-
-
Save igrr/24dd2138e9c8a7daa1b4 to your computer and use it in GitHub Desktop.
| /* | |
| OTA update over HTTPS | |
| As an example, we download and install ESP8266Basic firmware from github. | |
| Requires latest git version of the core (November 17, 2015) | |
| Created by Ivan Grokhotkov, 2015. | |
| This example is in public domain. | |
| */ | |
| #include <ESP8266WiFi.h> | |
| #include <WiFiClientSecure.h> | |
| #include <FS.h> | |
| #include "ESP8266httpUpdate.h" | |
| const char* ssid = ".............."; | |
| const char* password = ".............."; | |
| const char* host = "raw.githubusercontent.com"; | |
| const int httpsPort = 443; | |
| // Use web browser to view and copy | |
| // SHA1 fingerprint of the certificate | |
| const char* fingerprint = "B0 74 BB EF 10 C2 DD 70 89 C8 EA 58 A2 F9 E1 41 00 D3 38 82"; | |
| const char* url = "/esp8266/Basic/master/Flasher/Build/4M/ESP8266Basic.cpp.bin"; | |
| void setup() { | |
| Serial.begin(115200); | |
| Serial.setDebugOutput(true); | |
| WiFi.mode(WIFI_STA); | |
| delay(5000); | |
| Serial.println(); | |
| Serial.print("connecting to "); | |
| Serial.println(ssid); | |
| if (WiFi.SSID() != ssid) { | |
| WiFi.begin(ssid, password); | |
| } | |
| while (WiFi.status() != WL_CONNECTED) { | |
| delay(500); | |
| Serial.print("."); | |
| } | |
| Serial.println(""); | |
| Serial.println("WiFi connected"); | |
| Serial.println("IP address: "); | |
| Serial.println(WiFi.localIP()); | |
| // configure time | |
| configTime(3 * 3600, 0, "pool.ntp.org"); | |
| // Use WiFiClientSecure class to create TLS connection | |
| WiFiClientSecure client; | |
| Serial.print("connecting to "); | |
| Serial.println(host); | |
| if (!client.connect(host, httpsPort)) { | |
| Serial.println("connection failed"); | |
| return; | |
| } | |
| if (client.verify(fingerprint, host)) { | |
| Serial.println("certificate matches"); | |
| } else { | |
| Serial.println("certificate doesn't match"); | |
| return; | |
| } | |
| Serial.print("Starting OTA from: "); | |
| Serial.println(url); | |
| auto ret = ESPhttpUpdate.update(client, host, url); | |
| // if successful, ESP will restart | |
| Serial.println("update failed"); | |
| Serial.println((int) ret); | |
| } | |
| void loop() { | |
| } |
David -- @dknop97 -- You could save the fingerprint in nonvolatile ram.
There is a security problem if you ever get your txt file using http or untrusted https. It could be faked that way. I think a workaround is to have two servers and ask the trusted one to tell you the fingerprint of the other one so you can trust it.
Will we ever be able to verify SSL via signing authorities like browsers do?
David -- @dknop97 -- You could save the fingerprint in nonvolatile ram.
Will we ever be able to verify SSL via signing authorities like browsers do?
I understood your argument about the txt file, but this file is pushed in the endpoint (Amazon Lambda) by the admin of the Database, so I think about the possibilities and don't see the change of the txt file or of your data like a real possibilitie, but I'm justing thinking without any experience in this area, it's another sector of the project, with other people.
Well, I don't know about this possibilities of SSL verification. I'm a noob programmer in this area, so I don't have some experience, just have the desire for learn kkkkkk.
If you - and others - have ideas, let's talk a bit more, but I'm just a young Padawan here.
I have successfully download the bin file from server but unfortunately in between the download,the esp crashes with the exception :esp8266 fatal exception 29(storeprohibited cause).
Need help for this issue.
I was getting the exact same error .... then I humped into an old post from @igrr (Ivan Grokhotkov) ... Ex 29 basically means its getting out of memory, so finish all your download/Update activities before you do any other activity meaning creating new instances of any CLASS. So the best place to do it would be in the first part of setup() or the first statement in the Loop() putting a flag to identify that its the first loop. If you have Global class instances , switch to pointers meaning just assign a pointer variable and later create the actual instance post your download/update activity. This shall ensure nothing is loaded to the memory before the download/Update activity runs....below is an example on what exactly I wanted to say.
Example:
//************OLD CODE EXAMPLE*******************
//______________________________________
WiFiServer server(8080);
void setup() {
//.
//
//.
server.begin();
//Your Download /Update code HERE
//.
//.
}
//_________________________________________
//***************/NEW CODE corresponding would be as below*************
WiFiServer *server = NULL;
void setup() {
//.
//.
//.
//Your Download /Update code HERE
//.
//.
//.
server = new WiFiServer(8080);
server.begin();
}
Refer this HTTPS is working for me https://otaesp8266.blogspot.com/2019/11/https-ota-for-esp8266.html
Hi @hkarthik97, I've tried with that and functioned perfectly. It updates from an HTTPS URL. Well, at least I insert an HTTPS URL when calling the ESPhttpUpdate.update() method and it seems to be working.
But in that code, before attempting to connect the WifiClientSecure object, it calls the method client.setInsecure().
What exactly does the setInsecure() method do? Does it keep using HTTPS protocol or it automatically switches to HTTP?
Thanks in advance!
here is my code that so far works for both esp8266 and esp32
https://github.com/programmer131/ESP8266_ESP32_SelfUpdate
here is my code that so far works for both esp8266 and esp32 https://github.com/programmer131/ESP8266_ESP32_SelfUpdate
Thank @programmer131
Currently I put in my endpoint server a .txt file with the fingerprints, and every day it's actualized. So, in ESP, I made some functions and a rotine to in case of fail, go to the endpoint and make a GET request in the .txt file, analyze the data and push the fingerprints in the variables in my code. It is working very well.
Anyway, I'm still searching for solutions in the ESP code to collect the fingerprints automatically and accepting suggestions/help.
Again, ignore some English errors in my text, I'm improving it yet.