I have been reviewing all information that I can get on HTTPS client operation in Mongoose OS, and I cannot find a conclusive way to connect to an HTTPS web site. There are several partial examples, some with broken links in the old forum. An up to date example would be a really great thing.
Among the questions:
How to frame up an HTTPS connection with the helper function (i. e. which one to use: mg_connect_http or mg_connect_http_opts, ) and how are these function calls formed up.)
What client CA information is required? It seems to me that in the general case, an HTTPS client MUST be able to provide Server Certificate verification with a CA supplied certificate. Since an embedded client is unlikely to be required to behave like a browser, it is probably sufficient only to get a copy of the certificate for the site or sites that the embedded client is going to access. A practical example would be most welcome.
To me, the “SW ECDH curve 3” message indicates that a TLS handshake is being attempted. When this handshake is unsuccessful, this particular server assumes an HTTP communication and denies access. The likely reason for the the unsuccessful HTTPS handshake is the absence of an appropriate X509 CA certificate in my ESP32’s file system. I think that my successful HTTPS connections to other servers (“www.example.org”) are occurring because those websites have been specifically designed to treat an incoming connection without X509 certificate as HTTP and respond in this fashion.
Please comment on the use of certificates in HTTPS transactions.
User Agent is required to identify your application. This string can be anything, and the more unique to your application the less likely it will be affected by a security event. If you include contact information (website or email), we can contact you if your string is associated to a security event. This will be replaced with an API key in the future.