Skip to content

Commit 5d745db

Browse files
tokangasrlubos
tokangas
authored and
rlubos
committed
samples: nrf9160: modem_shell: update the US server root CA used for FOTA
Earlier US AWS S3 servers have been using a different root CA, but now those are migrating to the same root CA as other regions. Removed the Baltimore CyberTrust Root CA which is no longer needed, because all regions now use the same Amazon Root CA. Signed-off-by: Tommi Kangas <[email protected]>
1 parent 3f54030 commit 5d745db

File tree

2 files changed

+1
-72
lines changed

2 files changed

+1
-72
lines changed

samples/nrf9160/modem_shell/src/fota/cert/Baltimore-CyberTrust-Root

Lines changed: 0 additions & 22 deletions
This file was deleted.

samples/nrf9160/modem_shell/src/fota/fota.c

Lines changed: 1 addition & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -9,18 +9,11 @@
99

1010
#include <zephyr.h>
1111
#include <sys/reboot.h>
12-
#include <modem/modem_key_mgmt.h>
1312
#include <net/fota_download.h>
1413

1514
#include "fota.h"
1615
#include "mosh_print.h"
1716

18-
#define MOSH_FOTA_US_TLS_SECURITY_TAG 4242424
19-
20-
static const char us_root_ca_cert[] = {
21-
#include "cert/Baltimore-CyberTrust-Root"
22-
};
23-
2417
static void reboot_timer_handler(struct k_timer *dummy)
2518
{
2619
sys_reboot(SYS_REBOOT_WARM);
@@ -65,54 +58,12 @@ static void fota_download_callback(const struct fota_download_evt *evt)
6558
}
6659
}
6760

68-
static bool fota_us_ca_cert_exists(void)
69-
{
70-
int err;
71-
bool exists;
72-
73-
err = modem_key_mgmt_exists(MOSH_FOTA_US_TLS_SECURITY_TAG,
74-
MODEM_KEY_MGMT_CRED_TYPE_CA_CHAIN,
75-
&exists);
76-
77-
if (!err && exists) {
78-
return true;
79-
} else {
80-
return false;
81-
}
82-
}
83-
84-
static int fota_write_us_ca_cert(void)
85-
{
86-
return modem_key_mgmt_write(MOSH_FOTA_US_TLS_SECURITY_TAG,
87-
MODEM_KEY_MGMT_CRED_TYPE_CA_CHAIN,
88-
us_root_ca_cert, sizeof(us_root_ca_cert));
89-
}
90-
9161
int fota_init(void)
9262
{
93-
int err;
94-
95-
if (!fota_us_ca_cert_exists()) {
96-
err = fota_write_us_ca_cert();
97-
if (err) {
98-
printk("Failed to write US server root CA to modem, error %d\n",
99-
err);
100-
}
101-
}
102-
10363
return fota_download_init(&fota_download_callback);
10464
}
10565

10666
int fota_start(const char *host, const char *file)
10767
{
108-
int sec_tag;
109-
110-
if (strstr(host, "us") != 0) {
111-
/* The US server uses a different root CA. */
112-
sec_tag = MOSH_FOTA_US_TLS_SECURITY_TAG;
113-
} else {
114-
sec_tag = CONFIG_NRF_CLOUD_SEC_TAG;
115-
}
116-
117-
return fota_download_start(host, file, sec_tag, 0, 0);
68+
return fota_download_start(host, file, CONFIG_NRF_CLOUD_SEC_TAG, 0, 0);
11869
}

0 commit comments

Comments
 (0)