[Backport v4.0.99-ncs1-branch] wifi: Fix runtime certs #2756
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…rts" This reverts commit b9e4e7d. Signed-off-by: Chaitanya Tata <[email protected]> (cherry picked from commit a3d2e2e)
This reverts commit b9aa67c. Signed-off-by: Chaitanya Tata <[email protected]> (cherry picked from commit e08a749)
This reverts commit 8142035. Signed-off-by: Chaitanya Tata <[email protected]> (cherry picked from commit 7202608)
This reverts commit 7eaa7f5. Signed-off-by: Chaitanya Tata <[email protected]> (cherry picked from commit ab03813)
…ing delete" This reverts commit f6e0862. Signed-off-by: Chaitanya Tata <[email protected]> (cherry picked from commit 4f9623d)
… credentials" This reverts commit e3269af. Signed-off-by: Chaitanya Tata <[email protected]> (cherry picked from commit d0aaed1)
This reverts commit e6d8fe1. Signed-off-by: Chaitanya Tata <[email protected]> (cherry picked from commit eac54b9)
…for heap" This reverts commit f3dc6eb. Signed-off-by: Chaitanya Tata <[email protected]> (cherry picked from commit dbb82e3)
…icates" This reverts commit d42adf0. Signed-off-by: Chaitanya Tata <[email protected]> (cherry picked from commit a93c7f0)
Using TLS credentials library add support for run-time certificates where the installed certs are retrieved from the credential store (as of now only volatile backend is tested). This helps in production environments. Implements #79564. Upstream PR #: 87656 Signed-off-by: Chaitanya Tata <[email protected]> (cherry picked from commit f39a6c5)
The volatile backend stores the credentials on the heap, so, explicitly add a config option that can be overridden in case there are more certs than the default. Upstream PR #: 87656 Signed-off-by: Chaitanya Tata <[email protected]> (cherry picked from commit 057c3ed)
Instead of having an overlay move the Enterprise configurations to a dedicated snippet so that it can be enabled with any sample. Can be used along with Wi-Fi snippet e.g., `-S "wifi-ipv4;wifi-enterprise"`. Upstream PR #: 87656 Signed-off-by: Chaitanya Tata <[email protected]> (cherry picked from commit e34be78)
…ials Enable TLS credentials shell to manager Wi-Fi enterprise certs. Upstream PR #: 87656 Signed-off-by: Chaitanya Tata <[email protected]> (cherry picked from commit 8e325a5)
Deletion of credential should use the pointer from the reference slot not the temporary buffer, this causes a crash (unknown error). Upstream PR #: 87656 Signed-off-by: Chaitanya Tata <[email protected]> (cherry picked from commit e3a891b)
Certificates usage depends on STA/AP mode, but we don't have that information at a build time, so, make all certs as optional and if a file isn't found then generate an empty header so that corresponding C code will be built. Any missing mandatory certificates will be validated before connection and connection is failed. Upstream PR #: 87656 Signed-off-by: Chaitanya Tata <[email protected]> (cherry picked from commit cf84f3b)
RSA3K based certs are not supported on all platforms, so, keep both variants, rsa2k (the older certs but with longer expiry 9999 days) and rsa3k (latest ones) and we can have more variants in this folders. Also, add a cmake variable to override the path with default as rsa3k. Upstream PR #: 87656 Signed-off-by: Chaitanya Tata <[email protected]> (cherry picked from commit 9679838)
The command should work with existing certs rather than a generic example, also fix the key-management. Upstream PR #: 87656 Signed-off-by: Chaitanya Tata <[email protected]> (cherry picked from commit b21fd57)
For enterprise mode we need to install multiple certs to the TLS credentials store, so, add a helper script in python to make it work cross-platforms. Upstream PR #: 87656 Signed-off-by: Chaitanya Tata <[email protected]> (cherry picked from commit 6f71dc6)
…ime certs This is needed to ensure run-time certs feature builds. Upstream PR #: 87656 Signed-off-by: Chaitanya Tata <[email protected]> (cherry picked from commit 85d8e9a)
Add information about "struct net_linkaddr" changes to 4.2 migration guide to help the developers to handle issues if they access the net_linkaddr struct fields directly in their code. Signed-off-by: Jukka Rissanen <[email protected]> (cherry picked from commit 152a03b) (cherry picked from commit d8b0fb1)
use hyphen instead of underscore in order to comply with device tree specification. Signed-off-by: Jilay Pandya <[email protected]> (cherry picked from commit 0a4acd8) (cherry picked from commit 1b7096e)
…mple' Improve naming of the scheduler and call it what it is: simple. Using 'dumb' for the default scheduler algorithm in Zephyr is a bad idea. Signed-off-by: Anas Nashif <[email protected]> (cherry picked from commit f29ae72) (cherry picked from commit e563e06)
…R_CERTIFICATE TLS_CREDENTIAL_SERVER_CERTIFICATE credential type is misleading, as in fact it just represents a public certificate, it does not matter if the certificate belongs to a server or a client. And actually, it was already used in-tree for clients as well, for example in LwM2M. Therefore rename the credential type to a more generic TLS_CREDENTIAL_PUBLIC_CERTIFICATE and deprecate the old one. Signed-off-by: Robert Lubos <[email protected]> (cherry picked from commit a61287e) (cherry picked from commit cb2537e)
krish2718
force-pushed
the
backport-2724-to-v4.0.99-ncs1-branch
branch
from
dc65781 to
3c67d77
Compare
|
rado17
approved these changes
Apr 14, 2025
kapbh
approved these changes
Apr 15, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport cb2537e~23..cb2537e from #2724.