[SOLVED] Connection to website over HTTPS protocol

[filo_gr]

Hello,

I need to connect my esp32 to a website.
The protocol used is of the HTTPS type.
However I'm encountering problems on the connection to the website. In particular, to obtain the OK response from the website (code 200), I need to send an header.
One example I found doesn't use headers (https_request). Searching docs I see that headers are included through the esp_http_client_set_header() function.
So I think I need this code:

Code: Untitled.c Select all

#define MAX_HTTP_RECV_BUFFER 512

#define MAX_HTTP_OUTPUT_BUFFER 2048



/* Constants that aren't configurable in menuconfig */

#define WEB_PORT "443"

#define WEB_URL "https://put_a_website.com"



static const char *TAG = "example";



static void https(void)

{

    esp_http_client_config_t config = {

        .url = WEB_URL,

        .transport_type = HTTP_TRANSPORT_OVER_SSL,

        .cert_pem = esp_crt_bundle_attach,

    };

    esp_http_client_handle_t client = esp_http_client_init(&config);

    esp_http_client_set_url(client, WEB_URL);

    esp_http_client_set_header(client, "header1",

                               "header2");

    esp_err_t err = esp_http_client_perform(client);

    if (err == ESP_OK)

    {

        ESP_LOGI(TAG, "Status = %d, content_length = %d",

        esp_http_client_get_status_code(client),

        esp_http_client_get_content_length(client));

    }

    else

    {

        ESP_LOGE(TAG, "Error perform http request %s", esp_err_to_name(err));

    }

    esp_http_client_cleanup(client);

}



void app_main(void)

{

    ESP_ERROR_CHECK( nvs_flash_init() );

    ESP_ERROR_CHECK(esp_netif_init());

    ESP_ERROR_CHECK(esp_event_loop_create_default());



    /* This helper function configures Wi-Fi or Ethernet, as selected in menuconfig.

     * Read "Establishing Wi-Fi or Ethernet Connection" section in

     * examples/protocols/README.md for more information about this function.

     */

    ESP_ERROR_CHECK(example_connect());

    https();

}

Here I have a warning when I use .cert_pem = esp_crt_bundle_attach, because

Code: Select all

initialization of  'const char *' from incompatible pointer type 'esp_err_t (*)(void *)' {aka 'int (*)(void *)'}

and returns a Guru Meditation Error if I run the code.
I saw this on one of the examples, I can't understand why I have this problem (I enabled the certificate bundle from menuconfig).

If I remove the line above, I run the code but this time I obtain the following output:

Code: Select all

W (4726) wifi:<ba-add>idx:1 (ifx:0, 30:b5:c2:fe:36:60), tid:4, ssn:0, winSize:64
E (4756) esp-tls-mbedtls: No server verification option set in esp_tls_cfg_t structure. Check esp_tls API reference
E (4756) esp-tls-mbedtls: Failed to set client configurations
E (4766) esp-tls: create_ssl_handle failed
E (4766) esp-tls: Failed to open new connection
E (4776) TRANS_SSL: Failed to open a new connection
E (4776) HTTP_CLIENT: Connection failed, sock < 0
E (4786) example: Error perform http request ESP_ERR_HTTP_CONNECT

How could I solve the problem? I'm not able to understand what's the wrong step...

[Sprite]

The .cert_pem member is a pointer to a cert, not a callback. What you want is .crt_bundle_attach=esp_crt_bundle_attach instead.

[filo_gr]

The .cert_pem member is a pointer to a cert, not a callback. What you want is .crt_bundle_attach=esp_crt_bundle_attach instead.

Ok, but this is possible using another struct and other instructinos:

Code: Untitled.cpp Select all

esp_tls_cfg_t cfg = {

        .crt_bundle_attach = esp_crt_bundle_attach,

};



struct esp_tls *tls = esp_tls_conn_http_new(web_urls[i], &cfg);

I mean, is it convenient to create the esp_http_client_config_t instead of esp_tls_cfg_t ?
Can they work toghether, or should I use only one of the two structs?

[filo_gr]

Also, as mentioned above, inside the esp_http_client example, there is the following function:

Code: Untitled.cpp Select all

static void https_with_url(void)

{

    esp_http_client_config_t config = {

        .url = "https://www.howsmyssl.com",

        .event_handler = _http_event_handler,

        .crt_bundle_attach = esp_crt_bundle_attach,

    };

    esp_http_client_handle_t client = esp_http_client_init(&config);

    esp_err_t err = esp_http_client_perform(client);



    if (err == ESP_OK) {

        ESP_LOGI(TAG, "HTTPS Status = %d, content_length = %d",

                esp_http_client_get_status_code(client),

                esp_http_client_get_content_length(client));

    } else {

        ESP_LOGE(TAG, "Error perform http request %s", esp_err_to_name(err));

    }

    esp_http_client_cleanup(client);

}

Indeed I see .crt_bundle_attach = esp_crt_bundle_attach, reported as an error from the compiler.

[Sprite]

As far as I checked, the esp_http_client should accept that parameter... are you sure you're not using an example from a newer esp-idf against an older esp-idf version?

[filo_gr]

As far as I checked, the esp_http_client should accept that parameter... are you sure you're not using an example from a newer esp-idf against an older esp-idf version?

I think my example corresponds to the Espressif's example on Github https://github.com/espressif/esp-idf/bl ... _example.c

I use ESP-IDF v4.3. Inside the example I see:

Picture of what I see.

error.PNG (6.21 KiB) Viewed 19864 times

The error when I compile is:

Code: Select all

../main/esp_http_client_example.c: In function 'https_with_url':
../main/esp_http_client_example.c:375:10: error: 'esp_http_client_config_t' {aka 'struct <anonymous>'} has no member named 'crt_bundle_attach'
         .crt_bundle_attach = esp_crt_bundle_attach,
          ^~~~~~~~~~~~~~~~~
../main/esp_http_client_example.c:375:30: error: incompatible types when initializing type 'enum <anonymous>' using type 'esp_err_t (*)(void *)' {aka 'int (*)(void *)'}
         .crt_bundle_attach = esp_crt_bundle_attach,
                              ^~~~~~~~~~~~~~~~~~~~~
ninja: build stopped: subcommand failed.

[filo_gr]

Solution not found yet.
I only saw that if I use a specific certificate all works well. However I should use the bundle to test if it works anyway.

[Sprite]

That confirms that then: you're looking at the example in the master branch. The 4.3 example does not have that, which indicates this is probably added after v4.3. If you're good with only one certificate, you can indeed follow that example.

[filo_gr]

That confirms that then: you're looking at the example in the master branch. The 4.3 example does not have that, which indicates this is probably added after v4.3. If you're good with only one certificate, you can indeed follow that example.

Thank you! Hence I understand we have to wait for the stable release if we want these features (or we should checkout to master branch).

[filo_gr]

I can't understand how could I connect my ESP32 to a website for which I don't own the SSL certificate (to check the signature).
Is it possible or it will be implemented in a next release?