feat(websocket): Make example to use certificate bundle

To easy maintenance, makes the example on websocket client to use certificate bundle by default.
espressif · Aug 19, 2024 · 0adde4e · 0adde4e
1 parent 22c35dd
commit 0adde4e
Show file tree

Hide file tree

Showing 6 changed files with 8 additions and 39 deletions.
diff --git a/components/esp_websocket_client/examples/target/main/CMakeLists.txt b/components/esp_websocket_client/examples/target/main/CMakeLists.txt
@@ -10,12 +10,6 @@ set(EMBED_FILES "") # Initialize an empty list for files to embed
         "certs/client_key.pem")
 #endif()
 
-# For testing purpose we are using CA of wss://echo.websocket.events
-#if(CONFIG_WS_OVER_TLS_SERVER_AUTH)
-    list(APPEND EMBED_FILES
-        "certs/ca_certificate_public_domain.pem")
-#endif()
-
 # Register the component with source files, include dirs, and any conditionally added embedded files
 idf_component_register(SRCS "${SRC_FILES}"
                        INCLUDE_DIRS "${INCLUDE_DIRS}"

diff --git a/components/esp_websocket_client/examples/target/main/certs/ca_certificate_public_domain.pem b/components/esp_websocket_client/examples/target/main/certs/ca_certificate_public_domain.pem
diff --git a/...xamples/target/main/certs/server_cert.pem → .../target/main/certs/server/server_cert.pem b/...xamples/target/main/certs/server_cert.pem → .../target/main/certs/server/server_cert.pem
diff --git a/...examples/target/main/certs/server_key.pem → ...s/target/main/certs/server/server_key.pem b/...examples/target/main/certs/server_key.pem → ...s/target/main/certs/server/server_key.pem
diff --git a/components/esp_websocket_client/examples/target/main/websocket_example.c b/components/esp_websocket_client/examples/target/main/websocket_example.c
@@ -19,6 +19,7 @@
 #include "nvs_flash.h"
 #include "esp_event.h"
 #include "protocol_examples_common.h"
+#include "esp_crt_bundle.h"
 
 #include "freertos/FreeRTOS.h"
 #include "freertos/task.h"
@@ -159,8 +160,12 @@ static void websocket_app_start(void)
     websocket_cfg.client_key = key_start;
     websocket_cfg.client_key_len = key_end - key_start;
 #elif CONFIG_WS_OVER_TLS_SERVER_AUTH
-    extern const char cacert_start[] asm("_binary_ca_certificate_public_domain_pem_start"); // CA cert of wss://echo.websocket.event, modify it if using another server
-    websocket_cfg.cert_pem = cacert_start;
+    // Using certificate bundle as default server certificate source
+    websocket_cfg.crt_bundle_attach = esp_crt_bundle_attach;
+    // If using a custom certificate it could be added to certificate bundle, added to the build similar to client certificates in this examples,
+    // or read from NVS.
+    /* extern const char cacert_start[] asm("ADDED_CERTIFICATE"); */
+    /* websocket_cfg.cert_pem = cacert_start; */
 #endif
 
 #if CONFIG_WS_OVER_TLS_SKIP_COMMON_NAME_CHECK

diff --git a/components/esp_websocket_client/examples/target/pytest_websocket.py b/components/esp_websocket_client/examples/target/pytest_websocket.py
@@ -52,7 +52,7 @@ def send_data(self, data):
     def run(self):
         if self.use_tls is True:
             ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
-            ssl_context.load_cert_chain(certfile='main/certs/server_cert.pem', keyfile='main/certs/server_key.pem')
+            ssl_context.load_cert_chain(certfile='main/certs/server/server_cert.pem', keyfile='main/certs/server/server_key.pem')
             if self.client_verify is True:
                 ssl_context.load_verify_locations(cafile='main/certs/ca_cert.pem')
                 ssl_context.verify = ssl.CERT_REQUIRED