build system: Add support for embedded arbitrary binary or text files in .rodata

Simplifies examples of embedding a certificate file or a root cert. This is a much cruder mechanism than the full flash filesystem we want eventually, but still sometimes useful.
2025-10-01 19:35:56 +00:00 · 2016-10-06 12:51:47 +11:00
parent 98a0387854
commit fce359b240
6 changed files with 117 additions and 60 deletions
--- a/examples/04_https_request/main/https_request_main.c
+++ b/examples/04_https_request/main/https_request_main.c
@@ -74,8 +74,18 @@ static const char *REQUEST = "GET " WEB_URL " HTTP/1.1\n"
    "User-Agent: esp-idf/1.0 esp32\n"
    "\n";

-/* Root cert for howsmyssl.com, found in cert.c */
-extern const char *server_root_cert;
+/* Root cert for howsmyssl.com, taken from server_root_cert.pem
+
+   The PEM file was extracted from the output of this command:
+   openssl s_client -showcerts -connect www.howsmyssl.com:443 </dev/null
+
+   The CA root cert is the last cert given in the chain of certs.
+
+   To embed it in the app binary, the PEM file is named
+   in the component.mk COMPONENT_EMBED_TXTFILES variable.
+*/
+extern const uint8_t server_root_cert_pem_start[] asm("_binary_server_root_cert_pem_start");
+extern const uint8_t server_root_cert_pem_end[]   asm("_binary_server_root_cert_pem_end");

 #ifdef MBEDTLS_DEBUG_C

@@ -191,7 +201,9 @@ static void https_get_task(void *pvParameters)

    ESP_LOGI(TAG, "Loading the CA root certificate...");

-    ret = mbedtls_x509_crt_parse(&cacert, (uint8_t*)server_root_cert, strlen(server_root_cert)+1);
+    ret = mbedtls_x509_crt_parse(&cacert, server_root_cert_pem_start,
+                                 server_root_cert_pem_end-server_root_cert_pem_start);
+
    if(ret < 0)
    {
        ESP_LOGE(TAG, "mbedtls_x509_crt_parse returned -0x%x\n\n", -ret);