esp_http_client: add support for using certs from global ca store

Closes https://github.com/espressif/esp-idf/issues/3062

components/esp_http_client/esp_http_client.c

@@ -487,7 +487,9 @@ esp_http_client_handle_t esp_http_client_init(const esp_http_client_config_t *co
         goto error;
     }
 
-    if (config->cert_pem) {
+    if (config->use_global_ca_store == true) {
+        esp_transport_ssl_enable_global_ca_store(ssl);
+    } else if (config->cert_pem) {
         esp_transport_ssl_set_cert_data(ssl, config->cert_pem, strlen(config->cert_pem));
     }
 

components/esp_http_client/include/esp_http_client.h

@@ -117,6 +117,7 @@ typedef struct {
     int                         buffer_size;              /*!< HTTP buffer size (both send and receive) */
     void                        *user_data;               /*!< HTTP user_data context */
     bool                        is_async;                 /*!< Set asynchronous mode, only supported with HTTPS for now */
+    bool                        use_global_ca_store;      /*!< Use a global ca_store for all the connections in which this bool is set. */
 } esp_http_client_config_t;
 
 

components/esp_https_ota/src/esp_https_ota.c

@@ -36,8 +36,8 @@ esp_err_t esp_https_ota(const esp_http_client_config_t *config)
     }
 
 #if !CONFIG_OTA_ALLOW_HTTP
-    if (!config->cert_pem) {
-        ESP_LOGE(TAG, "Server certificate not found in esp_http_client config");
+    if (!config->cert_pem && !config->use_global_ca_store) {
+        ESP_LOGE(TAG, "Server certificate not found, either through configuration or global CA store");
         return ESP_ERR_INVALID_ARG;
     }
 #endif

components/tcp_transport/include/esp_transport_ssl.h

@@ -40,6 +40,13 @@ esp_transport_handle_t esp_transport_ssl_init();
  */
 void esp_transport_ssl_set_cert_data(esp_transport_handle_t t, const char *data, int len);
 
+/**
+ * @brief      Enable global CA store for SSL connection
+ *
+ * @param      t    ssl transport
+ */
+void esp_transport_ssl_enable_global_ca_store(esp_transport_handle_t t);
+
 /**
  * @brief      Set SSL client certificate data for mutual authentication (as PEM format).
  *             Note that, this function stores the pointer to data, rather than making a copy.

components/tcp_transport/transport_ssl.c

@@ -155,6 +155,14 @@ static int ssl_destroy(esp_transport_handle_t t)
     return 0;
 }
 
+void esp_transport_ssl_enable_global_ca_store(esp_transport_handle_t t)
+{
+    transport_ssl_t *ssl = esp_transport_get_context_data(t);
+    if (t && ssl) {
+        ssl->cfg.use_global_ca_store = true;
+    }
+}
+
 void esp_transport_ssl_set_cert_data(esp_transport_handle_t t, const char *data, int len)
 {
     transport_ssl_t *ssl = esp_transport_get_context_data(t);