From 472864e7fad06c5ecc44056542112a87af2d603d Mon Sep 17 00:00:00 2001 From: pennam Date: Mon, 2 Oct 2023 12:13:35 +0200 Subject: [PATCH] Add certificate bundle support --- src/Arduino_ESP32_OTA.cpp | 16 +++++++++++++++- src/Arduino_ESP32_OTA.h | 2 ++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/src/Arduino_ESP32_OTA.cpp b/src/Arduino_ESP32_OTA.cpp index d8d80f6..7e33d6a 100644 --- a/src/Arduino_ESP32_OTA.cpp +++ b/src/Arduino_ESP32_OTA.cpp @@ -56,6 +56,7 @@ Arduino_ESP32_OTA::Arduino_ESP32_OTA() ,_ota_size(0) ,_crc32(0) ,_ca_cert{amazon_root_ca} +,_ca_cert_bundle{nullptr} { } @@ -85,6 +86,13 @@ void Arduino_ESP32_OTA::setCACert (const char *rootCA) } } +void Arduino_ESP32_OTA::setCACertBundle (const uint8_t * bundle) +{ + if(bundle != nullptr) { + _ca_cert_bundle = bundle; + } +} + uint8_t Arduino_ESP32_OTA::read_byte_from_network() { bool is_http_data_timeout = false; @@ -118,7 +126,13 @@ int Arduino_ESP32_OTA::download(const char * ota_url) port = 80; } else if (url.protocol_ == "https") { _client = new WiFiClientSecure(); - static_cast(_client)->setCACert(_ca_cert); + if (_ca_cert != nullptr) { + static_cast(_client)->setCACert(_ca_cert); + } else if (_ca_cert_bundle != nullptr) { + static_cast(_client)->setCACertBundle(_ca_cert_bundle); + } else { + DEBUG_VERBOSE("%s: CA not configured for download client"); + } port = 443; } else { DEBUG_ERROR("%s: Failed to parse OTA URL %s", __FUNCTION__, ota_url); diff --git a/src/Arduino_ESP32_OTA.h b/src/Arduino_ESP32_OTA.h index 20c86cd..c88f3f9 100644 --- a/src/Arduino_ESP32_OTA.h +++ b/src/Arduino_ESP32_OTA.h @@ -80,6 +80,7 @@ class Arduino_ESP32_OTA Arduino_ESP32_OTA::Error begin(); void setCACert (const char *rootCA); + void setCACertBundle(const uint8_t * bundle); int download(const char * ota_url); uint8_t read_byte_from_network(); void write_byte_to_flash(uint8_t data); @@ -93,6 +94,7 @@ class Arduino_ESP32_OTA size_t _ota_size; uint32_t _crc32; const char * _ca_cert; + const uint8_t * _ca_cert_bundle; }; #endif /* ARDUINO_ESP32_OTA_H_ */