Compile errors when not using the embeded bundle

[Onno-Dirkzwager]

Hi @Duckle29,
great work! As you might have read here I forked and extended your modified library with a function to load the certificate bundle from SPIFFS.

https://github.com./Onno-Dirkzwager/esp32-certBundle?organization=Onno-Dirkzwager&organization=Onno-Dirkzwager

While doing so I discovered that if people would use this library without the bundle or platform.ini scripts compile errors will occur:

.pio\build\esp32dev\lib499\libWiFiClientSecure.a(esp_crt_bundle.c.o):(.literal.esp_crt_bundle_attach+0x8): undefined reference to `_binary_x509_crt_bundle_start'

Simply commenting out this line solves the compile error (as it is not even used when loading from SPIFFS or not using the bundle at all)
Onno-Dirkzwager@b365a4a

Ideally, we would not modify the esp_crt_bundle.c file at all..... I think I'm missing something and hope that we can work this out together. As these modifications will be very useful for a lot of people.

Any ideas?

[Onno-Dirkzwager]

Btw I can comment out these 2 lines without affecting your sketch in any way:

https://github.com./Onno-Dirkzwager/esp32-certBundle/blob/main/include/main.hpp#L12

Using your bool use_bundled it will use "x509_crt_imported_bundle_bin_start" anyway:
https://github.com./Duckle29/esp32-certBundle/blob/main/lib/WiFiClientSecure/src/esp_crt_bundle.c#L185

[Duckle29]

Ahh right. Probably some leftover code from messing around with it. Yeah the start address is defined in the espressiff files

Thanks for picking it up. My intentions with the sketch was to get something working, and then try and work it into a PR-suitable state. I like your idea of allowing the use of SPIFFS, but I'd also like to retain the functionality of using an embedded bundle, if one doesn't wish to use a file system for whatever reason.

I think we can get around that check if we supply an x509_bundle to [esp_crt_bundle_init(https://github.com./Onno-Dirkzwager/esp32-certBundle/blob/main/lib/WiFiClientSecure/src/esp_crt_bundle.c#L164), as the pointer then wouldn't be nullptr

Is it possible to generate such an object from your streamer (I haven't looked other projects have swamped me recently :))

[Duckle29]

Another thing I'm not familiar with, is how the Arduino IDE would work with this kinda flow. Is there a similar option to run a pre-script to generate and upload/embedd the bundle?

[Onno-Dirkzwager]

I'll dive deaper into your previous reply tomorrow from a pc..

First thoughts :

• I think we should support both options!
• But without breaking the other options.
• As far as I know Ard IDE does not support these scripts.
• I wanted to address SPIFFS for some months now but never came around to do it. Your mods speeded up the process and made mine easy as you already included the necessary files.
• SPIFFS / SD was the initial question of the issue.

[Onno-Dirkzwager]

I think we can get around that check if we supply an x509_bundle to [esp_crt_bundle_init(https://github.com./Onno-Dirkzwager/esp32-certBundle/blob/main/lib/WiFiClientSecure/src/esp_crt_bundle.c#L164), as the pointer then wouldn't be nullptr

Is it possible to generate such an object from your streamer (I haven't looked other projects have swamped me recently :))

@Duckle29
thankyou for your answer. I think our issue is bigger as you might expect.....even without my additions to the code, the end-user cannot compile in PIO without the extra_scripts and ard_build.embed_txtfiles defined in platform.ini. The users of this library might want to use the other existing options like setCACert, loadCACert etc. Instead of our bundle, embedded or by stream.

Unfortunately it currently fails even if we comment everyting out execpt WiFiClientSecure *client = new WiFiClientSecure; in your example.

Our issue seems to be that the compiler checks the esp_crt_bundle.c even when it is not used....

As you are swamped out, here's the rundown of my function:
The loadCertBundle function I added (similar to the existing loadCACert & loadCertificate)
supplies the esp_crt_bundle_set function with a x509_bundle. Which in turn supplies the esp_crt_bundle_init with a x509_bundle So the pointer you are refering to is already being set.

[Onno-Dirkzwager]

@Duckle29
I tried everything I could come up with.... but I'm not going to solve this anytime soon. My current knowledge only goes so far... And it seems you won't have the time.

Do you mind if I try and get the others from the original issue, who inspired you to use the esp_crt_bundle.h, involved?

[Duckle29]

I don't mind at all :) I'll probably poke at it at some point too. Just can't right now .

[Onno-Dirkzwager]

@Duckle29
I did not directly realise it when reading but @meltdown03 had a simple and good idea: use a define in our build_flags.

Probably different as he had in mind but this is how I did it:

Add the following to your platform.ini build_flags = -D EMBEDDED_BUNDLE=true

Which will enable the embedded bundle when not using loadCertBundle(Stream& stream, size_t size)

Now all the other (and Arduino IDE;) users can still use the other WiFiClientSecure options and compile without the compile error:
.pio\build\esp32dev\lib499\libWiFiClientSecure.a(esp_crt_bundle.c.o):(.literal.esp_crt_bundle_attach+0x8): undefined reference to `_binary_x509_crt_bundle_start'
collect2.exe: error: ld returned 1 exit status
*** [.pio\build\esp32dev\firmware.elf] Error 1

[Onno-Dirkzwager]

@Duckle29
I know you're a busy guy, but I was wondering if you could give your thoughts on the build_flag mentioned in my previous post.

And let's think about bundling our work in a PR because I think we are ready to share our mods.