[nrf fromtree] net: lib: tls_credentials: Rename TLS_CREDENTIAL_SERVER_CERTIFICATE

TLS_CREDENTIAL_SERVER_CERTIFICATE credential type is misleading, as in
fact it just represents a public certificate, it does not matter if the
certificate belongs to a server or a client. And actually, it was
already used in-tree for clients as well, for example in LwM2M.

Therefore rename the credential type to a more generic
TLS_CREDENTIAL_PUBLIC_CERTIFICATE and deprecate the old one.

Signed-off-by: Robert Lubos <[email protected]>
(cherry picked from commit a61287e)

Author: rlubos

doc/connectivity/networking/api/sockets.rst

@@ -93,7 +93,7 @@ socket options.
 The following TLS credential types can be registered in the system:
 
 - ``TLS_CREDENTIAL_CA_CERTIFICATE``
-- ``TLS_CREDENTIAL_SERVER_CERTIFICATE``
+- ``TLS_CREDENTIAL_PUBLIC_CERTIFICATE``
 - ``TLS_CREDENTIAL_PRIVATE_KEY``
 - ``TLS_CREDENTIAL_PSK``
 - ``TLS_CREDENTIAL_PSK_ID``

doc/releases/migration-guide-4.2.rst

@@ -72,6 +72,10 @@ Networking
   (because the addr is not a pointer) and must be changed to ``if (lladdr->len == 0)``
   if the code wants to check that the link address is not set.
 
+* TLS credential type ``TLS_CREDENTIAL_SERVER_CERTIFICATE`` was renamed to
+  more generic :c:enumerator:`TLS_CREDENTIAL_PUBLIC_CERTIFICATE` to better
+  reflect the purpose of this credential type.
+
 SPI
 ===
 

doc/releases/release-notes-4.2.rst

@@ -57,6 +57,9 @@ Deprecated APIs and options
   renamed and deprecated. Use :kconfig:option:`CONFIG_SCHED_SIMPLE` and
   :kconfig:option:`CONFIG_WAITQ_SIMPLE` instead.
 
+* TLS credential type ``TLS_CREDENTIAL_SERVER_CERTIFICATE`` was renamed and
+  deprecated, use :c:enumerator:`TLS_CREDENTIAL_PUBLIC_CERTIFICATE` instead.
+
 ===========================
 
 New APIs and options

drivers/wifi/eswifi/eswifi_socket_offload.c

@@ -191,7 +191,7 @@ static int map_credentials(int sd, const void *optval, socklen_t optlen)
 			case TLS_CREDENTIAL_CA_CERTIFICATE:
 				id = 0;
 				break;
-			case TLS_CREDENTIAL_SERVER_CERTIFICATE:
+			case TLS_CREDENTIAL_PUBLIC_CERTIFICATE:
 				id = 1;
 				break;
 			case TLS_CREDENTIAL_PRIVATE_KEY:

drivers/wifi/simplelink/simplelink_sockets.c

@@ -674,7 +674,7 @@ static int map_credentials(int sd, const void *optval, socklen_t optlen)
 			case TLS_CREDENTIAL_CA_CERTIFICATE:
 				opt = SL_SO_SECURE_FILES_CA_FILE_NAME;
 				break;
-			case TLS_CREDENTIAL_SERVER_CERTIFICATE:
+			case TLS_CREDENTIAL_PUBLIC_CERTIFICATE:
 				opt = SL_SO_SECURE_FILES_CERTIFICATE_FILE_NAME;
 				break;
 			case TLS_CREDENTIAL_PRIVATE_KEY:

include/zephyr/net/tls_credentials.h

@@ -36,11 +36,15 @@ enum tls_credential_type {
 	 */
 	TLS_CREDENTIAL_CA_CERTIFICATE,
 
-	/** A public server certificate. Use this to register your own server
+	/** A public client or server certificate. Use this to register your own
 	 *  certificate. Should be registered together with a corresponding
 	 *  private key. Used with certificate-based ciphersuites.
 	 */
-	TLS_CREDENTIAL_SERVER_CERTIFICATE,
+	TLS_CREDENTIAL_PUBLIC_CERTIFICATE,
+
+	/** @deprecated Use TLS_CREDENTIAL_PUBLIC_CERTIFICATE instead.
+	 */
+	TLS_CREDENTIAL_SERVER_CERTIFICATE = TLS_CREDENTIAL_PUBLIC_CERTIFICATE,
 
 	/** Private key. Should be registered together with a corresponding
 	 *  public certificate. Used with certificate-based ciphersuites.
@@ -64,7 +68,7 @@ enum tls_credential_type {
  * in the system.
  *
  * @note Some TLS credentials come in pairs:
- *    - TLS_CREDENTIAL_SERVER_CERTIFICATE with TLS_CREDENTIAL_PRIVATE_KEY,
+ *    - TLS_CREDENTIAL_PUBLIC_CERTIFICATE with TLS_CREDENTIAL_PRIVATE_KEY,
  *    - TLS_CREDENTIAL_PSK with TLS_CREDENTIAL_PSK_ID.
  *    Such pairs of credentials must be assigned the same secure tag to be
  *    correctly handled in the system.

modules/thrift/src/thrift/transport/TSSLSocket.cpp

@@ -450,7 +450,7 @@ void TSSLSocketFactory::loadCertificateFromBuffer(const char *aCertificate, cons
 
 	if (strcmp(format, "PEM") == 0) {
 		const int status = tls_credential_add(Thrift_TLS_SERVER_CERT_TAG,
-						      TLS_CREDENTIAL_SERVER_CERTIFICATE,
+						      TLS_CREDENTIAL_PUBLIC_CERTIFICATE,
 						      aCertificate, strlen(aCertificate) + 1);
 
 		if (status != 0) {

samples/net/prometheus/src/main.c

@@ -120,7 +120,7 @@ static void setup_tls(void)
 	}
 #endif /* defined(CONFIG_NET_SAMPLE_CERTS_WITH_SC) */
 
-	err = tls_credential_add(HTTP_SERVER_CERTIFICATE_TAG, TLS_CREDENTIAL_SERVER_CERTIFICATE,
+	err = tls_credential_add(HTTP_SERVER_CERTIFICATE_TAG, TLS_CREDENTIAL_PUBLIC_CERTIFICATE,
 				 server_certificate, sizeof(server_certificate));
 	if (err < 0) {
 		LOG_ERR("Failed to register public certificate: %d", err);

samples/net/sockets/dumb_http_server_mt/src/main.c

@@ -413,7 +413,7 @@ int main(void)
 {
 #if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS)
 	int err = tls_credential_add(SERVER_CERTIFICATE_TAG,
-				     TLS_CREDENTIAL_SERVER_CERTIFICATE,
+				     TLS_CREDENTIAL_PUBLIC_CERTIFICATE,
 				     server_certificate,
 				     sizeof(server_certificate));
 	if (err < 0) {

samples/net/sockets/echo_server/src/echo-server.c

@@ -153,7 +153,7 @@ static void init_app(void)
 #endif /* defined(CONFIG_NET_SAMPLE_CERTS_WITH_SC) */
 
 	err = tls_credential_add(SERVER_CERTIFICATE_TAG,
-				 TLS_CREDENTIAL_SERVER_CERTIFICATE,
+				 TLS_CREDENTIAL_PUBLIC_CERTIFICATE,
 				 server_certificate,
 				 sizeof(server_certificate));
 	if (err < 0) {