feat(websocket): Make example to use certificate bundle

euripedesrocha · euripedesrocha · commit 0b8352a583ca · 2024-08-13T11:05:29.000+02:00
To easy maintenance, makes the example on websocket client to use
certificate bundle by default.
diff --git a/components/esp_websocket_client/examples/target/main/CMakeLists.txt b/components/esp_websocket_client/examples/target/main/CMakeLists.txt
@@ -10,12 +10,6 @@ set(EMBED_FILES "") # Initialize an empty list for files to embed
         "certs/client_key.pem")
 #endif()
 
-# For testing purpose we are using CA of wss://echo.websocket.events
-#if(CONFIG_WS_OVER_TLS_SERVER_AUTH)
-    list(APPEND EMBED_FILES
-        "certs/ca_certificate_public_domain.pem")
-#endif()
-
 # Register the component with source files, include dirs, and any conditionally added embedded files
 idf_component_register(SRCS "${SRC_FILES}"
                        INCLUDE_DIRS "${INCLUDE_DIRS}"
diff --git a/components/esp_websocket_client/examples/target/main/certs/ca_certificate_public_domain.pem b/components/esp_websocket_client/examples/target/main/certs/ca_certificate_public_domain.pem
diff --git a/components/esp_websocket_client/examples/target/main/websocket_example.c b/components/esp_websocket_client/examples/target/main/websocket_example.c
@@ -19,6 +19,7 @@
 #include "nvs_flash.h"
 #include "esp_event.h"
 #include "protocol_examples_common.h"
+#include "esp_crt_bundle.h"
 
 #include "freertos/FreeRTOS.h"
 #include "freertos/task.h"
@@ -145,6 +146,14 @@ static void websocket_app_start(void)
     websocket_cfg.uri = CONFIG_WEBSOCKET_URI;
 #endif /* CONFIG_WEBSOCKET_URI_FROM_STDIN */
 
+#if CONFIG_WS_OVER_TLS_SERVER_AUTH || CONFIG_WS_OVER_TLS_MUTUAL_AUTH
+    // Using certificate bundle as default server certificate source
+    websocket_cfg.crt_bundle_attach = esp_crt_bundle_attach;
+    // If using a custom certificate it could be added to certificate bundle, added to the build simmilar to client certificates in this examples,
+    // or read from NVS.
+    /* extern const char cacert_start[] asm("ADDED_CERTIFICATE"); */
+    /* websocket_cfg.cert_pem = cacert_start; */
+#endif
 #if CONFIG_WS_OVER_TLS_MUTUAL_AUTH
     /* Configuring client certificates for mutual authentification */
     extern const char cacert_start[] asm("_binary_ca_cert_pem_start"); // CA certificate
@@ -158,9 +167,6 @@ static void websocket_app_start(void)
     websocket_cfg.client_cert_len = cert_end - cert_start;
     websocket_cfg.client_key = key_start;
     websocket_cfg.client_key_len = key_end - key_start;
-#elif CONFIG_WS_OVER_TLS_SERVER_AUTH
-    extern const char cacert_start[] asm("_binary_ca_certificate_public_domain_pem_start"); // CA cert of wss://echo.websocket.event, modify it if using another server
-    websocket_cfg.cert_pem = cacert_start;
 #endif
 
 #if CONFIG_WS_OVER_TLS_SKIP_COMMON_NAME_CHECK
