
    ESP_ERROR_CHECK(esp_event_loop_create_default());

    /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.
     * Read "Establishing Wi-Fi or Ethernet Connection" section in
     * examples/protocols/README.md for more information about this function.
     */
    ESP_ERROR_CHECK(example_connect());

    xTaskCreate(&https_request_task, "https_get_task", 8192, NULL, 5, NULL);
}
examples: Add https_request example 2016-09-21 02:44:27 -04:00			`/* HTTPS GET Example using plain mbedTLS sockets`
			`*`
			`* Contacts the howsmyssl.com API via TLS v1.2 and reads a JSON`
			`* response.`
			`*`
			`* Adapted from the ssl_client1 example in mbedtls.`
			`*`
examples: add dependency on cert bundle configuration Refactor examples to build with MBEDTLS_CERTIFICATE_BUNDLE disabled. Only examples that can work with certificate bundle disabled have been modified here. 2022-04-04 03:53:18 -04:00			`* SPDX-FileCopyrightText: 2006-2016 ARM Limited, All Rights Reserved`
examples: Add https_request example 2016-09-21 02:44:27 -04:00			`*`
examples: add dependency on cert bundle configuration Refactor examples to build with MBEDTLS_CERTIFICATE_BUNDLE disabled. Only examples that can work with certificate bundle disabled have been modified here. 2022-04-04 03:53:18 -04:00			`* SPDX-License-Identifier: Apache-2.0`
examples: Add https_request example 2016-09-21 02:44:27 -04:00			`*`
examples: add dependency on cert bundle configuration Refactor examples to build with MBEDTLS_CERTIFICATE_BUNDLE disabled. Only examples that can work with certificate bundle disabled have been modified here. 2022-04-04 03:53:18 -04:00			`* SPDX-FileContributor: 2015-2022 Espressif Systems (Shanghai) CO LTD`
examples: Add https_request example 2016-09-21 02:44:27 -04:00			`*/`
examples: add dependency on cert bundle configuration Refactor examples to build with MBEDTLS_CERTIFICATE_BUNDLE disabled. Only examples that can work with certificate bundle disabled have been modified here. 2022-04-04 03:53:18 -04:00
examples: Add https_request example 2016-09-21 02:44:27 -04:00			`#include <string.h>`
Fixes for stdlib.h inclusion Refs: http://esp32.com/viewtopic.php?f=13&t=550 http://esp32.com/viewtopic.php?f=13&t=551 rmt.c should include stdlib.h for malloc, esp_bignum,c & https_request_main.c for abort(). FreeRTOSConfig.h is only including stdlib if CONFIG_FREERTOS_ASSERT_ON_UNTESTED_FUNCTION is set. However, it is included for abort() so needs to be included whenever CONFIG_FREERTOS_ASSERT_FAIL_ABORT is set. This change includes unconditionally in FreeRTOSConfig.h. This is to avoid this kind of bug where compiler errors are dependent on config. I suggest we don't change this to be more selective until we have 'make randomconfig' style tests in CI. 2016-11-23 16:08:09 -05:00			`#include <stdlib.h>`
examples: Add https_request example 2016-09-21 02:44:27 -04:00			`#include "freertos/FreeRTOS.h"`
			`#include "freertos/task.h"`
Examples: Use event groups for waiting until WiFi is associated & ESP has IP 2016-09-26 01:48:36 -04:00			`#include "freertos/event_groups.h"`
examples: Add https_request example 2016-09-21 02:44:27 -04:00			`#include "esp_wifi.h"`
examples/protocols/http(s,2)_request: use common network component 2019-04-11 06:54:26 -04:00			`#include "esp_event.h"`
examples: Add https_request example 2016-09-21 02:44:27 -04:00			`#include "esp_log.h"`
			`#include "esp_system.h"`
Update http_request & https_request examples for new startup flow 2016-09-26 21:16:40 -04:00			`#include "nvs_flash.h"`
examples/protocols/http(s,2)_request: use common network component 2019-04-11 06:54:26 -04:00			`#include "protocol_examples_common.h"`
examples: protocol examples which use common connection component updated to use esp_netif_init instead of tcpip_adapter in initialization code 2019-08-31 10:19:21 -04:00			`#include "esp_netif.h"`
examples: Add https_request example 2016-09-21 02:44:27 -04:00
			`#include "lwip/err.h"`
			`#include "lwip/sockets.h"`
			`#include "lwip/sys.h"`
			`#include "lwip/netdb.h"`
			`#include "lwip/dns.h"`

esp-tls header file name change 2018-02-14 08:21:26 -05:00			`#include "esp_tls.h"`
examples: add dependency on cert bundle configuration Refactor examples to build with MBEDTLS_CERTIFICATE_BUNDLE disabled. Only examples that can work with certificate bundle disabled have been modified here. 2022-04-04 03:53:18 -04:00			`#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE`
Add ESP certificate bundle feature Adds the ESP certificate bundle feature that enables users to bundle a root certificate bundle together with their application. Default bundle includes all Mozilla root certificates Closes IDF-296 2019-09-29 06:04:34 -04:00			`#include "esp_crt_bundle.h"`
examples: add dependency on cert bundle configuration Refactor examples to build with MBEDTLS_CERTIFICATE_BUNDLE disabled. Only examples that can work with certificate bundle disabled have been modified here. 2022-04-04 03:53:18 -04:00			`#endif`
esp-tls api support in https_request 2018-02-12 13:11:31 -05:00
examples: Add https_request example 2016-09-21 02:44:27 -04:00			`/* Constants that aren't configurable in menuconfig */`
			`#define WEB_SERVER "www.howsmyssl.com"`
			`#define WEB_PORT "443"`
			`#define WEB_URL "https://www.howsmyssl.com/a/check"`

			`static const char *TAG = "example";`

https_request_example: Updated the example to showcase cacert_buf and global_ca store * Made required changes in the example_test 2021-01-08 06:26:28 -05:00			`static const char REQUEST[] = "GET " WEB_URL " HTTP/1.1\r\n"`
			`"Host: "WEB_SERVER"\r\n"`
			`"User-Agent: esp-idf/1.0 esp32\r\n"`
			`"\r\n";`
examples: Add https_request example 2016-09-21 02:44:27 -04:00
https_request_example: Updated the example to showcase cacert_buf and global_ca store * Made required changes in the example_test 2021-01-08 06:26:28 -05:00			`/* Root cert for howsmyssl.com, taken from server_root_cert.pem`

			`The PEM file was extracted from the output of this command:`
			`openssl s_client -showcerts -connect www.howsmyssl.com:443 </dev/null`

			`The CA root cert is the last cert given in the chain of certs.`

			`To embed it in the app binary, the PEM file is named`
			`in the component.mk COMPONENT_EMBED_TXTFILES variable.`
			`*/`
			`extern const uint8_t server_root_cert_pem_start[] asm("_binary_server_root_cert_pem_start");`
			`extern const uint8_t server_root_cert_pem_end[] asm("_binary_server_root_cert_pem_end");`

			`static void https_get_request(esp_tls_cfg_t cfg)`
examples: Add https_request example 2016-09-21 02:44:27 -04:00			`{`
			`char buf[512];`
esp-tls api support in https_request 2018-02-12 13:11:31 -05:00			`int ret, len;`
examples: Add https_request example 2016-09-21 02:44:27 -04:00
https_request_example: Updated the example to showcase cacert_buf and global_ca store * Made required changes in the example_test 2021-01-08 06:26:28 -05:00			`struct esp_tls *tls = esp_tls_conn_http_new(WEB_URL, &cfg);`
Add ESP certificate bundle feature Adds the ESP certificate bundle feature that enables users to bundle a root certificate bundle together with their application. Default bundle includes all Mozilla root certificates Closes IDF-296 2019-09-29 06:04:34 -04:00
https_request_example: Updated the example to showcase cacert_buf and global_ca store * Made required changes in the example_test 2021-01-08 06:26:28 -05:00			`if (tls != NULL) {`
			`ESP_LOGI(TAG, "Connection established...");`
			`} else {`
			`ESP_LOGE(TAG, "Connection failed...");`
			`goto exit;`
			`}`
Add ESP certificate bundle feature Adds the ESP certificate bundle feature that enables users to bundle a root certificate bundle together with their application. Default bundle includes all Mozilla root certificates Closes IDF-296 2019-09-29 06:04:34 -04:00
https_request_example: Updated the example to showcase cacert_buf and global_ca store * Made required changes in the example_test 2021-01-08 06:26:28 -05:00			`size_t written_bytes = 0;`
			`do {`
			`ret = esp_tls_conn_write(tls,`
			`REQUEST + written_bytes,`
			`sizeof(REQUEST) - written_bytes);`
			`if (ret >= 0) {`
			`ESP_LOGI(TAG, "%d bytes written", ret);`
			`written_bytes += ret;`
			`} else if (ret != ESP_TLS_ERR_SSL_WANT_READ && ret != ESP_TLS_ERR_SSL_WANT_WRITE) {`
			`ESP_LOGE(TAG, "esp_tls_conn_write returned: [0x%02X](%s)", ret, esp_err_to_name(ret));`
https mbedtls example 2018-02-26 05:34:47 -05:00			`goto exit;`
examples: Add https_request example 2016-09-21 02:44:27 -04:00			`}`
https_request_example: Updated the example to showcase cacert_buf and global_ca store * Made required changes in the example_test 2021-01-08 06:26:28 -05:00			`} while (written_bytes < sizeof(REQUEST));`
Add ESP certificate bundle feature Adds the ESP certificate bundle feature that enables users to bundle a root certificate bundle together with their application. Default bundle includes all Mozilla root certificates Closes IDF-296 2019-09-29 06:04:34 -04:00
https_request_example: Updated the example to showcase cacert_buf and global_ca store * Made required changes in the example_test 2021-01-08 06:26:28 -05:00			`ESP_LOGI(TAG, "Reading HTTP response...");`
https example: Clean up output, print cipher suite & request count 2017-08-17 03:25:39 -04:00
https_request_example: Updated the example to showcase cacert_buf and global_ca store * Made required changes in the example_test 2021-01-08 06:26:28 -05:00			`do {`
			`len = sizeof(buf) - 1;`
			`bzero(buf, sizeof(buf));`
			`ret = esp_tls_conn_read(tls, (char *)buf, len);`

			`if (ret == ESP_TLS_ERR_SSL_WANT_WRITE \|\| ret == ESP_TLS_ERR_SSL_WANT_READ) {`
			`continue;`
			`}`
https example: Clean up output, print cipher suite & request count 2017-08-17 03:25:39 -04:00
https_request_example: Updated the example to showcase cacert_buf and global_ca store * Made required changes in the example_test 2021-01-08 06:26:28 -05:00			`if (ret < 0) {`
			`ESP_LOGE(TAG, "esp_tls_conn_read returned [-0x%02X](%s)", -ret, esp_err_to_name(ret));`
			`break;`
examples: Add https_request example 2016-09-21 02:44:27 -04:00			`}`
https_request_example: Updated the example to showcase cacert_buf and global_ca store * Made required changes in the example_test 2021-01-08 06:26:28 -05:00
			`if (ret == 0) {`
			`ESP_LOGI(TAG, "connection closed");`
			`break;`
			`}`

			`len = ret;`
			`ESP_LOGD(TAG, "%d bytes read", len);`
			`/* Print response directly to stdout as it is read */`
			`for (int i = 0; i < len; i++) {`
			`putchar(buf[i]);`
			`}`
			`putchar('\n'); // JSON output doesn't have a newline at end`
			`} while (1);`

			`exit:`
			`esp_tls_conn_delete(tls);`
			`for (int countdown = 10; countdown >= 0; countdown--) {`
			`ESP_LOGI(TAG, "%d...", countdown);`
			`vTaskDelay(1000 / portTICK_PERIOD_MS);`
examples: Add https_request example 2016-09-21 02:44:27 -04:00			`}`
			`}`

examples: add dependency on cert bundle configuration Refactor examples to build with MBEDTLS_CERTIFICATE_BUNDLE disabled. Only examples that can work with certificate bundle disabled have been modified here. 2022-04-04 03:53:18 -04:00			`#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE`
https_request_example: Updated the example to showcase cacert_buf and global_ca store * Made required changes in the example_test 2021-01-08 06:26:28 -05:00			`static void https_get_request_using_crt_bundle(void)`
			`{`
			`ESP_LOGI(TAG, "https_request using crt bundle");`
			`esp_tls_cfg_t cfg = {`
			`.crt_bundle_attach = esp_crt_bundle_attach,`
			`};`
			`https_get_request(cfg);`
			`}`
examples: add dependency on cert bundle configuration Refactor examples to build with MBEDTLS_CERTIFICATE_BUNDLE disabled. Only examples that can work with certificate bundle disabled have been modified here. 2022-04-04 03:53:18 -04:00			`#endif // CONFIG_MBEDTLS_CERTIFICATE_BUNDLE`
https_request_example: Updated the example to showcase cacert_buf and global_ca store * Made required changes in the example_test 2021-01-08 06:26:28 -05:00
			`static void https_get_request_using_cacert_buf(void)`
			`{`
			`ESP_LOGI(TAG, "https_request using cacert_buf");`
			`esp_tls_cfg_t cfg = {`
			`.cacert_buf = (const unsigned char *) server_root_cert_pem_start,`
			`.cacert_bytes = server_root_cert_pem_end - server_root_cert_pem_start,`
			`};`
			`https_get_request(cfg);`
			`}`

			`static void https_get_request_using_global_ca_store(void)`
			`{`
			`esp_err_t esp_ret = ESP_FAIL;`
			`ESP_LOGI(TAG, "https_request using global ca_store");`
			`esp_ret = esp_tls_set_global_ca_store(server_root_cert_pem_start, server_root_cert_pem_end - server_root_cert_pem_start);`
			`if (esp_ret != ESP_OK) {`
			`ESP_LOGE(TAG, "Error in setting the global ca store: [%02X] (%s),could not complete the https_request using global_ca_store", esp_ret, esp_err_to_name(esp_ret));`
			`return;`
			`}`
			`esp_tls_cfg_t cfg = {`
			`.use_global_ca_store = true,`
			`};`
			`https_get_request(cfg);`
			`esp_tls_free_global_ca_store();`
			`}`

			`static void https_request_task(void *pvparameters)`
			`{`
			`ESP_LOGI(TAG, "Start https_request example");`

examples: add dependency on cert bundle configuration Refactor examples to build with MBEDTLS_CERTIFICATE_BUNDLE disabled. Only examples that can work with certificate bundle disabled have been modified here. 2022-04-04 03:53:18 -04:00			`#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE`
https_request_example: Updated the example to showcase cacert_buf and global_ca store * Made required changes in the example_test 2021-01-08 06:26:28 -05:00			`https_get_request_using_crt_bundle();`
examples: add dependency on cert bundle configuration Refactor examples to build with MBEDTLS_CERTIFICATE_BUNDLE disabled. Only examples that can work with certificate bundle disabled have been modified here. 2022-04-04 03:53:18 -04:00			`#endif`
https_request_example: Updated the example to showcase cacert_buf and global_ca store * Made required changes in the example_test 2021-01-08 06:26:28 -05:00			`https_get_request_using_cacert_buf();`
			`https_get_request_using_global_ca_store();`

			`ESP_LOGI(TAG, "Finish https_request example");`
			`vTaskDelete(NULL);`
			`}`

tools: Mass fixing of empty prototypes (for -Wstrict-prototypes) 2019-07-16 05:33:30 -04:00			`void app_main(void)`
examples: Add https_request example 2016-09-21 02:44:27 -04:00			`{`
examples: check return value of nvs_flash_init nvs_flash_init may return an error code in some cases, and applications should check this error code (or at least assert on it being ESP_OK, to make potential issues more immediately obvious). This change modifies all the examples which use NVS to check the error code. Most examples get a simple ESP_ERROR_CHECK assert, while NVS examples, OTA example, and NVS unit tests get a more verbose check which may be used in real applications. 2017-03-14 09:39:44 -04:00			`ESP_ERROR_CHECK( nvs_flash_init() );`
esp_netif, examples: esp_netif_init() moved into ESP_ERROR_CHECK() esp_netif_init() returns standard esp_err_t error code (unlike tcpip_adapter init), so shall be checked for the return value Also to make the initialization code more consistent. 2019-11-29 04:54:02 -05:00			`ESP_ERROR_CHECK(esp_netif_init());`
examples/protocols/http(s,2)_request: use common network component 2019-04-11 06:54:26 -04:00			`ESP_ERROR_CHECK(esp_event_loop_create_default());`

			`/* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.`
			`* Read "Establishing Wi-Fi or Ethernet Connection" section in`
			`* examples/protocols/README.md for more information about this function.`
			`*/`
			`ESP_ERROR_CHECK(example_connect());`

https_request_example: Updated the example to showcase cacert_buf and global_ca store * Made required changes in the example_test 2021-01-08 06:26:28 -05:00			`xTaskCreate(&https_request_task, "https_get_task", 8192, NULL, 5, NULL);`
examples: Add https_request example 2016-09-21 02:44:27 -04:00			`}`