0.0.9 make certsector 4096 again with first byte as activator and mak…

…e verify only act if changed verify on/off crashes most of the time…
HomeACcessoryKid · Apr 8, 2018 · 0c804f9 · 0c804f9
1 parent 110c3c0
commit 0c804f9
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 26 deletions.
diff --git a/certificates/0.0.8v/certs.sector → certificates/0.0.9v/certs.sector b/certificates/0.0.8v/certs.sector → certificates/0.0.9v/certs.sector
diff --git a/certificates/0.0.8v/otaboot.bin → certificates/0.0.9v/otaboot.bin b/certificates/0.0.8v/otaboot.bin → certificates/0.0.9v/otaboot.bin
diff --git a/certificates/0.0.8v/otamain.bin → certificates/0.0.9v/otamain.bin b/certificates/0.0.8v/otamain.bin → certificates/0.0.9v/otamain.bin
diff --git a/src/ota.c b/src/ota.c
@@ -350,36 +350,40 @@ void  ota_set_verify(int onoff) {
 
     if (onoff) {
         printf("ON\n");
-        verify=1;
-        do {
-            if (!spiflash_read(active_cert_sector+PKEYSIZE+(ret++), (byte *)abyte, 1)) {
-                printf("error reading flash\n");
-                break;
+        if (verify==0) {
+            verify= 1;
+            do {
+                if (!spiflash_read(active_cert_sector+PKEYSIZE+(ret++), (byte *)abyte, 1)) {
+                    printf("error reading flash\n");
+                    break;
+                }
+            } while (abyte[0]!=0xff); ret--;
+            printf("certs size: %d\n",ret);
+            byte *certs=malloc(ret);
+            spiflash_read(active_cert_sector+PKEYSIZE, (byte *)certs, ret);
+
+            ret=wolfSSL_CTX_load_verify_buffer(ctx, certs, ret, SSL_FILETYPE_PEM);
+            if ( ret != SSL_SUCCESS) {
+                printf("fail cert loading, return %d\n", ret);
             }
-        } while (abyte[0]!=0xff); ret--;
-        printf("certs size: %d\n",ret);
-        byte *certs=malloc(ret);
-        spiflash_read(active_cert_sector+PKEYSIZE, (byte *)certs, ret);
-
-        ret=wolfSSL_CTX_load_verify_buffer(ctx, certs, ret, SSL_FILETYPE_PEM);
-        if ( ret != SSL_SUCCESS) {
-            printf("fail cert loading, return %d\n", ret);
+            free(certs);
+
+            time_t ts;
+            do {
+                ts = time(NULL);
+                if (ts == ((time_t)-1)) printf("ts=-1, ");
+                vTaskDelay(1);
+            } while (!(ts>1073741823)); //2^30-1 which is supposed to be like 2004
+            printf("TIME: %s", ctime(&ts)); //we need to have the clock right to check certificates
+
+            wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
         }
-        free(certs);
-
-        time_t ts;
-        do {
-            ts = time(NULL);
-            if (ts == ((time_t)-1)) printf("ts=-1, ");
-            vTaskDelay(1);
-        } while (!(ts>1073741823)); //2^30-1 which is supposed to be like 2004
-        printf("TIME: %s", ctime(&ts)); //we need to have the clock right to check certificates
-
-        wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
     } else {
         printf("OFF\n");
-        verify=0;
-        wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
+        if (verify==1) {
+            verify= 0;
+            wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
+        }
     }
 }