Experiement with global CA store

hhvrc · hhvrc · commit 6b85a36902c2 · 2025-12-17T14:02:56.000+01:00
diff --git a/src/http/HTTPClientState.cpp b/src/http/HTTPClientState.cpp
@@ -32,7 +32,7 @@ HTTP::HTTPClientState::HTTPClientState(const char* url, uint32_t timeoutMs)
   cfg.transport_type        = HTTP_TRANSPORT_OVER_SSL;
   cfg.user_data             = reinterpret_cast<void*>(this);
   cfg.is_async              = false;
-  cfg.use_global_ca_store   = false;
+  cfg.use_global_ca_store   = true;
 
   m_handle = esp_http_client_init(&cfg);
 }
diff --git a/src/main.cpp b/src/main.cpp
@@ -19,6 +19,8 @@ const char* const TAG = "main";
 
 #include <Arduino.h>
 
+#include <esp_tls.h>
+
 #include <memory>
 
 // Internal setup function, returns true if setup succeeded, false otherwise.
@@ -89,11 +91,17 @@ void appSetup()
   }
 }
 
+extern const uint8_t* global_ca_crt_bundle_start  asm("_binary_certificates_x509_crt_bundle_start");
+extern const uint8_t* global_ca_crt_bundle_end    asm("_binary_certificates_x509_crt_bundle_end");
+
 // Arduino setup function
 void setup()
 {
   ::Serial.begin(115'200);
 
+  esp_tls_init_global_ca_store();
+  esp_tls_set_global_ca_store(global_ca_crt_bundle_start, static_cast<uint32_t>(global_ca_crt_bundle_end - global_ca_crt_bundle_start));
+
   OpenShock::Config::Init();
 
   if (!OpenShock::Events::Init()) {

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@ HTTP::HTTPClientState::HTTPClientState(const char* url, uint32_t timeoutMs)`
`32`	`32`	`cfg.transport_type = HTTP_TRANSPORT_OVER_SSL;`
`33`	`33`	`cfg.user_data = reinterpret_cast<void*>(this);`
`34`	`34`	`cfg.is_async = false;`
`35`		`- cfg.use_global_ca_store = false;`
	`35`	`+ cfg.use_global_ca_store = true;`
`36`	`36`
`37`	`37`	`m_handle = esp_http_client_init(&cfg);`
`38`	`38`	`}`