From 2a02f4f9a918b6ab2a3e5c819c3dfb76825f0c21 Mon Sep 17 00:00:00 2001
From: Robert Lubos <robert.lubos@nordicsemi.no>
Date: Wed, 7 Dec 2022 13:35:00 +0100
Subject: [PATCH] samples: net: big_http_download: Update URL for TLS download

The old link has expired, the file is no longer avaiable to download.

Update the download link, which now leads to a file in Ubuntu
repositories for the recent LTS release, hopefully making the link valid
for longer period.

As the server ceritficate is signed by a different root CA, update the
root CA as well.

Finally, cleanup how the URL is handled in the sample - for TLS variant
it'll always be provided with a Kconfig, hence no need to repeat it in
the sample.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
---
 .../sockets/big_http_download/CMakeLists.txt  |   8 -----
 .../big_http_download/overlay-tls.conf        |   3 +-
 .../big_http_download/src/big_http_download.c |   7 ++--
 .../big_http_download/src/ca_certificate.h    |   9 ++---
 .../big_http_download/src/isrgrootx1.pem      |  31 ++++++++++++++++++
 .../big_http_download/src/lets-encrypt-r3.der | Bin 1306 -> 0 bytes
 6 files changed, 40 insertions(+), 18 deletions(-)
 create mode 100644 samples/net/sockets/big_http_download/src/isrgrootx1.pem
 delete mode 100644 samples/net/sockets/big_http_download/src/lets-encrypt-r3.der

diff --git a/samples/net/sockets/big_http_download/CMakeLists.txt b/samples/net/sockets/big_http_download/CMakeLists.txt
index 3d13545f6dd..c0d6d6c9654 100644
--- a/samples/net/sockets/big_http_download/CMakeLists.txt
+++ b/samples/net/sockets/big_http_download/CMakeLists.txt
@@ -8,11 +8,3 @@ FILE(GLOB app_sources src/*.c)
 target_sources(app PRIVATE ${app_sources})
 
 include(${ZEPHYR_BASE}/samples/net/common/common.cmake)
-
-set(gen_dir ${ZEPHYR_BINARY_DIR}/include/generated/)
-
-generate_inc_file_for_target(
-    app
-    src/lets-encrypt-r3.der
-    ${gen_dir}/lets-encrypt-r3.der.inc
-    )
diff --git a/samples/net/sockets/big_http_download/overlay-tls.conf b/samples/net/sockets/big_http_download/overlay-tls.conf
index 01fdeb44863..28ac8d4bc7d 100644
--- a/samples/net/sockets/big_http_download/overlay-tls.conf
+++ b/samples/net/sockets/big_http_download/overlay-tls.conf
@@ -7,7 +7,8 @@ CONFIG_MBEDTLS_BUILTIN=y
 CONFIG_MBEDTLS_ENABLE_HEAP=y
 CONFIG_MBEDTLS_HEAP_SIZE=60000
 CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=16384
+CONFIG_MBEDTLS_PEM_CERTIFICATE_FORMAT=y
 
 CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
 
-CONFIG_SAMPLE_BIG_HTTP_DL_URL="https://www.7-zip.org/a/7z1805.exe"
+CONFIG_SAMPLE_BIG_HTTP_DL_URL="https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/git/1:2.34.1-1ubuntu1/git_2.34.1.orig.tar.xz"
diff --git a/samples/net/sockets/big_http_download/src/big_http_download.c b/samples/net/sockets/big_http_download/src/big_http_download.c
index 4203de9d2c3..88afa96ccf5 100644
--- a/samples/net/sockets/big_http_download/src/big_http_download.c
+++ b/samples/net/sockets/big_http_download/src/big_http_download.c
@@ -48,11 +48,7 @@ static char download_url[MAX_URL_LENGTH] =
 #if defined(CONFIG_SAMPLE_BIG_HTTP_DL_URL)
     CONFIG_SAMPLE_BIG_HTTP_DL_URL;
 #else
-#if !defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS)
     "http://archive.ubuntu.com/ubuntu/dists/xenial/main/installer-amd64/current/images/hd-media/vmlinuz";
-#else
-    "https://www.7-zip.org/a/7z1805.exe";
-#endif /* !defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) */
 #endif /* defined(CONFIG_SAMPLE_BIG_HTTP_DL_URL) */
 /* Quick testing. */
 /*    "http://google.com/foo";*/
@@ -62,7 +58,8 @@ static uint8_t download_hash[32] =
 #if !defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS)
 "\x33\x7c\x37\xd7\xec\x00\x34\x84\x14\x22\x4b\xaa\x6b\xdb\x2d\x43\xf2\xa3\x4e\xf5\x67\x6b\xaf\xcd\xca\xd9\x16\xf1\x48\xb5\xb3\x17";
 #else
-"\x64\x7a\x9a\x62\x11\x62\xcd\x7a\x50\x08\x93\x4a\x08\xe2\x3f\xf7\xc1\x13\x5d\x6f\x12\x61\x68\x9f\xd9\x54\xaa\x17\xd5\x0f\x97\x29";
+"\x3a\x07\x55\xdd\x1c\xfa\xb7\x1a\x24\xdd\x96\xdf\x34\x98\xc2\x9c"
+"\xd0\xac\xd1\x3b\x04\xf3\xd0\x8b\xf9\x33\xe8\x12\x86\xdb\x80\x2c";
 #endif /* !defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) */
 
 #define SSTRLEN(s) (sizeof(s) - 1)
diff --git a/samples/net/sockets/big_http_download/src/ca_certificate.h b/samples/net/sockets/big_http_download/src/ca_certificate.h
index f59796c35bc..4f3e2e266b5 100644
--- a/samples/net/sockets/big_http_download/src/ca_certificate.h
+++ b/samples/net/sockets/big_http_download/src/ca_certificate.h
@@ -13,9 +13,10 @@
  * certificate in PEM format, you can enable support for it in Kconfig.
  */
 
-/* Let's Encrypt Authority X3 for https://www.7-zip.org */
-static const unsigned char ca_certificate[] = {
-#include "lets-encrypt-r3.der.inc"
-};
+/* ISRG Root X1 for https://launchpad.net/ubuntu */
+static const unsigned char ca_certificate[] =
+#include "isrgrootx1.pem"
+;
+
 
 #endif /* __CA_CERTIFICATE_H__ */
diff --git a/samples/net/sockets/big_http_download/src/isrgrootx1.pem b/samples/net/sockets/big_http_download/src/isrgrootx1.pem
new file mode 100644
index 00000000000..1aa829d4ce1
--- /dev/null
+++ b/samples/net/sockets/big_http_download/src/isrgrootx1.pem
@@ -0,0 +1,31 @@
+"-----BEGIN CERTIFICATE-----\n"
+"MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw\n"
+"TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\n"
+"cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4\n"
+"WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu\n"
+"ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY\n"
+"MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc\n"
+"h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+\n"
+"0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U\n"
+"A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW\n"
+"T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH\n"
+"B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC\n"
+"B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv\n"
+"KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn\n"
+"OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn\n"
+"jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw\n"
+"qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI\n"
+"rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV\n"
+"HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq\n"
+"hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL\n"
+"ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ\n"
+"3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK\n"
+"NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5\n"
+"ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur\n"
+"TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC\n"
+"jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc\n"
+"oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq\n"
+"4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA\n"
+"mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d\n"
+"emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=\n"
+"-----END CERTIFICATE-----\n"
diff --git a/samples/net/sockets/big_http_download/src/lets-encrypt-r3.der b/samples/net/sockets/big_http_download/src/lets-encrypt-r3.der
deleted file mode 100644
index 2d66ea723ea4f983874b3ffacdf612bd90e150d7..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1306
zcmXqLVihxJV*0m$nTe5!NswWpHiy@F9*O0_->&JYE{~5g;AP{~YV&CO&dbQi&B|cl
zZ^&)H$;KSY!Y0fV8f>U(pbp}22`hN!m82HsrIsiJrzV#cWtLPb1f>?ICKe@UD7Y8p
zmlha`8VG}wG7Ix~1_!w-1m)+KC`1?<$cghB85md^m>7UT6p(9bU}<P-Xa?d(85p5j
zC}to6v5?m%wM4yG!8I?rsIs60rifXXDahEMiBSpJ-HfaZ%uS5^3_x)%rY1&4hTTk}
z8fU&Om~xq4=uL0vq{Ba&KF(ZL<<zk}R&CW*?VU$`Hm>i>{#klr@pXRpDI%e!;XU(K
zEV7jR+GOLj(l76;^<ll+y$3eLe2%nu{`P$4hbV68eFvtfsJ8zyFWfBrTxQL~+3#;Z
zv33n|owo8|@HvwcLGQM%d)t36q2STdkk#9A`KB**Fv-@wyeI8-nn}&C?C$<>&6z(8
z#AA0A<^OIxy7p3Agsu4T=bXDgYJYFLbMRJS>=n1iXV$77?AVi#UYfS~qr~?`G0%ek
zTXk%6U;1BI;?)e!a{IZ#KhHBh{kp6`Tx5OnlK(R|Po8@xcsbiYk5<`*nd?+bcMG2h
zV*dIzaAEgtQ6^?a2FArrj2yraVKLwX2B<7QBjbM-7GNT1Gmr)GRarnG&7sZ4$jZvj
z%mimK8VG@;g+a<W4A_7a6C(pe3m=OZi-?HcX7TM2VW-yxa5_AbUq827<j^q#d5{)m
z76}8f29e4wk<Y5PJ$=Gh+`!RsLMr0h%h`DbMlkak8Clc}R1B10d;_L7v5b<E0xNy}
z3PZh2y_{5FeCy>GrR#$eo~%5Jf`OcY%mS$e637aZkrgU|Y*%2BHjp&nU}H;f<Y8oD
z1SSt|px;;+o9+X>0^%a4a^@zWr&>?>x!W!N-s;l2=W2SzrWwg=OMT_0*&3%7h3Gae
zcy;*g4~6~lXSNqGY|pd)7B}VI6NUN9-gj?ee!gg{n9am<Ti#kSJ+D#ia(|YZXYcmq
z=7)1rwBLoC6WY_G?!DvS4E;sx&lXPf;@Ey-hjKNGF2_%faJ%N4EXG{!iWQtq>W8&X
z%-(q}=2Oav1N$lu`1j?y@Wf5pt@piK;Nc5d7tPy|3U8BlD*g~sn=(0kfov+vK`y0r
z0=&-C7fQ(2J$TS&zBOv&UW5JZdD>e475$`H4}X=I{vmG7;iWsWKIrYSHs1Np``(#9
zPu90^x7i;EbvFB!@z6{>t8eDT|4SW~n`}RDA=%Q@vNZ40uCf!8nO?5+&JjPy!*p|R
z<L~*~Gp?|uZf>$I5B||t$-I`!kiAsP`9|pUq9dAo-;c!loml7AVsQOaYrMq5%H7Z7
z3cA@JwoN{~v;R(Fp{myU`)^ePf-<@%-FbR#>*HIs7us`L6b;ukef_<2^@&b#+lM|+
zE%?6e)!sX;QRMa2+qMeJ>mn~d`VsLndWXl^e=+`In*ZcNmDisT+|c`~X7U7a{l9A#
zak{(Ne|WiJ`+p7J45Mr5adMf9C-3+=w_Bh4Qjqhqe53GGU!%tR7QwBtb+KuhuXfyh
uGIi_Otzkk=XOH+DQ?+mj$bEB;AyneuOV5-mey66-*%E!Ac*W`+?uP)U>;Po|