mirror of
https://github.com/espressif/esp-idf.git
synced 2026-04-27 19:13:21 +00:00
hrushikesh.bhosale
d6596eff3a
Replace howsmyssl.com with letsencrypt.org in the https_x509_bundle example. howsmyssl.com is a third-party server that is frequently unreachable from CI, causing flaky test failures. letsencrypt.org chains to the same ISRG Root X1 CA, so the custom certificate bundle validation coverage is identical. Since letsencrypt.org was already present in the full bundle URL list, remove the duplicate entry and reduce MAX_URLS from 9 to 8. All 6 unique root CAs in the stress test are still covered. For the QEMU stress test, increase per-connection timeout from 30s to 60s and final completion timeout from 60s to 180s. QEMU emulated network is 3-5x slower than real hardware for TLS handshakes. Add flaky markers to hardware tests to handle intermittent CI lab DHCP failures that affect all Ethernet-based tests.
| Supported Targets | ESP32 | ESP32-C2 | ESP32-C3 | ESP32-C5 | ESP32-C6 | ESP32-C61 | ESP32-H2 | ESP32-P4 | ESP32-S2 | ESP32-S3 |
|---|
HTTPS x509 Bundle Example
This example shows how to use the ESP certificate bundle utility to embed a bundle of x509 certificates and use them to establish a simple HTTPS connection over a secure connection. The path of the certificates are specified using menuconfig.
See the README.md file in the upper level 'examples' directory for more information about examples.
Example workflow
- ESP TLS is initialized with the certificate bundle option enabled.
- The application loops through the given URLs, establishing a secure TLS connection to all of them, verifying the server certificate included.
Configure the project
- Open the project configuration menu (
idf.py menuconfig) - Configure Wi-Fi or Ethernet under "Example Connection Configuration" menu. See "Establishing Wi-Fi or Ethernet Connection" section in examples/protocols/README.md for more details.
- If using a different folder than
certsfor storing certificates then updateCustom Certificate Bundle PathunderComponent config-mbedTLS-Certificate Bundle
Build and Flash
Build the project and flash it to the board, then run monitor tool to view serial output:
idf.py -p PORT flash monitor
(To exit the serial monitor, type Ctrl-].)
See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects.
Example Output
I (0) cpu_start: Starting scheduler on APP CPU.
I (491) system_api: Base MAC address is not set, read default base MAC address from BLK0 of EFUSE
I (4051) example_connect: Ethernet Link Up
I (5971) esp_netif_handlers: eth ip: 192.168.2.137, mask: 255.255.255.0, gw: 192.168.2.2
I (5971) example_connect: Connected to Ethernet
I (5971) example_connect: IPv4 address: 192.168.2.137
I (5971) example_connect: IPv6 address: fe80:0000:0000:0000:bedd:c2ff:fed4:a92b
I (5981) example: Connecting to 2 URLs
I (7100) esp-x509-crt-bundle: Certificate validated
I (8371) example: Connection established to https://www.howsmyssl.com/a/check
I (11730) esp-x509-crt-bundle: Certificate validated
I (11821) example: Connection established to https://espressif.com
I (12821) example: Completed 2 connections
I (12821) example: Starting over again...