samples: http_server: consolidate certificate options

Remove the CONFIG_NET_SAMPLE_CERTS_WITH_SC option and make the CA-signed
certificate the only option - there is no real downside to this over
using the unsigned certificate.

Remove adding of CA certificate as a TLS credential on the server, since
this credential is not used by the server. It may be useful to include
in any client code used to communicate with the server, so the
certificate itself is retained.

After this, some TLS tag enumerations are unused so have been removed.

Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
This commit is contained in:
Matt Rodgers 2024-11-25 16:40:23 +00:00 committed by Anas Nashif
commit 45c6553567
9 changed files with 4 additions and 44 deletions

View file

@ -54,15 +54,12 @@ foreach(web_resource
endforeach()
foreach(inc_file
ca.der
server.der
server_cert.der
server_privkey.der
https-server-cert.der
https-server-key.der
)
generate_inc_file_for_target(
app
src/${inc_file}
src/certs/${inc_file}
${gen_dir}/${inc_file}.inc
)
endforeach()

View file

@ -31,13 +31,6 @@ config NET_SAMPLE_PSK_HEADER_FILE
Name of a header file containing a
pre-shared key.
config NET_SAMPLE_CERTS_WITH_SC
bool "Signed certificates"
depends on NET_SOCKETS_SOCKOPT_TLS
help
Enable this flag, if you are interested to run this
application with signed certificates and keys.
config NET_SAMPLE_WEBSOCKET_SERVICE
bool "Enable websocket service"
default y if HTTP_SERVER_WEBSOCKET

View file

@ -8,40 +8,20 @@
#define __CERTIFICATE_H__
enum tls_tag {
/** The Certificate Authority public key */
HTTP_SERVER_CA_CERTIFICATE_TAG,
/** Used for both the public and private server keys */
HTTP_SERVER_CERTIFICATE_TAG,
/** Used for both the public and private client keys */
HTTP_SERVER_CLIENT_CERTIFICATE_TAG,
/* Used for pre-shared key */
PSK_TAG,
};
#if !defined(CONFIG_NET_SAMPLE_CERTS_WITH_SC)
static const unsigned char server_certificate[] = {
#include "https-server-cert.der.inc"
};
/* This is the private key in pkcs#8 format. */
static const unsigned char private_key[] = {
#include "https-server-key.der.inc"
};
#else
static const unsigned char ca_certificate[] = {
#include "ca.der.inc"
};
static const unsigned char server_certificate[] = {
#include "server.der.inc"
#include "server_cert.der.inc"
};
/* This is the private key in pkcs#8 format. */
static const unsigned char private_key[] = {
#include "server_privkey.der.inc"
};
#endif
#if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
#include CONFIG_NET_SAMPLE_PSK_HEADER_FILE

View file

@ -311,16 +311,6 @@ static void setup_tls(void)
#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS)
int err;
#if defined(CONFIG_NET_SAMPLE_CERTS_WITH_SC)
err = tls_credential_add(HTTP_SERVER_CERTIFICATE_TAG,
TLS_CREDENTIAL_CA_CERTIFICATE,
ca_certificate,
sizeof(ca_certificate));
if (err < 0) {
LOG_ERR("Failed to register CA certificate: %d", err);
}
#endif /* defined(CONFIG_NET_SAMPLE_CERTS_WITH_SC) */
err = tls_credential_add(HTTP_SERVER_CERTIFICATE_TAG,
TLS_CREDENTIAL_SERVER_CERTIFICATE,
server_certificate,