From c6e51b5c1c3c1db2a8a8a83d3fe7f7457834cab2 Mon Sep 17 00:00:00 2001 From: "Earle F. Philhower, III" Date: Sat, 7 Jul 2018 20:52:26 -0700 Subject: [PATCH] Note that CERTS.IDX file is generated on-chip Several users have been worried that they need to generate the IDX file, but don't know how. The CertStore code actually writes this file on object creation, and the user never needs to explicitly generate or upload it. Add a comment to the example explicitly noting this. --- .../BearSSL_CertStore/BearSSL_CertStore.ino | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/libraries/ESP8266WiFi/examples/BearSSL_CertStore/BearSSL_CertStore.ino b/libraries/ESP8266WiFi/examples/BearSSL_CertStore/BearSSL_CertStore.ino index 220f59b228..19d609a6d6 100644 --- a/libraries/ESP8266WiFi/examples/BearSSL_CertStore/BearSSL_CertStore.ino +++ b/libraries/ESP8266WiFi/examples/BearSSL_CertStore/BearSSL_CertStore.ino @@ -2,8 +2,11 @@ // // Before running, you must download the set of certs using // the script "certs-from-mozilla.py" (no parameters) -// and then uploading the generated data directory to -// SPIFFS. +// and then uploading the generated .AR file to SPIFFS or SD. +// +// You do not need to generate the ".IDX" file listed below, +// it is generated automatically when the CertStore object +// is created and written to SD or SPIFFS by the ESP8266. // // Why would you need a CertStore? // @@ -19,7 +22,7 @@ // 10s or 100s of CAs against which you can check the // target's X.509, without taking any more RAM than a single // certificate. This is the same way that standard browsers -// and operating systems use to verify SSL connections. +// and operating systems verify SSL connections. // // About the chosen certs: // The certificates are scraped from the Mozilla.org current @@ -82,8 +85,8 @@ class SDCertStoreFile : public BearSSL::CertStoreFile { const char *_name; }; -SDCertStoreFile certs_idx("/certs.idx"); -SDCertStoreFile certs_ar("/certs.ar"); +SDCertStoreFile certs_idx("/certs.idx"); // Generated by the ESP8266 +SDCertStoreFile certs_ar("/certs.ar"); // Uploaded by the user #else @@ -118,8 +121,9 @@ class SPIFFSCertStoreFile : public BearSSL::CertStoreFile { const char *_name; }; -SPIFFSCertStoreFile certs_idx("/certs.idx"); -SPIFFSCertStoreFile certs_ar("/certs.ar"); +SPIFFSCertStoreFile certs_idx("/certs.idx"); // Generated by the ESP8266 +SPIFFSCertStoreFile certs_ar("/certs.ar"); // Uploaded by the user + #endif // Set time via NTP, as required for x.509 validation