samples: http_server: consolidate certificate options

Remove the CONFIG_NET_SAMPLE_CERTS_WITH_SC option and make the CA-signed
certificate the only option - there is no real downside to this over
using the unsigned certificate.

Remove adding of CA certificate as a TLS credential on the server, since
this credential is not used by the server. It may be useful to include
in any client code used to communicate with the server, so the
certificate itself is retained.

After this, some TLS tag enumerations are unused so have been removed.

Signed-off-by: Matt Rodgers <[email protected]>

Author: mrodgers-witekio

samples/net/sockets/http_server/CMakeLists.txt

@@ -54,15 +54,12 @@ foreach(web_resource
 endforeach()
 
 foreach(inc_file
-	ca.der
-	server.der
+	server_cert.der
 	server_privkey.der
-	https-server-cert.der
-	https-server-key.der
     )
   generate_inc_file_for_target(
     app
-    src/${inc_file}
+    src/certs/${inc_file}
     ${gen_dir}/${inc_file}.inc
     )
 endforeach()

samples/net/sockets/http_server/Kconfig

@@ -31,13 +31,6 @@ config NET_SAMPLE_PSK_HEADER_FILE
 	  Name of a header file containing a
 	  pre-shared key.
 
-config NET_SAMPLE_CERTS_WITH_SC
-	bool "Signed certificates"
-	depends on NET_SOCKETS_SOCKOPT_TLS
-	help
-	  Enable this flag, if you are interested to run this
-	  application with signed certificates and keys.
-
 config NET_SAMPLE_WEBSOCKET_SERVICE
 	bool "Enable websocket service"
 	default y if HTTP_SERVER_WEBSOCKET

samples/net/sockets/http_server/src/certificate.h

@@ -8,40 +8,20 @@
 #define __CERTIFICATE_H__
 
 enum tls_tag {
-	/** The Certificate Authority public key */
-	HTTP_SERVER_CA_CERTIFICATE_TAG,
 	/** Used for both the public and private server keys */
 	HTTP_SERVER_CERTIFICATE_TAG,
-	/** Used for both the public and private client keys */
-	HTTP_SERVER_CLIENT_CERTIFICATE_TAG,
+	/* Used for pre-shared key */
 	PSK_TAG,
 };
 
-#if !defined(CONFIG_NET_SAMPLE_CERTS_WITH_SC)
 static const unsigned char server_certificate[] = {
-#include "https-server-cert.der.inc"
-};
-
-/* This is the private key in pkcs#8 format. */
-static const unsigned char private_key[] = {
-#include "https-server-key.der.inc"
-};
-
-#else
-
-static const unsigned char ca_certificate[] = {
-#include "ca.der.inc"
-};
-
-static const unsigned char server_certificate[] = {
-#include "server.der.inc"
+#include "server_cert.der.inc"
 };
 
 /* This is the private key in pkcs#8 format. */
 static const unsigned char private_key[] = {
 #include "server_privkey.der.inc"
 };
-#endif
 
 #if defined(CONFIG_MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
 #include CONFIG_NET_SAMPLE_PSK_HEADER_FILE

…mples/net/sockets/http_server/src/ca.der …net/sockets/http_server/src/certs/ca.dersamples/net/sockets/http_server/src/ca.der renamed to samples/net/sockets/http_server/src/certs/ca.der samples/net/sockets/http_server/src/ca.der renamed to samples/net/sockets/http_server/src/certs/ca.der

@@ -311,16 +311,6 @@ static void setup_tls(void)
 #if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS)
 	int err;
 
-#if defined(CONFIG_NET_SAMPLE_CERTS_WITH_SC)
-	err = tls_credential_add(HTTP_SERVER_CERTIFICATE_TAG,
-				 TLS_CREDENTIAL_CA_CERTIFICATE,
-				 ca_certificate,
-				 sizeof(ca_certificate));
-	if (err < 0) {
-		LOG_ERR("Failed to register CA certificate: %d", err);
-	}
-#endif /* defined(CONFIG_NET_SAMPLE_CERTS_WITH_SC) */
-
 	err = tls_credential_add(HTTP_SERVER_CERTIFICATE_TAG,
 				 TLS_CREDENTIAL_SERVER_CERTIFICATE,
 				 server_certificate,