mirror of
https://github.com/esp8266/Arduino.git
synced 2025-04-25 20:02:37 +03:00
794630e068
Due to popular demand, remove the hardcoded dependency on SPIFFS or SD from the CertStore by factoring out the file interface into a new class (CertStoreFile) that the user will need to implement as a thin wrapper around either a SPIFFS.file or a SD.file Combine the downloaded certificates into a UNIX "ar" archive and parse that on-the-fly to allow easy inspection and creation of the Cert Store database. Examples updated with a new certificate downloader that creates the certs.ar archive and with a single sample that can be built for either SPIFFS or SD with a #define. Users can copy the implementation of the CertStoreFile they need to their own code as it is self-contained. Also move the CertStore to the BearSSL namespace and remove the suffix and separate SPIFFS/SD sources. Remove the "deep+" change from the CI build as well (no special options needed on any PIO or makefile build). We'll revisit the filesystem wrapper for 2.5.0, hopefully having a unified template for both filesystem usage at a global level. For current users, be aware the interface may change (simplify!) in release 2.5.0. Fixes #4740
67 lines
1.8 KiB
Python
Executable File
67 lines
1.8 KiB
Python
Executable File
#!/usr/bin/python
|
|
|
|
# This script pulls the list of Mozilla trusted certificate authorities
|
|
# from the web at the "mozurl" below, parses the file to grab the PEM
|
|
# for each cert, and then generates DER files in a new ./data directory
|
|
# Upload these to a SPIFFS filesystem and use the CertManager to parse
|
|
# and use them for your outgoing SSL connections.
|
|
#
|
|
# Script by Earle F. Philhower, III. Released to the public domain.
|
|
|
|
import csv
|
|
import os
|
|
from subprocess import Popen, PIPE, call
|
|
import urllib2
|
|
try:
|
|
# for Python 2.x
|
|
from StringIO import StringIO
|
|
except ImportError:
|
|
# for Python 3.x
|
|
from io import StringIO
|
|
|
|
# Mozilla's URL for the CSV file with included PEM certs
|
|
mozurl = "https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportPEMCSV"
|
|
|
|
# Load the manes[] and pems[] array from the URL
|
|
names = []
|
|
pems = []
|
|
response = urllib2.urlopen(mozurl)
|
|
csvData = response.read()
|
|
csvReader = csv.reader(StringIO(csvData))
|
|
for row in csvReader:
|
|
names.append(row[0]+":"+row[1]+":"+row[2])
|
|
pems.append(row[28])
|
|
del names[0] # Remove headers
|
|
del pems[0] # Remove headers
|
|
|
|
# Try and make ./data, skip if present
|
|
try:
|
|
os.mkdir("data")
|
|
except:
|
|
pass
|
|
|
|
derFiles = []
|
|
idx = 0
|
|
# Process the text PEM using openssl into DER files
|
|
for i in range(0, len(pems)):
|
|
certName = "data/ca_%03d.der" % (idx);
|
|
thisPem = pems[i].replace("'", "")
|
|
print names[i] + " -> " + certName
|
|
ssl = Popen(['openssl','x509','-inform','PEM','-outform','DER','-out', certName], shell = False, stdin = PIPE)
|
|
pipe = ssl.stdin
|
|
pipe.write(thisPem)
|
|
pipe.close()
|
|
ssl.wait()
|
|
if os.path.exists(certName):
|
|
derFiles.append(certName)
|
|
idx = idx + 1
|
|
|
|
if os.path.exists("data/certs.ar"):
|
|
os.unlink("data/certs.ar");
|
|
|
|
arCmd = ['ar', 'mcs', 'data/certs.ar'] + derFiles;
|
|
call( arCmd )
|
|
|
|
for der in derFiles:
|
|
os.unlink(der)
|