Merge pull request #112 from arduino/tls-file-download

pennam · web-flow · commit e4f7d3294ed0 · 2025-03-24T17:03:01.000+01:00
downloadAndSaveFile: allow tls using certificate bundle
diff --git a/main/http_client.c b/main/http_client.c
@@ -5,6 +5,8 @@
 #include <stdio.h>
 
 #include "esp_http_client.h"
+#include "esp_partition.h"
+#include "esp_crt_bundle.h"
 
 #define MAX_HTTP_RECV_BUFFER 	128
 
@@ -18,10 +20,38 @@ int downloadAndSaveFile(char * url, FILE * f, const char * cert_pem)
   }
   esp_http_client_config_t config = {
     .url = url,
-    .cert_pem = cert_pem,
     .timeout_ms = 20000,
   };
 
+  spi_flash_mmap_handle_t handle;
+  const unsigned char* certs_data = NULL;
+
+  if(cert_pem != NULL) {
+    config.cert_pem = cert_pem;
+  } else {
+    config.crt_bundle_attach = esp_crt_bundle_attach;
+
+    const esp_partition_t* part = esp_partition_find_first(ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_ANY, "certs");
+    if (part == NULL) {
+      return 0;
+    }
+
+    int ret = esp_partition_mmap(part, 0, part->size, SPI_FLASH_MMAP_DATA, (const void**)&certs_data, &handle);
+    if (ret != ESP_OK) {
+      return 0;
+    }
+
+    ret = esp_crt_bundle_attach(&config);
+    if (ret != ESP_OK) {
+      return 0;
+    }
+
+    ret = esp_crt_bundle_set(certs_data, CRT_BUNDLE_SIZE);
+    if (ret != ESP_OK) {
+      return 0;
+    }
+  }
+
   esp_http_client_handle_t client = esp_http_client_init(&config);
   esp_err_t err;
   if ((err = esp_http_client_open(client, 0)) != ESP_OK) {
@@ -43,7 +73,7 @@ int downloadAndSaveFile(char * url, FILE * f, const char * cert_pem)
   ESP_LOGV(TAG, "connection closed, cleaning up, total %d bytes received", total_read_len);
   esp_http_client_close(client);
   esp_http_client_cleanup(client);
-  free(buffer);	
+  free(buffer);
 
   return 0;
 }
