arduino-libraries · pennam · Oct 16, 2023 · Oct 2, 2023
diff --git a/src/Arduino_ESP32_OTA.cpp b/src/Arduino_ESP32_OTA.cpp
@@ -56,6 +56,7 @@ Arduino_ESP32_OTA::Arduino_ESP32_OTA()
 ,_ota_size(0)
 ,_crc32(0)
 ,_ca_cert{amazon_root_ca}
+,_ca_cert_bundle{nullptr}
 {
 
 }
@@ -85,6 +86,13 @@ void Arduino_ESP32_OTA::setCACert (const char *rootCA)
   }
 }
 
+void Arduino_ESP32_OTA::setCACertBundle (const uint8_t * bundle)
+{
+  if(bundle != nullptr) {
+    _ca_cert_bundle = bundle;
+  }
+}
+
 uint8_t Arduino_ESP32_OTA::read_byte_from_network()
 {
   bool is_http_data_timeout = false;
@@ -118,7 +126,13 @@ int Arduino_ESP32_OTA::download(const char * ota_url)
     port = 80;
   } else if (url.protocol_ == "https") {
     _client = new WiFiClientSecure();
-    static_cast<WiFiClientSecure*>(_client)->setCACert(_ca_cert);
+    if (_ca_cert != nullptr) {
+      static_cast<WiFiClientSecure*>(_client)->setCACert(_ca_cert);
+    } else if (_ca_cert_bundle != nullptr) {
+      static_cast<WiFiClientSecure*>(_client)->setCACertBundle(_ca_cert_bundle);
+    } else {
+      DEBUG_VERBOSE("%s: CA not configured for download client");
+    }
     port = 443;
   } else {
     DEBUG_ERROR("%s: Failed to parse OTA URL %s", __FUNCTION__, ota_url);

diff --git a/src/Arduino_ESP32_OTA.h b/src/Arduino_ESP32_OTA.h
@@ -80,6 +80,7 @@ class Arduino_ESP32_OTA
 
   Arduino_ESP32_OTA::Error begin();
   void setCACert (const char *rootCA);
+  void setCACertBundle(const uint8_t * bundle);
   int download(const char * ota_url);
   uint8_t read_byte_from_network();
   void write_byte_to_flash(uint8_t data);
@@ -93,6 +94,7 @@ class Arduino_ESP32_OTA
   size_t _ota_size;
   uint32_t _crc32;
   const char * _ca_cert;
+  const uint8_t * _ca_cert_bundle;
 };
 
 #endif /* ARDUINO_ESP32_OTA_H_ */