2022-3-19 add ota for https option skip cert

27_ota_https_skip_cert_option/.gitignore

@@ -0,0 +1,97 @@
+.config
+*.o
+*.pyc
+
+# gtags
+GTAGS
+GRTAGS
+GPATH
+
+# emacs
+.dir-locals.el
+
+# emacs temp file suffixes
+*~
+.#*
+\#*#
+
+# eclipse setting
+.settings
+
+# MacOS directory files
+.DS_Store
+
+# Components Unit Test Apps files
+components/**/build
+components/**/sdkconfig
+components/**/sdkconfig.old
+
+# Example project files
+examples/**/sdkconfig
+examples/**/sdkconfig.old
+examples/**/build
+
+# Doc build artifacts
+docs/_build/
+docs/doxygen_sqlite3.db
+
+# Downloaded font files
+docs/_static/DejaVuSans.ttf
+docs/_static/NotoSansSC-Regular.otf
+
+# Unit test app files
+tools/unit-test-app/sdkconfig
+tools/unit-test-app/sdkconfig.old
+tools/unit-test-app/build
+tools/unit-test-app/builds
+tools/unit-test-app/output
+tools/unit-test-app/test_configs
+
+# Unit Test CMake compile log folder
+log_ut_cmake
+
+# test application build files
+tools/test_apps/**/build
+tools/test_apps/**/sdkconfig
+tools/test_apps/**/sdkconfig.old
+
+# IDF monitor test
+tools/test_idf_monitor/outputs
+
+TEST_LOGS
+
+# gcov coverage reports
+*.gcda
+*.gcno
+coverage.info
+coverage_report/
+
+test_multi_heap_host
+
+# VS Code Settings
+.vscode/
+
+# VIM files
+*.swp
+*.swo
+
+# Clion IDE CMake build & config
+.idea/
+cmake-build-*/
+
+# Results for the checking of the Python coding style and static analysis
+.mypy_cache
+flake8_output.txt
+
+# ESP-IDF default build directory name
+build
+
+# lock files for examples and components
+dependencies.lock
+
+# managed_components for examples
+managed_components
+
+# self config
+sdkconfig
+sdkconfig.old

27_ota_https_skip_cert_option/2m_ota_partitions.csv

@@ -0,0 +1,7 @@
+# Name,   Type, SubType, Offset,   Size, Flags
+# Note: if you change the phy_init or app partition offset, make sure to change the offset in Kconfig.projbuild
+nvs,      data, nvs,     0x9000,  0x4000
+otadata,  data, ota,     0xd000,  0x2000
+phy_init, data, phy,     0xf000,  0x1000
+ota_0,    0,    ota_0,   0x10000, 0xF0000
+ota_1,    0,    ota_1,   0x110000,0xF0000

27_ota_https_skip_cert_option/CMakeLists.txt

@@ -0,0 +1,9 @@
+# The following lines of boilerplate have to be in your project's
+# CMakeLists in this exact order for cmake to work correctly
+cmake_minimum_required(VERSION 3.5)
+# (Not part of the boilerplate)
+# This example uses an extra component for common functions such as Wi-Fi and Ethernet connection.
+set(EXTRA_COMPONENT_DIRS $ENV{IDF_PATH}/examples/common_components/protocol_examples_common)
+
+include($ENV{IDF_PATH}/tools/cmake/project.cmake)
+project(hello-world)

27_ota_https_skip_cert_option/Makefile

@@ -0,0 +1,8 @@
+#
+# This is a project Makefile. It is assumed the directory this Makefile resides in is a
+# project subdirectory.
+#
+
+PROJECT_NAME := hello-world
+
+include $(IDF_PATH)/make/project.mk

27_ota_https_skip_cert_option/README.md

@@ -0,0 +1,63 @@
+# 【OTA HTTP(S)】无线远程升级支持跳过证书升级
+
+本工程由半颗心脏编程并开源，使用的主要协议栈有 mbedtls 和 esp_ota 。
+
+源码地址：https://github.com/xuhongv/StudyInEsp32/tree/master/27_ota_https_skip_cert_option
+
+# 硬件要求
+
+安信可在售 ESP32/S3/C3 模组
+
+# 软件版本
+
+esp-idf  版本:  
+
+```
+commit 8ffddf53bc9cb0c36d1949476e244b202f3b42d2 (origin/release/v4.3)
+```
+# 如何使用此Demo
+- 先配置路由器信息。
+- 修改ota文件的URL，并且修改是否需要跳过证书。
+# API 说明
+
+见注释：
+
+```
+  typedef enum
+    {
+        OTA_CERT_SSL_VERIFY_NONE = 0, // 不校验证书,直接通过
+        OTA_CERT_SSL_VERIFY_OPTIONAL, // 校验证书并给出结果，由用户决定是否继续请求
+        OTA_CERT_SSL_VERIFY_REQUIRED, // 校验证书并给出结果，必须证书通过才继续请求
+    } ota_ssl_cert_verify_set_t;
+
+    /**
+     * @brief otas_http_client_config configuration
+     */
+  typedef struct
+  {
+        const char *url;
+        ota_ssl_cert_verify_set_t cert_set;
+        bool skip_ssl_cert_set; //是否跳过证书认证，仅当 ota_ssl_cert_verify_set_t 为 OTA_CERT_SSL_VERIFY_OPTIONAL有效
+        int url_length;
+  } otas_http_client_config;
+    
+ esp_err_t start_https_ota(const otas_http_client_config *config);
+```
+
+# 常见问题 FAQ
+
+### 1. 如何替换证书？
+
+请把域名证书替换 https_ota\cert\server_root_cert.pem 里面内容即可。
+
+### 2. 如何支持HTTPS连接，但不做证书校验？
+
+参数开始时候，请把 cert_set 设置为 OTA_CERT_SSL_VERIFY_OPTIONAL ，把 skip_ssl_cert_set设置为 false 。
+```
+ .cert_set = OTA_CERT_SSL_VERIFY_OPTIONAL,
+ .skip_ssl_cert_set = false,
+```
+
+
+
+

27_ota_https_skip_cert_option/components/https_ota/CMakeLists.txt

@@ -0,0 +1,13 @@
+# set(require_components ${IDF_TARGET} mqtt mdns esp_http_client json freertos spiffs lwip
+#     bootloader_support app_update openssl wpa_supplicant spi_flash esp_http_server bt esp32c3 esp32)
+
+set(require_components ${IDF_TARGET} app_update freertos lwip mbedtls lwip nghttp)
+
+file(GLOB_RECURSE src src/*.c)
+
+idf_component_register (
+    SRCS ${src}
+    INCLUDE_DIRS "include"
+    REQUIRES ${require_components}
+    EMBED_TXTFILES  cert/server_root_cert.pem
+)

27_ota_https_skip_cert_option/components/https_ota/cert/server_root_cert.pem

@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----

27_ota_https_skip_cert_option/components/https_ota/component.mk

@@ -0,0 +1,6 @@
+
+COMPONENT_SRCDIRS := src
+
+COMPONENT_ADD_INCLUDEDIRS := include
+
+COMPONENT_EMBED_TXTFILES := cert/server_root_cert.pem

27_ota_https_skip_cert_option/components/https_ota/include/https_ota.h

@@ -0,0 +1,53 @@
+/*
+ * @Author: https://github.com/xuhongv
+ * @Date: 2022-03-18 07:41:55
+ * @LastEditTime: 2022-03-19 14:06:52
+ * @LastEditors: Please set LastEditors
+ * @Description: ota https 头文件
+ */
+
+#pragma once
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+    typedef enum
+    {
+        OTA_CERT_SSL_VERIFY_NONE = 0, // 不校验证书,直接通过
+        OTA_CERT_SSL_VERIFY_OPTIONAL, // 校验证书并给出结果，由用户决定是否继续请求
+        OTA_CERT_SSL_VERIFY_REQUIRED, // 校验证书并给出结果，必须证书通过才继续请求
+    } ota_ssl_cert_verify_set_t;
+
+    /**
+     * @brief otas_http_client_config configuration
+     */
+    typedef struct
+    {
+        const char *url;
+        ota_ssl_cert_verify_set_t cert_set;
+        bool skip_ssl_cert_set; //是否跳过证书认证，仅当 ota_ssl_cert_verify_set_t 为 OTA_CERT_SSL_VERIFY_OPTIONAL有效
+
+        int url_length;
+
+    } otas_http_client_config;
+
+    typedef struct
+    {
+
+        char path[100];
+
+        char version[20];
+        int port;
+        char token[80];
+        char host[20];
+
+    } ota_info;
+    ota_info ota_info_item;
+
+    esp_err_t start_https_ota(const otas_http_client_config *config);
+
+#ifdef __cplusplus
+}
+#endif