wifi: Fix runtime certs #2724
Merged
wifi: Fix runtime certs #2724
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
krish2718
force-pushed
the
fix_runtime_certs
branch
from
69c44e1 to
103d554
Compare
sachinthegreen
approved these changes
Apr 8, 2025
krish2718
force-pushed
the
fix_runtime_certs
branch
from
103d554 to
2db4b49
Compare
kapbh
approved these changes
Apr 9, 2025
krish2718
force-pushed
the
fix_runtime_certs
branch
from
2db4b49 to
b2b0d77
Compare
…rts" This reverts commit b9e4e7d. Signed-off-by: Chaitanya Tata <[email protected]>
This reverts commit b9aa67c. Signed-off-by: Chaitanya Tata <[email protected]>
This reverts commit 8142035. Signed-off-by: Chaitanya Tata <[email protected]>
This reverts commit 7eaa7f5. Signed-off-by: Chaitanya Tata <[email protected]>
…ing delete" This reverts commit f6e0862. Signed-off-by: Chaitanya Tata <[email protected]>
… credentials" This reverts commit e3269af. Signed-off-by: Chaitanya Tata <[email protected]>
This reverts commit e6d8fe1. Signed-off-by: Chaitanya Tata <[email protected]>
…for heap" This reverts commit f3dc6eb. Signed-off-by: Chaitanya Tata <[email protected]>
…icates" This reverts commit d42adf0. Signed-off-by: Chaitanya Tata <[email protected]>
Using TLS credentials library add support for run-time certificates where the installed certs are retrieved from the credential store (as of now only volatile backend is tested). This helps in production environments. Implements #79564. Upstream PR #: 87656 Signed-off-by: Chaitanya Tata <[email protected]>
The volatile backend stores the credentials on the heap, so, explicitly add a config option that can be overridden in case there are more certs than the default. Upstream PR #: 87656 Signed-off-by: Chaitanya Tata <[email protected]>
Instead of having an overlay move the Enterprise configurations to a dedicated snippet so that it can be enabled with any sample. Can be used along with Wi-Fi snippet e.g., `-S "wifi-ipv4;wifi-enterprise"`. Upstream PR #: 87656 Signed-off-by: Chaitanya Tata <[email protected]>
…ials Enable TLS credentials shell to manager Wi-Fi enterprise certs. Upstream PR #: 87656 Signed-off-by: Chaitanya Tata <[email protected]>
Deletion of credential should use the pointer from the reference slot not the temporary buffer, this causes a crash (unknown error). Upstream PR #: 87656 Signed-off-by: Chaitanya Tata <[email protected]>
Certificates usage depends on STA/AP mode, but we don't have that information at a build time, so, make all certs as optional and if a file isn't found then generate an empty header so that corresponding C code will be built. Any missing mandatory certificates will be validated before connection and connection is failed. Upstream PR #: 87656 Signed-off-by: Chaitanya Tata <[email protected]>
RSA3K based certs are not supported on all platforms, so, keep both variants, rsa2k (the older certs but with longer expiry 9999 days) and rsa3k (latest ones) and we can have more variants in this folders. Also, add a cmake variable to override the path with default as rsa3k. Upstream PR #: 87656 Signed-off-by: Chaitanya Tata <[email protected]>
The command should work with existing certs rather than a generic example, also fix the key-management. Upstream PR #: 87656 Signed-off-by: Chaitanya Tata <[email protected]>
For enterprise mode we need to install multiple certs to the TLS credentials store, so, add a helper script in python to make it work cross-platforms. Upstream PR #: 87656 Signed-off-by: Chaitanya Tata <[email protected]>
…ime certs This is needed to ensure run-time certs feature builds. Upstream PR #: 87656 Signed-off-by: Chaitanya Tata <[email protected]>
Add information about "struct net_linkaddr" changes to 4.2 migration guide to help the developers to handle issues if they access the net_linkaddr struct fields directly in their code. Signed-off-by: Jukka Rissanen <[email protected]> (cherry picked from commit 152a03b)
use hyphen instead of underscore in order to comply with device tree specification. Signed-off-by: Jilay Pandya <[email protected]> (cherry picked from commit 0a4acd8)
…mple' Improve naming of the scheduler and call it what it is: simple. Using 'dumb' for the default scheduler algorithm in Zephyr is a bad idea. Signed-off-by: Anas Nashif <[email protected]> (cherry picked from commit f29ae72)
…R_CERTIFICATE TLS_CREDENTIAL_SERVER_CERTIFICATE credential type is misleading, as in fact it just represents a public certificate, it does not matter if the certificate belongs to a server or a client. And actually, it was already used in-tree for clients as well, for example in LwM2M. Therefore rename the credential type to a more generic TLS_CREDENTIAL_PUBLIC_CERTIFICATE and deprecate the old one. Signed-off-by: Robert Lubos <[email protected]> (cherry picked from commit a61287e)
krish2718
force-pushed
the
fix_runtime_certs
branch
from
b2b0d77 to
cca7995
Compare
|
nordicjm
approved these changes
Apr 11, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix build error and convert script to python for cross-platform support. (Simple changes, but due to fromlist, had to revert and reapply).