3

I am making a post request from my ESP32 S2 Kaluga kit. I have tested the HTTP request while running a server program in my LAN. I am using esp_http_client_handle_t and esp_http_client_config_t from esp_http_client.h to do this.

Now, I have a HTTPS api setup in AWS API gateway. I get following error with https now:

E (148961) esp-tls-mbedtls: No server verification option set in esp_tls_cfg_t structure. Check esp_tls API reference
E (148961) esp-tls-mbedtls: Failed to set client configurations, returned [0x8017] (ESP_ERR_MBEDTLS_SSL_SETUP_FAILED)
E (148971) esp-tls: create_ssl_handle failed
E (148981) esp-tls: Failed to open new connection
E (148981) TRANSPORT_BASE: Failed to open a new connection
E (148991) HTTP_CLIENT: Connection failed, sock < 0

How can I solve this? Thank you

Edit: Following is the code I use I create a http client for post request:

esp_err_t client_event_get_handler(esp_http_client_event_handle_t evt)
{
    switch (evt->event_id)
    {
    case HTTP_EVENT_ON_DATA:
        printf("HTTP GET EVENT DATA: %s", (char *)evt->data);
        break;
    
    default:
        break;
    }
    return ESP_OK;
}

static void post_rest_function( char *payload , int len)
{
    esp_http_client_config_t config_post = {
        .url = SERVER_URL,
        .method = HTTP_METHOD_POST,
        .event_handler = client_event_get_handler,
        .auth_type = HTTP_AUTH_TYPE_NONE,
        .transport_type = HTTP_TRANSPORT_OVER_TCP
    };

    esp_http_client_handle_t client = esp_http_client_init(&config_post);
    
    esp_http_client_set_post_field(client, payload, len);
    esp_http_client_set_header(client, "Content-Type", "image/jpeg");

    esp_http_client_perform(client);
    esp_http_client_cleanup(client);
}

and I use it in main with an image payload:

void app_main(){
....
post_rest_function( (char *)pic->buf, pic->len);
....
}
Brotchu
  • 115
  • 1
  • 8
  • Please share the code that produces this output. Describing code is useless, sharing it is useful. Without it we're just guessing what you're doing. Please edit the question to include a [minimal, reproducible example](https://stackoverflow.com/help/minimal-reproducible-example) that demonstrates the problem - a complete, compilable program that has just the code needed that produces this problem. It's fine if you redact secrets, passwords, API keys, but we need the actual code to see what you're actually doing. – romkey Mar 25 '22 at 16:20
  • Hi, I have added the code I use to create the http client – Brotchu Mar 26 '22 at 11:47

2 Answers2

4

Additionally, you may choose to include the certificates to make sure that your transfer is safe (valid server).

You can obtain the root SSL certificate of your host like so watch through till 56 minute mark for a complete explanation.

OR you may use the included certificate bundle that espressif provides in the IDF framework, for that:

In your code include #include "esp_crt_bundle.h" and in your client_config_t add these:

.transport_type = HTTP_TRANSPORT_OVER_SSL,  //Specify transport type
.crt_bundle_attach = esp_crt_bundle_attach, //Attach the certificate bundle

after which the process remains quite the same.

The video I linked above is quite helpful, I recommend you watch the whole thing :)

Nikhil Sekhar
  • 41
  • 3
1

You need certificate to make https requests. In case you dont want to implement this, just edit your sdkconfig "Allow potentially insecure options" -> true

"Skip server certificate verification by default" -> true

Careful, this is unsafe.

lurker
  • 56,987
  • 9
  • 69
  • 103
rafael ache
  • 26
  • 1
  • Do you add these to the skdconfig? I have following in skdconfig in http client section ` # ESP HTTP client # CONFIG_ESP_HTTP_CLIENT_ENABLE_HTTPS=y # CONFIG_ESP_HTTP_CLIENT_ENABLE_BASIC_AUTH is not set CONFIG_ESP_HTTP_CLIENT_ENABLE_DIGEST_AUTH=y # end of ESP HTTP client ` – Brotchu Mar 26 '22 at 16:48
  • 1
    You run `idf.py menuconfig` for a user-friendly config editor. – Tarmo Mar 28 '22 at 15:57