feat(websocket): Make example to use certificate bundle

To easy maintenance, makes the example on websocket client to use
certificate bundle by default.

Author: euripedesrocha

components/esp_websocket_client/examples/target/main/CMakeLists.txt

@@ -10,12 +10,6 @@ set(EMBED_FILES "") # Initialize an empty list for files to embed
         "certs/client_key.pem")
 #endif()
 
-# For testing purpose we are using CA of wss://echo.websocket.events
-#if(CONFIG_WS_OVER_TLS_SERVER_AUTH)
-    list(APPEND EMBED_FILES
-        "certs/ca_certificate_public_domain.pem")
-#endif()
-
 # Register the component with source files, include dirs, and any conditionally added embedded files
 idf_component_register(SRCS "${SRC_FILES}"
                        INCLUDE_DIRS "${INCLUDE_DIRS}"

components/esp_websocket_client/examples/target/main/certs/ca_certificate_public_domain.pem

@@ -19,6 +19,7 @@
 #include "nvs_flash.h"
 #include "esp_event.h"
 #include "protocol_examples_common.h"
+#include "esp_crt_bundle.h"
 
 #include "freertos/FreeRTOS.h"
 #include "freertos/task.h"
@@ -145,6 +146,14 @@ static void websocket_app_start(void)
     websocket_cfg.uri = CONFIG_WEBSOCKET_URI;
 #endif /* CONFIG_WEBSOCKET_URI_FROM_STDIN */
 
+#if CONFIG_WS_OVER_TLS_SERVER_AUTH || CONFIG_WS_OVER_TLS_MUTUAL_AUTH
+    // Using certificate bundle as default server certificate source
+    websocket_cfg.crt_bundle_attach = esp_crt_bundle_attach;
+    // If using a custom certificate it could be added to certificate bundle, added to the build simmilar to client certificates in this examples,
+    // or read from NVS.
+    /* extern const char cacert_start[] asm("ADDED_CERTIFICATE"); */
+    /* websocket_cfg.cert_pem = cacert_start; */
+#endif
 #if CONFIG_WS_OVER_TLS_MUTUAL_AUTH
     /* Configuring client certificates for mutual authentification */
     extern const char cacert_start[] asm("_binary_ca_cert_pem_start"); // CA certificate
@@ -158,9 +167,6 @@ static void websocket_app_start(void)
     websocket_cfg.client_cert_len = cert_end - cert_start;
     websocket_cfg.client_key = key_start;
     websocket_cfg.client_key_len = key_end - key_start;
-#elif CONFIG_WS_OVER_TLS_SERVER_AUTH
-    extern const char cacert_start[] asm("_binary_ca_certificate_public_domain_pem_start"); // CA cert of wss://echo.websocket.event, modify it if using another server
-    websocket_cfg.cert_pem = cacert_start;
 #endif
 
 #if CONFIG_WS_OVER_TLS_SKIP_COMMON_NAME_CHECK

components/esp_websocket_client/examples/target/main/certs/server_cert.pem renamed to components/esp_websocket_client/examples/target/main/certs/server/server_cert.pem

@@ -52,7 +52,7 @@ def send_data(self, data):
     def run(self):
         if self.use_tls is True:
             ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
-            ssl_context.load_cert_chain(certfile='main/certs/server_cert.pem', keyfile='main/certs/server_key.pem')
+            ssl_context.load_cert_chain(certfile='main/certs/server/server_cert.pem', keyfile='main/certs/server/server_key.pem')
             if self.client_verify is True:
                 ssl_context.load_verify_locations(cafile='main/certs/ca_cert.pem')
                 ssl_context.verify = ssl.CERT_REQUIRED

components/esp_websocket_client/examples/target/main/certs/server_key.pem renamed to components/esp_websocket_client/examples/target/main/certs/server/server_key.pem

@@ -13,3 +13,8 @@ CONFIG_EXAMPLE_ETH_PHY_ADDR=1
 CONFIG_EXAMPLE_CONNECT_IPV6=y
 CONFIG_WS_OVER_TLS_MUTUAL_AUTH=y
 CONFIG_WS_OVER_TLS_SKIP_COMMON_NAME_CHECK=y
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN=y
+CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE=y
+CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH="main/certs/server/server_cert.pem"
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_MAX_CERTS=200