The ESP-12E module of the ESPCLOCK V2.0 project is done. All the clock control logic has been shifted to the ATtiny85 module, so the ESP-12E is only in-charged of periodically getting the NTP time, converting to local time, and sending it via I2C to the ATtiny85.
One of the unresolved problems in the original ESPCLOCK project is calling the Google Timezone API via HTTPS. Because Google's HTTPS cert is different for servers in different geographical locations, this presents a problem for the original code:
The solution I used is the one outlined in this comment.
The idea is to use WiFiClientSecure to access the API, but without using client.verify() to verify the fingerprint. So this works with changing cert fingerprints. The downside is of course we are totally bypass the security feature of HTTPS, which I think is a reasonable trade-off for this particular application.
One of the unresolved problems in the original ESPCLOCK project is calling the Google Timezone API via HTTPS. Because Google's HTTPS cert is different for servers in different geographical locations, this presents a problem for the original code:
const String GOOGLE_API_URL = "https://maps.googleapis.com/maps/api/timezone/json?location=[loc]×tamp=[ts]"; const char* GOOGLE_API_CERT = "AD:B8:13:99:64:F5:75:F5:78:5C:FA:43:19:EA:8F:AF:2B:AE:54:FE"; ... HTTPClient http; http.begin(url.c_str(), GOOGLE_API_CERT); int rc = http.GET();
The solution I used is the one outlined in this comment.
const String GOOGLE_API_URL = "https://maps.googleapis.com/maps/api/timezone/json?location=[loc]×tamp=[ts]"; ... char buf[256]; String url = GOOGLE_API_URL; url.replace("[loc]", loc); snprintf(buf, sizeof(buf), "%u", ntpTime); url.replace("[ts]", buf); WiFiClientSecure client; if (!client.connect(GOOGLE_API_HOST.c_str(), 443)) { debug("Unable to connect: %s", GOOGLE_API_HOST.c_str()); return false; } client.print(String("GET ") + url + " HTTP/1.1\r\n" + "Host: " + GOOGLE_API_HOST + "\r\n" + "User-Agent: ESPCLOCK\r\n" + "Connection: close\r\n\r\n"); while (client.connected()) { String header = client.readStringUntil('\n'); if (header == "\r") break; // Headers received } String payload = client.readStringUntil('\r');
The idea is to use WiFiClientSecure to access the API, but without using client.verify() to verify the fingerprint. So this works with changing cert fingerprints. The downside is of course we are totally bypass the security feature of HTTPS, which I think is a reasonable trade-off for this particular application.
Comments
Post a Comment