How to handle Certificate and SPIFFS update

How to handle Certificate and SPIFFS update

Hi All out there ... I'm still a newbe after three month, but got a few different ESP32 projects to run. As I haven't found sufficient enough information at the WIKI, Discord and from "Mrs Google", I'll try this new channel.

I have started quite well and running my Solartrol project, which I really need to update OTA and like the others to do as well. Just as I changed to use SPIFFS for hosting webserver files a month ago. Since then I'm getting a reply from the IoTAppStory server, that the cerificate is missing... and no updates. So I did the updates in the classical way through USB tll yesterday. Then I installed the basic sketch from Arduino IDE and updated with my project sketch - successfully. But again I can only update through the configuration mode andneed to update the certificate everytime.

I asume, that it is due to a full image update of SPIFFS every time and so overwriting the stored certificate with my new created files.

I'm using PlatformIO and created a cert folder under data, where I (today)stored a copy of the iasRootCa.cer file from GitHub (WebAppToggleBtn example). This still does not solve the problem.

PLEASE help me to understand (first of all) the issues and then give a (step wise explanation) helping hand.

THANKS in advance - I really like this platform !

PS: If you need further infromation, I'll try to deliver asap

Hello ChWuel!

We recently had two other users contact us with the same problem.
Have not yet figured out why people are running into this now, as it used to work perfectly in the past and i dont recall any big changes in this part of the code.

While we (and by we i meen Onno) are looking into the issieu, may i suggest using the following workarround wich was posted in our discord

Schnueck — 03/10/2021
Hi Christiaan. I just tried to do exactly that: download the root certificate from GitHub. But it seems to be in a binary format, not in text format. That file works well for Windows (when double-clicking it, it shows all certificate information in the Windows certificate app), but when I put it into the "data/cert" folder and upload the SPIFFS image to my ESP32, it does not work. Something complained about wrong certificate format. Only when I copy/pase the certificate text code out of "/examples/Loaders/IASLoader/IASLoader.ino" lines 35 to 59 and remove all unnecessary characters (" \n ...) and put that into a file in cert folder it works.

In response to Christiaan Broeders (View post):

Hello ChWuel!We recently had two other users contact us with the same problem.Have not yet figured o...

I'm running into this issue now. It appears that when you put files into a sub-directory in {project}/src/data, Platformio will put those files into the root of the SPIFFS image, ie. it seem to strip /cert from /cert/iasRootCa.cer. Could you modify the library to also check for /iasRootCa.cer ?

In response to Munger (View post):

I'm running into this issue now. It appears that when you put files into a sub-directory in {project...

Thank you very much for this insight, i shall look into it and discuss with Onno how and when we can implement this fix

In response to Christiaan Broeders (View post):

Thank you very much for this insight, i shall look into it and discuss with Onno how and when we can...

I've read from a few sources that SPIFFS will be deprecated by Espressiv at some time in the future in favour of LittleFS. SPIFFS is certainly not maintained anymore so it may well be worth taking this into consideration. I've forked your GitHub repo and am trying to get a LittleFS build working right now. 

In response to Munger (View post):

I've read from a few sources that SPIFFS will be deprecated by Espressiv at some time in the future...

This is correct and we are aware of this, it will be addressed in the next update of the library.

My fork seems to be working with both SPIFFS and LittleFS. If you build in PlatformIO with -DESP_USELITTLEFS=1 then you get LittleFS (unsurprisingly!), otherwise it defaults to SPIFFS. All references to SPIFFS have been changed to FILESYSTEM which is defined accordingly.

I added a constant, FS_CREATE_DIR_PATH, which should be passed to FILESYSTEM.open() as the 'create' parameter if you wish to create a new file if it doesn't already exist, This is because LittleFS has real directories whereas SPIFFS allows '/' characters in filenames to simulate a directory structure. I haven't yet checked the examples to add this fix.

I'm sure I may have broken a few things in my attempt to fudge your lovely library, but It Works For Me! (tm)

Please feel free to ignore this fork or tear it to shreds if you wish. 😀

As a side note, your existing code examples have an issue if you wish your app to use SPIFFS (or LittleFS) to store stuff other than certificates, e.g. static code for web pages. When the project uses a data folder to populate the file system image for uploading to IOTAppStory.com, the certificate file should also exist in the image otherwise the certificate written by iasloader will be obliterated. Adding {project folder}/data/cert/iasRootCA.cer works for LittleFS but cannot work for SPIFFS due to PlatformIO moving it to the root level of the filesystem as previously mentioned.

I've gained a significant academic advantage through the simplified essay ordering process on this website. It's more writing a residency personal statement than  just a platform; it's a catalyst for my success. With a few clicks, I can access expertly written essays that align with my academic goals, allowing me to thrive in my studies.

The issue you're encountering is likely due to the way you're updating the SPIFFS partition. When you perform a full image update of SPIFFS, it overwrites all the files on the NBA Grid  partition, including the certificate file. This is why you need to update the certificate every time you update your project sketch.

Implement a secure mechanism for updating certificates. This might involve checking for updates from a secure server, verifying the authenticity of the new certificates, Watermelon Game and then applying the update.

This function is not party off the aim of this library , Maybe look at UDHttp. buy cs2 accounts