From 3b1f1febc82a41315cbcfd4be8cb298624a68a7d Mon Sep 17 00:00:00 2001 From: Aditya Patwardhan Date: Wed, 13 Apr 2022 05:00:52 +0530 Subject: [PATCH] http2_request_example: Use esp_crt_bundle instead of hardcoded root certificate in order to avoid frequent failure of the example due to shift in CA chain --- .../http2_request/main/CMakeLists.txt | 3 +- .../main/http2_github_io_root_cert.pem | 28 ------------------- .../main/http2_request_example_main.c | 13 +++++---- .../http2_request/sdkconfig.defaults | 1 + 4 files changed, 9 insertions(+), 36 deletions(-) delete mode 100644 examples/protocols/http2_request/main/http2_github_io_root_cert.pem create mode 100644 examples/protocols/http2_request/sdkconfig.defaults diff --git a/examples/protocols/http2_request/main/CMakeLists.txt b/examples/protocols/http2_request/main/CMakeLists.txt index a450362baa..40f03c8800 100644 --- a/examples/protocols/http2_request/main/CMakeLists.txt +++ b/examples/protocols/http2_request/main/CMakeLists.txt @@ -1,3 +1,2 @@ idf_component_register(SRCS "http2_request_example_main.c" - INCLUDE_DIRS "." - EMBED_TXTFILES "http2_github_io_root_cert.pem") + INCLUDE_DIRS ".") diff --git a/examples/protocols/http2_request/main/http2_github_io_root_cert.pem b/examples/protocols/http2_request/main/http2_github_io_root_cert.pem deleted file mode 100644 index 8c4c741058..0000000000 --- a/examples/protocols/http2_request/main/http2_github_io_root_cert.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEsTCCA5mgAwIBAgIQBOHnpNxc8vNtwCtCuF0VnzANBgkqhkiG9w0BAQsFADBs -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j -ZSBFViBSb290IENBMB4XDTEzMTAyMjEyMDAwMFoXDTI4MTAyMjEyMDAwMFowcDEL -MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 -LmRpZ2ljZXJ0LmNvbTEvMC0GA1UEAxMmRGlnaUNlcnQgU0hBMiBIaWdoIEFzc3Vy -YW5jZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2 -4C/CJAbIbQRf1+8KZAayfSImZRauQkCbztyfn3YHPsMwVYcZuU+UDlqUH1VWtMIC -Kq/QmO4LQNfE0DtyyBSe75CxEamu0si4QzrZCwvV1ZX1QK/IHe1NnF9Xt4ZQaJn1 -itrSxwUfqJfJ3KSxgoQtxq2lnMcZgqaFD15EWCo3j/018QsIJzJa9buLnqS9UdAn -4t07QjOjBSjEuyjMmqwrIw14xnvmXnG3Sj4I+4G3FhahnSMSTeXXkgisdaScus0X -sh5ENWV/UyU50RwKmmMbGZJ0aAo3wsJSSMs5WqK24V3B3aAguCGikyZvFEohQcft -bZvySC/zA/WiaJJTL17jAgMBAAGjggFJMIIBRTASBgNVHRMBAf8ECDAGAQH/AgEA -MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw -NAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy -dC5jb20wSwYDVR0fBEQwQjBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29t -L0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDA9BgNVHSAENjA0MDIG -BFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ -UzAdBgNVHQ4EFgQUUWj/kK8CB3U8zNllZGKiErhZcjswHwYDVR0jBBgwFoAUsT7D -aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABiKlYkD5m3fXPwd -aOpKj4PWUS+Na0QWnqxj9dJubISZi6qBcYRb7TROsLd5kinMLYBq8I4g4Xmk/gNH -E+r1hspZcX30BJZr01lYPf7TMSVcGDiEo+afgv2MW5gxTs14nhr9hctJqvIni5ly -/D6q1UEL2tU2ob8cbkdJf17ZSHwD2f2LSaCYJkJA69aSEaRkCldUxPUd1gJea6zu -xICaEnL6VpPX/78whQYwvwt/Tv9XBZ0k7YXDK/umdaisLRbvfXknsuvCnQsH6qqF -0wGjIChBWUMo0oHjqvbsezt3tkBigAVBRQHvFwY+3sAzm2fTYS5yh+Rp/BIAV0Ae -cPUeybQ= ------END CERTIFICATE----- diff --git a/examples/protocols/http2_request/main/http2_request_example_main.c b/examples/protocols/http2_request/main/http2_request_example_main.c index 5dce7dbbda..c7efd6c52c 100644 --- a/examples/protocols/http2_request/main/http2_request_example_main.c +++ b/examples/protocols/http2_request/main/http2_request_example_main.c @@ -22,13 +22,12 @@ #include "nvs_flash.h" #include "protocol_examples_common.h" #include "esp_netif.h" +#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE +#include "esp_crt_bundle.h" +#endif #include "sh2lib.h" - -extern const uint8_t server_root_cert_pem_start[] asm("_binary_http2_github_io_root_cert_pem_start"); -extern const uint8_t server_root_cert_pem_end[] asm("_binary_http2_github_io_root_cert_pem_end"); - /* The HTTP/2 server to connect to */ #define HTTP2_SERVER_URI "https://http2.github.io" /* A GET request that keeps streaming current time every second */ @@ -102,10 +101,12 @@ static void http2_task(void *args) /* HTTP2: one connection multiple requests. Do the TLS/TCP connection first */ printf("Connecting to server\n"); + struct sh2lib_config_t cfg = { .uri = HTTP2_SERVER_URI, - .cacert_buf = server_root_cert_pem_start, - .cacert_bytes = server_root_cert_pem_end - server_root_cert_pem_start, +#if CONFIG_MBEDTLS_CERTIFICATE_BUNDLE + .crt_bundle_attach = esp_crt_bundle_attach, +#endif }; struct sh2lib_handle hd; diff --git a/examples/protocols/http2_request/sdkconfig.defaults b/examples/protocols/http2_request/sdkconfig.defaults new file mode 100644 index 0000000000..998be296ee --- /dev/null +++ b/examples/protocols/http2_request/sdkconfig.defaults @@ -0,0 +1 @@ +CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=y