Merge pull request #632 from david-cermak/fix/ci_jobs

[CI]: Fixes with recent IDF updates

Author: david-cermak

.github/workflows/examples_build-host-test.yml

@@ -14,12 +14,17 @@ jobs:
     strategy:
       matrix:
         idf_ver: ["latest", "release-v5.1", "release-v5.2", "release-v5.3"]
+        include:
+          - idf_ver: "latest"
+            warning: "Warning: The smallest app partition is nearly full"
     runs-on: ubuntu-22.04
     container: espressif/idf:${{ matrix.idf_ver }}
     steps:
       - name: Checkout esp-protocols
         uses: actions/checkout@v4
       - name: Build with IDF-${{ matrix.idf_ver }}
+        env:
+          EXPECTED_WARNING: ${{ matrix.warning }}
         shell: bash
         run: |
           . ${IDF_PATH}/export.sh

components/esp_websocket_client/examples/target/main/CMakeLists.txt

@@ -10,12 +10,6 @@ set(EMBED_FILES "") # Initialize an empty list for files to embed
         "certs/client_key.pem")
 #endif()
 
-# For testing purpose we are using CA of wss://echo.websocket.events
-#if(CONFIG_WS_OVER_TLS_SERVER_AUTH)
-    list(APPEND EMBED_FILES
-        "certs/ca_certificate_public_domain.pem")
-#endif()
-
 # Register the component with source files, include dirs, and any conditionally added embedded files
 idf_component_register(SRCS "${SRC_FILES}"
                        INCLUDE_DIRS "${INCLUDE_DIRS}"

components/esp_websocket_client/examples/target/main/certs/ca_certificate_public_domain.pem

@@ -19,6 +19,7 @@
 #include "nvs_flash.h"
 #include "esp_event.h"
 #include "protocol_examples_common.h"
+#include "esp_crt_bundle.h"
 
 #include "freertos/FreeRTOS.h"
 #include "freertos/task.h"
@@ -159,8 +160,12 @@ static void websocket_app_start(void)
     websocket_cfg.client_key = key_start;
     websocket_cfg.client_key_len = key_end - key_start;
 #elif CONFIG_WS_OVER_TLS_SERVER_AUTH
-    extern const char cacert_start[] asm("_binary_ca_certificate_public_domain_pem_start"); // CA cert of wss://echo.websocket.event, modify it if using another server
-    websocket_cfg.cert_pem = cacert_start;
+    // Using certificate bundle as default server certificate source
+    websocket_cfg.crt_bundle_attach = esp_crt_bundle_attach;
+    // If using a custom certificate it could be added to certificate bundle, added to the build similar to client certificates in this examples,
+    // or read from NVS.
+    /* extern const char cacert_start[] asm("ADDED_CERTIFICATE"); */
+    /* websocket_cfg.cert_pem = cacert_start; */
 #endif
 
 #if CONFIG_WS_OVER_TLS_SKIP_COMMON_NAME_CHECK

components/esp_websocket_client/examples/target/main/certs/server_cert.pem renamed to components/esp_websocket_client/examples/target/main/certs/server/server_cert.pem

@@ -52,7 +52,7 @@ def send_data(self, data):
     def run(self):
         if self.use_tls is True:
             ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
-            ssl_context.load_cert_chain(certfile='main/certs/server_cert.pem', keyfile='main/certs/server_key.pem')
+            ssl_context.load_cert_chain(certfile='main/certs/server/server_cert.pem', keyfile='main/certs/server/server_key.pem')
             if self.client_verify is True:
                 ssl_context.load_verify_locations(cafile='main/certs/ca_cert.pem')
                 ssl_context.verify = ssl.CERT_REQUIRED