mirror of
https://github.com/esp8266/Arduino.git
synced 2025-06-29 16:03:14 +03:00
92002ece2e
Stop pyexpect from closing serial port when running with WSL2 Remove makefile flags & opts making it too silent. At some point it makes a lot of useful info just disappear. There are external means of silencing make, so probably best to leave useful data always available Replace SPIFFS with LittleFS in FS test Re-use certs-from-mozilla.py in FS test Fix libc tests w/o -fno-builtin not actually testing anything, also add the flag via .globals.h in case it breaks Fix libc tests generating warnings when using invalid (but safe) size arguments
75 lines
2.5 KiB
Python
Executable File
75 lines
2.5 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
|
|
# This script pulls the list of Mozilla trusted certificate authorities
|
|
# from the web at the "mozurl" below, parses the file to grab the PEM
|
|
# for each cert, and then generates DER files in a new ./data directory
|
|
# Upload these to an on-chip filesystem and use the CertManager to parse
|
|
# and use them for your outgoing SSL connections.
|
|
#
|
|
# Script by Earle F. Philhower, III. Released to the public domain.
|
|
from __future__ import print_function
|
|
import csv
|
|
import os
|
|
import sys
|
|
from shutil import which
|
|
|
|
from io import StringIO
|
|
from subprocess import Popen, PIPE, call, CalledProcessError
|
|
from urllib.request import urlopen
|
|
|
|
# check if ar and openssl are available
|
|
if which('ar') is None and not os.path.isfile('./ar') and not os.path.isfile('./ar.exe'):
|
|
raise Exception("You need the program 'ar' from xtensa-lx106-elf found here: (esp8266-arduino-core)/hardware/esp8266com/esp8266/tools/xtensa-lx106-elf/xtensa-lx106-elf/bin/ar")
|
|
if which('openssl') is None and not os.path.isfile('./openssl') and not os.path.isfile('./openssl.exe'):
|
|
raise Exception("You need to have openssl in PATH, installable from https://www.openssl.org/")
|
|
|
|
# Mozilla's URL for the CSV file with included PEM certs
|
|
mozurl = "https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportPEMCSV"
|
|
|
|
# Load the names[] and pems[] array from the URL
|
|
names = []
|
|
pems = []
|
|
response = urlopen(mozurl)
|
|
csvData = response.read()
|
|
if sys.version_info[0] > 2:
|
|
csvData = csvData.decode('utf-8')
|
|
csvFile = StringIO(csvData)
|
|
csvReader = csv.reader(csvFile)
|
|
for row in csvReader:
|
|
names.append(row[0]+":"+row[1]+":"+row[2])
|
|
for item in row:
|
|
if item.startswith("'-----BEGIN CERTIFICATE-----"):
|
|
pems.append(item)
|
|
del names[0] # Remove headers
|
|
|
|
# Try and make ./data, skip if present
|
|
try:
|
|
os.mkdir("data")
|
|
except Exception:
|
|
pass
|
|
|
|
derFiles = []
|
|
idx = 0
|
|
# Process the text PEM using openssl into DER files
|
|
for i in range(0, len(pems)):
|
|
certName = "data/ca_%03d.der" % (idx);
|
|
thisPem = pems[i].replace("'", "")
|
|
print(names[i] + " -> " + certName)
|
|
ssl = Popen(['openssl','x509','-inform','PEM','-outform','DER','-out', certName], shell = False, stdin = PIPE)
|
|
ssl.communicate(thisPem.encode('utf-8'))
|
|
ret = ssl.wait()
|
|
if ret != 0:
|
|
raise CalledProcessError(ret, certName)
|
|
if os.path.exists(certName):
|
|
derFiles.append(certName)
|
|
idx = idx + 1
|
|
|
|
if os.path.exists("data/certs.ar"):
|
|
os.unlink("data/certs.ar");
|
|
|
|
arCmd = ['ar', 'q', 'data/certs.ar'] + derFiles;
|
|
call( arCmd )
|
|
|
|
for der in derFiles:
|
|
os.unlink(der)
|