Fix FastEPD component handling, fix CA bundle

examples/esp_idf/www-image/CMakeLists.txt

@@ -1,6 +1,6 @@
 cmake_minimum_required(VERSION 3.5)
 
-set(EXTRA_COMPONENT_DIRS "../../../src")
+set(EXTRA_COMPONENT_DIRS "../../..")
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 project(www-image_example)

examples/esp_idf/www-image/README.md

@@ -45,17 +45,6 @@ Do not forget to update your WiFi credentials and point it to a proper URL that
 
 Note that as default an random image taken from loremflickr.com is used. You can use any URL that points to a valid Image, take care to use the right JPG format, or you can also use the image-service [cale.es](https://cale.es) to create your own gallery.
 
-Using HTTPS
-===========
-
-Using SSL requires a bit more effort if you need to verify the certificate. For example, getting the SSL cert from loremflickr.com needs to be extracted using this command:
-
-    openssl s_client -showcerts -connect www.loremflickr.com:443 </dev/null
-
-The CA root cert is the last cert given in the chain of certs.
-To embed it in the app binary, the PEM file is named in the component.mk COMPONENT_EMBED_TXTFILES variable. This is already done for this random picture as an example. 
-Note that in order to validate an SSL certificate the MCU needs to be aware of time for the handshake. This means that you need to start doing an NTP sync to get time and this wastes between 1 and 2 seconds, unless you keep the time in an external RTC.
-
 **Important note about secure https**
 Https is proved to work on stable ESP-IDF v4.2 branch. Please Note that for IDF versions >= 4.3 it needs to have VALIDATE_SSL_CERTIFICATE set to true. 
 In case you want to allow insecure requests please follow this:

examples/esp_idf/www-image/main/CMakeLists.txt

@@ -5,9 +5,10 @@ set(
 
 idf_component_register(SRCS ${app_sources} 
         REQUIRES
+        FastEPD
         esp_wifi driver esp_lcd
         jpegdec
-        nvs_flash esp-tls esp_http_client esp_timer
-        # Embed the server root certificate into the final binary
-        EMBED_TXTFILES ${project_dir}/ssl_cert/server_cert.pem
+        nvs_flash esp-tls esp_http_client esp_timer mbedtls esp_http_server
+        # Directly use the ESP-IDF certificate bundle feature
+        REQUIRES mbedtls
         )

examples/esp_idf/www-image/main/jpgdec-render.cpp

@@ -39,11 +39,11 @@ idf_component_register(SRCS ${srcs}
 #include "esp_netif.h"
 #include "esp_sntp.h"
 // FastEPD component. ../../../../src/FastEPD.cpp
-#include "../../../../src/FastEPD.cpp"
+#include <FastEPD.h>
 FASTEPD epaper;
 
 // JPG decoder from @bitbank2
-#include "JPEGDEC.h"
+#include <JPEGDEC.h>
 
 JPEGDEC jpeg;
 
@@ -57,6 +57,10 @@ extern "C" {
 void app_main();
 }
 
+// For root certificates
+#include "esp_tls.h"
+#include "esp_crt_bundle.h"
+
 // Load the EMBED_TXTFILES. Then doing (char*) server_cert_pem_start you get the SSL certificate
 // Reference:
 // https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html#embedding-binary-data
@@ -266,21 +270,22 @@ static void http_post(void) {
      * NOTE: All the configuration parameters for http_client must be specified
      * either in URL or as host and path parameters.
      */
-    esp_http_client_config_t config
-        = {.url = IMG_URL,
+    esp_http_client_config_t config = {};
+    config.url = IMG_URL;
 #if VALIDATE_SSL_CERTIFICATE == true
-           .cert_pem = (char*)server_cert_pem_start,
+    // Using the ESP-IDF certificate bundle
+    config.crt_bundle_attach = esp_crt_bundle_attach;
 #endif
-           .disable_auto_redirect = false,
-           .event_handler = _http_event_handler,
-           .buffer_size = HTTP_RECEIVE_BUFFER_SIZE };
+    config.disable_auto_redirect = false;
+    config.event_handler = _http_event_handler;
+    config.buffer_size = HTTP_RECEIVE_BUFFER_SIZE;
 
     esp_http_client_handle_t client = esp_http_client_init(&config);
 
 #if DEBUG_VERBOSE
     printf("Free heap before HTTP download: %d\n", xPortGetFreeHeapSize());
-    if (esp_http_client_get_transport_type(client) == HTTP_TRANSPORT_OVER_SSL && config.cert_pem) {
-        printf("SSL CERT:\n%s\n\n", (char*)server_cert_pem_start);
+    if (esp_http_client_get_transport_type(client) == HTTP_TRANSPORT_OVER_SSL) {
+        printf("Using ESP-IDF certificate bundle for SSL verification\n");
     }
 #endif
 
@@ -402,8 +407,20 @@ void wifi_init_sta(void) {
     vEventGroupDelete(s_wifi_event_group);
 }
 
+// Initialize the CA certificate bundle
+void init_certificate_bundle(void) {
+    // Enable the certificate bundle
+    esp_err_t ret = esp_crt_bundle_attach(NULL);
+    if (ret != ESP_OK) {
+        ESP_LOGE(TAG, "Failed to attach certificate bundle: %d", ret);
+        return;
+    }
+
+    ESP_LOGI(TAG, "Successfully attached the built-in certificate bundle");
+}
+
 void app_main() {
-    epaper.initPanel(BB_PANEL_EPDIY_V7);
+    epaper.initPanel(BB_PANEL_V7_103);
     // Display EPD_WIDTH & EPD_HEIGHT editable in settings.h:
     epaper.setPanelSize(EPD_WIDTH, EPD_HEIGHT);
     // 4 bit per pixel: 16 grays mode
@@ -440,6 +457,7 @@ void app_main() {
     wifi_init_sta();
 #if VALIDATE_SSL_CERTIFICATE == true
     obtain_time();
+    init_certificate_bundle();
 #endif
 
     http_post();