samples: http_server: consolidate certificate options
Remove the CONFIG_NET_SAMPLE_CERTS_WITH_SC option and make the CA-signed certificate the only option - there is no real downside to this over using the unsigned certificate. Remove adding of CA certificate as a TLS credential on the server, since this credential is not used by the server. It may be useful to include in any client code used to communicate with the server, so the certificate itself is retained. After this, some TLS tag enumerations are unused so have been removed. Signed-off-by: Matt Rodgers <mrodgers@witekio.com>
This commit is contained in:
parent
2d60d248e8
commit
45c6553567
9 changed files with 4 additions and 44 deletions
|
@ -54,15 +54,12 @@ foreach(web_resource
|
|||
endforeach()
|
||||
|
||||
foreach(inc_file
|
||||
ca.der
|
||||
server.der
|
||||
server_cert.der
|
||||
server_privkey.der
|
||||
https-server-cert.der
|
||||
https-server-key.der
|
||||
)
|
||||
generate_inc_file_for_target(
|
||||
app
|
||||
src/${inc_file}
|
||||
src/certs/${inc_file}
|
||||
${gen_dir}/${inc_file}.inc
|
||||
)
|
||||
endforeach()
|
||||
|
|
|
@ -31,13 +31,6 @@ config NET_SAMPLE_PSK_HEADER_FILE
|
|||
Name of a header file containing a
|
||||
pre-shared key.
|
||||
|
||||
config NET_SAMPLE_CERTS_WITH_SC
|
||||
bool "Signed certificates"
|
||||
depends on NET_SOCKETS_SOCKOPT_TLS
|
||||
help
|
||||
Enable this flag, if you are interested to run this
|
||||
application with signed certificates and keys.
|
||||
|
||||
config NET_SAMPLE_WEBSOCKET_SERVICE
|
||||
bool "Enable websocket service"
|
||||
default y if HTTP_SERVER_WEBSOCKET
|
||||
|
|
|
@ -8,40 +8,20 @@
|
|||
#define __CERTIFICATE_H__
|
||||
|
||||
enum tls_tag {
|
||||
/** The Certificate Authority public key */
|
||||
HTTP_SERVER_CA_CERTIFICATE_TAG,
|
||||
/** Used for both the public and private server keys */
|
||||
HTTP_SERVER_CERTIFICATE_TAG,
|
||||
/** Used for both the public and private client keys */
|
||||
HTTP_SERVER_CLIENT_CERTIFICATE_TAG,
|
||||
/* Used for pre-shared key */
|
||||
PSK_TAG,
|
||||
};
|
||||
|
||||
#if !defined(CONFIG_NET_SAMPLE_CERTS_WITH_SC)
|
||||
static const unsigned char server_certificate[] = {
|
||||
#include "https-server-cert.der.inc"
|
||||
};
|
||||
|
||||
/* This is the private key in pkcs#8 format. */
|
||||
static const unsigned char private_key[] = {
|
||||
#include "https-server-key.der.inc"
|
||||
};
|
||||
|
||||
#else
|
||||
|
||||
static const unsigned char ca_certificate[] = {
|
||||
#include "ca.der.inc"
|
||||
};
|
||||
|
||||
static const unsigned char server_certificate[] = {
|
||||
#include "server.der.inc"
|
||||
#include "server_cert.der.inc"
|
||||
};
|
||||
|
||||
/* This is the private key in pkcs#8 format. */
|
||||
static const unsigned char private_key[] = {
|
||||
#include "server_privkey.der.inc"
|
||||
};
|
||||
#endif
|
||||
|
||||
#if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
|
||||
#include CONFIG_NET_SAMPLE_PSK_HEADER_FILE
|
||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -311,16 +311,6 @@ static void setup_tls(void)
|
|||
#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS)
|
||||
int err;
|
||||
|
||||
#if defined(CONFIG_NET_SAMPLE_CERTS_WITH_SC)
|
||||
err = tls_credential_add(HTTP_SERVER_CERTIFICATE_TAG,
|
||||
TLS_CREDENTIAL_CA_CERTIFICATE,
|
||||
ca_certificate,
|
||||
sizeof(ca_certificate));
|
||||
if (err < 0) {
|
||||
LOG_ERR("Failed to register CA certificate: %d", err);
|
||||
}
|
||||
#endif /* defined(CONFIG_NET_SAMPLE_CERTS_WITH_SC) */
|
||||
|
||||
err = tls_credential_add(HTTP_SERVER_CERTIFICATE_TAG,
|
||||
TLS_CREDENTIAL_SERVER_CERTIFICATE,
|
||||
server_certificate,
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue