diff --git a/samples/net/sockets/big_http_download/CMakeLists.txt b/samples/net/sockets/big_http_download/CMakeLists.txt index 3d13545f6dd..c0d6d6c9654 100644 --- a/samples/net/sockets/big_http_download/CMakeLists.txt +++ b/samples/net/sockets/big_http_download/CMakeLists.txt @@ -8,11 +8,3 @@ FILE(GLOB app_sources src/*.c) target_sources(app PRIVATE ${app_sources}) include(${ZEPHYR_BASE}/samples/net/common/common.cmake) - -set(gen_dir ${ZEPHYR_BINARY_DIR}/include/generated/) - -generate_inc_file_for_target( - app - src/lets-encrypt-r3.der - ${gen_dir}/lets-encrypt-r3.der.inc - ) diff --git a/samples/net/sockets/big_http_download/overlay-tls.conf b/samples/net/sockets/big_http_download/overlay-tls.conf index 01fdeb44863..28ac8d4bc7d 100644 --- a/samples/net/sockets/big_http_download/overlay-tls.conf +++ b/samples/net/sockets/big_http_download/overlay-tls.conf @@ -7,7 +7,8 @@ CONFIG_MBEDTLS_BUILTIN=y CONFIG_MBEDTLS_ENABLE_HEAP=y CONFIG_MBEDTLS_HEAP_SIZE=60000 CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=16384 +CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT=y CONFIG_NET_SOCKETS_SOCKOPT_TLS=y -CONFIG_SAMPLE_BIG_HTTP_DL_URL="https://www.7-zip.org/a/7z1805.exe" +CONFIG_SAMPLE_BIG_HTTP_DL_URL="https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/git/1:2.34.1-1ubuntu1/git_2.34.1.orig.tar.xz" diff --git a/samples/net/sockets/big_http_download/src/big_http_download.c b/samples/net/sockets/big_http_download/src/big_http_download.c index 4203de9d2c3..88afa96ccf5 100644 --- a/samples/net/sockets/big_http_download/src/big_http_download.c +++ b/samples/net/sockets/big_http_download/src/big_http_download.c @@ -48,11 +48,7 @@ static char download_url[MAX_URL_LENGTH] = #if defined(CONFIG_SAMPLE_BIG_HTTP_DL_URL) CONFIG_SAMPLE_BIG_HTTP_DL_URL; #else -#if !defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) "http://archive.ubuntu.com/ubuntu/dists/xenial/main/installer-amd64/current/images/hd-media/vmlinuz"; -#else - "https://www.7-zip.org/a/7z1805.exe"; -#endif /* !defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) */ #endif /* defined(CONFIG_SAMPLE_BIG_HTTP_DL_URL) */ /* Quick testing. */ /* "http://google.com/foo";*/ @@ -62,7 +58,8 @@ static uint8_t download_hash[32] = #if !defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) "\x33\x7c\x37\xd7\xec\x00\x34\x84\x14\x22\x4b\xaa\x6b\xdb\x2d\x43\xf2\xa3\x4e\xf5\x67\x6b\xaf\xcd\xca\xd9\x16\xf1\x48\xb5\xb3\x17"; #else -"\x64\x7a\x9a\x62\x11\x62\xcd\x7a\x50\x08\x93\x4a\x08\xe2\x3f\xf7\xc1\x13\x5d\x6f\x12\x61\x68\x9f\xd9\x54\xaa\x17\xd5\x0f\x97\x29"; +"\x3a\x07\x55\xdd\x1c\xfa\xb7\x1a\x24\xdd\x96\xdf\x34\x98\xc2\x9c" +"\xd0\xac\xd1\x3b\x04\xf3\xd0\x8b\xf9\x33\xe8\x12\x86\xdb\x80\x2c"; #endif /* !defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) */ #define SSTRLEN(s) (sizeof(s) - 1) diff --git a/samples/net/sockets/big_http_download/src/ca_certificate.h b/samples/net/sockets/big_http_download/src/ca_certificate.h index f59796c35bc..4f3e2e266b5 100644 --- a/samples/net/sockets/big_http_download/src/ca_certificate.h +++ b/samples/net/sockets/big_http_download/src/ca_certificate.h @@ -13,9 +13,10 @@ * certificate in PEM format, you can enable support for it in Kconfig. */ -/* Let's Encrypt Authority X3 for https://www.7-zip.org */ -static const unsigned char ca_certificate[] = { -#include "lets-encrypt-r3.der.inc" -}; +/* ISRG Root X1 for https://launchpad.net/ubuntu */ +static const unsigned char ca_certificate[] = +#include "isrgrootx1.pem" +; + #endif /* __CA_CERTIFICATE_H__ */ diff --git a/samples/net/sockets/big_http_download/src/isrgrootx1.pem b/samples/net/sockets/big_http_download/src/isrgrootx1.pem new file mode 100644 index 00000000000..1aa829d4ce1 --- /dev/null +++ b/samples/net/sockets/big_http_download/src/isrgrootx1.pem @@ -0,0 +1,31 @@ +"-----BEGIN CERTIFICATE-----\n" +"MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw\n" +"TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\n" +"cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4\n" +"WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu\n" +"ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY\n" +"MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc\n" +"h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+\n" +"0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U\n" +"A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW\n" +"T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH\n" +"B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC\n" +"B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv\n" +"KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn\n" +"OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn\n" +"jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw\n" +"qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI\n" +"rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV\n" +"HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq\n" +"hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL\n" +"ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ\n" +"3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK\n" +"NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5\n" +"ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur\n" +"TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC\n" +"jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc\n" +"oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq\n" +"4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA\n" +"mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d\n" +"emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=\n" +"-----END CERTIFICATE-----\n" diff --git a/samples/net/sockets/big_http_download/src/lets-encrypt-r3.der b/samples/net/sockets/big_http_download/src/lets-encrypt-r3.der deleted file mode 100644 index 2d66ea723ea..00000000000 Binary files a/samples/net/sockets/big_http_download/src/lets-encrypt-r3.der and /dev/null differ