added https_client and menuconfig

components/mesh_ota/CMakeLists.txt

@@ -1,4 +1,4 @@
-idf_component_register(SRCS "mesh_ota.c"
+idf_component_register(SRCS "https_client.c" "mesh_ota.c"
                     INCLUDE_DIRS "include" 
                     REQUIRES nvs_flash
                     esp_http_client bootloader_support

components/mesh_ota/https_client.c

@@ -0,0 +1,328 @@
+#include "https_client.h"
+
+static const char *TAG = "https_client";
+
+static const char *REQUEST = "GET " CONFIG_OTA_HTTPS_URL " HTTP/1.1\r\n"
+                             "Host: "CONFIG_OTA_HTTPS_SERVER_COMMON_NAME"\r\n"
+                             "User-Agent: esp-idf/1.0 esp32\r\n"
+                             "Authorization: Basic " CONFIG_OTA_HTTPS_AUTH "\r\n"
+                             "\r\n";
+
+static HTTPS_Client_t sHTTPS_ClientConfig;
+
+https_client_ret_t https_clientInitEmbedTLS();
+https_client_ret_t https_clientConnectToServer();
+https_client_ret_t https_clientValidateServer();
+https_client_ret_t https_clientSendRequest();
+
+https_client_ret_t https_clientInitialize()
+{
+    https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
+
+    i32RetHTTPClient = https_clientInitEmbedTLS();
+
+    if(i32RetHTTPClient == HTTPS_CLIENT_OK)
+    {
+        i32RetHTTPClient = https_clientConnectToServer();
+    }
+
+    if(i32RetHTTPClient == HTTPS_CLIENT_OK)
+    {
+        i32RetHTTPClient = https_clientValidateServer();
+    }
+
+    if(i32RetHTTPClient == HTTPS_CLIENT_OK)
+    {
+        i32RetHTTPClient = https_clientSendRequest();
+    }
+
+    switch (i32RetHTTPClient)
+    {
+    case HTTPS_CLIENT_ERROR_INIT_EMBEDTLS:
+        ESP_LOGE(TAG, "Unable to initialize EmbedTLS");
+        i32RetHTTPClient = HTTPS_CLIENT_ERROR;
+        break;
+    case HTTPS_CLIENT_ERROR_INIT_CONNECT_TWO_SERVER:
+        ESP_LOGE(TAG, "Unable to connect to server");
+        i32RetHTTPClient = HTTPS_CLIENT_ERROR;
+        break;
+    case HTTPS_CLIENT_ERROR_INIT_VALIDATE_SERVER:
+        ESP_LOGE(TAG, "Unable to validate the server");
+        i32RetHTTPClient = HTTPS_CLIENT_ERROR;
+        break;
+    case HTTPS_CLIENT_ERROR_INIT_SEND_REQUEST:
+        ESP_LOGE(TAG, "Unable to send request to server");
+        i32RetHTTPClient = HTTPS_CLIENT_ERROR;
+        break;
+    case HTTPS_CLIENT_OK:
+        ESP_LOGI(TAG, "HTTPS Client successfully initialized");
+        i32RetHTTPClient = HTTPS_CLIENT_OK;
+        break;
+    default:
+        i32RetHTTPClient = HTTPS_CLIENT_ERROR;
+        ESP_LOGE(TAG, "Unknown error while init");
+        break;
+    }
+
+    return i32RetHTTPClient;
+}
+
+https_client_ret_t https_clientRetrieveData(unsigned char* pu8Data, uint32_t* pu32DataLenght, uint32_t* pu32BytesRead)
+{
+    https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
+    int32_t i32RetRetrieveData = ESP_OK;
+    bzero(pu8Data, *pu32DataLenght);
+    bool bRetriveData = true;
+
+    while (bRetriveData)
+    {
+        //Reading HTTP response
+        i32RetRetrieveData = mbedtls_ssl_read(&sHTTPS_ClientConfig.ssl, (unsigned char *)pu8Data, *pu32DataLenght);
+
+        if(i32RetRetrieveData > 0)
+        {
+            //Data received
+            *pu32BytesRead = *pu32BytesRead + i32RetRetrieveData;
+            *pu32DataLenght = *pu32DataLenght - *pu32BytesRead;
+
+            if(*pu32DataLenght > 0)
+            {
+                //buffer not full yet --> read some more
+                bRetriveData = true;
+            }
+            else
+            {
+                //buffer full --> stop reading
+                bRetriveData = false;
+            }
+        }
+
+        if(i32RetRetrieveData == 0)
+        {
+            //all data read --> stop reading
+            bRetriveData = false;
+        }
+
+        if(i32RetRetrieveData == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY)
+        {
+            //connection is going to be closed
+            i32RetHTTPClient = HTTPS_CLIENT_ERROR;
+            bRetriveData = false;
+        }
+    }
+    return i32RetHTTPClient;
+}
+
+https_client_ret_t https_clientDeinitialize()
+{
+    https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
+
+    i32RetHTTPClient = mbedtls_ssl_close_notify(&sHTTPS_ClientConfig.ssl);
+
+    if(i32RetHTTPClient != ESP_OK)
+    {
+        ESP_LOGE(TAG, "mbedtls_ssl_close_notify returned 0x%x", i32RetHTTPClient);
+    }
+
+    mbedtls_ssl_session_reset(&sHTTPS_ClientConfig.ssl);
+    mbedtls_net_free(&sHTTPS_ClientConfig.server_fd);
+
+    return i32RetHTTPClient;
+}
+
+https_client_ret_t https_clientInitEmbedTLS() {
+
+    https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
+    int32_t i32RetEmbedTLS = ESP_OK;
+
+    mbedtls_ssl_init(&sHTTPS_ClientConfig.ssl);
+    mbedtls_x509_crt_init(&sHTTPS_ClientConfig.cacert);
+    mbedtls_ctr_drbg_init(&sHTTPS_ClientConfig.ctr_drbg);
+    mbedtls_ssl_config_init(&sHTTPS_ClientConfig.conf);
+    mbedtls_entropy_init(&sHTTPS_ClientConfig.entropy);
+
+    i32RetEmbedTLS = mbedtls_ctr_drbg_seed(&sHTTPS_ClientConfig.ctr_drbg, mbedtls_entropy_func, &sHTTPS_ClientConfig.entropy, NULL, 0);
+
+    if(i32RetEmbedTLS!= ESP_OK)
+    {
+        ESP_LOGE(TAG, "mbedtls_ctr_drbg_seed returned %d", i32RetEmbedTLS);
+    }
+
+    if(i32RetEmbedTLS == ESP_OK)
+    {
+        //Attaching the certificate bundle
+        i32RetEmbedTLS = esp_crt_bundle_attach(&sHTTPS_ClientConfig.conf);
+        if(i32RetEmbedTLS != ESP_OK)
+        {
+            ESP_LOGE(TAG, "esp_crt_bundle_attach returned 0x%x\n\n", i32RetEmbedTLS);
+        }
+    }
+
+    if(i32RetEmbedTLS == ESP_OK)
+    {
+        //Setting hostname for TLS session.
+        i32RetEmbedTLS = mbedtls_ssl_set_hostname(&sHTTPS_ClientConfig.ssl, CONFIG_OTA_HTTPS_SERVER_COMMON_NAME);
+        // Hostname set here should match CN in server certificate
+        if(i32RetEmbedTLS != ESP_OK)
+        {
+            ESP_LOGE(TAG, "mbedtls_ssl_set_hostname returned 0x%x", i32RetEmbedTLS);
+        }
+    }
+    if(i32RetEmbedTLS == ESP_OK)
+    {
+        //Setting up the SSL/TLS structure
+        i32RetEmbedTLS = mbedtls_ssl_config_defaults(&sHTTPS_ClientConfig.conf,
+                         MBEDTLS_SSL_IS_CLIENT,
+                         MBEDTLS_SSL_TRANSPORT_STREAM,
+                         MBEDTLS_SSL_PRESET_DEFAULT);
+
+        if(i32RetEmbedTLS != ESP_OK)
+        {
+            ESP_LOGE(TAG, "mbedtls_ssl_config_defaults returned %d", i32RetEmbedTLS);
+        }
+    }
+
+    if(i32RetEmbedTLS == ESP_OK)
+    {
+        mbedtls_ssl_conf_authmode(&sHTTPS_ClientConfig.conf, MBEDTLS_SSL_VERIFY_REQUIRED);
+        mbedtls_ssl_conf_ca_chain(&sHTTPS_ClientConfig.conf, &sHTTPS_ClientConfig.cacert, NULL);
+        mbedtls_ssl_conf_rng(&sHTTPS_ClientConfig.conf, mbedtls_ctr_drbg_random, &sHTTPS_ClientConfig.ctr_drbg);
+
+        i32RetEmbedTLS = mbedtls_ssl_setup(&sHTTPS_ClientConfig.ssl, &sHTTPS_ClientConfig.conf);
+        if(i32RetEmbedTLS != ESP_OK)
+        {
+            ESP_LOGE(TAG, "mbedtls_ssl_setup returned -0x%x\n\n", i32RetEmbedTLS);
+        }
+    }
+
+    if(i32RetEmbedTLS == ESP_OK)
+    {
+        mbedtls_net_init(&sHTTPS_ClientConfig.server_fd);
+    }
+
+    if (i32RetEmbedTLS != ESP_OK)
+    {
+        i32RetHTTPClient = HTTPS_CLIENT_ERROR_INIT_EMBEDTLS;
+    }
+
+    return i32RetHTTPClient;
+}
+
+https_client_ret_t https_clientConnectToServer()
+{
+    https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
+    int32_t i32RetServerConnect = ESP_OK;
+
+    //Connecting to server
+    i32RetServerConnect = mbedtls_net_connect(&sHTTPS_ClientConfig.server_fd, CONFIG_OTA_HTTPS_SERVER_COMMON_NAME, CONFIG_OTA_HTTPS_SERVER_PORT, MBEDTLS_NET_PROTO_TCP);
+    if (i32RetServerConnect != ESP_OK)
+    {
+        ESP_LOGE(TAG, "mbedtls_net_connect returned %x", i32RetServerConnect);
+    }
+
+    if(i32RetServerConnect == ESP_OK)
+    {
+        mbedtls_ssl_set_bio(&sHTTPS_ClientConfig.ssl, &sHTTPS_ClientConfig.server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
+
+        //Performing the SSL/TLS handshake
+        while ((i32RetServerConnect = mbedtls_ssl_handshake(&sHTTPS_ClientConfig.ssl)) != 0)
+        {
+            if ((i32RetServerConnect != MBEDTLS_ERR_SSL_WANT_READ) && (i32RetServerConnect != MBEDTLS_ERR_SSL_WANT_WRITE))
+            {
+                ESP_LOGE(TAG, "mbedtls_ssl_handshake returned 0x%x", i32RetServerConnect);
+            }
+        }
+    }
+
+    if(i32RetServerConnect != ESP_OK)
+    {
+        i32RetHTTPClient = HTTPS_CLIENT_ERROR_INIT_CONNECT_TWO_SERVER;
+    }
+    return i32RetHTTPClient;
+}
+
+https_client_ret_t https_clientValidateServer()
+{
+    https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
+    int32_t i32RetValidateServer = ESP_OK;
+
+    //Verifying peer X.509 certificate
+    if ((i32RetValidateServer = mbedtls_ssl_get_verify_result(&sHTTPS_ClientConfig.ssl)) != 0)
+    {
+        ESP_LOGE(TAG, "Failed to verify peer certificate!");
+    }
+
+    if(i32RetValidateServer != ESP_OK)
+    {
+        i32RetHTTPClient = HTTPS_CLIENT_ERROR_INIT_VALIDATE_SERVER;
+    }
+    return i32RetHTTPClient;
+}
+
+https_client_ret_t https_clientSendRequest()
+{
+    https_client_ret_t i32RetHTTPClient = HTTPS_CLIENT_OK;
+    int32_t i32RetSendRequest = ESP_OK;
+    uint32_t u32WrittenBytes = 0;
+    bool bWrite = true;
+
+    //Writing HTTP request
+    while((u32WrittenBytes < strlen(REQUEST)) && bWrite)
+    {
+        i32RetSendRequest = mbedtls_ssl_write(&sHTTPS_ClientConfig.ssl,
+                                              (const unsigned char *)REQUEST + u32WrittenBytes,
+                                              strlen(REQUEST) - u32WrittenBytes);
+        if (i32RetSendRequest >= 0)
+        {
+            //bytes written
+            u32WrittenBytes += i32RetSendRequest;
+        } else if (i32RetSendRequest != MBEDTLS_ERR_SSL_WANT_WRITE && i32RetSendRequest != MBEDTLS_ERR_SSL_WANT_READ) {
+            ESP_LOGE(TAG, "mbedtls_ssl_write returned 0x%x", i32RetSendRequest);
+            bWrite = false;
+        }
+    }
+
+    if(bWrite == false)
+    {
+        i32RetHTTPClient = HTTPS_CLIENT_ERROR_INIT_SEND_REQUEST;
+    }
+    return i32RetHTTPClient;
+}
+
+/*
+
+static void https_get_task(void *pvParameters)
+{
+
+    https_clientInitialize();
+
+    uint32_t u32BufferLenght = 1024U;
+    unsigned char buffer[1024U];
+    uint32_t u32BytesRead = 0;
+
+    https_clientRetrieveData(buffer, &u32BufferLenght, &u32BytesRead);
+
+    // Print response directly to stdout as it is read
+    for(uint32_t i = 0; i < u32BytesRead; i++) {
+        putchar(buffer[i]);
+        // printf("%x ", buffer[i]);
+    }
+    printf("\n END \n");
+
+    https_clientDeinitialize();
+
+    while(1)
+    {
+
+    }
+
+}
+
+void app_main(void)
+{
+    ESP_ERROR_CHECK( nvs_flash_init() );
+    ESP_ERROR_CHECK(esp_netif_init());
+    ESP_ERROR_CHECK(esp_event_loop_create_default());
+    xTaskCreate(&https_get_task, "https_get_task", 8192, NULL, 5, NULL);
+}
+*/

components/mesh_ota/include/https_client.h

@@ -0,0 +1,65 @@
+#ifndef H_HTTPS_CLIENT
+#define H_HTTPS_CLIENT
+
+#include <string.h>
+#include <stdlib.h>
+#include "freertos/FreeRTOS.h"
+#include "freertos/task.h"
+#include "esp_wifi.h"
+#include "esp_event.h"
+#include "esp_log.h"
+#include "esp_system.h"
+#include "nvs_flash.h"
+#include "esp_netif.h"
+
+#include "lwip/err.h"
+#include "lwip/sockets.h"
+#include "lwip/sys.h"
+#include "lwip/netdb.h"
+#include "lwip/dns.h"
+
+#include "mbedtls/platform.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/esp_debug.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/error.h"
+#include "mbedtls/certs.h"
+#include "esp_crt_bundle.h" 
+
+/* Constants that aren't configurable in menuconfig, yet */
+//#define CONFIG_OTA_HTTPS_SERVER_COMMON_NAME "ota.hendrikschutter.com"
+//#define CONFIG_OTA_HTTPS_SERVER_PORT "443"
+//#define CONFIG_OTA_HTTPS_URL "https://ota.hendrikschutter.com/hello-world.bin"
+//#define HTTPS_CLIENT_AUTH "b3RhOnB3"  //base64("username:password")
+
+#define HTTPS_CLIENT_OK 0
+#define HTTPS_CLIENT_ERROR -1
+#define HTTPS_CLIENT_ERROR_INIT_EMBEDTLS -2
+#define HTTPS_CLIENT_ERROR_INIT_CONNECT_TWO_SERVER -3
+#define HTTPS_CLIENT_ERROR_INIT_VALIDATE_SERVER -4
+#define HTTPS_CLIENT_ERROR_INIT_SEND_REQUEST -5
+
+struct HTTPS_Client
+{
+    mbedtls_entropy_context entropy;
+    mbedtls_ctr_drbg_context ctr_drbg;
+    mbedtls_ssl_context ssl;
+    mbedtls_x509_crt cacert;
+    mbedtls_ssl_config conf;
+    mbedtls_net_context server_fd;
+};
+
+typedef int32_t https_client_ret_t;
+typedef struct HTTPS_Client HTTPS_Client_t;
+ 
+https_client_ret_t https_clientInitialize();
+https_client_ret_t https_clientRetrieveData();
+https_client_ret_t https_clientDeinitialize();
+
+#endif /* H_HTTPS_CLIENT */
+
+
+
+

components/mesh_ota/include/mesh_ota.h

@@ -1,11 +1,6 @@
 #ifndef H_MESH_OTA
 #define H_MESH_OTA
 
-#include <string.h>
-#include "esp_system.h"
-#include "esp_event.h"
-#include "esp_log.h"
-
 #include <string.h>
 #include "esp_wifi.h"
 #include "esp_system.h"
@@ -18,9 +13,8 @@
 #include "esp_ota_ops.h"
 #include "esp_partition.h"
 
+#include "https_client.h"
 
- 
- 
 bool bNewerVersion(const char* pu8Local, const  char* pu8Remote);
 
 

main/Kconfig.projbuild

@@ -124,22 +124,17 @@ menu "Mesh OTA Configuration"
         help
             Authentication mode.
 
-        config WIFI_AUTH_OPEN
-            bool "WIFI_AUTH_OPEN"
-        config WIFI_AUTH_WPA_PSK
-            bool "WIFI_AUTH_WPA_PSK"
         config WIFI_AUTH_WPA2_PSK
             bool "WIFI_AUTH_WPA2_PSK"
-        config WIFI_AUTH_WPA_WPA2_PSK
-            bool "WIFI_AUTH_WPA_WPA2_PSK"
+        config WIFI_AUTH_WPA2_ENTERPRISE
+            bool "WIFI_AUTH_WPA2_ENTERPRISE"
     endchoice
 
     config MESH_AP_AUTHMODE
         int
-        default 0 if WIFI_AUTH_OPEN
-        default 2 if WIFI_AUTH_WPA_PSK
+
         default 3 if WIFI_AUTH_WPA2_PSK
-        default 4 if WIFI_AUTH_WPA_WPA2_PSK
+        default 5 if WIFI_AUTH_WPA2_ENTERPRISE
         help
             Mesh AP authentication mode.
 
@@ -162,4 +157,29 @@ menu "Mesh OTA Configuration"
         default 50
         help
             The number of devices over the network(max: 300).
+            
+    config OTA_HTTPS_SERVER_COMMON_NAME
+        string "Common name OTA server"
+        default "exmaple.com"
+        help
+           Fully Qualified Domain Name used in the certificate.
+           
+    config OTA_HTTPS_SERVER_PORT
+        string "Server port"
+        default "443"
+        help
+           HTTPS webserver port
+           
+    config OTA_HTTPS_URL
+        string "URL to ota image"
+        default "https://exmaple.com/theImage.bin"
+        help
+           Uniform Resource Locator to the image file
+           
+    config OTA_HTTPS_AUTH
+        string "HTTPS authentication"
+        default "base64(user:password)"
+        help
+           HTTPS basic auth using base64 decoded "user:password"
+           
 endmenu

main/main.c

@@ -17,8 +17,6 @@
 #define RX_SIZE          (1234)
 #define TX_SIZE          (1234)
 
-
-
 static const char *MESH_TAG = "mesh_main";
 static const uint8_t MESH_ID[6] = { 0x77, 0x77, 0x77, 0x77, 0x77, 0x77};
 static uint8_t tx_buf[TX_SIZE] = { 0, };
@@ -477,6 +475,54 @@ void ip_event_handler(void *arg, esp_event_base_t event_base,
 }
 
 
+static void test(void *pvParameters)
+{
+    esp_err_t err;
+    ESP_LOGI(MESH_TAG, "Hello World");
+    const esp_partition_t * currentPartition = esp_ota_get_boot_partition();
+    ESP_LOGI(MESH_TAG, "Type: %d",  (*currentPartition).subtype);
+    ESP_LOGI(MESH_TAG, "Start address: %d",  (*currentPartition).address);
+    ESP_LOGI(MESH_TAG, "Size: %d",  (*currentPartition).size);
+    ESP_LOGI(MESH_TAG, "Encrypted: %d",  (*currentPartition).encrypted);
+
+    esp_app_desc_t curPartitionDesc;
+    err = esp_ota_get_partition_description(currentPartition, &curPartitionDesc);
+    ESP_ERROR_CHECK(err);
+    ESP_LOGI(MESH_TAG, "currentPartition project_name: %s",  (curPartitionDesc).project_name);
+    ESP_LOGI(MESH_TAG, "currentPartition version: %s",  (curPartitionDesc).version);
+    ESP_LOGI(MESH_TAG, "currentPartition Timestamp: %s %s",  (curPartitionDesc).date, (curPartitionDesc).time);
+
+    https_clientInitialize();
+
+    uint32_t u32BufferLenght = 1024U;
+    unsigned char buffer[1024U];
+    uint32_t u32BytesRead = 0;
+
+    https_clientRetrieveData(buffer, &u32BufferLenght, &u32BytesRead);
+
+    // Print response directly to stdout as it is read
+    for(uint32_t i = 0; i < u32BytesRead; i++) {
+        putchar(buffer[i]);
+        // printf("%x ", buffer[i]);
+    }
+    printf("\n END \n");
+
+    https_clientDeinitialize();
+
+    char test[] = "1.2.3";
+    
+    
+    if(bNewerVersion((curPartitionDesc).version, test)){
+        
+        ESP_LOGI(MESH_TAG, "Newer Version available");
+        
+    }
+
+    while(1)
+    {
+
+    }
+}
 
 
 void app_main(void)
@@ -485,10 +531,7 @@ void app_main(void)
      esp_err_t err;
     
 /*
-   
-
     err = nvs_flash_erase();
-
     if(err != ESP_OK){
         ESP_LOGI(MESH_TAG, "Error: %x", err);
         while(1){
@@ -499,31 +542,6 @@ void app_main(void)
 
     ESP_ERROR_CHECK(nvs_flash_init());
 
-    ESP_LOGI(MESH_TAG, "Hello World");
-    const esp_partition_t * currentPartition = esp_ota_get_boot_partition();
-    ESP_LOGI(MESH_TAG, "Type: %d",  (*currentPartition).subtype);
-    ESP_LOGI(MESH_TAG, "Start address: %d",  (*currentPartition).address);
-    ESP_LOGI(MESH_TAG, "Size: %d",  (*currentPartition).size); //passt
-    ESP_LOGI(MESH_TAG, "Encrypted: %d",  (*currentPartition).encrypted);
-    
-    esp_app_desc_t curPartitionDesc;
-    err = esp_ota_get_partition_description(currentPartition, &curPartitionDesc);
-    ESP_ERROR_CHECK(err);
-    ESP_LOGI(MESH_TAG, "currentPartition project_name: %s",  (curPartitionDesc).project_name);
-    ESP_LOGI(MESH_TAG, "currentPartition version: %s",  (curPartitionDesc).version);
-    ESP_LOGI(MESH_TAG, "currentPartition Timestamp: %s %s",  (curPartitionDesc).date, (curPartitionDesc).time);
-
-    char test[] = "1.2.3";
-    
-    
-    if(bNewerVersion((curPartitionDesc).version, test)){
-        
-        ESP_LOGI(MESH_TAG, "Newer Version available");
-        
-    }
-    
-    
-    
     /*  tcpip initialization */
     ESP_ERROR_CHECK(esp_netif_init());
 
@@ -587,12 +605,14 @@ void app_main(void)
              esp_mesh_get_topology(), esp_mesh_get_topology() ? "(chain)":"(tree)", esp_mesh_is_ps_enabled());
 
     
-    
-    
-
-
-
+        for(;;) {
+            if(gpio_get_level(0) == 0){
+                break;
+            }
+            vTaskDelay(1000 / portTICK_PERIOD_MS);
+    }
 
+      xTaskCreate(&test, "test_task", 8192, NULL, 5, NULL);
 
 }
 

partitions.csv

@@ -3,6 +3,5 @@
 nvs,      data, nvs,     ,        0x4000,
 otadata,  data, ota,     ,        0x2000,
 phy_init, data, phy,     ,        0x1000,
-factory,  app,  factory, ,        1M,
-ota_0,    app,  ota_0,   ,        1M,
-ota_1,    app,  ota_1,   ,        1M, 
+ota_0,    app,  ota_0,   ,        1500K,
+ota_1,    app,  ota_1,   ,        1500K, 

sdkconfig

@@ -151,14 +151,16 @@ CONFIG_MESH_MAX_LAYER=6
 CONFIG_MESH_CHANNEL=13
 CONFIG_MESH_ROUTER_SSID="labNet"
 CONFIG_MESH_ROUTER_PASSWD="12345678"
-# CONFIG_WIFI_AUTH_OPEN is not set
-# CONFIG_WIFI_AUTH_WPA_PSK is not set
 CONFIG_WIFI_AUTH_WPA2_PSK=y
-# CONFIG_WIFI_AUTH_WPA_WPA2_PSK is not set
+# CONFIG_WIFI_AUTH_WPA2_ENTERPRISE is not set
 CONFIG_MESH_AP_AUTHMODE=3
 CONFIG_MESH_AP_PASSWD="qaws1234"
 CONFIG_MESH_AP_CONNECTIONS=6
 CONFIG_MESH_ROUTE_TABLE_SIZE=50
+CONFIG_OTA_HTTPS_SERVER_COMMON_NAME="ota.hendrikschutter.com"
+CONFIG_OTA_HTTPS_SERVER_PORT="443"
+CONFIG_OTA_HTTPS_URL="https://ota.hendrikschutter.com/hello-world.bin"
+CONFIG_OTA_HTTPS_AUTH="b3RhOnB3"
 # end of Mesh OTA Configuration
 
 #
@@ -1087,3 +1089,161 @@ CONFIG_WPA_MBEDTLS_CRYPTO=y
 #
 # CONFIG_LEGACY_INCLUDE_COMMON_HEADERS is not set
 # end of Compatibility options
+
+# Deprecated options for backward compatibility
+CONFIG_TOOLPREFIX="xtensa-esp32-elf-"
+# CONFIG_LOG_BOOTLOADER_LEVEL_NONE is not set
+# CONFIG_LOG_BOOTLOADER_LEVEL_ERROR is not set
+# CONFIG_LOG_BOOTLOADER_LEVEL_WARN is not set
+CONFIG_LOG_BOOTLOADER_LEVEL_INFO=y
+# CONFIG_LOG_BOOTLOADER_LEVEL_DEBUG is not set
+# CONFIG_LOG_BOOTLOADER_LEVEL_VERBOSE is not set
+CONFIG_LOG_BOOTLOADER_LEVEL=3
+# CONFIG_APP_ROLLBACK_ENABLE is not set
+# CONFIG_FLASH_ENCRYPTION_ENABLED is not set
+# CONFIG_FLASHMODE_QIO is not set
+# CONFIG_FLASHMODE_QOUT is not set
+CONFIG_FLASHMODE_DIO=y
+# CONFIG_FLASHMODE_DOUT is not set
+# CONFIG_MONITOR_BAUD_9600B is not set
+# CONFIG_MONITOR_BAUD_57600B is not set
+CONFIG_MONITOR_BAUD_115200B=y
+# CONFIG_MONITOR_BAUD_230400B is not set
+# CONFIG_MONITOR_BAUD_921600B is not set
+# CONFIG_MONITOR_BAUD_2MB is not set
+# CONFIG_MONITOR_BAUD_OTHER is not set
+CONFIG_MONITOR_BAUD_OTHER_VAL=115200
+CONFIG_MONITOR_BAUD=115200
+CONFIG_COMPILER_OPTIMIZATION_LEVEL_DEBUG=y
+# CONFIG_COMPILER_OPTIMIZATION_LEVEL_RELEASE is not set
+CONFIG_OPTIMIZATION_ASSERTIONS_ENABLED=y
+# CONFIG_OPTIMIZATION_ASSERTIONS_SILENT is not set
+# CONFIG_OPTIMIZATION_ASSERTIONS_DISABLED is not set
+# CONFIG_CXX_EXCEPTIONS is not set
+CONFIG_STACK_CHECK_NONE=y
+# CONFIG_STACK_CHECK_NORM is not set
+# CONFIG_STACK_CHECK_STRONG is not set
+# CONFIG_STACK_CHECK_ALL is not set
+# CONFIG_WARN_WRITE_STRINGS is not set
+# CONFIG_DISABLE_GCC8_WARNINGS is not set
+# CONFIG_ESP32_APPTRACE_DEST_TRAX is not set
+CONFIG_ESP32_APPTRACE_DEST_NONE=y
+CONFIG_ESP32_APPTRACE_LOCK_ENABLE=y
+CONFIG_BTDM_CONTROLLER_BLE_MAX_CONN_EFF=0
+CONFIG_BTDM_CONTROLLER_BR_EDR_MAX_ACL_CONN_EFF=0
+CONFIG_BTDM_CONTROLLER_BR_EDR_MAX_SYNC_CONN_EFF=0
+CONFIG_BTDM_CONTROLLER_PINNED_TO_CORE=0
+CONFIG_ADC2_DISABLE_DAC=y
+# CONFIG_SPIRAM_SUPPORT is not set
+CONFIG_TRACEMEM_RESERVE_DRAM=0x0
+# CONFIG_TWO_UNIVERSAL_MAC_ADDRESS is not set
+CONFIG_FOUR_UNIVERSAL_MAC_ADDRESS=y
+CONFIG_NUMBER_OF_UNIVERSAL_MAC_ADDRESS=4
+# CONFIG_ULP_COPROC_ENABLED is not set
+CONFIG_ULP_COPROC_RESERVE_MEM=0
+CONFIG_BROWNOUT_DET=y
+CONFIG_BROWNOUT_DET_LVL_SEL_0=y
+# CONFIG_BROWNOUT_DET_LVL_SEL_1 is not set
+# CONFIG_BROWNOUT_DET_LVL_SEL_2 is not set
+# CONFIG_BROWNOUT_DET_LVL_SEL_3 is not set
+# CONFIG_BROWNOUT_DET_LVL_SEL_4 is not set
+# CONFIG_BROWNOUT_DET_LVL_SEL_5 is not set
+# CONFIG_BROWNOUT_DET_LVL_SEL_6 is not set
+# CONFIG_BROWNOUT_DET_LVL_SEL_7 is not set
+CONFIG_BROWNOUT_DET_LVL=0
+CONFIG_REDUCE_PHY_TX_POWER=y
+CONFIG_ESP32_RTC_CLOCK_SOURCE_INTERNAL_RC=y
+# CONFIG_ESP32_RTC_CLOCK_SOURCE_EXTERNAL_CRYSTAL is not set
+# CONFIG_ESP32_RTC_CLOCK_SOURCE_EXTERNAL_OSC is not set
+# CONFIG_ESP32_RTC_CLOCK_SOURCE_INTERNAL_8MD256 is not set
+# CONFIG_DISABLE_BASIC_ROM_CONSOLE is not set
+# CONFIG_NO_BLOBS is not set
+# CONFIG_COMPATIBLE_PRE_V2_1_BOOTLOADERS is not set
+CONFIG_SYSTEM_EVENT_QUEUE_SIZE=32
+CONFIG_SYSTEM_EVENT_TASK_STACK_SIZE=2304
+CONFIG_MAIN_TASK_STACK_SIZE=3584
+CONFIG_IPC_TASK_STACK_SIZE=1024
+CONFIG_CONSOLE_UART_DEFAULT=y
+# CONFIG_CONSOLE_UART_CUSTOM is not set
+# CONFIG_ESP_CONSOLE_UART_NONE is not set
+CONFIG_CONSOLE_UART=y
+CONFIG_CONSOLE_UART_NUM=0
+CONFIG_CONSOLE_UART_BAUDRATE=115200
+CONFIG_INT_WDT=y
+CONFIG_INT_WDT_TIMEOUT_MS=300
+CONFIG_INT_WDT_CHECK_CPU1=y
+CONFIG_TASK_WDT=y
+# CONFIG_TASK_WDT_PANIC is not set
+CONFIG_TASK_WDT_TIMEOUT_S=5
+CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU0=y
+CONFIG_TASK_WDT_CHECK_IDLE_TASK_CPU1=y
+# CONFIG_EVENT_LOOP_PROFILING is not set
+CONFIG_POST_EVENTS_FROM_ISR=y
+CONFIG_POST_EVENTS_FROM_IRAM_ISR=y
+# CONFIG_ESP32S2_PANIC_PRINT_HALT is not set
+CONFIG_ESP32S2_PANIC_PRINT_REBOOT=y
+# CONFIG_ESP32S2_PANIC_SILENT_REBOOT is not set
+# CONFIG_ESP32S2_PANIC_GDBSTUB is not set
+CONFIG_TIMER_TASK_STACK_SIZE=3584
+# CONFIG_ESP32_ENABLE_COREDUMP_TO_FLASH is not set
+# CONFIG_ESP32_ENABLE_COREDUMP_TO_UART is not set
+CONFIG_ESP32_ENABLE_COREDUMP_TO_NONE=y
+CONFIG_MB_MASTER_TIMEOUT_MS_RESPOND=150
+CONFIG_MB_MASTER_DELAY_MS_CONVERT=200
+CONFIG_MB_QUEUE_LENGTH=20
+CONFIG_MB_SERIAL_TASK_STACK_SIZE=4096
+CONFIG_MB_SERIAL_BUF_SIZE=256
+CONFIG_MB_SERIAL_TASK_PRIO=10
+CONFIG_MB_CONTROLLER_SLAVE_ID_SUPPORT=y
+CONFIG_MB_CONTROLLER_SLAVE_ID=0x00112233
+CONFIG_MB_CONTROLLER_NOTIFY_TIMEOUT=20
+CONFIG_MB_CONTROLLER_NOTIFY_QUEUE_SIZE=20
+CONFIG_MB_CONTROLLER_STACK_SIZE=4096
+CONFIG_MB_EVENT_QUEUE_TIMEOUT=20
+CONFIG_MB_TIMER_PORT_ENABLED=y
+CONFIG_MB_TIMER_GROUP=0
+CONFIG_MB_TIMER_INDEX=0
+# CONFIG_SUPPORT_STATIC_ALLOCATION is not set
+CONFIG_TIMER_TASK_PRIORITY=1
+CONFIG_TIMER_TASK_STACK_DEPTH=2048
+CONFIG_TIMER_QUEUE_LENGTH=10
+# CONFIG_L2_TO_L3_COPY is not set
+# CONFIG_USE_ONLY_LWIP_SELECT is not set
+CONFIG_ESP_GRATUITOUS_ARP=y
+CONFIG_GARP_TMR_INTERVAL=60
+CONFIG_TCPIP_RECVMBOX_SIZE=32
+CONFIG_TCP_MAXRTX=12
+CONFIG_TCP_SYNMAXRTX=12
+CONFIG_TCP_MSS=1440
+CONFIG_TCP_MSL=60000
+CONFIG_TCP_SND_BUF_DEFAULT=5744
+CONFIG_TCP_WND_DEFAULT=5744
+CONFIG_TCP_RECVMBOX_SIZE=6
+CONFIG_TCP_QUEUE_OOSEQ=y
+# CONFIG_ESP_TCP_KEEP_CONNECTION_WHEN_IP_CHANGES is not set
+CONFIG_TCP_OVERSIZE_MSS=y
+# CONFIG_TCP_OVERSIZE_QUARTER_MSS is not set
+# CONFIG_TCP_OVERSIZE_DISABLE is not set
+CONFIG_UDP_RECVMBOX_SIZE=6
+CONFIG_TCPIP_TASK_STACK_SIZE=3072
+CONFIG_TCPIP_TASK_AFFINITY_NO_AFFINITY=y
+# CONFIG_TCPIP_TASK_AFFINITY_CPU0 is not set
+# CONFIG_TCPIP_TASK_AFFINITY_CPU1 is not set
+CONFIG_TCPIP_TASK_AFFINITY=0x7FFFFFFF
+# CONFIG_PPP_SUPPORT is not set
+CONFIG_ESP32_PTHREAD_TASK_PRIO_DEFAULT=5
+CONFIG_ESP32_PTHREAD_TASK_STACK_SIZE_DEFAULT=3072
+CONFIG_ESP32_PTHREAD_STACK_MIN=768
+CONFIG_ESP32_DEFAULT_PTHREAD_CORE_NO_AFFINITY=y
+# CONFIG_ESP32_DEFAULT_PTHREAD_CORE_0 is not set
+# CONFIG_ESP32_DEFAULT_PTHREAD_CORE_1 is not set
+CONFIG_ESP32_PTHREAD_TASK_CORE_DEFAULT=-1
+CONFIG_ESP32_PTHREAD_TASK_NAME_DEFAULT="pthread"
+CONFIG_SPI_FLASH_WRITING_DANGEROUS_REGIONS_ABORTS=y
+# CONFIG_SPI_FLASH_WRITING_DANGEROUS_REGIONS_FAILS is not set
+# CONFIG_SPI_FLASH_WRITING_DANGEROUS_REGIONS_ALLOWED is not set
+CONFIG_SUPPRESS_SELECT_DEBUG_OUTPUT=y
+CONFIG_SUPPORT_TERMIOS=y
+CONFIG_SEMIHOSTFS_MAX_MOUNT_POINTS=1
+CONFIG_SEMIHOSTFS_HOST_PATH_MAX_LEN=128
+# End of deprecated options