HTTP client without verification with ATECC enabled for TLS issue.

[satsok_n]

I am using ESP-IDF 4.2.1 with ATECC enabled for TLS. In my code, I use ATECC for establishing a TLS connection with a certificate. Now, I want to add an HTTP request to an HTTPS endpoint without certification verification. Below is the code I am using:

Code: Select all

void test()
{	
	esp_http_client_config_t config = {
		.url = url,
		.cert_pem = NULL,
		.event_handler = http_event_handler,   
		.transport_type = HTTP_TRANSPORT_OVER_SSL,       
		.use_global_ca_store = false,
		.skip_cert_common_name_check = true,
	};

	take_atecc_sem();

	esp_http_client_handle_t client = esp_http_client_init(&config);
	if (client == NULL) 
	{
		ESP_LOGE("HTTP", "Failed to initialize client");
		return;
	}

	esp_err_t err = esp_http_client_perform(client);
	
	if (err == ESP_OK) {
		ESP_LOGI("HTTP", "HTTPS request successful, Status = %d", esp_http_client_get_status_code(client));
	} else {
		ESP_LOGE("HTTP", "HTTP request failed: %s", esp_err_to_name(err));
	}
	
	esp_http_client_cleanup(client);
	//soft reset
	atcab_release();
	atcab_init(&cfg_ateccx08a_i2c_default);

	release_atecc_sem();
}

The issue I’m facing is that if I don’t perform a soft reset on the ATECC after deinitializing the HTTP client, or if I only use the ATECC semaphore for esp_http_client_perform(), I get a certificate verification error. It appears that the ATECC retains the client’s settings until it is reinitialized. If I use it for TLS before a soft reset or deinit, it seems to inherit the previous client configuration, causing certificate verification to be skipped.

Is this expected behavior, or could it be a bug?