Use nina-fw root certs

tannewt · tannewt · commit 4ac4faaaf684 · 2020-11-30T17:02:26.000-08:00
That way we have one set we use for all of Adafruit's connected
devices.
diff --git a/.gitmodules b/.gitmodules
@@ -153,3 +153,6 @@
 [submodule "ports/esp32s2/esp-idf"]
 	path = ports/esp32s2/esp-idf
 	url = https://github.com/jepler/esp-idf.git
+[submodule "ports/esp32s2/certificates/nina-fw"]
+	path = ports/esp32s2/certificates/nina-fw
+	url = https://github.com/adafruit/nina-fw.git
diff --git a/ports/esp32s2/certificates/README.md b/ports/esp32s2/certificates/README.md
@@ -0,0 +1,3 @@
+We share root certificates with the nina-fw to ensure they both use the same roots.
+
+https://github.com/adafruit/nina-fw
diff --git a/ports/esp32s2/certificates/nina-fw b/ports/esp32s2/certificates/nina-fw
@@ -0,0 +1 @@
+Subproject commit f2a0e601b23212dda4fe305eab30af49a7c7fb41
diff --git a/ports/esp32s2/esp-idf-config/sdkconfig.defaults b/ports/esp32s2/esp-idf-config/sdkconfig.defaults
@@ -575,10 +575,11 @@ CONFIG_MBEDTLS_DYNAMIC_FREE_CONFIG_DATA=y
 # Certificate Bundle
 #
 CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y
-CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL=y
+# CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_FULL is not set
 # CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN is not set
-# CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_NONE is not set
-# CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE is not set
+CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_NONE=y
+CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE=y
+CONFIG_MBEDTLS_CUSTOM_CERTIFICATE_BUNDLE_PATH="certificates/nina-fw/data/roots.pem"
 # end of Certificate Bundle
 
 # CONFIG_MBEDTLS_ECP_RESTARTABLE is not set

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+We share root certificates with the nina-fw to ensure they both use the same roots.`
	`2`	`+`
	`3`	`+https://github.com/adafruit/nina-fw`